diff --git a/admin/api.php b/admin/api.php index ce69f60..d4a6163 100644 --- a/admin/api.php +++ b/admin/api.php @@ -13,7 +13,6 @@ $WORKING_DIR = '../'; if (file_exists("../".get_phurl_option('theme_path') . "header.php")) { include ("../".get_phurl_option('theme_path') . "header.php"); - } else { die ("

Could not load theme

"); } diff --git a/admin/index.php b/admin/index.php index 74c303c..97bc9cf 100644 --- a/admin/index.php +++ b/admin/index.php @@ -13,7 +13,6 @@ $WORKING_DIR = '../'; if (file_exists("../".get_phurl_option('theme_path') . "header.php")) { include ("../".get_phurl_option('theme_path') . "header.php"); - } else { die ("

Could not load theme

"); } diff --git a/api/create.php b/api/create.php index a53199d..858bb6c 100644 --- a/api/create.php +++ b/api/create.php @@ -9,33 +9,33 @@ $response = mysql_real_escape_string(trim($_GET['response'])); } if (isset($_GET['apiKey'])) { -$apiLimit = get_phurl_option("api_limit"); -if ((int)$apiLimit != 0) { - $apiKey = mysql_real_escape_string(trim($_GET['apiKey'])); - $db_result = mysql_query("SELECT remain,time FROM ".DB_PREFIX."api WHERE apiKey='$apiKey'") or db_die(__FILE__, __LINE__, mysql_error()); - if (mysql_num_rows($db_result) == 0) { - mysql_query("INSERT INTO ".DB_PREFIX."api (apiKey, time, remain) VALUES('".$apiKey."', '".time()."', ".(int)$apiLimit.")") or db_die(__FILE__, __LINE__, mysql_error()); + $apiLimit = get_phurl_option("api_limit"); + if ((int)$apiLimit != 0) { + $apiKey = mysql_real_escape_string(trim($_GET['apiKey'])); $db_result = mysql_query("SELECT remain,time FROM ".DB_PREFIX."api WHERE apiKey='$apiKey'") or db_die(__FILE__, __LINE__, mysql_error()); - } - $db_row = mysql_fetch_assoc($db_result); - if ((int)$db_row['time'] <= time()-60*60) { - mysql_query("UPDATE ".DB_PREFIX."api SET remain=".((int)$apiLimit-1).", time='".time()."'") or db_die(__FILE__, __LINE__, mysql_error()); - } elseif ($db_row['remain'] != 0) { - mysql_query("UPDATE ".DB_PREFIX."api SET remain = (remain - 1)") or db_die(__FILE__, __LINE__, mysql_error()); - } else { - $errorCode = 11; - if ($response == "json") { - echo json_encode(array('code'=>'403', 'error'=>array('0',$errorCode)), JSON_FORCE_OBJECT); - exit(); - } - if ($response == "text") { - echo "error: ".$errorCode."\n"; - exit(); + if (mysql_num_rows($db_result) == 0) { + mysql_query("INSERT INTO ".DB_PREFIX."api (apiKey, time, remain) VALUES('".$apiKey."', '".time()."', ".(int)$apiLimit.")") or db_die(__FILE__, __LINE__, mysql_error()); + $db_result = mysql_query("SELECT remain,time FROM ".DB_PREFIX."api WHERE apiKey='$apiKey'") or db_die(__FILE__, __LINE__, mysql_error()); } + $db_row = mysql_fetch_assoc($db_result); + if ((int)$db_row['time'] <= time()-60*60) { + mysql_query("UPDATE ".DB_PREFIX."api SET remain=".((int)$apiLimit-1).", time='".time()."'") or db_die(__FILE__, __LINE__, mysql_error()); + } elseif ($db_row['remain'] != 0) { + mysql_query("UPDATE ".DB_PREFIX."api SET remain = (remain - 1)") or db_die(__FILE__, __LINE__, mysql_error()); + } else { + $errorCode = 11; + if ($response == "json") { + echo json_encode(array('code'=>'403', 'error'=>array('0',$errorCode)), JSON_FORCE_OBJECT); + exit(); + } + if ($response == "text") { + echo "error: ".$errorCode."\n"; + exit(); + } + } } } -} if (isset($_GET['apiKey']) && isset($_GET['url'])) { $alias = ""; if (isset($_GET['a'])) { @@ -43,27 +43,23 @@ } $apiKey = mysql_real_escape_string(trim($_GET['apiKey'])); $url = mysql_real_escape_string(trim($_GET['url'])); - - if (!preg_match("/^(".URL_PROTOCOLS.")\:\/\//i", $url)) { + if (!preg_match("/^(".URL_PROTOCOLS.")\:\/\//i", $url)) { $prefix = explode(":", $url); if ($prefix[0] == 'mailto') { $url = $url; } else { - $url = "http://".$url; - } - } - - $last = $url[strlen($url) - 1]; - - if ($last == "/") { - $url = substr($url, 0, -1); - } - - $data = @parse_url($url); - if ($prefix[0] == 'mailto') { - $data['scheme'] = 'mailto'; - $data['host'] = 'none'; + $url = "http://".$url; } + } + $last = $url[strlen($url) - 1]; + if ($last == "/") { + $url = substr($url, 0, -1); + } + $data = @parse_url($url); + if ($prefix[0] == 'mailto') { + $data['scheme'] = 'mailto'; + $data['host'] = 'none'; + } $db_result = mysql_query("SELECT id,apiKey FROM ".DB_PREFIX."users WHERE suspended='0'"); while ($db_row = mysql_fetch_assoc($db_result)) { @@ -72,92 +68,74 @@ } } - if (strlen($url) == 0) { - $_ERROR[] = "01"; - } - else if (empty($data['scheme']) || empty($data['host'])) { - $_ERROR[] = "02"; - } - else if (!isset($validApiKey[$apiKey]) || $validApiKey[$apiKey] != 1) { - $_ERROR[] = "08"; - } - else { - $blcheck = file_get_contents("http://gsb.phurlproject.org/lookup.php?url=$url"); - if (trim($blcheck) == "1") { - $_ERROR[] = "03"; + if (strlen($url) == 0) { + $_ERROR[] = "01"; + } elseif (empty($data['scheme']) || empty($data['host'])) { + $_ERROR[] = "02"; + } elseif (!isset($validApiKey[$apiKey]) || $validApiKey[$apiKey] != 1) { + $_ERROR[] = "08"; + } else { + $blcheck = file_get_contents("http://gsb.phurlproject.org/lookup.php?url=$url"); + if (trim($blcheck) == "1") { + $_ERROR[] = "03"; + } + $hostname = get_hostname(); + if (preg_match("/($hostname)/i", $data['host'])) { + //echo $hostname."