129 lines
6.0 KiB
PHP
129 lines
6.0 KiB
PHP
<?php
|
|
session_start ( );
|
|
require_once ( 'config.php' );
|
|
require_once ( 'functions.php' );
|
|
$request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
|
|
if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {
|
|
switch ( $request [ 0 ] ) {
|
|
case "go":
|
|
if ( isset ( $request [ 1 ] ) ) {
|
|
$link_id = $request [ 1 ];
|
|
if ( ! ctype_digit ( $link_id ) ) {
|
|
die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
|
|
}
|
|
$link_id = (int) $link_id;
|
|
$db_connection = db_connect ( );
|
|
$statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
|
|
$parameters = [
|
|
[ "i" ],
|
|
[ &$link_id ],
|
|
];
|
|
db_bind ( $statement, $parameters );
|
|
db_execute ( $statement );
|
|
$result = $statement->get_result ( );
|
|
$row = $result->fetch_assoc ( );
|
|
if ( ! $row ) {
|
|
http_response_code ( 404 );
|
|
include ( 'errors/404.html' );
|
|
exit;
|
|
}
|
|
else {
|
|
include ( 'templates/redirect.html' );
|
|
echo ( '<script>var my_location = "' . $row [ 'URL' ] . '";</script>' );
|
|
}
|
|
}
|
|
else {
|
|
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) );
|
|
}
|
|
break;
|
|
case "login":
|
|
if ( isset ( $_SESSION [ 'user_id' ] ) ) {
|
|
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" );
|
|
exit;
|
|
}
|
|
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
|
|
$username = $_POST [ 'username' ];
|
|
$password = $_POST [ 'password' ];
|
|
$db_connection = db_connect ( );
|
|
$statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
|
|
$parameters = [
|
|
[ "ss" ],
|
|
[ &$username, &$password ],
|
|
];
|
|
db_bind ( $statement, $parameters );
|
|
db_execute ( $statement );
|
|
$result = $statement->get_result ( );
|
|
$row = $result->fetch_assoc ( );
|
|
if ( ! $row ) {
|
|
header ( 'Content-Type: application/json' );
|
|
$response = [
|
|
'status' => 401,
|
|
'error_message' => 'Username or password not correct.',
|
|
];
|
|
echo ( json_encode ( $response ) );
|
|
}
|
|
else {
|
|
$_SESSION [ 'user_id' ] = $row [ 'id' ];
|
|
header ( 'Content-Type: application/json' );
|
|
$response = [
|
|
'status' => 200,
|
|
'message' => 'Authentication succesfully executed.',
|
|
];
|
|
echo ( json_encode ( $response ) );
|
|
}
|
|
}
|
|
else {
|
|
include ( 'templates/login.php' );
|
|
}
|
|
break;
|
|
case "logout":
|
|
$_SESSION = array ( );
|
|
session_destroy ( );
|
|
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/" );
|
|
break;
|
|
case "insert":
|
|
if ( ! isset ( $_SESSION [ 'user_id' ] ) ) {
|
|
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
|
|
}
|
|
if ( isset ( $_POST [ 'url' ] ) ) {
|
|
$url = $_POST [ 'url' ];
|
|
$db_connection = db_connect ( );
|
|
$statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
|
|
$parameters = [
|
|
[ "s" ],
|
|
[ &$url ],
|
|
];
|
|
db_bind ( $statement, $parameters );
|
|
db_execute ( $statement );
|
|
$statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;");
|
|
db_execute ( $statement );
|
|
$result = $statement->get_result ( );
|
|
$row = $result->fetch_assoc ( );
|
|
header ( 'Content-Type: application/json' );
|
|
$response = [
|
|
'status' => 200,
|
|
'message' => 'URL inserted correctly.',
|
|
'new_id' => $row [ 'count' ],
|
|
];
|
|
echo ( json_encode ( $response ) );
|
|
}
|
|
else {
|
|
$db_connection = db_connect ( );
|
|
$statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
|
|
db_execute ( $statement );
|
|
$result = $statement->get_result ( );
|
|
$row = $result->fetch_assoc ( );
|
|
include ( 'templates/insert.php' );
|
|
}
|
|
break;
|
|
default:
|
|
http_response_code ( 404 );
|
|
include ( 'errors/404.html' );
|
|
die ( );
|
|
}
|
|
}
|
|
else {
|
|
header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/login" );
|
|
}
|
|
?>
|