OpenShorte.old/index.php

<?php
    session_start ( );
    require_once ( 'config.php' );
    require_once ( 'functions.php' );
    $request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
    if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {
        switch ( $request [ 0 ] ) {
            case "go":
                if ( isset ( $request [ 1 ] ) ) {
                    $link_id = $request [ 1 ];
                    if ( ! ctype_digit ( $link_id ) ) {
                        die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
                    }
                    $link_id = (int) $link_id;
                    $db_connection = db_connect ( );
                    $statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
                    $parameters = [
                        [ "i" ],
                        [ &$link_id ],
                    ];
                    db_bind ( $statement, $parameters );
                    db_execute ( $statement );
                    $result = $statement->get_result ( );
                    $row = $result->fetch_assoc ( );
                    if ( ! $row ) {
                        http_response_code ( 404 );
                        include ( 'errors/404.html' );
                        exit;
                    }
                    else {
                        include ( 'templates/redirect.html' );
                        echo ( '<script>var my_location = "' . $row [ 'URL' ] . '";</script>' );
                    }
                }
                else {
                    header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) );
                }
                break;
            case "login":
                if ( isset ( $_SESSION [ 'user_id' ] ) ) {
                    header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" );
                    exit;
                }
                if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
                    $username = $_POST [ 'username' ];
                    $password = $_POST [ 'password' ];
                    $db_connection = db_connect ( );
                    $statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
                    $parameters = [
                        [ "ss" ],
                        [ &$username, &$password ],
                    ];
                    db_bind ( $statement, $parameters );
                    db_execute ( $statement );
                    $result = $statement->get_result ( );
                    $row = $result->fetch_assoc ( );
                    if ( ! $row ) {
                        header ( 'Content-Type: application/json' );
                        $response = [
                            'status' => 401,
                            'error_message' => 'Username or password not correct.',
                        ];
                        echo ( json_encode ( $response ) );
                    }
                    else {
                        $_SESSION [ 'user_id' ] = $row [ 'id' ];
                        header ( 'Content-Type: application/json' );
                        $response = [
                            'status' => 200,
                            'message' => 'Authentication succesfully executed.',
                        ];
                        echo ( json_encode ( $response ) );
                    }
                }
                else {
                    include ( 'lib/php/login.php' );
                }
                break;
            case "logout":
                $_SESSION = array ( );
                session_destroy ( );
                header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/" );
                break;
            case "insert":
                if ( ! isset ( $_SESSION [ 'user_id' ] ) ) {
                    header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
                }
                if ( isset ( $_POST [ 'url' ] ) ) {
                    $url = $_POST [ 'url' ];
                    $db_connection = db_connect ( );
                    $statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
                    $parameters = [
                        [ "s" ],
                        [ &$url ],
                    ];
                    db_bind ( $statement, $parameters );
                    db_execute ( $statement );
                    $statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;");
                    db_execute ( $statement );
                    $result = $statement->get_result ( );
                    $row = $result->fetch_assoc ( );
                    header ( 'Content-Type: application/json' );
                    $response = [
                        'status' => 200,
                        'message' => 'URL inserted correctly.',
                        'new_id' => $row [ 'count' ],
                    ];
                    echo ( json_encode ( $response ) );
                }
                else {
                    $db_connection = db_connect ( );
                    $statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
                    db_execute ( $statement );
                    $result = $statement->get_result ( );
                    $row = $result->fetch_assoc ( );
                    include ( 'lib/php/insert.php' );
                }
                break;
            default:
                http_response_code ( 404 );
                include ( 'errors/404.html' );
                die ( );
        }
    }
    else {