|".$domain."|".$data['host']; + $_ERROR[] = "04"; + } } - $hostname = get_hostname(); - if (preg_match("/($hostname)/i", $data['host'])) { - echo $hostname."|".$domain."|".$data['host']; - $_ERROR[] = "04"; - } - } - - if (strlen($alias) > 0) { - if (!preg_match("/^[a-zA-Z0-9_-]+$/", $alias)) { - $_ERROR[] = "05"; - } - else if (code_exists($alias) || alias_exists($alias)) { - $_ERROR[] = "06"; - } - } -// print_errors(); - if (count($_ERROR) == 0) { - $create = true; - - if (($url_data = url_exists($url))) { - $create = false; - $id = $url_data[0]; - $code = $url_data[1]; - $old_alias = $url_data[2]; - - if (strlen($alias) > 0) { - if ($old_alias != $alias) { - $create = true; - } - } - } - - if ($create) { - do { + if (strlen($alias) > 0) { + if (!preg_match("/^[a-zA-Z0-9_-]+$/", $alias)) { + $_ERROR[] = "05"; + } else if (code_exists($alias) || alias_exists($alias)) { + $_ERROR[] = "06"; + } + } + if (count($_ERROR) == 0) { + $create = true; + if (($url_data = url_exists($url))) { + $create = false; + $id = $url_data[0]; + $code = $url_data[1]; + $old_alias = $url_data[2]; + if (strlen($alias) > 0) { + if ($old_alias != $alias) { + $create = true; + } + } + } + if ($create) { + do { $sctype = get_phurl_option('shortcode_type'); - if ($sctype = "r") { - $code = generate_code_rand(); - } else { - $code = generate_code(get_last_number()); - - if (!increase_last_number()) { - die("System error!"); - } + if ($sctype = "r") { + $code = generate_code_rand(); + } else { + $code = generate_code(get_last_number()); + if (!increase_last_number()) { + die("System error!"); } - if (code_exists($code) || alias_exists($code)) { - continue; - } - - break; - } while (1); - - $id = insert_url($url, $code, $alias, $apiKey); - } - - if (strlen($alias) > 0) { - $code = $alias; - } - - $short_url = get_phurl_option('site_url')."/".$code; - -// $_GET['url'] = ""; -// $_GET['alias'] = ""; - if ($response == "json") { - $json = array('code'=>'200', 'request'=>$_GET, 'url'=>$short_url); - echo json_encode($json, JSON_FORCE_OBJECT); - exit(); - } - if ($response == "text") { - echo "$short_url\n"; - exit(); + } + if (code_exists($code) || alias_exists($code)) { + continue; + } + break; + } while (1); + $id = insert_url($url, $code, $alias, $apiKey); + } + if (strlen($alias) > 0) { + $code = $alias; + } + $short_url = get_phurl_option('site_url')."/".$code; + if ($response == "json") { + $json = array('code'=>'200', 'request'=>$_GET, 'url'=>$short_url); + echo json_encode($json, JSON_FORCE_OBJECT); + exit(); + } elseif ($response == "text") { + echo "$short_url\n"; + exit(); + } } - } } if (!isset($_GET['apiKey'])) { $_ERROR[] = "07"; @@ -167,9 +145,9 @@ } if ($response == "json") { echo json_encode(array('code'=>'400', 'error'=>$_ERROR), JSON_FORCE_OBJECT); -} -if ($response == "text") { +}elseif ($response == "text") { foreach ($_ERROR as $errorCode) { echo "error: ".$errorCode."\n"; } } +?> diff --git a/api/stats.php b/api/stats.php index 97e9db9..04630c9 100644 --- a/api/stats.php +++ b/api/stats.php @@ -7,28 +7,28 @@ $response = "json"; $locationLimit = 5; if (isset($_GET['apiKey'])) { -$apiLimit = get_phurl_option("api_limit"); -if ((int)$apiLimit != 0) { - $apiKey = mysql_real_escape_string(trim($_GET['apiKey'])); - $db_result = mysql_query("SELECT remain,time FROM ".DB_PREFIX."api WHERE apiKey='$apiKey'") or db_die(__FILE__, __LINE__, mysql_error()); - if (mysql_num_rows($db_result) == 0) { - mysql_query("INSERT INTO ".DB_PREFIX."api (apiKey, time, remain) VALUES('".$apiKey."', '".time()."', ".(int)$apiLimit.")") or db_die(__FILE__, __LINE__, mysql_error()); + $apiLimit = get_phurl_option("api_limit"); + if ((int)$apiLimit != 0) { + $apiKey = mysql_real_escape_string(trim($_GET['apiKey'])); $db_result = mysql_query("SELECT remain,time FROM ".DB_PREFIX."api WHERE apiKey='$apiKey'") or db_die(__FILE__, __LINE__, mysql_error()); - } - $db_row = mysql_fetch_assoc($db_result); - if ((int)$db_row['time'] <= time()-60*60) { - mysql_query("UPDATE ".DB_PREFIX."api SET remain=".