Alex/polr
1
0
Fork 0
mirror of https://github.com/cydrobolt/polr.git synced 2024-09-19 23:21:47 +02:00
Code Issues Releases Wiki Activity

Clean up some code

Browse Source
This commit is contained in:
Chaoyi Zha 2015-09-13 12:58:43 -04:00
parent f9b6edb0af
commit b49fb48c9d
1 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
api.php
View File

@ -16,12 +16,12 @@
/* /*
* Reference: * API Reference:
* Request Vars Listing: * POST/GET arguments:
* ReqEndpoint: url - the url to perform action on * Required: url - the url to perform action on
* ReqEndpoint: apikey - the APIKey provided for authentication * Required: apikey - the APIKey provided for authentication
* ReqEndpoint: action - action to perform, either lookup or shorten * Required: action - action to perform, either lookup or shorten
* OptEndpoint: temp - whether the URL is temporary or not * Optional: temp - whether to treat the URL as temporary or not
*/ */
$reqargs['nosession'] = true; $reqargs['nosession'] = true;
require_once('lib-core.php'); //Fetch Config require_once('lib-core.php'); //Fetch Config
@ -32,7 +32,7 @@ if (!strstr($_REQUEST['url'], $protocol)) {
$urlr = "http" . $protocol . $_REQUEST['url']; //add http:// if :// not there $urlr = "http" . $protocol . $_REQUEST['url']; //add http:// if :// not there
} }
// $dnsbl = new dnsbl(); //create a gsb object // $dnsbl = new dnsbl(); //create a Google Safe Browsing object
if (is_string($_REQUEST['apikey']) && is_string($_REQUEST['action']) && is_string($_REQUEST['url'])) { if (is_string($_REQUEST['apikey']) && is_string($_REQUEST['action']) && is_string($_REQUEST['url'])) {
$apikey = $mysqli->real_escape_string($_REQUEST['apikey']); //Sanitize input $apikey = $mysqli->real_escape_string($_REQUEST['apikey']); //Sanitize input
@ -43,7 +43,7 @@ if (is_string($_REQUEST['apikey']) && is_string($_REQUEST['action']) && is_strin
die("Error: No value specified, or wrong data type."); die("Error: No value specified, or wrong data type.");
} }
//checking API key: // Check API key
$query = "SELECT `valid`,`quota` FROM `api` WHERE apikey='{$apikey}'"; $query = "SELECT `valid`,`quota` FROM `api` WHERE apikey='{$apikey}'";
$result = $mysqli->query($query) or showerror(); $result = $mysqli->query($query) or showerror();
$validrow = mysqli_fetch_assoc($result); $validrow = mysqli_fetch_assoc($result);
@ -56,25 +56,27 @@ if (!$validrow['valid']) {
} }
if (!$api_key_valid) { if (!$api_key_valid) {
header("HTTP/1.0 401 Unauthorized"); //Access denied - invalid key header("HTTP/1.0 401 Unauthorized"); // Invalid key received
die('401 Unauthorized'); die('401 Unauthorized');
} }
if (!filter_var($url_api, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED) && $action != "lookup") { if (!filter_var($url_api, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED) && $action != "lookup") {
header("HTTP/1.0 400 Bad Request"); header("HTTP/1.0 400 Bad Request");
echo "Error: URL is not valid"; //URL not well formatted, but allow if action is lookup echo "Error: URL is not valid"; // URL not well formatted, but allow if action is lookup
die(); die();
} }
//Check if URL given is malware/phishing
// Check URL against Google Safe Browsing
/* /*
$isbl = $dnsbl->isbl($url_api); $isbl = $dnsbl->isbl($url_api);
if ($isbl === "malware" || $isbl === "phishing") { if ($isbl === "malware" || $isbl === "phishing") {
header("HTTP/1.0 401 Unauthorized"); header("HTTP/1.0 401 Unauthorized");
