Tinyurl API Example - Am i doing it right :D

Question

we use super-long Hashes for the Registration of new Users in our Application. The Problem is that these Hashes break in some Email Clients - making the Links unusable.

I tried implementing the Tinyurl - API, with a simple Call, but i think it times out sometimes ... sometimes the mail does not reach the user.

~~I updated the Code, but now the URL is never converted. Is Tinyurl really so slow or am i doing something wrong? (I mean hey, 5 Seconds is much in this Times)~~

Can anybody recommend me a more reliable service?

All my Fault, forgot a false in the fopen. But i will leave this sample of code here, because i often see this sample, wich i think does not work very reliable:

return file_get_contents('http://tinyurl.com/api-create.php?url='.$u);

This is the - i think fully working sample. I would like to hear about Improvements.

static function gettinyurl( $url ) {

    $context =
        stream_context_create(
            array(
                'http' => array(
                    'timeout' => 5  // 5 Seconds should be enough
                )
            )
        );

    // get tiny url via api-create.php
    $fp = fopen( 'http://tinyurl.com/api-create.php?url='.$url, 'r', $context); // open (read) api-create.php with long url as get parameter

    if( $fp ) { // check if open was ok
        $tinyurl = fgets( $fp ); // read response

        if( $tinyurl && !empty($tinyurl) ) // check if response is ok
            $url = $tinyurl; // set response as url

        fclose( $fp ); // close connection
    }

    // return
    return $url; // return (tiny) url

}

score 3 · Accepted Answer · answered Mar 31 '10 at 01:34

You might want to use urlencode() for the url parameter.

It is also recommendable to check fgets() against false. Then, you could save the empty() function call by just comparing the response to an empty string, like:

$line = fgets($fp);

if ($line !== false && $line !== '') {
    // ...
}

Generally, it is advisable to check everything against false first, if the function returns values of different types such as integer or boolean. This can be crucial because 0 and false mean in comparisons the same. Because of PHP's lack for type safety, it is strongly recommended to always check for type equality. There are even cases when the documentation recommends this explicitly, e.g. in the case of strpos(). Meanwhile, I've forced myself to use === over to ==, same for `!=' etc. It requires more typing but it is definitely worth the effort because you eliminate possible pitfalls.

The rest of your code looks good to me.

score 0 · Answer 2 · answered Jan 12 '10 at 15:59

0

You can try bit.ly service. It supported by google as i know.

Api

answered Jan 12 '10 at 15:59

antyrat

27,479
9
75
76

score 0 · Answer 3 · answered Jan 12 '10 at 16:08

0

I don't know exactly how long your hash is, but not all services (browsers, servers etc) can handle URLs longer than 255 chars. You could look into php's Pack()

answered Jan 12 '10 at 16:08

Thom Wiggers

6,938
1
39
65

A example Hash looks like this, is always under 160 Chars. http://testserver/confirmuser?key=c040049c01a93e8f7931e8c4b21db8f7:9d60a9aeb 3c853e3f2e099cb16bddc7c:d5c9886cb31f789ae3cdffd55456fe26 – Paul Weber Jan 12 '10 at 16:10

score 0 · Answer 4 · answered Apr 03 '10 at 12:37

0

What is the point of using a "super-long hash", if you are immediately shortening it to a 7-8 character tinyurl?

Nobody would bother with guessing the long hash, and would crack the tinyurl instead.

Use a 10-character hash yourself and be more secure than you are now.

answered Apr 03 '10 at 12:37

Joel L

3,031
1
20
33

Well ... how the Hash looks is not in my domain. I just have to send a working Email with the Hash included in it. The Intention of the Developer was to hide some Information in the Hash, so we can reconstruct wich user wanted to register etc ... There is also a component that is encrypted, so as long as nobody finds out the Key, our hashes are pretty secure. And i am not sure if i understand you correctly, but why should the Tinyurl be easier or harder to crack? – Paul Weber Apr 06 '10 at 15:15
Regarding tinyurl being easier to hack – if they only have a 10-character, pattern-following key, then guessing the urls (and testing to see if they redirect to your domain) will be much easier than guessing a long hash. But given that the long urls themselves are not under your control – sorry for the confusion... :) – Joel L Apr 06 '10 at 19:34

score 0 · Answer 5 · answered Apr 08 '21 at 00:02

Here's another version:

function getTinyUrl($url)
{
    $ch = curl_init();
    $timeout = 5;
    curl_setopt($ch, CURLOPT_URL,'http://' . 'tinyurl.com/api-create.php?url=' . $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
    $tinyUrl = curl_exec($ch);
    curl_close($ch);
    
    if ($tinyUrl === false) {
        throw new RuntimeException("Could not create URL");
    }
    
    return $tinyUrl;
}

I had to split the tinyurl url because SO wouldn't let me post the answer.

Tinyurl API Example - Am i doing it right :D

5 Answers5