((int)$apiLimit-1).", time='".time()."'") or db_die(__FILE__, __LINE__, mysql_error()); - } elseif ($db_row['remain'] != 0) { - mysql_query("UPDATE ".DB_PREFIX."api SET remain = (remain - 1)") or db_die(__FILE__, __LINE__, mysql_error()); - } else { - $errorCode = 11; - if ($response == "json") { - echo json_encode(array('code'=>'403', 'error'=>array('0',$errorCode)), JSON_FORCE_OBJECT); - exit(); + if (mysql_num_rows($db_result) == 0) { + mysql_query("INSERT INTO ".DB_PREFIX."api (apiKey, time, remain) VALUES('".$apiKey."', '".time()."', ".(int)$apiLimit.")") or db_die(__FILE__, __LINE__, mysql_error()); + $db_result = mysql_query("SELECT remain,time FROM ".DB_PREFIX."api WHERE apiKey='$apiKey'") or db_die(__FILE__, __LINE__, mysql_error()); + } + $db_row = mysql_fetch_assoc($db_result); + if ((int)$db_row['time'] <= time()-60*60) { + mysql_query("UPDATE ".DB_PREFIX."api SET remain=".((int)$apiLimit-1).", time='".time()."'") or db_die(__FILE__, __LINE__, mysql_error()); + } elseif ($db_row['remain'] != 0) { + mysql_query("UPDATE ".DB_PREFIX."api SET remain = (remain - 1)") or db_die(__FILE__, __LINE__, mysql_error()); + } else { + $errorCode = 11; + if ($response == "json") { + echo json_encode(array('code'=>'403', 'error'=>array('0',$errorCode)), JSON_FORCE_OBJECT); + exit(); + } } } } -} if (isset($_GET['apiKey']) && isset($_GET['alias'])) { $apiKey = mysql_real_escape_string(trim($_GET['apiKey'])); $alias = mysql_real_escape_string(trim($_GET['alias'])); @@ -43,9 +43,9 @@ } } - if (!isset($validApiKey[$apiKey]) || $validApiKey[$apiKey] != 1) { - $_ERROR[] = "08"; - } + if (!isset($validApiKey[$apiKey]) || $validApiKey[$apiKey] != 1) { + $_ERROR[] = "08"; + } $db_result = mysql_query("SELECT url,code,alias,date_added FROM ".DB_PREFIX."urls WHERE alias='$alias' OR code='$alias'"); if (mysql_num_rows($db_result) == 0) { @@ -55,34 +55,34 @@ $urls = $db_row; $code = $urls['code']; } - if (strlen($alias) > 0) { - if (!preg_match("/^[a-zA-Z0-9_-]+$/", $alias)) { - $_ERROR[] = "05"; - } - } - if (count($_ERROR) == 0) { - $db_result = mysql_query("SELECT SUM(clicks) AS clicks FROM ".DB_PREFIX."stats WHERE alias='$code'"); - $total = mysql_fetch_assoc($db_result); - $totalClicks = $total['clicks']; + if (strlen($alias) > 0) { + if (!preg_match("/^[a-zA-Z0-9_-]+$/", $alias)) { + $_ERROR[] = "05"; + } + } + if (count($_ERROR) == 0) { + $db_result = mysql_query("SELECT SUM(clicks) AS clicks FROM ".DB_PREFIX."stats WHERE alias='$code'"); + $total = mysql_fetch_assoc($db_result); + $totalClicks = $total['clicks']; - $db_result = mysql_query("SELECT country,clicks FROM ".DB_PREFIX."stats WHERE alias='$code' GROUP BY country ORDER BY clicks DESC LIMIT ".$locationLimit); - if (mysql_num_rows($db_result) == 0) { - $_ERROR[] = "10"; - } else { - while ($db_row = mysql_fetch_assoc($db_result)) { - $location[] = $db_row; + $db_result = mysql_query("SELECT country,clicks FROM ".DB_PREFIX."stats WHERE alias='$code' GROUP BY country ORDER BY clicks DESC LIMIT ".$locationLimit); + if (mysql_num_rows($db_result) == 0) { + $_ERROR[] = "10"; + } else { + while ($db_row = mysql_fetch_assoc($db_result)) { + $location[] = $db_row; + } } - } - $short_url = get_phurl_option('site_url')."/".$code; + $short_url = get_phurl_option('site_url')."/".$code; - if ($response == "json") { - $json = array('code'=>'200', 'request'=>$_GET, 'url'=>$short_url, - 'clicks'=>$totalClicks, 'location'=>$location, 'data'=>$urls); - echo json_encode($json, JSON_FORCE_OBJECT); - exit(); + if ($response == "json") { + $json = array('code'=>'200', 'request'=>$_GET, 'url'=>$short_url, +'clicks'=>$totalClicks, 'location'=>$location, 'data'=>$urls); + echo json_encode($json, JSON_FORCE_OBJECT); + exit(); + } } - } } if (!isset($_GET['apiKey'])) { $_ERROR[] = "07"; @@ -93,3 +93,4 @@ if ($response == "json") { echo json_encode(array('code'=>'400', 'error'=>$_ERROR), JSON_FORCE_OBJECT); } +?> diff --git a/go.php b/go.php index 4cf610a..17b3a91 100644 --- a/go.php +++ b/go.php @@ -11,44 +11,44 @@ $alias = substr($getalias, 1, strlen($getalias)); if (preg_match("/^[a-zA-Z0-9_-]+\-$/", $alias)) { - define('PHURL', true); - include "includes/themes/default/header.php"; - include "includes/stats.php"; - include "includes/themes/default/footer.php"; - die(); + define('PHURL', true); + include "includes/themes/default/header.php"; + include "includes/stats.php"; + include "includes/themes/default/footer.php"; + die(); } elseif (!preg_match("/^[a-zA-Z0-9_]+$/", $alias)) { - header("Location: ".get_phurl_option('site_url'), true, 301); - exit(); + header("Location: ".get_phurl_option('site_url'), true, 301); + exit(); } else { - if (($url = get_url($alias))) { - $blcheck = file_get_contents("http://gsb.phurlproject.org/lookup.php?url=$url"); - if (trim($blcheck) == "1") { - define('PHURL', true); - include "includes/themes/default/header.php"; - echo "

