diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..0517bba
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,3 @@
+RewriteEngine on
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^(.*)$ index.php?query=$1 [L,QSA]
\ No newline at end of file
diff --git a/functions.php b/functions.php
index f99cc20..417b44f 100644
--- a/functions.php
+++ b/functions.php
@@ -24,4 +24,17 @@
die ( "Execute failed: (" . $statement->errno . ") " . $statement->error );
}
}
+ function split_uri_array ( string $php_self, string $request_uri ) : Array {
+ $uri = substr ( $request_uri, strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ), strlen ( $request_uri ) - strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ) );
+ $arr = Array ( );
+ $last_arg_pos = 0;
+ for ( $i = 1; $i < ( strlen ( $uri ) ) - 1; $i ++ ) {
+ if ( substr ( $uri, $i, 1 ) == "/" && substr ( $uri, $i + 1, 1 ) != "/" && substr ( $uri, $i - 1, 1 ) != "/" ) {
+ $arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos);
+ $last_arg_pos = $i + 1;
+ }
+ }
+ $arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos + 1);
+ return $arr;
+ }
?>
diff --git a/index.php b/index.php
index 6452758..e605204 100644
--- a/index.php
+++ b/index.php
@@ -2,144 +2,122 @@
session_start ( );
require_once ( 'config.php' );
require_once ( 'functions.php' );
- if ( isset ( $_GET [ 'go' ] ) ) {
- $link_id = $_GET [ 'go' ];
- $link_id = (int) $link_id;
- if ( ! is_int ( $link_id ) ) {
- die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
- }
- $db_connection = db_connect ( );
- $statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
- $parameters = [
- [ "i" ],
- [ &$link_id ],
- ];
- db_bind ( $statement, $parameters );
- db_execute ( $statement );
- $result = $statement->get_result ( );
- $row = $result->fetch_assoc ( );
- if ( ! $row ) {
- include ( 'errors/404.html' );
- }
- else {
- include ( 'includes/redirect.html' );
- echo ( '' );
- }
- }
- elseif ( isset ( $_REQUEST [ 'username' ] ) && isset ( $_REQUEST [ 'password' ] ) ) {
- $username = $_REQUEST [ 'username' ];
- $password = $_REQUEST [ 'password' ];
- $db_connection = db_connect ( );
- $statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
- $parameters = [
- [ "ss" ],
- [ &$username, &$password ],
- ];
- db_bind ( $statement, $parameters );
- db_execute ( $statement );
- $result = $statement->get_result ( );
- $row = $result->fetch_assoc ( );
- if ( ! $row ) {
- header ( 'Content-Type: application/json' );
- $response = [
- 'status' => 401,
- 'error_message' => 'Username or password not correct.',
- ];
- echo ( json_encode ( $response ) );
- }
- else {
- $_SESSION [ 'user_id' ] = $row [ 'id' ];
- header ( 'Content-Type: application/json' );
- $response = [
- 'status' => 200,
- 'message' => 'Authentication succesfully executed.',
- ];
- echo ( json_encode ( $response ) );
- }
- }
- elseif ( isset ( $_GET [ 'logout' ] ) ) {
- $_SESSION = array ( );
- session_destroy ( );
- header ( "Location: " . $_SERVER [ 'SCRIPT_NAME' ] );
- }
- else {
- if ( ! isset ( $_SESSION [ 'user_id' ] ) ) {
-?>
-
-
-
- BJPHoster URL Shortener | Login
-
-
-
-
-
-
-
-
-
-
-
-get_result ( );
- $row = $result->fetch_assoc ( );
- header ( 'Content-Type: application/json' );
- $response = [
- 'status' => 200,
- 'message' => 'URL inserted correctly.',
- 'new_id' => $row [ 'count' ],
- ];
- echo ( json_encode ( $response ) );
- }
- else {
- $db_connection = db_connect ( );
- $statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
- db_execute ( $statement );
- $result = $statement->get_result ( );
- $row = $result->fetch_assoc ( );
-?>
-
-
-
- BJPHoster URL Shortener | Control Panel
-
-
-
-
-" );
+ $request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
+ if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {
+ switch ( $request [ 0 ] ) {
+ case "go":
+ if ( isset ( $request [ 1 ] ) ) {
+ $link_id = $request [ 1 ];
+ $link_id = (int) $link_id;
+ if ( ! is_int ( $link_id ) ) {
+ die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
+ }
+ $db_connection = db_connect ( );
+ $statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
+ $parameters = [
