Shadee.click
Scam your friends.
This playful URL-shortener parody takes a user-supplied URL and expiry time. It then generates a long, shady-looking URL and saves it data to a MySQL database table. When this is shared, the viewer (victim?) then reaches a landing page congratulating them and prompting them to "claim their free gift". Choosing to do so, takes the viewer to the originally supplied URL.
PHP
SQL
JavaScript
HTML
CSS
When the shady URL is visited, the user lands on a fun page, showing a DALL·E generated Nigerian prince, congratulating them on receiving a gift! The landing page uses the tsParticles JavaScript confetti library to shoot fun confetti, adding to that "am I being scammed?" feeling.
URL Extraction
$urlRequested = $_SERVER['REQUEST_URI'];
$pathSegment = trim(extractPathAfterBaseURL($urlRequested, $baseUrl));
if ($pathSegment === "") {
include('components/url-form.php');
} else {
include('components/landing-page.php');
}
First of all, the request URL is passed to a custom PHP function, which returns the last part of a URL (after "/").
If this is empty, it indicates we're on the homepage (meaning we've not visited a link generated by this app). In this case, the basic form to allow users to pass URLs to our database is loaded.
If it's not empty, the page being visited is treated as a URL generated by this application, and so we'll load the landing page elements.
function generateShadyURL() {
$shadyElements = [
"wow", "free", "prizes", "nigerian-prince",
"win", "millionaire", "discount", "bargain",
"mind-blowing", "not-clickbait", "VIP",
"once-in-a-lifetime", "exclusive", "lottery",
"pyramid-scheme", "multi-level-marketing", "not-a-scam"
];
$shadiness = 10; // Number of shadyElements (above) in generated URL
$shadyURL = '';
for ($i = 0; $i < $shadiness; $i++) {
$shadyURL .= $shadyElements[rand(0,count($shadyElements))];
$shadyURL .= "!"; // Shady element delimiter
}
return "$shadyURL";
}
When generating "shortened" links, an array of shady-seeming strings is declared (e.g. "millionaire", "multi-level-marketing", etc) with an empty string.
Random elements from this array are then picked and delimited by exclamation marks and a URL is generated, then saved to a MySQL database, using a prepared statement, to mitigate any SQL injection attempts.
This is then displayed to the user who can share it with their friends
Who wouldn't blindly trust "https://shadeee.click/millionaire!exclusive!exclusive!win!pyramid-scheme!nigerian-prince!discount!once-in-a-lifetime!lottery!exclusive!"?
try {
$query = "SELECT original_url FROM shady_urls WHERE shady_url = ? AND expiry_datetime > CURRENT_TIMESTAMP";
$stmt = $pdo->prepare($query);
$stmt->execute([$shadyUrl]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
return $result['original_url'];
} else {
return false;
}
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
return false;
}
If extractPathAfterBaseURL returns anything other than "" when the page initially loads, the prepared statement shown here is ran.
It attempts to get the user-supplied URL for the given shadyUrl variable (which is the last segment of the request URL, after "/").
The original_url from the database is returned if it has not expired and can be found. If not, false is returned.
if ($shadyUrl !== false) {
$originalURL = urldecode($shadyUrl);
// Display the redirect button within the center of the page
echo '<div id="center-button"><a id="shady-link" href="http://' . $originalURL . '"><button id="success">Claim Gift</button></a></div>';
} else {
echo '<div id="center-button"><button id="failure">This link has expired!</button></div>';
}
When a generated link is visited, the viewer is greeted by the prince, who congratulates them!
If the original URL could be found in the database, the button appears green and the original URL is added itno the href attribute of the anchor around the button.
If it can't be found, the button will display as red and say a generic "link has expired" message.