Blacklisted URL Blocked

The page you requested has been identified as malicious. As a result of this, we regret that we can't forward you there.

Sorry about that.


"; - include "includes/themes/default/footer.php"; - die(); - } else { - $db_result = mysql_query("SELECT password FROM ".DB_PREFIX."urls WHERE alias='$alias' OR code='$alias'"); - $urlPass = mysql_fetch_assoc($db_result); - $urlPass = $urlPass['password']; - if ($urlPass != "") { - header("Location: password.php?alias=".$alias); - exit(); + if (($url = get_url($alias))) { + $blcheck = file_get_contents("http://gsb.phurlproject.org/lookup.php?url=$url"); + if (trim($blcheck) == "1") { + define('PHURL', true); + include "includes/themes/default/header.php"; + echo "

Blacklisted URL Blocked

The page you requested has been identified as malicious. As a result of this, we regret that we can't forward you there.

Sorry about that.


"; + include "includes/themes/default/footer.php"; + die(); + } else { + $db_result = mysql_query("SELECT password FROM ".DB_PREFIX."urls WHERE alias='$alias' OR code='$alias'"); + $urlPass = mysql_fetch_assoc($db_result); + $urlPass = $urlPass['password']; + if ($urlPass != "") { + header("Location: password.php?alias=".$alias); + exit(); + } + $country = maxmind_geoip($_SERVER['REMOTE_ADDR']); + $result=mysql_query("SELECT count(*) as numrecords FROM ".DB_PREFIX."stats WHERE BINARY alias='$alias' and country='$country'") or die ('An error was encountered. Please refer to phurl support for more info. :('); + $row=mysql_fetch_assoc($result); + if ($row['numrecords'] >= 1){ + mysql_query("UPDATE `".DB_PREFIX."stats` SET `clicks` = clicks+1 WHERE `alias` = '$alias' and `country` = '$country';"); + } else { + mysql_query("INSERT INTO ".DB_PREFIX."stats (alias, country, clicks) VALUES ('$alias', '$country', '1');"); + } + header("Location: $url", true, 301); + exit(); + } } - $country = maxmind_geoip($_SERVER['REMOTE_ADDR']); - $result=mysql_query("SELECT count(*) as numrecords FROM ".DB_PREFIX."stats WHERE BINARY alias='$alias' and country='$country'") or die ('An error was encountered. Please refer to phurl support for more info. :('); - $row=mysql_fetch_assoc($result); - if ($row['numrecords'] >= 1){ -mysql_query("UPDATE `".DB_PREFIX."stats` SET `clicks` = clicks+1 WHERE `alias` = '$alias' and `country` = '$country';"); -} else { -mysql_query("INSERT INTO ".DB_PREFIX."stats (alias, country, clicks) VALUES ('$alias', '$country', '1');"); -} -header("Location: $url", true, 301); - exit(); -} -} } - header("Location: ".get_phurl_option('site_url'), true, 301); +header("Location: ".get_phurl_option('site_url'), true, 301); ?> diff --git a/includes/config.php b/includes/config.php index 7d1d51e..a3ed0f2 100644 --- a/includes/config.php +++ b/includes/config.php @@ -20,7 +20,6 @@ define('SALT2', 'IF9E%/<~2,F(h&K{2@=Y)V01u.U$/D.?;SF>dl=-9>%|$He22d(3aLP24^1*d)bI'); define('SALT3', '2lMw?r1Vfk9.w(mH%mJdYN}FpH^e@+O2}+*eU$9!&DY09~&CP)=7Uy1##a+*t8 diff --git a/includes/dynstats.php b/includes/dynstats.php index 49f767b..f0294e8 100644 --- a/includes/dynstats.php +++ b/includes/dynstats.php @@ -27,10 +27,10 @@ $numbers = ""; echo "
"; while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { -$countries .= $row['country'] . "|"; -$numbers .= $row['clicks'] . ","; -$country = $row['country']; -//echo '
' . $country . ' ' . $row['count'] . ' click(s)
'; + $countries .= $row['country'] . "|"; + $numbers .= $row['clicks'] . ","; + $country = $row['country']; + //echo '
' . $country . ' ' . $row['count'] . ' click(s)
'; } echo "
"; echo ""; @@ -38,10 +38,10 @@ $countries = ""; $numbers = ""; while($row = mysql_fetch_assoc($result)) { -$country = $row['country']; -$countries .= $row['country'] . "|"; -$numbers .= $row['clicks'] . ","; -//echo $iso['$country']; + $country = $row['country']; + $countries .= $row['country'] . "|"; + $numbers .= $row['clicks'] . ","; + //echo $iso['$country']; } echo ""; $result = mysql_query("SELECT * FROM ".DB_PREFIX."urls WHERE BINARY code = '$alias'"); @@ -53,11 +53,11 @@ $db_result = mysql_query("SELECT * FROM ".DB_PREFIX."stats WHERE BINARY alias='$alias' ORDER BY clicks DESC LIMIT 0, 5") or db_die(__FILE__, __LINE__, mysql_error()); echo "\n"; while ($db_row = mysql_fetch_assoc($db_result)) { - $db_row = array_filter($db_row, "stripslashes"); - extract($db_row, EXTR_OVERWRITE|EXTR_PREFIX_ALL, "u"); -$lowercountry = strtolower($u_country); - echo "\n"; -unset($u_country, $u_alias, $u_clicks); + $db_row = array_filter($db_row, "stripslashes"); + extract($db_row, EXTR_OVERWRITE|EXTR_PREFIX_ALL, "u"); + $lowercountry = strtolower($u_country); + echo "\n"; + unset($u_country, $u_alias, $u_clicks); } echo "
$u_country $u_clicks $u_country $u_clicks
\n"; ?> diff --git a/includes/functions.php b/includes/functions.php index ecf8772..df5eb6b 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -6,38 +6,36 @@ $_CACHE['option'] = array(); function db_die($filename, $line, $message) { - die("File: $filename
Line: $line
Message: $message"); + die("File: $filename
Line: $line
Message: $message"); } function db_ins_die($filename, $line, $message) { - die('

Phurl Installation Wizard failed to connect to the database using the specified credentials. Please go back and try again.

'); + die('

Phurl Installation Wizard failed to connect to the database using the specified credentials. Please go back and try again.