        header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
    }
?>
first version of the website, it works as intended. 2019-01-26 22:34:48 +00:00			`<?php`
			`session_start ( );`
			`require_once ( 'config.php' );`
			`require_once ( 'functions.php' );`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`$request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );`
			`if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {`
			`switch ( $request [ 0 ] ) {`
			`case "go":`
			`if ( isset ( $request [ 1 ] ) ) {`
			`$link_id = $request [ 1 ];`
Corrected link forwarding check 2019-02-14 11:31:28 +00:00			`if ( ! ctype_digit ( $link_id ) ) {`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );`
			`}`
Corrected link forwarding check 2019-02-14 11:31:28 +00:00			`$link_id = (int) $link_id;`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`$db_connection = db_connect ( );`
			`$statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );`
			`$parameters = [`
			`[ "i" ],`
			`[ &$link_id ],`
			`];`
			`db_bind ( $statement, $parameters );`
			`db_execute ( $statement );`
			`$result = $statement->get_result ( );`
			`$row = $result->fetch_assoc ( );`
			`if ( ! $row ) {`
Added licensing, redirected null /go requests to homepage, corrected 404 errors. 2019-02-08 09:14:22 +00:00			`http_response_code ( 404 );`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`include ( 'errors/404.html' );`
Added licensing, redirected null /go requests to homepage, corrected 404 errors. 2019-02-08 09:14:22 +00:00			`exit;`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`}`
			`else {`
			`include ( 'templates/redirect.html' );`
			`echo ( '<script>var my_location = "' . $row [ 'URL' ] . '";</script>' );`
			`}`
			`}`
Added licensing, redirected null /go requests to homepage, corrected 404 errors. 2019-02-08 09:14:22 +00:00			`else {`
			`header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) );`
			`}`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`break;`
			`case "login":`
			`if ( isset ( $_SESSION [ 'user_id' ] ) ) {`
			`header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" );`
			`exit;`
			`}`
			`if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {`
			`$username = $_POST [ 'username' ];`
			`$password = $_POST [ 'password' ];`
			`$db_connection = db_connect ( );`
			`$statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );`
			`$parameters = [`
			`[ "ss" ],`
			`[ &$username, &$password ],`
			`];`
			`db_bind ( $statement, $parameters );`
			`db_execute ( $statement );`
			`$result = $statement->get_result ( );`
			`$row = $result->fetch_assoc ( );`
			`if ( ! $row ) {`
			`header ( 'Content-Type: application/json' );`
			`$response = [`
			`'status' => 401,`
			`'error_message' => 'Username or password not correct.',`
			`];`
			`echo ( json_encode ( $response ) );`
			`}`
			`else {`
			`$_SESSION [ 'user_id' ] = $row [ 'id' ];`
			`header ( 'Content-Type: application/json' );`
			`$response = [`
			`'status' => 200,`
			`'message' => 'Authentication succesfully executed.',`
			`];`
			`echo ( json_encode ( $response ) );`
			`}`
first version of the website, it works as intended. 2019-01-26 22:34:48 +00:00			`}`
			`else {`
Moved library files. 2019-03-18 09:34:17 +00:00			`include ( 'lib/php/login.php' );`
first version of the website, it works as intended. 2019-01-26 22:34:48 +00:00			`}`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`break;`
			`case "logout":`
			`$_SESSION = array ( );`
			`session_destroy ( );`
Corrected logout redirection 2019-02-26 09:07:30 +00:00			`header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/" );`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`break;`
			`case "insert":`
			`if ( ! isset ( $_SESSION [ 'user_id' ] ) ) {`
			`header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );`
			`}`
			`if ( isset ( $_POST [ 'url' ] ) ) {`
			`$url = $_POST [ 'url' ];`
			`$db_connection = db_connect ( );`
			$statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
			`$parameters = [`
			`[ "s" ],`
			`[ &$url ],`
			`];`
			`db_bind ( $statement, $parameters );`
			`db_execute ( $statement );`
			$statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;");
			`db_execute ( $statement );`
			`$result = $statement->get_result ( );`
			`$row = $result->fetch_assoc ( );`
			`header ( 'Content-Type: application/json' );`
			`$response = [`
			`'status' => 200,`
			`'message' => 'URL inserted correctly.',`
			`'new_id' => $row [ 'count' ],`
			`];`
			`echo ( json_encode ( $response ) );`
			`}`
			`else {`
			`$db_connection = db_connect ( );`
			`$statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );`
			`db_execute ( $statement );`
			`$result = $statement->get_result ( );`
			`$row = $result->fetch_assoc ( );`
Moved library files. 2019-03-18 09:34:17 +00:00			`include ( 'lib/php/insert.php' );`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`}`
			`break;`
			`default:`
			`http_response_code ( 404 );`
Added licensing, redirected null /go requests to homepage, corrected 404 errors. 2019-02-08 09:14:22 +00:00			`include ( 'errors/404.html' );`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`die ( );`
first version of the website, it works as intended. 2019-01-26 22:34:48 +00:00			`}`
			`}`
Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages 2019-02-07 11:36:44 +00:00			`else {`
			`header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );`
			`}`
first version of the website, it works as intended. 2019-01-26 22:34:48 +00:00			`?>`