diff --git a/r.php b/r.php
index 70ffecd..f2f056c 100644
--- a/r.php
+++ b/r.php
@@ -17,22 +17,23 @@ $result = $mysqli->query($query) or showerror();
$row = mysqli_fetch_assoc($result);
-
-if (!$row['rurl']) {
+if (!isset($row['rurl']) || strlen($row['rurl']) < 1) {
header("Location: 404.php", true, 302);
+ die();
}
if (strtolower($row['rurl']) == "disabled") {
require_once 'layout-headerlg.php';
echo "The link you are trying to reach has been disabled.
"
. "Sorry for the inconvienience.";
require_once 'layout-footerlg.php';
+ die();
}
$lkey = @$row['lkey'];
-if (strlen($lkey)>1) {
- // Key needed? Check for it
+if (strlen($lkey) > 1) {
+ // check for key
$sent_lkey = isset($_GET[$lkey]);
if ($sent_lkey) {
- // yup, right key...continue on
+ // correct key
}
else {
require_once('layout-headerlg.php');
diff --git a/stats.php b/stats.php
index 2310b47..7b85494 100644
--- a/stats.php
+++ b/stats.php
@@ -7,18 +7,24 @@ if (is_string($_GET['bv']) && ctype_alnum($_GET['bv'])) {
require_once 'layout-footerlg.php';
die();
}
-$query = "SELECT `clicks`,`country`,`rurl` FROM redirinfo WHERE baseval='{$bv}';";
+$query = "SELECT `clicks`,`country`,`rurl`,`lkey` FROM redirinfo WHERE baseval='{$bv}';";
$result = $mysqli->query($query);
$row = mysqli_fetch_assoc($result);
-if(!$row) {
+
+if(isset($row['lkey']) == true && strlen($row['lkey']) > 0) {
+ echo "Cannot show stats for a secret URL
";
+ die();
+}
+if(!isset($row)) {
echo "404 Not Found";
- require_once 'layout-footerlg.php';die();
+ require_once 'layout-footerlg.php';
+ die();
}
-if(!$row['user']) {
+if(!isset($row['user']) || strlen($row['user']) < 1) {
$row['user'] = 'Anonymous';
}
-if(!$row['country']) {
+if(!isset($row['country']) || strlen($row['country']) < 1) {
$row['country'] = 'Unknown';
}