mirror of
https://github.com/cydrobolt/polr.git
synced 2024-09-19 23:21:47 +02:00
Clean up some code
This commit is contained in:
parent
f9b6edb0af
commit
b49fb48c9d
47
api.php
47
api.php
@ -16,12 +16,12 @@
|
|||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Reference:
|
* API Reference:
|
||||||
* Request Vars Listing:
|
* POST/GET arguments:
|
||||||
* ReqEndpoint: url - the url to perform action on
|
* Required: url - the url to perform action on
|
||||||
* ReqEndpoint: apikey - the APIKey provided for authentication
|
* Required: apikey - the APIKey provided for authentication
|
||||||
* ReqEndpoint: action - action to perform, either lookup or shorten
|
* Required: action - action to perform, either lookup or shorten
|
||||||
* OptEndpoint: temp - whether the URL is temporary or not
|
* Optional: temp - whether to treat the URL as temporary or not
|
||||||
*/
|
*/
|
||||||
$reqargs['nosession'] = true;
|
$reqargs['nosession'] = true;
|
||||||
require_once('lib-core.php'); //Fetch Config
|
require_once('lib-core.php'); //Fetch Config
|
||||||
@ -32,7 +32,7 @@ if (!strstr($_REQUEST['url'], $protocol)) {
|
|||||||
$urlr = "http" . $protocol . $_REQUEST['url']; //add http:// if :// not there
|
$urlr = "http" . $protocol . $_REQUEST['url']; //add http:// if :// not there
|
||||||
}
|
}
|
||||||
|
|
||||||
// $dnsbl = new dnsbl(); //create a gsb object
|
// $dnsbl = new dnsbl(); //create a Google Safe Browsing object
|
||||||
|
|
||||||
if (is_string($_REQUEST['apikey']) && is_string($_REQUEST['action']) && is_string($_REQUEST['url'])) {
|
if (is_string($_REQUEST['apikey']) && is_string($_REQUEST['action']) && is_string($_REQUEST['url'])) {
|
||||||
$apikey = $mysqli->real_escape_string($_REQUEST['apikey']); //Sanitize input
|
$apikey = $mysqli->real_escape_string($_REQUEST['apikey']); //Sanitize input
|
||||||
@ -43,7 +43,7 @@ if (is_string($_REQUEST['apikey']) && is_string($_REQUEST['action']) && is_strin
|
|||||||
die("Error: No value specified, or wrong data type.");
|
die("Error: No value specified, or wrong data type.");
|
||||||
}
|
}
|
||||||
|
|
||||||
//checking API key:
|
// Check API key
|
||||||
$query = "SELECT `valid`,`quota` FROM `api` WHERE apikey='{$apikey}'";
|
$query = "SELECT `valid`,`quota` FROM `api` WHERE apikey='{$apikey}'";
|
||||||
$result = $mysqli->query($query) or showerror();
|
$result = $mysqli->query($query) or showerror();
|
||||||
$validrow = mysqli_fetch_assoc($result);
|
$validrow = mysqli_fetch_assoc($result);
|
||||||
@ -56,25 +56,27 @@ if (!$validrow['valid']) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!$api_key_valid) {
|
if (!$api_key_valid) {
|
||||||
header("HTTP/1.0 401 Unauthorized"); //Access denied - invalid key
|
header("HTTP/1.0 401 Unauthorized"); // Invalid key received
|
||||||
die('401 Unauthorized');
|
die('401 Unauthorized');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!filter_var($url_api, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED) && $action != "lookup") {
|
if (!filter_var($url_api, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED) && $action != "lookup") {
|
||||||
header("HTTP/1.0 400 Bad Request");
|
header("HTTP/1.0 400 Bad Request");
|
||||||
echo "Error: URL is not valid"; //URL not well formatted, but allow if action is lookup
|
echo "Error: URL is not valid"; // URL not well formatted, but allow if action is lookup
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
//Check if URL given is malware/phishing
|
|
||||||
|
// Check URL against Google Safe Browsing
|
||||||
|
|
||||||
/*
|
/*
|
||||||
$isbl = $dnsbl->isbl($url_api);
|
$isbl = $dnsbl->isbl($url_api);
|
||||||
if ($isbl === "malware" || $isbl === "phishing") {
|
if ($isbl === "malware" || $isbl === "phishing") {
|
||||||
header("HTTP/1.0 401 Unauthorized");
|
header("HTTP/1.0 401 Unauthorized");
|
||||||
echo "Polr does not shorten potentially malicious URLs"; //If link tests positive to possible malware/phish, then block
|
echo "Polr does not shorten potentially malicious URLs";
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function lookup($urltl) {
|
function lookup($urltl) {
|
||||||
global $mysqli;
|
global $mysqli;
|
||||||
$val = $mysqli->real_escape_string($urltl);
|
$val = $mysqli->real_escape_string($urltl);
|
||||||
@ -85,7 +87,11 @@ function lookup($urltl) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function exquota($apikey, $quota) {
|
function exquota($apikey, $quota) {
|
||||||
|
/*
|
||||||
|
Check if a user is exceeding their allocated quota.
