1
0
mirror of https://github.com/cydrobolt/polr.git synced 2024-11-10 04:02:28 +01:00
polr/createurl.php
2015-05-17 15:25:53 -04:00

163 lines
6.3 KiB
PHP

<?php
require_once("lib-core.php");
require_once('layout-headerlg.php');
require_once('lib-auth.php');
$polrauth = new polrauth();
$protocol = '://';
$hpi = $_POST['hp'];
$ps = $_POST['options'];
$country_code = @$_SERVER["HTTP_CF_IPCOUNTRY"];
if ($li_shorten_only == true) {
if (!isset($_SESSION['username'])) {
echo "<h2>Only logged in users may shorten links. Did you mean to <a href='login.php'>log in</a>?</h2>";
require_once('layout-footerlg.php');
die();
}
}
function bve($bv) {
global $mysqli;
$query1 = "SELECT `rid` FROM `redirinfo` WHERE baseval='{$bv}'"; // Check if exists natura
$result = $mysqli->query($query1);
$row = mysqli_fetch_assoc($result);
$existing = $row['rid'];
if ($existing != NULL ) {
return true;
}
else {
return false;
}
}
if(!strstr($_POST['urlr'], $protocol)) {
$urlr = "http".$protocol.trim($_POST['urlr']); //add http:// if :// not there
}
else {
$urlr = trim($_POST['urlr']);
}
if(!filterurl($urlr)) {
echo "You entered an invalid url<br>";
echo "<a href='index.php'>Back</a>";
die();
}
if($hpi !== $hp) {
echo "We have detected that you may be using automated methods to shorten links. <br>We offer a free API, please do not use our shorten page as an API.<br>If you are getting this message, but you are not a bot, please email support@polr.cf <br> Thanks.";
die();
}
function rStr($length = 4) {
return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
}
if($ps == "s") {
// if secret url
$rstr = rStr(4);
}
$userinfo = $polrauth->islogged();
if(!is_array($userinfo)) {
$il = false;
}
else {
$il = true;
}
$urlr = $mysqli->real_escape_string($urlr);
//Other URL Shorteners List Array
$isshort = array('polr.me', 'polr.cf','bit.ly','is.gd','tiny.cc','adf.ly','ur1.ca','goo.gl','ow.ly','j.mp','t.co');
foreach ($isshort as $url_shorteners) {
if(strstr($urlr, $protocol.$url_shorteners)) {
echo "You entered an already shortened URL.<br>";
echo "<a href='index.php'>Back</a>";
die();
}
}$query1 = "SELECT `rid`,`lkey` FROM `redirinfo` WHERE `rurl`='{$urlr}' AND iscustom='no';"; // Check if exists naturally
$result = $mysqli->query($query1);
$row = mysqli_fetch_assoc($result);
$existing = $row['rid'];
$lkey_ex = $row['lkey'];
$decodescript = "<script src='js/durl.js'></script>";
$ip = $mysqli->real_escape_string($ip);
$customurl = $mysqli->real_escape_string($_POST['custom']);
if($customurl == "") {
$iscustom = "no";
}
//check custom url
if($customurl!="") {
if(!ctype_alnum($customurl)) {
echo "<b>Symbols or spaces are not allowed in a customized URL - alphanumeric only. <a href='index.php'>Try again</a></b>";
die();
}
if(strlen($customurl)>20) {
echo "<b>The maximum length for a custom url is 20 letters. <a href='index.php'>Try again</a></b>";
die();
}
}
if(!$existing || $customurl!="" || $ps=="s" || $lkey_ex) {
// If does not exist or creating custom URL. If requesting a secret link, recreate as well.
$query1 = "SELECT MAX(rid) AS `rid` FROM `redirinfo` WHERE `iscustom`='no';";
$result = $mysqli->query($query1);
$row = mysqli_fetch_assoc($result);
$ridr = $row['rid'];
// Check if next URL in base32 has been occupied by a custom url
$q_checkbv = "SELECT `baseval` FROM `redirinfo` WHERE `rid`='{$ridr}';";
$perform_cbv = $mysqli->query($q_checkbv);
$cbvr = mysqli_fetch_assoc($perform_cbv);
$based_val = $cbvr['baseval'];
$nbnum = base_convert($based_val,36,10);
$baseval = base_convert($nbnum+1,10,36);
while (bve($baseval) == true) {
$nbnum = base_convert($baseval,36,10);
$baseval = base_convert($nbnum+1,10,36);
}
if($customurl!="") {
// creating custom URL?
$baseval = $customurl;
$iscustom = "yes";
$query = "SELECT `rid` FROM `redirinfo` WHERE `baseval`='{$customurl}';"; //check if baseval used already
$result = $mysqli->query($query);
$row = mysqli_fetch_assoc($result);
$custom_existing = $row['rid'];
if($custom_existing) {
echo "The custom shorturl ending you specified is already in use. <a href='index.php'>Try again</a>";
die();
}
}
if($ps == "p" || !$ps) {
$query2 = "INSERT INTO `redirinfo` (baseval,rurl,ip,user,iscustom,country) VALUES ('{$baseval}','{$urlr}','{$ip}','{$userinfo['username']}','{$iscustom}','{$country_code}');";
}
else if($ps=="s") {
$query2 = "INSERT INTO `redirinfo` (baseval,rurl,ip,user,iscustom,lkey,country) VALUES ('{$baseval}','{$urlr}','{$ip}','{$userinfo['username']}','{$iscustom}','{$rstr}','{$country_code}');";
$baseval .= "?".$rstr;
}
$result2r = $mysqli->query($query2);// or showerror();
$basewsa = base64_encode($wsa);
$basebv =base64_encode($baseval);
echo "<input type='hidden' value='$basebv' id='j' /><input type='hidden' value='$basewsa' id='k' />";
echo $decodescript;
echo "<div style='text-align:center;padding-left:11%;padding-right:11%;'><h3>URL:</h3> <input type='text' id='i' onselect=\"select_text();\" onclick=\"select_text();\" readonly=\"readonly\" class='form-control' value=\"Please enable Javascript\" />";
}
else {
// Already exists. Fetch from DB and send over.
$query1 = "SELECT `baseval` FROM `redirinfo` WHERE `rurl`='{$urlr}' AND iscustom='no'";
$result = $mysqli->query($query1);
$row = mysqli_fetch_assoc($result);
$baseval = $row['baseval'];
$basebv = base64_encode($baseval);
$basewsa = base64_encode($wsa);
echo "<input type='hidden' value='$basebv' id='j' /><input type='hidden' value='$basewsa' id='k' />";
echo $decodescript;
echo "<div style='text-align:center;padding-left:11%;padding-right:11%;'><h3>URL:</h3> <input type='text' id='i' onselect=\"select_text();\" onclick=\"select_text();\" readonly=\"readonly\" class='form-control' value=\"Please enable JavaScript\" />";
}
echo '<br><a href="index.php" class="btn btn-primary btn-large">Shorten Another Link</a></div><script>function select_text(){var a=document.getElementById("i");a&&(a.focus(),a.select())}window.onload=select_text;</script>';
require_once('layout-footerlg.php');