echo "Polr does not shorten potentially malicious URLs"; //If link tests positive to possible malware/phish, then block echo "Polr does not shorten potentially malicious URLs";
die(); die();
} }
*/ */
function lookup($urltl) { function lookup($urltl) {
global $mysqli; global $mysqli;
$val = $mysqli->real_escape_string($urltl); $val = $mysqli->real_escape_string($urltl);
@ -85,7 +87,11 @@ function lookup($urltl) {
} }
function exquota($apikey, $quota) { function exquota($apikey, $quota) {
/*
Check if a user is exceeding their allocated quota.
Returns false if they are not exeeding their quota, or
true if they are past their quota.
*/
if ($quota < 1) { if ($quota < 1) {
return false; // if quota is negative, then no quota return false; // if quota is negative, then no quota
} }
@ -94,12 +100,13 @@ function exquota($apikey, $quota) {
$last_min = time()-60; $last_min = time()-60;
$query = "SELECT `rurl` FROM `redirinfo` WHERE user='APIKEY-{$apikey}' AND UNIX_TIMESTAMP(date) > $last_min;"; $query = "SELECT `rurl` FROM `redirinfo` WHERE user='APIKEY-{$apikey}' AND UNIX_TIMESTAMP(date) > $last_min;";
$result = $mysqli->query($query) or showerror(); $result = $mysqli->query($query) or showerror();
$total_queries = $mysqli->affected_rows; //get the amount of queries in the past minute $total_queries = $mysqli->affected_rows; // get the amount of new URLs created in the past minute
$query = "SELECT `rurl` FROM `redirinfo-temp` WHERE user='APIKEY-{$apikey}' AND UNIX_TIMESTAMP(date) > $last_min;"; $query = "SELECT `rurl` FROM `redirinfo-temp` WHERE user='APIKEY-{$apikey}' AND UNIX_TIMESTAMP(date) > $last_min;";
$result = $mysqli->query($query) or showerror(); $result = $mysqli->query($query) or showerror();
$total_queries_temp = $mysqli->affected_rows; //get the amount of queries to temp in the past minute $total_queries_temp = $mysqli->affected_rows;
if (($total_queries+$total_queries_temp) >= $quota) { if (($total_queries+$total_queries_temp) >= $quota) {
return true; // if met/exeeding quota return true;
} }
else { else {
return false; return false;
@ -114,7 +121,7 @@ function shorten($urlr, $t = 'false') {
global $ip; global $ip;
$protocol = '://'; $protocol = '://';
$isshort = array('polr.cf', 'bit.ly', 'is.gd', 'tiny.cc', 'adf.ly', 'ur1.ca', 'goo.gl', 'ow.ly', 'j.mp', 't.co'); $isshort = array('polr.me', 'bit.ly', 'is.gd', 'tiny.cc', 'adf.ly', 'ur1.ca', 'goo.gl', 'ow.ly', 'j.mp', 't.co');
foreach ($isshort as $url_shorteners) { foreach ($isshort as $url_shorteners) {
if (strstr($urlr, $protocol . $url_shorteners)) { if (strstr($urlr, $protocol . $url_shorteners)) {
header("HTTP/1.0 400 Bad Request"); header("HTTP/1.0 400 Bad Request");
@ -155,15 +162,13 @@ function shorten($urlr, $t = 'false') {
} }
} }
/* /*
* One last check! * Check whether the user is exceeding his quota
* See whether the user is exceeding his quota
*/ */
$isexeeding = exquota($apikey, $userquota); $isexeeding = exquota($apikey, $userquota);
if ($isexeeding) { if ($isexeeding) {
header("HTTP/1.0 503 Service Unavailable"); header("HTTP/1.0 503 Service Unavailable");
die('Hey, slow down! Exeeding your perminute quota. Try again in around a minute.'); die('Hey, slow down! Exeeding your per minute quota. Try again in around a minute.');
// don't let them shorten :>
} }
// API execute actions. Promised, no more checks :) // API execute actions. Promised, no more checks :)