From 7acb2ca53382ee734579ce2b6887ef87bdbc0dc5 Mon Sep 17 00:00:00 2001 From: Bryan Pedini Date: Thu, 7 Feb 2019 12:36:44 +0100 Subject: [PATCH] Refactored the website Renamed "includes" to "templates" Added .htaccess to redirect requests to index.php Added function to split request URL into array Corrected locations in scripts and pages --- .htaccess | 3 + functions.php | 13 ++ index.php | 248 ++++++++++++-------------- js/insertnew.js | 4 +- js/login.js | 2 +- templates/insert.php | 26 +++ templates/login.php | 15 ++ {includes => templates}/redirect.html | 0 8 files changed, 173 insertions(+), 138 deletions(-) create mode 100644 .htaccess create mode 100644 templates/insert.php create mode 100644 templates/login.php rename {includes => templates}/redirect.html (100%) diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..0517bba --- /dev/null +++ b/.htaccess @@ -0,0 +1,3 @@ +RewriteEngine on +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^(.*)$ index.php?query=$1 [L,QSA] \ No newline at end of file diff --git a/functions.php b/functions.php index f99cc20..417b44f 100644 --- a/functions.php +++ b/functions.php @@ -24,4 +24,17 @@ die ( "Execute failed: (" . $statement->errno . ") " . $statement->error ); } } + function split_uri_array ( string $php_self, string $request_uri ) : Array { + $uri = substr ( $request_uri, strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ), strlen ( $request_uri ) - strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ) ); + $arr = Array ( ); + $last_arg_pos = 0; + for ( $i = 1; $i < ( strlen ( $uri ) ) - 1; $i ++ ) { + if ( substr ( $uri, $i, 1 ) == "/" && substr ( $uri, $i + 1, 1 ) != "/" && substr ( $uri, $i - 1, 1 ) != "/" ) { + $arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos); + $last_arg_pos = $i + 1; + } + } + $arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos + 1); + return $arr; + } ?> diff --git a/index.php b/index.php index 6452758..e605204 100644 --- a/index.php +++ b/index.php @@ -2,144 +2,122 @@ session_start ( ); require_once ( 'config.php' ); require_once ( 'functions.php' ); - if ( isset ( $_GET [ 'go' ] ) ) { - $link_id = $_GET [ 'go' ]; - $link_id = (int) $link_id; - if ( ! is_int ( $link_id ) ) { - die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" ); - } - $db_connection = db_connect ( ); - $statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" ); - $parameters = [ - [ "i" ], - [ &$link_id ], - ]; - db_bind ( $statement, $parameters ); - db_execute ( $statement ); - $result = $statement->get_result ( ); - $row = $result->fetch_assoc ( ); - if ( ! $row ) { - include ( 'errors/404.html' ); - } - else { - include ( 'includes/redirect.html' ); - echo ( '' ); - } - } - elseif ( isset ( $_REQUEST [ 'username' ] ) && isset ( $_REQUEST [ 'password' ] ) ) { - $username = $_REQUEST [ 'username' ]; - $password = $_REQUEST [ 'password' ]; - $db_connection = db_connect ( ); - $statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" ); - $parameters = [ - [ "ss" ], - [ &$username, &$password ], - ]; - db_bind ( $statement, $parameters ); - db_execute ( $statement ); - $result = $statement->get_result ( ); - $row = $result->fetch_assoc ( ); - if ( ! $row ) { - header ( 'Content-Type: application/json' ); - $response = [ - 'status' => 401, - 'error_message' => 'Username or password not correct.', - ]; - echo ( json_encode ( $response ) ); - } - else { - $_SESSION [ 'user_id' ] = $row [ 'id' ]; - header ( 'Content-Type: application/json' ); - $response = [ - 'status' => 200, - 'message' => 'Authentication succesfully executed.', - ]; - echo ( json_encode ( $response ) ); - } - } - elseif ( isset ( $_GET [ 'logout' ] ) ) { - $_SESSION = array ( ); - session_destroy ( ); - header ( "Location: " . $_SERVER [ 'SCRIPT_NAME' ] ); - } - else { - if ( ! isset ( $_SESSION [ 'user_id' ] ) ) { -?> - - - - BJPHoster URL Shortener | Login - - -
-
-
-
- - - - - -get_result ( ); - $row = $result->fetch_assoc ( ); - header ( 'Content-Type: application/json' ); - $response = [ - 'status' => 200, - 'message' => 'URL inserted correctly.', - 'new_id' => $row [ 'count' ], - ]; - echo ( json_encode ( $response ) ); - } - else { - $db_connection = db_connect ( ); - $statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] ); - db_execute ( $statement ); - $result = $statement->get_result ( ); - $row = $result->fetch_assoc ( ); -?> - - - - BJPHoster URL Shortener | Control Panel - - - -