'); } function db_connect() { - global $mysql; - $mysql['connection'] = mysql_connect(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD) or db_die(__FILE__, __LINE__, mysql_error()); + global $mysql; + $mysql['connection'] = mysql_connect(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD) or db_die(__FILE__, __LINE__, mysql_error()); - if (!$mysql['connection']) { - db_die(__FILE__, __LINE__, mysql_error()); - } - - $mysql['database'] = mysql_select_db(DB_NAME) or db_die(__FILE__, __LINE__, mysql_error()); - - if (!$mysql['database']) { - db_die(__FILE__, __LINE__, mysql_error()); - } + if (!$mysql['connection']) { + db_die(__FILE__, __LINE__, mysql_error()); + } + $mysql['database'] = mysql_select_db(DB_NAME) or db_die(__FILE__, __LINE__, mysql_error()); + if (!$mysql['database']) { + db_die(__FILE__, __LINE__, mysql_error()); + } } function db_ins_connect() { - mysql_connect(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD) or db_ins_die(__FILE__, __LINE__, mysql_error()); - mysql_select_db(DB_NAME) or db_ins_die(__FILE__, __LINE__, mysql_error()); + mysql_connect(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD) or db_ins_die(__FILE__, __LINE__, mysql_error()); + mysql_select_db(DB_NAME) or db_ins_die(__FILE__, __LINE__, mysql_error()); } function get_last_number() { - $db_result = mysql_query("SELECT last_number FROM ".DB_PREFIX."settings") or db_die(__FILE__, __LINE__, mysql_error()); - $db_row = mysql_fetch_row($db_result); + $db_result = mysql_query("SELECT last_number FROM ".DB_PREFIX."settings") or db_die(__FILE__, __LINE__, mysql_error()); + $db_row = mysql_fetch_row($db_result); - return $db_row[0]; + return $db_row[0]; } function get_phurl_option($option) { @@ -53,81 +51,67 @@ function get_phurl_option($option) { } function increase_last_number() { - mysql_query("UPDATE ".DB_PREFIX."settings SET last_number = (last_number + 1)") or db_die(__FILE__, __LINE__, mysql_error()); - - return (mysql_affected_rows() > 0) ? true : false; + mysql_query("UPDATE ".DB_PREFIX."settings SET last_number = (last_number + 1)") or db_die(__FILE__, __LINE__, mysql_error()); + return (mysql_affected_rows() > 0) ? true : false; } function code_exists($code) { - $db_result = mysql_query("SELECT COUNT(id) FROM ".DB_PREFIX."urls WHERE BINARY code = '$code'") or db_die(__FILE__, __LINE__, mysql_error()); - $db_row = mysql_fetch_row($db_result); - - return ($db_row[0] > 0) ? true : false; + $db_result = mysql_query("SELECT COUNT(id) FROM ".DB_PREFIX."urls WHERE BINARY code = '$code'") or db_die(__FILE__, __LINE__, mysql_error()); + $db_row = mysql_fetch_row($db_result); + return ($db_row[0] > 0) ? true : false; } function alias_exists($alias) { - $db_result = mysql_query("SELECT COUNT(id) FROM ".DB_PREFIX."urls WHERE BINARY alias = '$alias'") or db_die(__FILE__, __LINE__, mysql_error()); - $db_row = mysql_fetch_row($db_result); - - return ($db_row[0] > 0) ? true : false; + $db_result = mysql_query("SELECT COUNT(id) FROM ".DB_PREFIX."urls WHERE BINARY alias = '$alias'") or db_die(__FILE__, __LINE__, mysql_error()); + $db_row = mysql_fetch_row($db_result); + return ($db_row[0] > 0) ? true : false; } function url_exists($url) { - $db_result = mysql_query("SELECT id, code, alias FROM ".DB_PREFIX."urls WHERE url LIKE '$url'") or db_die(__FILE__, __LINE__, mysql_error()); - - if (mysql_num_rows($db_result) > 0) { - return mysql_fetch_row($db_result); - } - - return false; + $db_result = mysql_query("SELECT id, code, alias FROM ".DB_PREFIX."urls WHERE url LIKE '$url'") or db_die(__FILE__, __LINE__, mysql_error()); + if (mysql_num_rows($db_result) > 0) { + return mysql_fetch_row($db_result); + } + return false; } function generate_code($number) { - $out = ""; - $codes = "abcdefghjkmnpqrstuvwxyz23456789ABCDEFGHJKMNPQRSTUVWXYZ"; - - while ($number > 53) { - $key = $number % 54; - $number = floor($number / 54) - 1; - $out = $codes{$key}.$out; - } - - return $codes{$number}.$out; + $out = ""; + $codes = "abcdefghjkmnpqrstuvwxyz23456789ABCDEFGHJKMNPQRSTUVWXYZ"; + while ($number > 53) { + $key = $number % 54; + $number = floor($number / 54) - 1; + $out = $codes{$key}.