I don’t really pay attention to twitter that often,but I did notice more and more people are starting to use personalized url shorteners. There’s a lot of free services out there you can use, but if you have somewhere you can host a simple php script, why not make your own?
I ended up buying iamj.us/tyn, and that’s what I’m going to set this up on. If I wanted to make things shorter, I could take off the /tyn but then I dont think it’d make as much sense. http://iamj.us/tyn11l redirects back to this page, for example. If you need help picking out a short domain name, try out domai.nr.
To create my own shortener, I decided just to use php’s base_convert function which will convert to and from bases 2-36. For a personal url shortener, you shouldn’t need more than base 36. I did end up having to write a base 62 converter class for sh0tz so that I can keep urls short, but that’s another post another time.
Note: This article is kind of old now, and I’ve since learned some better ways to accomplish everything mentioned here. I plan on making a follow-up post to this soon. In the mean time, this still works and I still use it as well.
Create the Database
mysql> create database iamjurl;
mysql> grant all privileges on iamjurl.* to 'dbuser'@'localhost' identified by 'password';
mysql> flush privileges;
mysql> CREATE TABLE `urls` (
-> `id` int(10) NOT NULL AUTO_INCREMENT,
-> `url` varchar(1024) NOT NULL,
-> PRIMARY KEY (`id`)
-> ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
Super simple. One column for the url id, and one column for the url. You could add more fields for tracking views and that sort of thing if you wanted.
Write the PHP Guts
if (isset($_GET['new'])) {
//Somebody called /url.php?new to create a new short url
if (isset($_GET['url'])) {
//If url= isnt set to anything, then we don't really care since theres no link to add
$dbcon = mysql_connect($db['host'],$db['user'],$db['pass']);
if (!$dbcon) die ('Error connecting to db: ' . mysql_error());
mysql_select_db($db['name'],$dbcon);
$query = 'INSERT INTO urls (url) VALUES ("' . mysql_real_escape_string($_GET['url']) . '");';
$result = mysql_query($query, $dbcon);
if (!$result) die ('Invalid query: ' . mysql_error());
//the new url's added to the database, now we get the auto_increment id and base_convert it to base36
$shorturl = base_convert(mysql_insert_id($dbcon), 10, 36);
//and echo it out to the browser
echo "{$baseurl}{$shorturl} \n";
mysql_close($dbcon);
}
}
That should be fairly self-explanatory with the comments in there. So now you can go to http://iamj.us/url.php?new&url=http://google.com and it will add a new row to the urls table with http://google.com in it. It’ll also echo https://iamj.us/tyn1o or something similar to the screen. Whatever the baseurl is plus the base36 id of that row.
Now, if we actually want to be able to go to that link using a short url?
if (isset($_GET['go'])) {
//somebody got redirected either with .htaccess or went directly to url.php?go=
$dbcon = mysql_connect($db['host'],$db['user'],$db['pass']);
if (!$dbcon) die ('Error connecting to db: ' . mysql_error());
mysql_select_db($db['name'],$dbcon);
//take go= and convert it back to base10 to match the mysql row id
$shortid = base_convert(mysql_real_escape_string($_GET['go']),36,10);
$query = 'SELECT url FROM urls WHERE id="' . $shortid . '";';
$result = mysql_query($query, $dbcon);
if (!$result) die ('Invalid query: ' . mysql_error());
//While testing this, it's easier to echo $query out and make sure you're getting the right url
//returned from mysql
// echo $query;
// echo mysql_result($result,0);
//if we're not testing, then just redirect the user to the url we received from mysql
header("Location: " . mysql_result($result,0));
}
Again, this should be self-explanatory. Go to /url.php?go=o and it converts the letter o to base10 which turns into 24, and then redirects the browser to the url stored in mysql with the id of 24. If you wanted to track views or other statistics, this would be the spot to do so(before redirecting.)
We don’t actually want to use /url.php?go=. We want to use(in my case) /tynXXXX. We do this with a simple mod_rewrite rule. This is what my .htaccess looks like:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(tyn)(.*)$ /url.php?go=$2 [NC,L]
The RewriteRule line would need changed if you’re not going to use a prefix to the shorturl(/xxx instead of /tynXXX). ^(.*) should be sufficient, and change $2 to $1.
Security
As it is right now, there’s not much security to this script. You can rename url.php to something like ASDF089234fasdf.php if you want to use security through obscurity. With an .htaccess, noone will know the actual filename of this script, and if you use the bookmarklet below you won’t have to remember it either.
If you plan on letting other people use it, adding checks for duplicate urls and reusing the same id would be a good idea. I’m already using mysql_real_escape_string but it wouldn’t hurt to sanitize the input even further.
Each time a row gets added, the id is only incremented by 1. Meaning it’d be easy for someone to get one url and then start going forward or backward down your list of urls just by subtracting/adding 1(in base36) to the url. To prevent this, try multiplying $shorturl by 303 or some other large odd number. Run this code to see what I mean:
<?php
/**
* basetest.php - Outputs a table showing how multiplying a number before base_converting it helps with obscurity.
* Author: Justyn Shull <[email protected]>
*/
$magicnum = 303;
$i=1;
echo "<table><tr><td>id</td><td>Normal</td><td>x303</td></tr>";
while ($i<=50)
{
echo "<tr><td>$i</td>";
echo "<td>" . base_convert($i,10,36) . "</td>";
echo "<td>" . base_convert($i*$magicnum,10,36) . "</td></tr>\n";
$i++;
}
echo "</table>";
?>
See how the ‘normal’ column is easy to decipher, but the ‘x303′ column is a little more random?
Bonus!
Adding an actual gui to this script would make things awesome, right? Because you don’t want to urlencode URLs on your own and type in a long url everytime you want to make a short url. I’d recommend displaying an input box if url isn’t set and having the form method set to get.
Or you can do what I did, and just create a simple bookmarklet like this:
javascript:void(location.href='http://iamj.us/url.php?new&url='+escape(location.href))
Result
Go to http://iamj.us/url.php to see what my end result looks like for now. It’s essentially the same code in this post plus a few extras.