+ [ "i" ],
+ [ &$link_id ],
+ ];
+ db_bind ( $statement, $parameters );
+ db_execute ( $statement );
+ $result = $statement->get_result ( );
+ $row = $result->fetch_assoc ( );
+ if ( ! $row ) {
+ include ( 'errors/404.html' );
+ }
+ else {
+ include ( 'templates/redirect.html' );
+ echo ( '' );
+ }
+ }
+ break;
+ case "login":
+ if ( isset ( $_SESSION [ 'user_id' ] ) ) {
+ header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" );
+ exit;
+ }
+ if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
+ $username = $_POST [ 'username' ];
+ $password = $_POST [ 'password' ];
+ $db_connection = db_connect ( );
+ $statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
+ $parameters = [
+ [ "ss" ],
+ [ &$username, &$password ],
+ ];
+ db_bind ( $statement, $parameters );
+ db_execute ( $statement );
+ $result = $statement->get_result ( );
+ $row = $result->fetch_assoc ( );
+ if ( ! $row ) {
+ header ( 'Content-Type: application/json' );
+ $response = [
+ 'status' => 401,
+ 'error_message' => 'Username or password not correct.',
+ ];
+ echo ( json_encode ( $response ) );
+ }
+ else {
+ $_SESSION [ 'user_id' ] = $row [ 'id' ];
+ header ( 'Content-Type: application/json' );
+ $response = [
+ 'status' => 200,
+ 'message' => 'Authentication succesfully executed.',
+ ];
+ echo ( json_encode ( $response ) );
+ }
}
else {
- do {
- echo ( "\t\t\t" . '
' . $row [ 'ID' ] . " | " . $row [ 'URL' ] . "
\n" );
- } while ( $row = $result->fetch_assoc ( ) );
+ include ( 'templates/login.php' );
}
-?>
-
-
-
-
-
-
-
-
-get_result ( );
+ $row = $result->fetch_assoc ( );
+ header ( 'Content-Type: application/json' );
+ $response = [
+ 'status' => 200,
+ 'message' => 'URL inserted correctly.',
+ 'new_id' => $row [ 'count' ],
+ ];
+ echo ( json_encode ( $response ) );
+ }
+ else {
+ $db_connection = db_connect ( );
+ $statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
+ db_execute ( $statement );
+ $result = $statement->get_result ( );
+ $row = $result->fetch_assoc ( );
+ include ( 'templates/insert.php' );
+ }
+ break;
+ default:
+ http_response_code ( 404 );
+ echo "fuck, 404!";
+ die ( );
}
}
+ else {
+ header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
+ }
?>
diff --git a/js/insertnew.js b/js/insertnew.js
index c4320d6..efae69d 100644
--- a/js/insertnew.js
+++ b/js/insertnew.js
@@ -1,7 +1,7 @@
function urlinsert() {
var url = document.getElementById ( "form-url" ).value;
var xhr = new XMLHttpRequest ( );
- xhr.open ( "POST", 'index.php', true );
+ xhr.open ( "POST", 'insert', true );
xhr.onreadystatechange = function ( ) {
if ( xhr.readyState == XMLHttpRequest.DONE && xhr.status == 200 ) {
if (xhr.status == 200) {
@@ -28,5 +28,5 @@ function urlinsert() {
xhr.send( data );
}
function logout ( ) {
- window.location.href = script_name+"?logout";
+ window.location.href = script_name+"/logout";
}
diff --git a/js/login.js b/js/login.js
index 1d3a9fb..9dd686d 100644
--- a/js/login.js
+++ b/js/login.js
@@ -3,7 +3,7 @@ function login() {
var password = document.getElementById ( "form-password" ).value;
password = SHA512 ( password );
var xhr = new XMLHttpRequest ( );
- xhr.open ( "POST", 'index.php', true );
+ xhr.open ( "POST", 'login', true );
xhr.onreadystatechange = function ( ) {
if ( xhr.readyState == XMLHttpRequest.DONE && xhr.status == 200 ) {
if (xhr.status == 200) {
diff --git a/templates/insert.php b/templates/insert.php
new file mode 100644
index 0000000..c6f17a8
--- /dev/null
+++ b/templates/insert.php
@@ -0,0 +1,26 @@
+
+
+
+ BJPHoster URL Shortener | Control Panel
+
+
+
+
+" );
+ }
+ else {
+ do {
+ echo ( "\t\t\t" . '
' . $row [ 'ID' ] . " | " . $row [ 'URL' ] . "
\n" );
+ } while ( $row = $result->fetch_assoc ( ) );
+ }
+?>
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/templates/login.php b/templates/login.php
new file mode 100644
index 0000000..ec6ccd2
--- /dev/null
+++ b/templates/login.php
@@ -0,0 +1,15 @@
+
+
+
+ BJPHoster URL Shortener | Login
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/includes/redirect.html b/templates/redirect.html
similarity index 100%
rename from includes/redirect.html
rename to templates/redirect.html