$out; + } + return $codes{$number}.$out; } function generate_code_rand() { -$len = 5; -$short = ""; -$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; -$charslen = strlen($chars); -for ($i=0; $i<$len; $i++) -{ - $rnd = rand(0, $charslen); - $short .= substr($chars, $rnd, 1); -} -return $short; + $len = 5; + $short = ""; + $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + $charslen = strlen($chars); + for ($i=0; $i<$len; $i++) { + $rnd = rand(0, $charslen); + $short .= substr($chars, $rnd, 1); + } + return $short; } - function insert_url($url, $code, $alias, $apiKey) { - mysql_query("INSERT INTO ".DB_PREFIX."urls (url, code, alias, date_added, api) VALUES ('$url', '$code', '$alias', NOW(), '$apiKey')") or db_die(__FILE__, __LINE__, mysql_error()); - - return mysql_insert_id(); + mysql_query("INSERT INTO ".DB_PREFIX."urls (url, code, alias, date_added, api) VALUES ('$url', '$code', '$alias', NOW(), '$apiKey')") or db_die(__FILE__, __LINE__, mysql_error()); + return mysql_insert_id(); } - function update_url($id, $alias) { - mysql_query("UPDATE ".DB_PREFIX."urls SET alias = '$alias' WHERE id = '$id'") or db_die(__FILE__, __LINE__, mysql_error()); + mysql_query("UPDATE ".DB_PREFIX."urls SET alias = '$alias' WHERE id = '$id'") or db_die(__FILE__, __LINE__, mysql_error()); } - function get_url($alias) { - $db_result = mysql_query("SELECT url FROM ".DB_PREFIX."urls WHERE BINARY code = '$alias' OR alias = '$alias'") or db_die(__FILE__, __LINE__, mysql_error()); - redirect_expired($alias); - if (mysql_num_rows($db_result) > 0) { - $db_row = mysql_fetch_row($db_result); - - return $db_row[0]; - } - - return false; + $db_result = mysql_query("SELECT url FROM ".DB_PREFIX."urls WHERE BINARY code = '$alias' OR alias = '$alias'") or db_die(__FILE__, __LINE__, mysql_error()); + redirect_expired($alias); + if (mysql_num_rows($db_result) > 0) { + $db_row = mysql_fetch_row($db_result); + return $db_row[0]; + } + return false; } function check_expire($alias) { $db_result = mysql_query("SELECT expire_date FROM ".DB_PREFIX."urls WHERE BINARY code = '$alias' OR alias = '$alias'") or db_die(__FILE__, __LINE__, mysql_error()); @@ -145,22 +129,18 @@ function redirect_expired($alias) { } } function get_hostname() { - $data = parse_url(get_phurl_option('site_url')); - - return $data['host']; + $data = parse_url(get_phurl_option('site_url')); + return $data['host']; } function print_errors() { - global $_ERROR; - - if (count($_ERROR) > 0) { - echo "\n"; - - foreach ($_ERROR as $key => $value) { - echo "$value\n"; - } - - echo "\n"; - } + global $_ERROR; + if (count($_ERROR) > 0) { + echo "\n"; + foreach ($_ERROR as $key => $value) { + echo "$value\n"; + } + echo "\n"; + } } function hashPassword ($password, $customSalt) { $password = hash('sha256', hash('sha256', SALT2.$password.hash('sha1',SALT1.$password).passwordSalt($customSalt)).SALT3); @@ -272,7 +252,13 @@ function currentApiKey() { } if ($_ENABLE_GEO == true) { -if (!file_exists("includes/geoip/geo-ipv6.dat")) die("ERROR! Please run includes/geoip/download.php before continuing.\n"); +if (!file_exists("includes/geoip/geo-ipv6.dat")) { + if (is_admin()) { + die('Warning, The geoip database does not exist. Please open '.get_phurl_option('site_url').'/includes/geoip/download.php'); + } else { + die('There was an error while gathering geoip information, please inform the site admin.'); + } +} function maxmind_geoip($ipaddr) { if (filter_var($ipaddr, FILTER_VALIDATE_IP)) { $gi = geoip_open("includes/geoip/geo-ipv6.dat",GEOIP_STANDARD); diff --git a/includes/stats.php b/includes/stats.php index 13f19b4..cb14e97 100644 --- a/includes/stats.php +++ b/includes/stats.php @@ -3,8 +3,8 @@ error_reporting(0); db_connect(); if (empty($alias)) { -echo 'Please specify an alias.'; -die; + echo 'Please specify an alias.'; + die; } $alias = str_replace("-","",$alias); $url = get_url($alias); @@ -12,9 +12,9 @@ $result = mysql_query("SELECT * from ".DB_PREFIX."urls WHERE BINARY alias='$alias' OR code='$alias'"); $num_rows = mysql_num_rows($result); if ($num_rows < 1) { -echo "