|
||||||
|
Returns false if they are not exeeding their quota, or
|
||||||
|
true if they are past their quota.
|
||||||
|
*/
|
||||||
if ($quota < 1) {
|
if ($quota < 1) {
|
||||||
return false; // if quota is negative, then no quota
|
return false; // if quota is negative, then no quota
|
||||||
}
|
}
|
||||||
@ -94,12 +100,13 @@ function exquota($apikey, $quota) {
|
|||||||
$last_min = time()-60;
|
$last_min = time()-60;
|
||||||
$query = "SELECT `rurl` FROM `redirinfo` WHERE user='APIKEY-{$apikey}' AND UNIX_TIMESTAMP(date) > $last_min;";
|
$query = "SELECT `rurl` FROM `redirinfo` WHERE user='APIKEY-{$apikey}' AND UNIX_TIMESTAMP(date) > $last_min;";
|
||||||
$result = $mysqli->query($query) or showerror();
|
$result = $mysqli->query($query) or showerror();
|
||||||
$total_queries = $mysqli->affected_rows; //get the amount of queries in the past minute
|
$total_queries = $mysqli->affected_rows; // get the amount of new URLs created in the past minute
|
||||||
$query = "SELECT `rurl` FROM `redirinfo-temp` WHERE user='APIKEY-{$apikey}' AND UNIX_TIMESTAMP(date) > $last_min;";
|
$query = "SELECT `rurl` FROM `redirinfo-temp` WHERE user='APIKEY-{$apikey}' AND UNIX_TIMESTAMP(date) > $last_min;";
|
||||||
$result = $mysqli->query($query) or showerror();
|
$result = $mysqli->query($query) or showerror();
|
||||||
$total_queries_temp = $mysqli->affected_rows; //get the amount of queries to temp in the past minute
|
$total_queries_temp = $mysqli->affected_rows;
|
||||||
|
|
||||||
if (($total_queries+$total_queries_temp) >= $quota) {
|
if (($total_queries+$total_queries_temp) >= $quota) {
|
||||||
return true; // if met/exeeding quota
|
return true;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return false;
|
return false;
|
||||||
@ -114,7 +121,7 @@ function shorten($urlr, $t = 'false') {
|
|||||||
global $ip;
|
global $ip;
|
||||||
|
|
||||||
$protocol = '://';
|
$protocol = '://';
|
||||||
$isshort = array('polr.cf', 'bit.ly', 'is.gd', 'tiny.cc', 'adf.ly', 'ur1.ca', 'goo.gl', 'ow.ly', 'j.mp', 't.co');
|
$isshort = array('polr.me', 'bit.ly', 'is.gd', 'tiny.cc', 'adf.ly', 'ur1.ca', 'goo.gl', 'ow.ly', 'j.mp', 't.co');
|
||||||
foreach ($isshort as $url_shorteners) {
|
foreach ($isshort as $url_shorteners) {
|
||||||
if (strstr($urlr, $protocol . $url_shorteners)) {
|
if (strstr($urlr, $protocol . $url_shorteners)) {
|
||||||
header("HTTP/1.0 400 Bad Request");
|
header("HTTP/1.0 400 Bad Request");
|
||||||
@ -155,15 +162,13 @@ function shorten($urlr, $t = 'false') {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
* One last check!
|
* Check whether the user is exceeding his quota
|
||||||
* See whether the user is exceeding his quota
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$isexeeding = exquota($apikey, $userquota);
|
$isexeeding = exquota($apikey, $userquota);
|
||||||
if ($isexeeding) {
|
if ($isexeeding) {
|
||||||
header("HTTP/1.0 503 Service Unavailable");
|
header("HTTP/1.0 503 Service Unavailable");
|
||||||
die('Hey, slow down! Exeeding your perminute quota. Try again in around a minute.');
|
die('Hey, slow down! Exeeding your per minute quota. Try again in around a minute.');
|
||||||
// don't let them shorten :>
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// API execute actions. Promised, no more checks :)
|
// API execute actions. Promised, no more checks :)
|
||||||
|
Loading…
Reference in New Issue
Block a user