unset($_SESSION);
unset($_SESSION["user"]);
$error_msg = "Signed off.";
}
if (!isLogged()) {
yourls_html_head('login');
mu_html_menu();
// Login form
switch ($act) {
case "login":
$username = yourls_escape($_POST['username']);
$password = $_POST['password'];
if (!empty($username) && !empty($password)) {
if (isValidUser($username, $password)) {
$token = getUserTokenByEmail($username);
$id = getUserIdByToken($token);
$_SESSION['user'] = array("id" => $id, "user" => $username, "token" => $token);
yourls_redirect("index.php");
} else {
$error_msg = "Problems to login.";
require_once 'form.php';
}
}
break;
case "joinform":
require_once 'formjoin.php';
break;
case "join":
$username = yourls_escape($_POST['username']);
$password = $_POST['password'];
if (captchaEnabled()) {
function trapApi($args)
{
$action = $args[0];
$admin = yourls_is_valid_user();
// Uses this name but REFERS to ADMIN!
if ($admin === true || $action == "expand") {
return;
}
if (YOURLS_MULTUSER_PROTECTED === false && ($action == "stats" || $action == "db-stats" || $action == 'url-stats')) {
return;
}
switch ($action) {
case "shorturl":
if (YOURLS_MULTIUSER_ANONYMOUS === true) {
return;
} else {
$token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : '';
$user = getUserIdByToken($token);
if ($user == false) {
$u = $_SESSION["user"];
$user = getUserIdByToken($u["token"]);
}
if ($user == false) {
$return = array('simple' => 'You can\'t be anonymous', 'message' => 'You can\'t be anonymous', 'errorCode' => 403);
} else {
return;
}
}
break;
// Stats for a shorturl
// Stats for a shorturl
case 'url-stats':
$token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : '';
$user = getUserIdByToken($token);
if ($user == false) {
$u = $_SESSION["user"];
$user = getUserIdByToken($u["token"]);
}
if ($user == false) {
$return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403);
} else {
if (verifyUrlOwner($keyword, $user)) {
$shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : '';
$return = yourls_api_url_stats($shorturl);
} else {
$return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403);
}
}
break;
default:
$return = array('errorCode' => 400, 'message' => 'Unknown or missing or forbidden "action" parameter', 'simple' => 'Unknown or missing or forbidden "action" parameter');
}
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
yourls_api_output($format, $return);
die;
}
