Refactored the website
Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages
This commit is contained in:
parent
9210890eda
commit
7acb2ca533
3
.htaccess
Normal file
3
.htaccess
Normal file
@ -0,0 +1,3 @@
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteRule ^(.*)$ index.php?query=$1 [L,QSA]
|
@ -24,4 +24,17 @@
|
||||
die ( "Execute failed: (" . $statement->errno . ") " . $statement->error );
|
||||
}
|
||||
}
|
||||
function split_uri_array ( string $php_self, string $request_uri ) : Array {
|
||||
$uri = substr ( $request_uri, strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ), strlen ( $request_uri ) - strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ) );
|
||||
$arr = Array ( );
|
||||
$last_arg_pos = 0;
|
||||
for ( $i = 1; $i < ( strlen ( $uri ) ) - 1; $i ++ ) {
|
||||
if ( substr ( $uri, $i, 1 ) == "/" && substr ( $uri, $i + 1, 1 ) != "/" && substr ( $uri, $i - 1, 1 ) != "/" ) {
|
||||
$arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos);
|
||||
$last_arg_pos = $i + 1;
|
||||
}
|
||||
}
|
||||
$arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos + 1);
|
||||
return $arr;
|
||||
}
|
||||
?>
|
||||
|
248
index.php
248
index.php
@ -2,144 +2,122 @@
|
||||
session_start ( );
|
||||
require_once ( 'config.php' );
|
||||
require_once ( 'functions.php' );
|
||||
if ( isset ( $_GET [ 'go' ] ) ) {
|
||||
$link_id = $_GET [ 'go' ];
|
||||
$link_id = (int) $link_id;
|
||||
if ( ! is_int ( $link_id ) ) {
|
||||
die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
|
||||
}
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
|
||||
$parameters = [
|
||||
[ "i" ],
|
||||
[ &$link_id ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
if ( ! $row ) {
|
||||
include ( 'errors/404.html' );
|
||||
}
|
||||
else {
|
||||
include ( 'includes/redirect.html' );
|
||||
echo ( '<script>var my_location = "' . $row [ 'URL' ] . '";</script>' );
|
||||
}
|
||||
}
|
||||
elseif ( isset ( $_REQUEST [ 'username' ] ) && isset ( $_REQUEST [ 'password' ] ) ) {
|
||||
$username = $_REQUEST [ 'username' ];
|
||||
$password = $_REQUEST [ 'password' ];
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
|
||||
$parameters = [
|
||||
[ "ss" ],
|
||||
[ &$username, &$password ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
if ( ! $row ) {
|
||||
header ( 'Content-Type: application/json' );
|
||||
$response = [
|
||||
'status' => 401,
|
||||
'error_message' => 'Username or password not correct.',
|
||||
];
|
||||
echo ( json_encode ( $response ) );
|
||||
}
|
||||
else {
|
||||
$_SESSION [ 'user_id' ] = $row [ 'id' ];
|
||||
header ( 'Content-Type: application/json' );
|
||||
$response = [
|
||||
'status' => 200,
|
||||
'message' => 'Authentication succesfully executed.',
|
||||
];
|
||||
echo ( json_encode ( $response ) );
|
||||
}
|
||||
}
|
||||
elseif ( isset ( $_GET [ 'logout' ] ) ) {
|
||||
$_SESSION = array ( );
|
||||
session_destroy ( );
|
||||
header ( "Location: " . $_SERVER [ 'SCRIPT_NAME' ] );
|
||||
}
|
||||
else {
|
||||
if ( ! isset ( $_SESSION [ 'user_id' ] ) ) {
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>BJPHoster URL Shortener | Login</title>
|
||||
</head>
|
||||
<body>
|
||||
<input type="text" id="form-username"><br>
|
||||
<input type="password" id="form-password"><br>
|
||||
<button onclick="login()">Login</button><br>
|
||||
<div id="responsetext"></div>
|
||||
<script src="js/sha512.min.js"></script>
|
||||
<script src="js/login.js"></script>
|
||||
<script>var script_name = "<?php echo $_SERVER['SCRIPT_NAME']?>";</script>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
