Alex McCaughran

ALEX MCAUGHRAN

Shadeee.click

Scam your friends.

Live Site Source Code
PHP

PHP

SQL

SQL

JavaScript

JavaScript

HTML

HTML

CSS

CSS

This playful URL-shortener parody takes a user-supplied URL and expiry time. It then generates a long, shady-looking URL and saves its data to a MySQL database table. When this is shared, the viewer (victim?) then reaches a landing page congratulating them and prompting them to “claim their free gift”. Choosing to do so takes the viewer to the originally supplied URL.

When the shady URL is visited, the user lands on a fun page, showing a DALL·E generated Nigerian prince, congratulating them on receiving a gift! The landing page uses the tsParticles JavaScript confetti library to shoot fun confetti, adding to that “am I being scammed?” feeling.

URL Extraction

First, the request URL is passed to a custom PHP function, which returns the last part of a URL (after ”/”). If this is empty, it indicates we’re on the homepage (meaning we’ve not visited a link generated by this app). In this case, the basic form to allow users to pass URLs to our database is loaded. If it’s not empty, the page being visited is treated as a URL generated by this application, and so we’ll load the landing page elements.

Shady URL Generation

When generating “shortened” links, an array of shady-seeming strings is declared (e.g. “millionaire”, “multi-level-marketing”, etc). Random elements from this array are picked and delimited by exclamation marks, and a URL is generated, then saved to a MySQL database using a prepared statement to mitigate any SQL injection attempts.

Who wouldn’t blindly trust “https://shadeee.click/millionaire!exclusive!exclusive!win!pyramid-scheme!nigerian-prince!discount!once-in-a-lifetime!lottery!exclusive!”?

URL Lookup & Landing

When a generated link is visited, a prepared statement attempts to retrieve the user-supplied URL for the given shady URL path. The original URL from the database is returned if it has not expired and can be found. If not, false is returned.

The viewer is greeted by the prince, who congratulates them! If the original URL could be found in the database, the button appears green and links to the original URL. If it can’t be found, the button displays as red with a generic “link has expired” message.