Sad Panda.

The URL you requested doesn't exist.
So we can't provide any stats for it, sadly.
You could always shorten a new URL.
:(


"; -include get_phurl_option('theme_path').'footer.php'; -die(); + echo "

Sad Panda.

The URL you requested doesn't exist.
So we can't provide any stats for it, sadly.
You could always shorten a new URL.
:(


"; + include get_phurl_option('theme_path').'footer.php'; + die(); } $db_row = mysql_fetch_assoc($result); $apiKey = $db_row['api']; @@ -34,9 +34,9 @@

Statistics for /

+ ?>

This url is password protected, only you can view the stats.

- diff --git a/index.php b/index.php index e8b42be..6007fd3 100644 --- a/index.php +++ b/index.php @@ -11,7 +11,7 @@ $prefix[0] = ''; $filename = 'install'; if (is_dir($filename)) { - die ("To get Phurl up and running, you first need to go through the installation wizard which will help you set up your new URL shortener in a matter of moments.

If you've already installed Phurl, then you MUST delete the install directory before it will function."); + die ("To get Phurl up and running, you first need to go through the installation wizard which will help you set up your new URL shortener in a matter of moments.

If you've already installed Phurl, then you MUST delete the install directory before it will function."); } // include the magic @@ -29,8 +29,6 @@ include (get_phurl_option('theme_path') . "forms/shorten.php"); - - if (file_exists(get_phurl_option('theme_path') . "footer.php")) { include (get_phurl_option('theme_path') . "footer.php"); } else { diff --git a/password.php b/password.php index c540ab5..5564851 100644 --- a/password.php +++ b/password.php @@ -12,55 +12,63 @@ //$alias = substr($getalias, 1, strlen($getalias)); if (isset($_POST['urlPass'])) { -$aliasPassword = trim(mysql_real_escape_string($_POST['urlPass'])); -$alias = $_GET['alias']; -if (preg_match("/^[a-zA-Z0-9_-]+\-$/", $alias)) { - header("Location: ".get_phurl_option('site_url'), true, 301); - exit(); -} elseif (!preg_match("/^[a-zA-Z0-9_]+$/", $alias)) { - header("Location: ".get_phurl_option('site_url'), true, 301); - exit(); -} else { - - if (($url = get_url($alias))) { - $blcheck = file_get_contents("http://gsb.phurlproject.org/lookup.php?url=$url"); - if (trim($blcheck) == "1") { - define('PHURL', true); - include "includes/themes/default/header.php"; - echo "

Blacklisted URL Blocked

The page you requested has been identified as malicious. As a result of this, we regret that we can't forward you there.

