I need bit help as I am facing two issues.
Links without domain extension (.com, .net, ect) will be stored in database as single words
Script allows for self shortening the shortner url which is a major issue.
How can I
Check for domain extension else fail submit
and
Check if user is trying to shorten my own link and fail as well.
My code:
function remove_http($url)
{
$disallowed = array('http://', 'https://', 'http//', 'https//');
foreach($disallowed as $d) {
if(strpos($url, $d) === 0) {
return str_replace($d, '', $url);
}
}
return $url;
}
$url_to_shorten = get_magic_quotes_gpc() ? stripslashes(trim($_REQUEST['url'])) : trim($_REQUEST['url']);
if(!empty($url_to_shorten) || parse_url($url_to_shorten, PHP_URL_SCHEME) )
{
require('framework/core/config.xml.php');
// check if the URL has already been shortened
$already_shortened = mysql_result(mysql_query('SELECT id FROM ' . DB_TABLE. ' WHERE long_url="' . mysql_real_escape_string(remove_http($url_to_shorten)) . '"'), 0);
if(!empty($already_shortened))
{
// URL has already been shortened
$shortened_url = getShortenedURLFromID($already_shortened);
}
else
{
// URL not in database, insert
mysql_query('LOCK TABLES ' . DB_TABLE . ' WRITE;');
mysql_query('INSERT INTO ' . DB_TABLE . ' (long_url, created, creator) VALUES ("' . mysql_real_escape_string(remove_http($url_to_shorten)) . '", "' . time() . '", "' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '")');
$shortened_url = getShortenedURLFromID(mysql_insert_id());
mysql_query('UNLOCK TABLES');
}
echo BASE_HREF . $shortened_url;
}
function getShortenedURLFromID ($integer, $base = ALLOWED_CHARS)
{
$length = strlen($base);
while($integer > $length - 1)
{
$out = $base[fmod($integer, $length)] . $out;
$integer = floor( $integer / $length );
}
return $base[$integer] . $out;
}