OpenShorte.old/index.php

<?php
    session_start ( );
    require_once ( 'config.php' );
    require_once ( 'functions.php' );
    $request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
    if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {
        switch ( $request [ 0 ] ) {
            case "go":
                if ( isset ( $request [ 1 ] ) ) {
                    $link_id = $request [ 1 ];
                    $link_id = (int) $link_id;
                    if ( ! is_int ( $link_id ) ) {
                        die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
                    }
                    $db_connection = db_connect ( );
                    $statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
                    $parameters = [
                        [ "i" ],
                        [ &$link_id ],
                    ];
                    db_bind ( $statement, $parameters );
                    db_execute ( $statement );
                    $result = $statement->get_result ( );
                    $row = $result->fetch_assoc ( );
                    if ( ! $row ) {
                        include ( 'errors/404.html' );
                    }
                    else {
                        include ( 'templates/redirect.html' );
                        echo ( '<script>var my_location = "' . $row [ 'URL' ] . '";</script>' );
                    }
                }
                break;
            case "login":
                if ( isset ( $_SESSION [ 'user_id' ] ) ) {
                    header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" );
                    exit;
                }
                if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
                    $username = $_POST [ 'username' ];
                    $password = $_POST [ 'password' ];
                    $db_connection = db_connect ( );
                    $statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
                    $parameters = [
                        [ "ss" ],
                        [ &$username, &$password ],
                    ];
                    db_bind ( $statement, $parameters );
                    db_execute ( $statement );
                    $result = $statement->get_result ( );
                    $row = $result->fetch_assoc ( );
                    if ( ! $row ) {
                        header ( 'Content-Type: application/json' );
                        $response = [
                            'status' => 401,
                            'error_message' => 'Username or password not correct.',
                        ];
                        echo ( json_encode ( $response ) );
                    }
                    else {
                        $_SESSION [ 'user_id' ] = $row [ 'id' ];
                        header ( 'Content-Type: application/json' );
                        $response = [
                            'status' => 200,
                            'message' => 'Authentication succesfully executed.',
                        ];
                        echo ( json_encode ( $response ) );
                    }
                }
                else {
                    include ( 'templates/login.php' );
                }
                break;
            case "logout":
                $_SESSION = array ( );
                session_destroy ( );
                header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) );
                break;
            case "insert":
                if ( ! isset ( $_SESSION [ 'user_id' ] ) ) {
                    header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
                }
                if ( isset ( $_POST [ 'url' ] ) ) {
                    $url = $_POST [ 'url' ];
                    $db_connection = db_connect ( );
                    $statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
                    $parameters = [
                        [ "s" ],
                        [ &$url ],
                    ];
                    db_bind ( $statement, $parameters );
                    db_execute ( $statement );
                    $statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;");
                    db_execute ( $statement );
                    $result = $statement->get_result ( );
                    $row = $result->fetch_assoc ( );
                    header ( 'Content-Type: application/json' );
                    $response = [
                        'status' => 200,
                        'message' => 'URL inserted correctly.',
                        'new_id' => $row [ 'count' ],
                    ];
                    echo ( json_encode ( $response ) );
                }
                else {
                    $db_connection = db_connect ( );
                    $statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
                    db_execute ( $statement );
                    $result = $statement->get_result ( );
                    $row = $result->fetch_assoc ( );
                    include ( 'templates/insert.php' );
                }
                break;
            default:
                http_response_code ( 404 );
                echo "fuck, 404!";
                die ( );
        }
    }
    else {
        header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
    }
?>