function dgw_dont_track_admins_init()
{
/* If user is logged in to yourls... */
if (yourls_is_valid_user() === true) {
/* ...then filter the tracking routines */
# first the click tracker
yourls_add_filter('shunt_update_clicks', 'dgw_dont_track_admins');
# then the detailed logger
yourls_add_filter('shunt_log_redirect', 'dgw_dont_track_admins');
}
}
function customproto_allowed_protocols($protocols)
{
if (yourls_is_valid_user() && yourls_is_admin()) {
// if user is logged in, or valid cookie exists on the computer, and we're in admin area:
// add custom protocol 'blah://' to authorized protocols
$protocols[] = 'blah://';
} else {
// if no known user: remove all protocols except http & https
$protocols = array('http://', 'https://');
}
return $protocols;
}
<?php
// No direct call
if (!defined('YOURLS_ABSPATH')) {
die;
}
$auth = yourls_is_valid_user();
if ($auth !== true) {
// API mode,
if (yourls_is_API()) {
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
$callback = isset($_REQUEST['callback']) ? $_REQUEST['callback'] : '';
yourls_api_output($format, array('simple' => $auth, 'message' => $auth, 'errorCode' => 403, 'callback' => $callback));
// Regular mode
} else {
yourls_login_screen($auth);
}
die;
}
yourls_do_action('auth_successful');
/**
* Check if an IP shortens URL too fast to prevent DB flood. Return true, or die.
*
*/
function yourls_check_IP_flood($ip = '')
{
// Allow plugins to short-circuit the whole function
$pre = yourls_apply_filter('shunt_check_IP_flood', false, $ip);
if (false !== $pre) {
return $pre;
}
yourls_do_action('pre_check_ip_flood', $ip);
// at this point $ip can be '', check it if your plugin hooks in here
// Raise white flag if installing or if no flood delay defined
if (defined('YOURLS_FLOOD_DELAY_SECONDS') && YOURLS_FLOOD_DELAY_SECONDS === 0 || !defined('YOURLS_FLOOD_DELAY_SECONDS') || yourls_is_installing()) {
return true;
}
// Don't throttle logged in users
if (yourls_is_private()) {
if (yourls_is_valid_user() === true) {
return true;
}
}
// Don't throttle whitelist IPs
if (defined('YOURLS_FLOOD_IP_WHITELIST') && YOURLS_FLOOD_IP_WHITELIST) {
$whitelist_ips = explode(',', YOURLS_FLOOD_IP_WHITELIST);
foreach ((array) $whitelist_ips as $whitelist_ip) {
$whitelist_ip = trim($whitelist_ip);
if ($whitelist_ip == $ip) {
return true;
}
}
}
$ip = $ip ? yourls_sanitize_ip($ip) : yourls_get_IP();
$ip = yourls_escape($ip);
yourls_do_action('check_ip_flood', $ip);
global $ydb;
$table = YOURLS_DB_TABLE_URL;
$lasttime = $ydb->get_var("SELECT `timestamp` FROM {$table} WHERE `ip` = '{$ip}' ORDER BY `timestamp` DESC LIMIT 1");
if ($lasttime) {
$now = date('U');
$then = date('U', strtotime($lasttime));
if ($now - $then <= YOURLS_FLOOD_DELAY_SECONDS) {
// Flood!
yourls_do_action('ip_flood', $ip, $now - $then);
yourls_die(yourls__('Too many URLs added too fast. Slow down please.'), yourls__('Forbidden'), 403);
}
}
return true;
}
?>
</label></p>
<p><label for="title" class="secondary"><?php
yourls_e('Optional title used when sharing a link from YOURLS using social sharers.', 'isq_translation');
?>
</label></p>
<input type="text" id="title" name="title" value="<?php
echo $title;
?>
">
</div>
</div>
<?php
if (function_exists('yourls_is_valid_user') && yourls_is_valid_user() == 1) {
echo '<input type="hidden" name="antispam_method" value="user_login" class="hidden">';
} else {
if (!empty(ISQ::$recaptcha['sitekey']) && !empty(ISQ::$recaptcha['secret'])) {
$dependencies[] = 'reCAPTCHA';
echo '<input type="hidden" name="antispam_method" value="recaptcha" class="hidden">';
?>
<div class="form-item recaptcha-container">
<p><label class="primary" title=""><?php
yourls_e('Verification', 'isq_translation');
?>
</label></p>
<p><label class="secondary"><?php
yourls_e('reCAPTCHA verification used to ensure you are not a bot.', 'isq_translation');
?>
</label></p>
function authmgr_check_user_capability($original, $capability)
{
global $authmgr_role_capabilities;
// Shortcut - trust approval given by earlier filters
if ($original === true) {
return true;
}
// ensure $authmgr_role_capabilities has been set up
authmgr_environment_check();
// If the user is not authenticated, then give up because only users have roles.
