-
Notifications
You must be signed in to change notification settings - Fork 1
/
index.php
255 lines (217 loc) · 6.45 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
<?php
/*
Basic remake of YOURLS, but procedural and just one file!
© Pablo A. Navarro (@panreyes) 2021
License: MIT. https://github.com/YOURLS/YOURLS/blob/master/LICENSE
INSTALLATION:
- Configure MySQL parameters
- Read API usage's first line :)
API Usage (GET parameters):
+ Installation: ?action=install&secret={SECRET}
+ Add/Update: ?action=add&secret={SECRET}&keyword={KEYWORD}&url={URL}&title={TITLE}
+ Delete: ?action=delete&secret={SECRET}&keyword={KEYWORD}
+ Dump list (CSV): ?action=list&secret={SECRET}
*/
// MySQL parameters:
$mysql_host="localhost";
$mysql_database="";
$mysql_user="";
$mysql_password="";
$secret="";
// API to add new redirections
if(isset($_GET['secret']) and isset($_GET['action'])){
if($_GET['secret']==$secret){
switch($_GET['action']){
case "install":
install();
break;
case "add":
add_redirection();
break;
case "delete":
delete_redirection();
break;
case "list":
list_redirections();
break;
default:
die("?");
break;
}
}
die("?");
} elseif(!empty($_SERVER['REQUEST_URI'])){
do_redirect();
} else {
die("Oh, hi Mark!");
}
function do_redirect(){
// We parse and check that the keyword is made of only alphanumeric characters, underscores and hyphens
$keyword=clean_keyword($_SERVER['REQUEST_URI']);
if(!check_keyword($keyword)){
fail();
}
// Query URL and redirect
$result = do_query('SELECT url FROM yourls_url WHERE keyword = "'.$keyword.'"');
$data = mysqli_fetch_assoc($result);
if (!empty($data['url'])) {
if(strpos($data['url'],"http://")===false and strpos($data['url'],"https://")===false){
$data['url']="https://".$data['url'];
}
// Update click counter
do_query('UPDATE yourls_url SET clicks = (@cur_value := clicks) + 1 WHERE keyword = "'.$keyword.'"');
// Redirecting!
header("Location: ".$data['url']);
exit;
} else {
fail();
}
}
function connect_mysql(){
global $link,$mysql_host,$mysql_user,$mysql_password,$mysql_database;
// Connect MySQL
$link = mysqli_connect($mysql_host,$mysql_user,$mysql_password,$mysql_database);
if (!$link) {
fail();
}
}
function fail(){
//header("Location: https://www.google.es");
die("Invalid redirection.");
}
function clean_keyword($keyword){
$keyword=ltrim($keyword,"/");
$keyword=rtrim($keyword,"/");
if(strlen($keyword)>100){
die("Error: Keyword too long.");
}
return $keyword;
}
function check_keyword($keyword){
$keyword=rtrim($keyword,"/");
$keyword=str_replace("_","",$keyword);
$keyword=str_replace("-","",$keyword);
if(!ctype_alnum($keyword)){
return false;
}
return true;
}
function add_redirection(){
if(!isset($_GET['keyword']) or !isset($_GET['url']) or !isset($_GET['title'])){
die("Error: Missing parameters.");
}
//Sanitize keyword parameter (no need to sanitize MySQL, ctype_alnum will already filter anything strange)
$keyword=clean_keyword($_GET['keyword']);
if(!check_keyword($keyword)){
die("Error: Invalid keyword.");
}
// Sanitize URL parameter
$url=sanitize_sql($_GET['url']);
if(strpos($url,"http://")===false and strpos($url,"https://")===false){
$url="https://".$url;
}
if(!filter_var($url, FILTER_VALIDATE_URL)){
die("Error: Invalid URL.");
}
//Sanitize title
$title=sanitize_sql($_GET['title']);
// Insert or update redirection
$query='INSERT INTO yourls_url(keyword,url,title,ip)
VALUES("'.$keyword.'","'.$url.'","'.$title.'","'.$_SERVER['REMOTE_ADDR'].'")
ON DUPLICATE KEY UPDATE url = "'.$url.'", title = "'.$title.'"';
$result=do_query($query);
if(!$result){
die("SQL Error in Query: ".$query);
} else {
die("Success! Share this URL: https://".$_SERVER['SERVER_NAME']."/".$keyword);
}
}
function delete_redirection(){
if(!isset($_GET['keyword'])){
die("Error: Missing parameters.");
}
// Sanitize keyword parameter (no need to sanitize MySQL, ctype_alnum will already filter anything strange)
$keyword=clean_keyword($_GET['keyword']);
if(!check_keyword($keyword)){
die("Error: Invalid keyword.");
}
// Insert or update redirection
$query='DELETE FROM yourls_url WHERE keyword = "'.$keyword.'"';
$result=do_query($query);
if(!$result){
die("SQL Error in Query: ".$query);
} else {
die("Success! (If it existed) Redirection deleted: ".$keyword);
}
}
function list_redirections(){
$query='SELECT keyword,url,title,timestamp,ip,clicks FROM yourls_url ORDER BY keyword ASC';
$result=do_query($query);
if(!$result){
die("SQL Error in Query: ".$query);
} else {
echo '<table border="1"><tr><th>keyword<th>url<th>title<th>timestamp<th>ip<th>clicks';
while($redirection=mysqli_fetch_assoc($result)){
echo '<tr><td>'.implode('<td>',$redirection);
}
echo '</table>';
exit;
}
}
function sanitize_sql($text){
global $link;
if(!$link){
connect_mysql();
}
return mysqli_real_escape_string($link,$text);
}
function do_query($query){
global $link;
if(!$link){
connect_mysql();
}
return mysqli_query($link,$query);
}
function install(){
// Creating .htaccess
$htaccess = '# BEGIN YOURLS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /index.php [L]
</IfModule>
# END YOURLS';
file_put_contents(".htaccess",$htaccess);
// Checking if the table already exists
$result=do_query('SELECT COUNT(keyword) FROM yourls_url');
if($result){
die("Error: Already installed!");
}
// Creating table
$query='CREATE TABLE yourls_url (
keyword varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL DEFAULT "",
url text CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,
title text COLLATE utf8mb4_unicode_ci,
timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
ip varchar(41) COLLATE utf8mb4_unicode_ci NOT NULL,
clicks int(10) UNSIGNED NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;';
$result=do_query($query);
if(!$result){
die("Could not install: Error creating table.");
}
// Altering table
$query='ALTER TABLE yourls_url
ADD PRIMARY KEY (keyword),
ADD UNIQUE KEY keyword (keyword),
ADD KEY ip (ip),
ADD KEY timestamp (timestamp);';
do_query($query);
if(!$result){
die("Could not install: Error altering table.");
}
die("Congrats! Installation succesful!");
}
?>