}
|
||||
else {
|
||||
if ( isset ( $_POST [ 'url' ] ) ) {
|
||||
$url = $_POST [ 'url' ];
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
|
||||
$parameters = [
|
||||
[ "s" ],
|
||||
[ &$url ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;");
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
header ( 'Content-Type: application/json' );
|
||||
$response = [
|
||||
'status' => 200,
|
||||
'message' => 'URL inserted correctly.',
|
||||
'new_id' => $row [ 'count' ],
|
||||
];
|
||||
echo ( json_encode ( $response ) );
|
||||
}
|
||||
else {
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>BJPHoster URL Shortener | Control Panel</title>
|
||||
</head>
|
||||
<body>
|
||||
<button onclick="logout()">Logout</button>
|
||||
<div id="urllist">
|
||||
<?php
|
||||
if ( ! $row ) {
|
||||
echo ( "You have not created any URL yet.<br>" );
|
||||
$request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
|
||||
if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {
|
||||
switch ( $request [ 0 ] ) {
|
||||
case "go":
|
||||
if ( isset ( $request [ 1 ] ) ) {
|
||||
$link_id = $request [ 1 ];
|
||||
$link_id = (int) $link_id;
|
||||
if ( ! is_int ( $link_id ) ) {
|
||||
die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
|
||||
}
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
|
||||
$parameters = [
|
||||
[ "i" ],
|
||||
[ &$link_id ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
if ( ! $row ) {
|
||||
include ( 'errors/404.html' );
|
||||
}
|
||||
else {
|
||||
include ( 'templates/redirect.html' );
|
||||
echo ( '<script>var my_location = "' . $row [ 'URL' ] . '";</script>' );
|
||||
}
|
||||
}
|
||||
break;
|
||||
case "login":
|
||||
if ( isset ( $_SESSION [ 'user_id' ] ) ) {
|
||||
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" );
|
||||
exit;
|
||||
}
|
||||
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
|
||||
$username = $_POST [ 'username' ];
|
||||
$password = $_POST [ 'password' ];
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
|
||||
$parameters = [
|
||||
[ "ss" ],
|
||||
[ &$username, &$password ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
if ( ! $row ) {
|
||||
header ( 'Content-Type: application/json' );
|
||||
$response = [
|
||||
'status' => 401,
|
||||
'error_message' => 'Username or password not correct.',
|
||||
];
|
||||
echo ( json_encode ( $response ) );
|
||||
}
|
||||
else {
|
||||
$_SESSION [ 'user_id' ] = $row [ 'id' ];
|
||||
header ( 'Content-Type: application/json' );
|
||||
$response = [
|
||||
'status' => 200,
|
||||
'message' => 'Authentication succesfully executed.',
|
||||
];
|
||||
echo ( json_encode ( $response ) );
|
||||
}
|
||||
}
|
||||
else {
|
||||
do {
|
||||
echo ( "\t\t\t" . '<div>' . $row [ 'ID' ] . " | " . $row [ 'URL' ] . "</div>\n" );
|
||||
} while ( $row = $result->fetch_assoc ( ) );
|
||||
include ( 'templates/login.php' );
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<input type="text" id="form-url" placeholder="URL:">
|
||||
<button onclick="urlinsert()">Insert new URL</button><br>
|
||||
<div id="responsetext"></div>
|
||||
<script src="js/insertnew.js"></script>
|
||||
<script>var script_name = "<?=$_SERVER['SCRIPT_NAME']?>";</script>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
}
|
||||
break;
|
||||
case "logout":
|
||||
$_SESSION = array ( );
|
||||
session_destroy ( );
|
||||
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) );
|
||||
break;
|
||||
case "insert":
|
||||
if ( ! isset ( $_SESSION [ 'user_id' ] ) ) {
|
||||
