function dgw_dont_track_admins_init() { /* If user is logged in to yourls... */ if (yourls_is_valid_user() === true) { /* ...then filter the tracking routines */ # first the click tracker yourls_add_filter('shunt_update_clicks', 'dgw_dont_track_admins'); # then the detailed logger yourls_add_filter('shunt_log_redirect', 'dgw_dont_track_admins'); } }
function customproto_allowed_protocols($protocols) { if (yourls_is_valid_user() && yourls_is_admin()) { // if user is logged in, or valid cookie exists on the computer, and we're in admin area: // add custom protocol 'blah://' to authorized protocols $protocols[] = 'blah://'; } else { // if no known user: remove all protocols except http & https $protocols = array('http://', 'https://'); } return $protocols; }
<?php // No direct call if (!defined('YOURLS_ABSPATH')) { die; } $auth = yourls_is_valid_user(); if ($auth !== true) { // API mode, if (yourls_is_API()) { $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml'; $callback = isset($_REQUEST['callback']) ? $_REQUEST['callback'] : ''; yourls_api_output($format, array('simple' => $auth, 'message' => $auth, 'errorCode' => 403, 'callback' => $callback)); // Regular mode } else { yourls_login_screen($auth); } die; } yourls_do_action('auth_successful');
/** * Check if an IP shortens URL too fast to prevent DB flood. Return true, or die. * */ function yourls_check_IP_flood($ip = '') { // Allow plugins to short-circuit the whole function $pre = yourls_apply_filter('shunt_check_IP_flood', false, $ip); if (false !== $pre) { return $pre; } yourls_do_action('pre_check_ip_flood', $ip); // at this point $ip can be '', check it if your plugin hooks in here // Raise white flag if installing or if no flood delay defined if (defined('YOURLS_FLOOD_DELAY_SECONDS') && YOURLS_FLOOD_DELAY_SECONDS === 0 || !defined('YOURLS_FLOOD_DELAY_SECONDS') || yourls_is_installing()) { return true; } // Don't throttle logged in users if (yourls_is_private()) { if (yourls_is_valid_user() === true) { return true; } } // Don't throttle whitelist IPs if (defined('YOURLS_FLOOD_IP_WHITELIST') && YOURLS_FLOOD_IP_WHITELIST) { $whitelist_ips = explode(',', YOURLS_FLOOD_IP_WHITELIST); foreach ((array) $whitelist_ips as $whitelist_ip) { $whitelist_ip = trim($whitelist_ip); if ($whitelist_ip == $ip) { return true; } } } $ip = $ip ? yourls_sanitize_ip($ip) : yourls_get_IP(); $ip = yourls_escape($ip); yourls_do_action('check_ip_flood', $ip); global $ydb; $table = YOURLS_DB_TABLE_URL; $lasttime = $ydb->get_var("SELECT `timestamp` FROM {$table} WHERE `ip` = '{$ip}' ORDER BY `timestamp` DESC LIMIT 1"); if ($lasttime) { $now = date('U'); $then = date('U', strtotime($lasttime)); if ($now - $then <= YOURLS_FLOOD_DELAY_SECONDS) { // Flood! yourls_do_action('ip_flood', $ip, $now - $then); yourls_die(yourls__('Too many URLs added too fast. Slow down please.'), yourls__('Forbidden'), 403); } } return true; }
?> </label></p> <p><label for="title" class="secondary"><?php yourls_e('Optional title used when sharing a link from YOURLS using social sharers.', 'isq_translation'); ?> </label></p> <input type="text" id="title" name="title" value="<?php echo $title; ?> "> </div> </div> <?php if (function_exists('yourls_is_valid_user') && yourls_is_valid_user() == 1) { echo '<input type="hidden" name="antispam_method" value="user_login" class="hidden">'; } else { if (!empty(ISQ::$recaptcha['sitekey']) && !empty(ISQ::$recaptcha['secret'])) { $dependencies[] = 'reCAPTCHA'; echo '<input type="hidden" name="antispam_method" value="recaptcha" class="hidden">'; ?> <div class="form-item recaptcha-container"> <p><label class="primary" title=""><?php yourls_e('Verification', 'isq_translation'); ?> </label></p> <p><label class="secondary"><?php yourls_e('reCAPTCHA verification used to ensure you are not a bot.', 'isq_translation'); ?> </label></p>
