PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); }catch(PDOException $e){ } if(empty($_GET['id'])){ echo ''; echo 'URL-Shortener/Redirector'; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

URL-Shortener/Redirector

'; echo '

Shorten a URL or strip referrers by redirecting via '.CANONICAL_URL.'?r=LINK

'; exit; if(!isset($db)){ echo '

ERROR: No database connection!

'; echo ''; exit; } echo "
"; echo "

Link:

'; echo '

'; echo "
"; echo '

Show info of shortlink-ID:

'; echo '

'; if(!empty($_REQUEST['info'])){ $stmt=$db->prepare("SELECT url FROM link WHERE id=?;"); $stmt->execute([$_REQUEST['info']]); if($url=$stmt->fetch(PDO::FETCH_ASSOC)){ $url=$url['url']; echo '

Short link is: ".CANONICAL_URL."?id=$_REQUEST[info]

"; echo "

Redirects to: $url

"; }else{ echo '

Sorry, this redirect doesn\'t exist.

'; } }elseif($_SERVER['REQUEST_METHOD']==='POST' && !empty($_POST['addr'])){ if(!( // 1. all explicit schemes with whatever xxx://yyyyyyy preg_match('~^(\w*://[^\s<>]+)$~i', $_POST['addr']) // 2. valid URLs without scheme: || preg_match('~^((?:[^\s<>]*:[^\s<>]*@)?[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d*)?/[^\s<>]*)(?![^<>]*>)$~i', $_POST['addr']) || preg_match('~^((?:[^\s<>]*:[^\s<>]*@)?[a-z0-9\-]+(?:\.[a-z0-9\-]+)+:\d+)(?![^<>]*>)$~i', $_POST['addr']) || preg_match('~^([^\s<>]*:[^\s<>]*@[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d+)?)(?![^<>]*>)$~i', $_POST['addr']) // 3. likely servers without any hints but not filenames like *.rar zip exe etc. || preg_match('~^((?:[a-z0-9\-]+\.)*[a-z2-7]{16}\.onion)(?![^<>]*>)$~i', $_POST['addr'])// *.onion ) ){ echo '

ERROR: Invalid address given.

'; }else{ $id=$db->query("SELECT COUNT(*) FROM link;")->fetch(PDO::FETCH_NUM); $id=$id[0]+1; $db->prepare("INSERT INTO link (id, url) VALUES (?, ?);")->execute([$id, $_POST['addr']]); echo '

Your link is: ".CANONICAL_URL."?id=$id

"; } } echo ''; }else{ if(!isset($db)){ die('No database connection!'); } settype($_GET['id'], 'int'); $stmt=$db->prepare("SELECT url FROM link WHERE id=?;"); $stmt->execute([$_GET['id']]); if($url=$stmt->fetch(PDO::FETCH_ASSOC)){ $url=$url['url']; } redirect($url); } function redirect($url){ preg_match('~^(.*)://~', $url, $match); $url=preg_replace('~^(.*)://~', '', $url); $escaped=htmlspecialchars($url); if(isset($match[1]) && ($match[1]==='http' || $match[1]==='https')){ header("Refresh: 0; URL=$match[0]$url"); echo ''; echo ""; echo ''; echo "

Redirecting to: $match[0]$escaped.

"; echo ''; }else{ if(!isset($match[0])){ $match[0]=''; } echo ''; echo ''; echo "

Non-http link requested: $match[0]$escaped.

"; echo "

If it's not working, try this one: http://$escaped.

"; echo ''; } exit; }