-" ); + $request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] ); + if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) { + switch ( $request [ 0 ] ) { + case "go": + if ( isset ( $request [ 1 ] ) ) { + $link_id = $request [ 1 ]; + $link_id = (int) $link_id; + if ( ! is_int ( $link_id ) ) { + die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" ); + } + $db_connection = db_connect ( ); + $statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" ); + $parameters = [ + [ "i" ], + [ &$link_id ], + ]; + db_bind ( $statement, $parameters ); + db_execute ( $statement ); + $result = $statement->get_result ( ); + $row = $result->fetch_assoc ( ); + if ( ! $row ) { + include ( 'errors/404.html' ); + } + else { + include ( 'templates/redirect.html' ); + echo ( '' ); + } + } + break; + case "login": + if ( isset ( $_SESSION [ 'user_id' ] ) ) { + header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" ); + exit; + } + if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) { + $username = $_POST [ 'username' ]; + $password = $_POST [ 'password' ]; + $db_connection = db_connect ( ); + $statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" ); + $parameters = [ + [ "ss" ], + [ &$username, &$password ], + ]; + db_bind ( $statement, $parameters ); + db_execute ( $statement ); + $result = $statement->get_result ( ); + $row = $result->fetch_assoc ( ); + if ( ! $row ) { + header ( 'Content-Type: application/json' ); + $response = [ + 'status' => 401, + 'error_message' => 'Username or password not correct.', + ]; + echo ( json_encode ( $response ) ); + } + else { + $_SESSION [ 'user_id' ] = $row [ 'id' ]; + header ( 'Content-Type: application/json' ); + $response = [ + 'status' => 200, + 'message' => 'Authentication succesfully executed.', + ]; + echo ( json_encode ( $response ) ); + } } else { - do { - echo ( "\t\t\t" . '
' . $row [ 'ID' ] . " | " . $row [ 'URL' ] . "
\n" ); - } while ( $row = $result->fetch_assoc ( ) ); + include ( 'templates/login.php' ); } -?> -
- -
-
- - - - -get_result ( ); + $row = $result->fetch_assoc ( ); + header ( 'Content-Type: application/json' ); + $response = [ + 'status' => 200, + 'message' => 'URL inserted correctly.', + 'new_id' => $row [ 'count' ], + ]; + echo ( json_encode ( $response ) ); + } + else { + $db_connection = db_connect ( ); + $statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] ); + db_execute ( $statement ); + $result = $statement->get_result ( ); + $row = $result->fetch_assoc ( ); + include ( 'templates/insert.php' ); + } + break; + default: + http_response_code ( 404 ); + echo "fuck, 404!"; + die ( ); } } + else { + header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" ); + } ?> diff --git a/js/insertnew.js b/js/insertnew.js index c4320d6..efae69d 100644 --- a/js/insertnew.js +++ b/js/insertnew.js @@ -1,7 +1,7 @@ function urlinsert() { var url = document.getElementById ( "form-url" ).value; var xhr = new XMLHttpRequest ( ); - xhr.open ( "POST", 'index.php', true ); + xhr.open ( "POST", 'insert', true ); xhr.onreadystatechange = function ( ) { if ( xhr.readyState == XMLHttpRequest.DONE && xhr.status == 200 ) { if (xhr.status == 200) { @@ -28,5 +28,5 @@ function urlinsert() { xhr.send( data ); } function logout ( ) { - window.location.href = script_name+"?logout"; + window.location.href = script_name+"/logout"; } diff --git a/js/login.js b/js/login.js index 1d3a9fb..9dd686d 100644 --- a/js/login.js +++ b/js/login.js @@ -3,7 +3,7 @@ function login() { var password = document.getElementById ( "form-password" ).value; password = SHA512 ( password ); var xhr = new XMLHttpRequest ( ); - xhr.open ( "POST", 'index.php', true ); + xhr.open ( "POST", 'login', true ); xhr.onreadystatechange = function ( ) { if ( xhr.readyState == XMLHttpRequest.DONE && xhr.status == 200 ) { if (xhr.status == 200) { diff --git a/templates/insert.php b/templates/insert.php new file mode 100644 index 0000000..c6f17a8 --- /dev/null +++ b/templates/insert.php @@ -0,0 +1,26 @@ + + + + BJPHoster URL Shortener | Control Panel + + + +
+" ); + } + else { + do { + echo ( "\t\t\t" . '
' . $row [ 'ID' ] . " | " . $row [ 'URL' ] . "
\n" ); + } while ( $row = $result->fetch_assoc ( ) ); + } +?> +
+ +
+
+ + + + \ No newline at end of file diff --git a/templates/login.php b/templates/login.php new file mode 100644 index 0000000..ec6ccd2 --- /dev/null +++ b/templates/login.php @@ -0,0 +1,15 @@ + + + + BJPHoster URL Shortener | Login + + +
+
+
+
+ + + + + \ No newline at end of file diff --git a/includes/redirect.html b/templates/redirect.html similarity index 100% rename from includes/redirect.html rename to templates/redirect.html