function authmgr_check_user_capability($original, $capability) { global $authmgr_role_capabilities; // Shortcut - trust approval given by earlier filters if ($original === true) { return true; } // ensure $authmgr_role_capabilities has been set up authmgr_environment_check(); // If the user is not authenticated, then give up because only users have roles. $authenticated = yourls_is_valid_user(); if ($authenticated !== true) { return false; } // Enumerate the capabilities available to this user through roles $user_caps = array(); foreach ($authmgr_role_capabilities as $rolename => $rolecaps) { if (authmgr_user_has_role(YOURLS_USER, $rolename)) { $user_caps = array_merge($user_caps, $rolecaps); } } $user_caps = array_unique($user_caps); // Is the desired capability in the enumerated list of capabilities? return in_array($capability, $user_caps); }
<?php $auth = yourls_apply_filter('is_valid_user', yourls_is_valid_user()); if ($auth !== true) { // API mode, if (yourls_is_API()) { $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml'; yourls_api_output($format, array('simple' => $auth, 'message' => $auth, 'errorCode' => 403)); // Regular mode } else { yourls_login_screen($auth); } die; }
function trapApi($args) { $action = $args[0]; $admin = yourls_is_valid_user(); // Uses this name but REFERS to ADMIN! if ($admin === true || $action == "expand") { return; } if (YOURLS_MULTUSER_PROTECTED === false && ($action == "stats" || $action == "db-stats" || $action == 'url-stats')) { return; } switch ($action) { case "shorturl": if (YOURLS_MULTIUSER_ANONYMOUS === true) { return; } else { $token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : ''; $user = getUserIdByToken($token); if ($user == false) { $u = $_SESSION["user"]; $user = getUserIdByToken($u["token"]); } if ($user == false) { $return = array('simple' => 'You can\'t be anonymous', 'message' => 'You can\'t be anonymous', 'errorCode' => 403); } else { return; } } break; // Stats for a shorturl // Stats for a shorturl case 'url-stats': $token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : ''; $user = getUserIdByToken($token); if ($user == false) { $u = $_SESSION["user"]; $user = getUserIdByToken($u["token"]); } if ($user == false) { $return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403); } else { if (verifyUrlOwner($keyword, $user)) { $shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : ''; $return = yourls_api_url_stats($shorturl); } else { $return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403); } } break; default: $return = array('errorCode' => 400, 'message' => 'Unknown or missing or forbidden "action" parameter', 'simple' => 'Unknown or missing or forbidden "action" parameter'); } $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml'; yourls_api_output($format, $return); die; }
function yourls_check_IP_flood($ip = '') { if (defined('YOURLS_FLOOD_DELAY_SECONDS') && YOURLS_FLOOD_DELAY_SECONDS === 0 || !defined('YOURLS_FLOOD_DELAY_SECONDS')) { return true; } $ip = $ip ? yourls_sanitize_ip($ip) : yourls_get_IP(); // Don't throttle whitelist IPs if (defined('YOURLS_FLOOD_IP_WHITELIST' && YOURLS_FLOOD_IP_WHITELIST)) { $whitelist_ips = explode(',', YOURLS_FLOOD_IP_WHITELIST); foreach ($whitelist_ips as $whitelist_ip) { $whitelist_ip = trim($whitelist_ip); if ($whitelist_ip == $ip) { return true; } } } // Don't throttle logged in users if (yourls_is_private()) { if (yourls_is_valid_user() === true) { return true; } } global $ydb; $table = YOURLS_DB_TABLE_URL; $lasttime = $ydb->get_var("SELECT `timestamp` FROM {$table} WHERE `ip` = '{$ip}' ORDER BY `timestamp` DESC LIMIT 1"); if ($lasttime) { $now = date('U'); $then = date('U', strtotime($lasttime)); if ($now - $then <= YOURLS_FLOOD_DELAY_SECONDS) { // Flood! yourls_die('Too many URLs added too fast. Slow down please.', 'Forbidden', 403); } } return true; }
function spb_recaptcha_add_SolveMedia_Script() { $challengeKey = yourls_get_option('spb_recaptcha_solvemediaCKey', ""); if (!(yourls_is_valid_user() === true)) { require_once dirname(__FILE__) . "/solvemedialib.php"; //include the Solve Media library echo solvemedia_get_html($challengeKey); //outputs the widget } echo "<input type='hidden' id='spb_recaptcha_captchatype' name='spb_recaptcha_captchatype' value='solvemedia'/>"; }