- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
<?php
ini_set('display_errors','On');
error_reporting('E_ALL');
mysql_connect("localhost","MySQL","satanus") or die(mysql_error());
echo "Connected to mysql<br>";
mysql_select_db("myurl") or die(mysql_error());
echo "Connected to Database";
$ms=mysql_info();
echo $ms;
function isValidURL($url)
{
return preg_match('|^(http)(s)?://([a-z0-9-]+\.[a-z-]+)?(localhost)?(\.[a-z0-9-_/&+?=%]+)*(:[0-9]+)?(/[^.]+)?$|i', $url);
}
function parse_secure($arg){
$txt=preg_replace('/((<[^>]*>(.*)<\/[^>]*>|\'|")|(<[^>]*>)|(?:(\s+|>|<|\d+)(?:SELECT|FROM|UNION|ORDER BY|GROUP BY|UPDATE|DELETE|INSERT|OR|AND|NOT)(\s+|>|<|\d+))|<)/i','',$arg);
return $txt;
}
if(isset($_GET['pid'])){
$pid=$_GET['pid'];
$pid=parse_secure($pid);
$options=array('options'=>array('min_range'=>0,'max_range'=>1000001));
if(filter_var($pid,FILTER_VALIDATE_INT,$options)){
printf("pid correct %d",$pid);
} else {
printf("pid incorrect");exit(2);
}
$query="SELECT url FROM myurl.base WHERE id='$pid'";
$res=mysql_query($query);
if($res){
$row=mysql_fetch_assoc($res);
header('Location: '.$row['url']);
}
};
if(isset($_GET['cat']) && isset($_GET['scat'])){
$cat=$_GET['cat'];
$cat=parse_secure($cat);
if(isset($_GET['ps'])){
$ps = $_GET['ps'];
$ps=parse_secure($ps);
} else {
$ps =0;
};
$catl=iconv_strlen($thm);
echo "<html><head><title>Short url generator</title></head><body>";
echo "<h1>$cat</h1><br>";
$qry="SELECT bs.id as pid,bs.url url,bs.subcategory scat,bs.category cat FROM base bs INNER JOIN category ct ON ct.id=bs.category WHERE bs.subcategory=\"".$_GET['scat']."\" AND bs.category=\"".parse_secure($_GET['cat'])."\"";
$res=mysql_query($qry);
if($res){
while($row=mysql_fetch_assoc($res)){
echo "<a href=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?pid=".$row['pid']."\">http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?pid=".$row['pid']."</a> ".$row['url'];
echo " <a href=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?cat=".$row['cat']."&scat=".$row['scat']."\">http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?cat=".$row['cat']."&scat=".$row['scat']."</a>".$row['url'];
echo "<br>";
}
}
exit(3);
};
if(isset($_GET['cat'])){
$cat=parse_secure($_GET['cat']);
$scat=parse_secure($_GET['scat']);
if(isset($_GET['ps'])){
$ps = $_GET['ps'];
} else {
$ps =0;
};
$catl=iconv_strlen($thm);
echo "<html><head><title>Short url generator</title></head><body>";
echo "<h1>$cat</h1><br>";
$qry="SELECT bs.id as pid,bs.url url,bs.subcategory scat,bs.category cat FROM base bs INNER JOIN category ct ON ct.id=bs.category WHERE bs.category=\"".$cat."\" OR ( bs.subcategory=\"".$scat."\" AND bs.category=\"".$cat."\")";
$res=mysql_query($qry);
if($res){
while($row=mysql_fetch_assoc($res)){
echo "<a href=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?pid=".$row['pid']."\">http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?pid=".$row['pid']."</a>".$row['url'];
echo " <a href=\"http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?cat=".$row['cat']."&scat=".$row['scat']."\">http://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?cat=".$row['cat']."&scat=".$row['scat']."</a>".$row['url'];
echo "<br>";
}
}
};
if(isset($_POST['url']) && (isset($_POST['category']) || isset($_POST['cat'])) && (isset($_POST['subcat']) || isset($_POST['scat']))){
$url=$_POST['url'];
$purl=substr($url,0,26);
if($purl=="http://".$_SERVER['SERVER_NAME']."/")exit(0);
$purl=substr($url,0,30);
if($purl=="http://www.".$_SERVER['SERVER_NAME']."/")exit(0);
$cat=parse_secure($_POST['category']);
$catid=parse_secure($_POST['cat']);
$scat=parse_secure($_POST['subcat']);
$scatid=parse_secure($_POST['scat']);
if($url) {
if(!isValidURL($url))
{
$errMsg .= "* Please enter valid URL including http://<br>";
guest 21.06.2012 23:37 # −8
Lure Of Chaos 22.06.2012 01:16 # +6
секюрность на высоте, так держать! молодец!
bormand 22.06.2012 06:29 # 0
И не забыть открыть доступ к мускулю извне...
guest 22.06.2012 09:21 # −11
volhv 22.06.2012 12:30 # −3
bormand 22.06.2012 12:42 # +2
Нубы.
roman-kashitsyn 22.06.2012 12:44 # +4
3.14159265 22.06.2012 13:30 # +4
guest 22.06.2012 14:18 # −7
guest 22.06.2012 18:29 # +3
Месье знает толк в извращениях!