1

I need bit help as I am facing two issues.

  1. Links without domain extension (.com, .net, ect) will be stored in database as single words

  2. Script allows for self shortening the shortner url which is a major issue.

How can I

  1. Check for domain extension else fail submit

    and

  2. Check if user is trying to shorten my own link and fail as well.

My code:

function remove_http($url) 
{
  $disallowed = array('http://', 'https://', 'http//', 'https//');
  foreach($disallowed as $d) {
    if(strpos($url, $d) === 0) {
     return str_replace($d, '', $url);
     }
  }
  return $url;
}

$url_to_shorten = get_magic_quotes_gpc() ? stripslashes(trim($_REQUEST['url'])) : trim($_REQUEST['url']);

if(!empty($url_to_shorten) || parse_url($url_to_shorten, PHP_URL_SCHEME) )
{
    require('framework/core/config.xml.php');
    
    // check if the URL has already been shortened
    $already_shortened = mysql_result(mysql_query('SELECT id FROM ' . DB_TABLE. ' WHERE long_url="' . mysql_real_escape_string(remove_http($url_to_shorten)) . '"'), 0);
    if(!empty($already_shortened))
    {
        // URL has already been shortened
        $shortened_url = getShortenedURLFromID($already_shortened);
    }
    else
    {
        // URL not in database, insert
        mysql_query('LOCK TABLES ' . DB_TABLE . ' WRITE;');
        mysql_query('INSERT INTO ' . DB_TABLE . ' (long_url, created, creator) VALUES ("' . mysql_real_escape_string(remove_http($url_to_shorten)) . '", "' . time() . '", "' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '")');
        $shortened_url = getShortenedURLFromID(mysql_insert_id());
        mysql_query('UNLOCK TABLES');
    }
    echo BASE_HREF . $shortened_url;
}


function getShortenedURLFromID ($integer, $base = ALLOWED_CHARS)
{
   $length = strlen($base);
   while($integer > $length - 1)
   {
    $out = $base[fmod($integer, $length)] . $out;
    $integer = floor( $integer / $length );
   }
   return $base[$integer] . $out;
}
4

0 回答 0