Sorry about that.


"; - include "includes/themes/default/footer.php"; - die(); + $aliasPassword = trim(mysql_real_escape_string($_POST['urlPass'])); + $alias = $_GET['alias']; + if (preg_match("/^[a-zA-Z0-9_-]+\-$/", $alias)) { + header("Location: ".get_phurl_option('site_url'), true, 301); + exit(); + } elseif (!preg_match("/^[a-zA-Z0-9_]+$/", $alias)) { + header("Location: ".get_phurl_option('site_url'), true, 301); + exit(); } else { - $aliasPassword = hashPassword($aliasPassword, hash('sha1', $url)); - $db_result = mysql_query("SELECT password FROM ".DB_PREFIX."urls WHERE alias='$alias' OR code='$alias'"); - $urlPass = mysql_fetch_assoc($db_result); - $urlPass = $urlPass['password']; -//echo $urlPass."-".$aliasPassword."\n\n"; - if ($urlPass != "" && $aliasPassword == $urlPass) { - $country = maxmind_geoip($_SERVER['REMOTE_ADDR']); - $result=mysql_query("SELECT count(*) as numrecords FROM ".DB_PREFIX."stats WHERE BINARY alias='$alias' and country='$country'") or die ('An error was encountered. Please refer to phurl support for more info. :('); - $row=mysql_fetch_assoc($result); - if ($row['numrecords'] >= 1){ -mysql_query("UPDATE `".DB_PREFIX."stats` SET `clicks` = clicks+1 WHERE `alias` = '$alias' and `country` = '$country';"); -} else { -mysql_query("INSERT INTO ".DB_PREFIX."stats (alias, country, clicks) VALUES ('$alias', '$country', '1');"); -} -header("Location: $url", true, 301); - exit(); -} else { - header("Location: password.php?alias=".$alias."&e=wrongpass"); - exit(); -} -} -} -} -// header("Location: ".get_phurl_option('site_url'), true, 301); + if (($url = get_url($alias))) { + $blcheck = file_get_contents("http://gsb.phurlproject.org/lookup.php?url=$url"); + if (trim($blcheck) == "1") { + define('PHURL', true); + include "includes/themes/default/header.php"; + echo "

Blacklisted URL Blocked

The page you requested has been identified as malicious. As a result of this, we regret that we can't forward you there.

Sorry about that.


"; + include "includes/themes/default/footer.php"; + die(); + } else { + $aliasPassword = hashPassword($aliasPassword, hash('sha1', $url)); + $db_result = mysql_query("SELECT password FROM ".DB_PREFIX."urls WHERE alias='$alias' OR code='$alias'"); + $urlPass = mysql_fetch_assoc($db_result); + $urlPass = $urlPass['password']; + //echo $urlPass."-".$aliasPassword."\n\n"; + if ($urlPass != "" && $aliasPassword == $urlPass) { + $country = maxmind_geoip($_SERVER['REMOTE_ADDR']); + $result=mysql_query("SELECT count(*) as numrecords FROM ".DB_PREFIX."stats WHERE BINARY alias='$alias' and country='$country'") or die ('An error was encountered. Please refer to phurl support for more info. :('); + $row=mysql_fetch_assoc($result); + if ($row['numrecords'] >= 1){ + mysql_query("UPDATE `".DB_PREFIX."stats` SET `clicks` = clicks+1 WHERE `alias` = '$alias' and `country` = '$country';"); + } else { + mysql_query("INSERT INTO ".DB_PREFIX."stats (alias, country, clicks) VALUES ('$alias', '$country', '1');"); + } + header("Location: $url", true, 301); + exit(); + } else { + header("Location: password.php?alias=".$alias."&e=wrongpass"); + exit(); + } // $urlPass != "" + } // $blcheck + } // $url = get_url + } // pregmatch +header("Location: ".get_phurl_option('site_url'), true, 301); +exit(); } else { define('PHURL', true); include "includes/themes/default/header.php"; ?>

The url you have navigated to is password projected!

You must enter the password below before you can continue. + +

Error, incorrect password.

+ Password:
@@ -70,6 +78,6 @@ Something went wrong here! diff --git a/password_reset.php b/password_reset.php index 15aea43..05342c6 100644 --- a/password_reset.php +++ b/password_reset.php @@ -22,24 +22,24 @@ + $email = trim(mysql_real_escape_string($_POST['email'])); + $db_result = mysql_query("SELECT * FROM ".DB_PREFIX."users WHERE email='".$email."' AND id!='1'"); + if (mysql_num_rows($db_result) != 1) { + ?>

The email you entered was not found in our database

-