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
|
||||
}
|
||||
if ( isset ( $_POST [ 'url' ] ) ) {
|
||||
$url = $_POST [ 'url' ];
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
|
||||
$parameters = [
|
||||
[ "s" ],
|
||||
[ &$url ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;");
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
header ( 'Content-Type: application/json' );
|
||||
$response = [
|
||||
'status' => 200,
|
||||
'message' => 'URL inserted correctly.',
|
||||
'new_id' => $row [ 'count' ],
|
||||
];
|
||||
echo ( json_encode ( $response ) );
|
||||
}
|
||||
else {
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
include ( 'templates/insert.php' );
|
||||
}
|
||||
break;
|
||||
default:
|
||||
http_response_code ( 404 );
|
||||
echo "fuck, 404!";
|
||||
die ( );
|
||||
}
|
||||
}
|
||||
else {
|
||||
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
|
||||
}
|
||||
?>
|
||||
|
@ -1,7 +1,7 @@
|
||||
function urlinsert() {
|
||||
var url = document.getElementById ( "form-url" ).value;
|
||||
var xhr = new XMLHttpRequest ( );
|
||||
xhr.open ( "POST", 'index.php', true );
|
||||
xhr.open ( "POST", 'insert', true );
|
||||
xhr.onreadystatechange = function ( ) {
|
||||
if ( xhr.readyState == XMLHttpRequest.DONE && xhr.status == 200 ) {
|
||||
if (xhr.status == 200) {
|
||||
@ -28,5 +28,5 @@ function urlinsert() {
|
||||
xhr.send( data );
|
||||
}
|
||||
function logout ( ) {
|
||||
window.location.href = script_name+"?logout";
|
||||
window.location.href = script_name+"/logout";
|
||||
}
|
||||
|
@ -3,7 +3,7 @@ function login() {
|
||||
var password = document.getElementById ( "form-password" ).value;
|
||||
password = SHA512 ( password );
|
||||
var xhr = new XMLHttpRequest ( );
|
||||
xhr.open ( "POST", 'index.php', true );
|
||||
xhr.open ( "POST", 'login', true );
|
||||
xhr.onreadystatechange = function ( ) {
|
||||
if ( xhr.readyState == XMLHttpRequest.DONE && xhr.status == 200 ) {
|
||||
if (xhr.status == 200) {
|
||||
|
26
templates/insert.php
Normal file
26
templates/insert.php
Normal file
@ -0,0 +1,26 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>BJPHoster URL Shortener | Control Panel</title>
|
||||
</head>
|
||||
<body>
|
||||
<button onclick="logout()">Logout</button>
|
||||
<div id="urllist">
|
||||
<?php
|
||||
if ( ! $row ) {
|
||||
echo ( "You have not created any URL yet.<br>" );
|
||||
}
|
||||
else {
|
||||
do {
|
||||
echo ( "\t\t\t" . '<div>' . $row [ 'ID' ] . " | " . $row [ 'URL' ] . "</div>\n" );
|
||||
} while ( $row = $result->fetch_assoc ( ) );
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<input type="text" id="form-url" placeholder="URL:">
|
||||
<button onclick="urlinsert()">Insert new URL</button><br>
|
||||
<div id="responsetext"></div>
|
||||
<script src="js/insertnew.js"></script>
|
||||
<script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script>
|
||||
</body>
|
||||
</html>
|
15
templates/login.php
Normal file
15
templates/login.php
Normal file
@ -0,0 +1,15 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>BJPHoster URL Shortener | Login</title>
|
||||
</head>
|
||||
<body>
|
||||
<input type="text" id="form-username"><br>
|
||||
<input type="password" id="form-password"><br>
|
||||
<button onclick="login()">Login</button><br>
|
||||
<div id="responsetext"></div>
|
||||
<script src="js/sha512.min.js"></script>
|
||||
<script src="js/login.js"></script>
|
||||
<script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script>
|
||||
</body>
|
||||
</html>
|
Reference in New Issue
Block a user