$authenticated = yourls_is_valid_user();
if ($authenticated !== true) {
return false;
}
// Enumerate the capabilities available to this user through roles
$user_caps = array();
foreach ($authmgr_role_capabilities as $rolename => $rolecaps) {
if (authmgr_user_has_role(YOURLS_USER, $rolename)) {
$user_caps = array_merge($user_caps, $rolecaps);
}
}
$user_caps = array_unique($user_caps);
// Is the desired capability in the enumerated list of capabilities?
return in_array($capability, $user_caps);
}
<?php
$auth = yourls_apply_filter('is_valid_user', yourls_is_valid_user());
if ($auth !== true) {
// API mode,
if (yourls_is_API()) {
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
yourls_api_output($format, array('simple' => $auth, 'message' => $auth, 'errorCode' => 403));
// Regular mode
} else {
yourls_login_screen($auth);
}
die;
}
function trapApi($args)
{
$action = $args[0];
$admin = yourls_is_valid_user();
// Uses this name but REFERS to ADMIN!
if ($admin === true || $action == "expand") {
return;
}
if (YOURLS_MULTUSER_PROTECTED === false && ($action == "stats" || $action == "db-stats" || $action == 'url-stats')) {
return;
}
switch ($action) {
case "shorturl":
if (YOURLS_MULTIUSER_ANONYMOUS === true) {
return;
} else {
$token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : '';
$user = getUserIdByToken($token);
if ($user == false) {
$u = $_SESSION["user"];
$user = getUserIdByToken($u["token"]);
}
if ($user == false) {
$return = array('simple' => 'You can\'t be anonymous', 'message' => 'You can\'t be anonymous', 'errorCode' => 403);
} else {
return;
}
}
break;
// Stats for a shorturl
// Stats for a shorturl
case 'url-stats':
$token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : '';
$user = getUserIdByToken($token);
if ($user == false) {
$u = $_SESSION["user"];
$user = getUserIdByToken($u["token"]);
}
if ($user == false) {
$return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403);
} else {
if (verifyUrlOwner($keyword, $user)) {
$shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : '';
$return = yourls_api_url_stats($shorturl);
} else {
$return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403);
}
}
break;
default:
$return = array('errorCode' => 400, 'message' => 'Unknown or missing or forbidden "action" parameter', 'simple' => 'Unknown or missing or forbidden "action" parameter');
}
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
yourls_api_output($format, $return);
die;
}
function yourls_check_IP_flood($ip = '')
{
if (defined('YOURLS_FLOOD_DELAY_SECONDS') && YOURLS_FLOOD_DELAY_SECONDS === 0 || !defined('YOURLS_FLOOD_DELAY_SECONDS')) {
return true;
}
$ip = $ip ? yourls_sanitize_ip($ip) : yourls_get_IP();
// Don't throttle whitelist IPs
if (defined('YOURLS_FLOOD_IP_WHITELIST' && YOURLS_FLOOD_IP_WHITELIST)) {
$whitelist_ips = explode(',', YOURLS_FLOOD_IP_WHITELIST);
foreach ($whitelist_ips as $whitelist_ip) {
$whitelist_ip = trim($whitelist_ip);
if ($whitelist_ip == $ip) {
return true;
}
}
}
// Don't throttle logged in users
if (yourls_is_private()) {
if (yourls_is_valid_user() === true) {
return true;
}
}
global $ydb;
$table = YOURLS_DB_TABLE_URL;
$lasttime = $ydb->get_var("SELECT `timestamp` FROM {$table} WHERE `ip` = '{$ip}' ORDER BY `timestamp` DESC LIMIT 1");
if ($lasttime) {
$now = date('U');
$then = date('U', strtotime($lasttime));
if ($now - $then <= YOURLS_FLOOD_DELAY_SECONDS) {
// Flood!
yourls_die('Too many URLs added too fast. Slow down please.', 'Forbidden', 403);
}
}
return true;
}
function spb_recaptcha_add_SolveMedia_Script()
{
$challengeKey = yourls_get_option('spb_recaptcha_solvemediaCKey', "");
if (!(yourls_is_valid_user() === true)) {
require_once dirname(__FILE__) . "/solvemedialib.php";
//include the Solve Media library
echo solvemedia_get_html($challengeKey);
//outputs the widget
}
echo "<input type='hidden' id='spb_recaptcha_captchatype' name='spb_recaptcha_captchatype' value='solvemedia'/>";
}
