<?php session_start ( ); require_once ( 'config.php' ); require_once ( 'functions.php' ); $request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] ); if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) { switch ( $request [ 0 ] ) { case "go": if ( isset ( $request [ 1 ] ) ) { $link_id = $request [ 1 ]; $link_id = (int) $link_id; if ( ! is_int ( $link_id ) ) { die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" ); } $db_connection = db_connect ( ); $statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" ); $parameters = [ [ "i" ], [ &$link_id ], ]; db_bind ( $statement, $parameters ); db_execute ( $statement ); $result = $statement->get_result ( ); $row = $result->fetch_assoc ( ); if ( ! $row ) { http_response_code ( 404 ); include ( 'errors/404.html' ); exit; } else { include ( 'templates/redirect.html' ); echo ( '<script>var my_location = "' . $row [ 'URL' ] . '";</script>' ); } } else { header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) ); } break; case "login": if ( isset ( $_SESSION [ 'user_id' ] ) ) { header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" ); exit; } if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) { $username = $_POST [ 'username' ]; $password = $_POST [ 'password' ]; $db_connection = db_connect ( ); $statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" ); $parameters = [ [ "ss" ], [ &$username, &$password ], ]; db_bind ( $statement, $parameters ); db_execute ( $statement ); $result = $statement->get_result ( ); $row = $result->fetch_assoc ( ); if ( ! $row ) { header ( 'Content-Type: application/json' ); $response = [ 'status' => 401, 'error_message' => 'Username or password not correct.', ]; echo ( json_encode ( $response ) ); } else { $_SESSION [ 'user_id' ] = $row [ 'id' ]; header ( 'Content-Type: application/json' ); $response = [ 'status' => 200, 'message' => 'Authentication succesfully executed.', ]; echo ( json_encode ( $response ) ); } } else { include ( 'templates/login.php' ); } break; case "logout": $_SESSION = array ( ); session_destroy ( ); header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) ); break; case "insert": if ( ! isset ( $_SESSION [ 'user_id' ] ) ) { header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" ); } if ( isset ( $_POST [ 'url' ] ) ) { $url = $_POST [ 'url' ]; $db_connection = db_connect ( ); $statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" ); $parameters = [ [ "s" ], [ &$url ], ]; db_bind ( $statement, $parameters ); db_execute ( $statement ); $statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;"); db_execute ( $statement ); $result = $statement->get_result ( ); $row = $result->fetch_assoc ( ); header ( 'Content-Type: application/json' ); $response = [ 'status' => 200, 'message' => 'URL inserted correctly.', 'new_id' => $row [ 'count' ], ]; echo ( json_encode ( $response ) ); } else { $db_connection = db_connect ( ); $statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] ); db_execute ( $statement ); $result = $statement->get_result ( ); $row = $result->fetch_assoc ( ); include ( 'templates/insert.php' ); } break; default: http_response_code ( 404 ); include ( 'errors/404.html' ); die ( ); } } else { header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" ); } ?>