What? Another URL redirection service? What’s the point? Well, there’s a couple of points.
1) I hadn’t done one yet, and it looked like a simple yet difficult enough challenge to get me thinking about coding again.
2) I didn’t see anything that offered usage statistics. I tried one that claimed to offer them, but it appeared broken. I’m pretty sure I’ve heard of some others that do, but I couldn’t find them.
So, today I put up http://ewerl.com. It’s a play on the word “ewe” pronounced as “you”, as in “YOU R L” (URL). Yeah, I probably shouldn’t have to explain it, but the picture of cartoon sheep should help drive the point home. Otherwise one might read it as “e-whirl”. Not what I was going after 
I asked for some feedback on Twitter and already saw someone poking XSS holes in the supplied data. Completely my fault, as I wasn’t cleaning the data for security (see, needing to get my head back in the game, so to speak). I’m using the PHP PDO library, and binding data with prepared statements, so I’m not *as* worried about SQL injection, but the XSS was a bit of an eye opener (thanks, whoever you were). That’s plugged temporarily while I come up with a better long term solution. It’s *workable* now, but I want to see if there’s a better approach than what I took.
On the stats end, any URL you shorten with the service has stats publicly viewable by adding “/stats” at the end of the URL. If you’d prefer to get them in RSS form, add “/rss” instead of “/stats”. The ewerl.com/faq/ page has a link to an example stats page and that has a link to the RSS feed.
If there’s any features you’d like to see in a service like this, please comment here or drop me an email. Please test it out, bang on it, poke holes in it, and send me any feedback (good or bad) that you have.
Thanks!
How are the hashes generated?
Also, you’d better filter XSS attacks on your stats page as well. Example script:
$curl = curl_init('http://ewerl.com/zYiA18');
curl_setopt($curl, CURLOPT_REFERER, 'alert(\'xss\');');
curl_exec($curl);
A good rule is to always call htmlspecialchars before displaying content supplied by users.
A small usability thought; add a “Copy to clipboard…” button next to the resulting URL, or when you click the resulting URLs text box have it auto select the contents.
@Richard – thanks for the tip! I’ll look in to a copy-to-clipboard at some point, but have done an auto-select on the text when clicked to make it easier to copy.
@michael – thanks to you as well! I thought I had that covered, but obviousy I didn’t. Hopefully these issues are the last ones(!)
Would be nice with a user account so I can keep track of all my redirections, having to put them in a .txt file seems so non-geeky.
Short answer around that is I hate making signup/registration systems. I’ve got reusable code and it doesn’t take very long, but there’s always some hangup that makes things less easy to use. And it becomes ‘yet another user/pass/email’ combo to remember.
I’m not saying I won’t do it, but it’s a bit lower priority right now.
As a workaround, you can submit your email address with a ewerl, and the system will mail you a list of your ewerls with stats nightly. This isn’t *finished* yet, so anyone signing up for it today might not get it until Monday or Tuesday, but it’s in place to do that.
A few updates:
There’s a basic API up for external use to create new ewerls, and to query the stats on existing ewerls.
Suggestion from someone to make API use ‘url encoded’ strings rather than base64. Having some trouble with Apache and mod_rewrite accepting this, but if/when that happens it’ll be the next API version.
Had someone already writing some sample code using the v1 API – http://www.downlifesroad.com/2008/06/29/ewerl-function/. Thanks!
@michael
hashes are currently generated based on a timestamp. after some discussion with a friend, it may be converted to simple ‘random’ strings altogether. The original idea was to use PHP’s microtime(true) function, then convert that to base62 (0-9a-zA-Z). However, it was a bit too predictable. That’s not to say the purpose of the ewerl service is to be intentionally obscure – the primary purpose is to be short! – but being that sequential didn’t square well with me after the initial pass was done.
Small suggestion, but the input box for the URLs to be shortened should be made MUCH longer. That’s the whole point, right?
Good point Kwaping. I’ll make that modification soon!
Brace yourself for the things to come because spammers and phishers will find the website and cause a lot of work. From experience with our project gentleurl.net I know that you’ll probably need to do following things sooner or later
1. Maintain a ban list for words that must not be part of an URL. That includes names of banks worldwide (against phishing) and names of other short URL services. The latter only if you want to prevent users from routing through several different short URL services. In my opinion – that can’t be good.
2. Check all your URLs against the SURBL blacklist. Our webhost shut our website down several times before we’ve implemented it. This way you can keep spammers and phishers out as far as possible.
3. You’re using a header redirect which will allow people to use the tool to mask image URLs and paste them into their websites/forums/blogs/comments etc. This can lead to a lot of traffic. Be prepared to block visitors on the basis of their referrer on a regular basis. (Or upgrade traffic and server power)
I hope this helps and doesn’t come on to know-it-all.
You may want to check http://sn.vc for improvement of your or add more features in it?