/**
* Check for valid user via login form or stored cookie. Returns true or an error message
*
*/
function yourls_is_valid_user()
{
// Allow plugins to short-circuit the whole function
$pre = yourls_apply_filter('shunt_is_valid_user', null);
if (null !== $pre) {
return $pre;
}
// $unfiltered_valid : are credentials valid? Boolean value. It's "unfiltered" to allow plugins to eventually filter it.
$unfiltered_valid = false;
// Logout request
if (isset($_GET['action']) && $_GET['action'] == 'logout') {
yourls_do_action('logout');
yourls_store_cookie(null);
return yourls__('Logged out successfully');
}
// Check cookies or login request. Login form has precedence.
yourls_do_action('pre_login');
// Determine auth method and check credentials
if (yourls_is_API() && isset($_REQUEST['timestamp']) && !empty($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
yourls_do_action('pre_login_signature_timestamp');
$unfiltered_valid = yourls_check_signature_timestamp();
} elseif (yourls_is_API() && !isset($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
yourls_do_action('pre_login_signature');
$unfiltered_valid = yourls_check_signature();
} elseif (isset($_REQUEST['username']) && isset($_REQUEST['password']) && !empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
yourls_do_action('pre_login_username_password');
$unfiltered_valid = yourls_check_username_password();
} elseif (!yourls_is_API() && isset($_COOKIE[yourls_cookie_name()])) {
yourls_do_action('pre_login_cookie');
$unfiltered_valid = yourls_check_auth_cookie();
}
// Regardless of validity, allow plugins to filter the boolean and have final word
$valid = yourls_apply_filter('is_valid_user', $unfiltered_valid);
// Login for the win!
if ($valid) {
yourls_do_action('login');
// (Re)store encrypted cookie if needed
if (!yourls_is_API()) {
yourls_store_cookie(YOURLS_USER);
// Login form : redirect to requested URL to avoid re-submitting the login form on page reload
if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_SERVER['REQUEST_URI'])) {
$url = $_SERVER['REQUEST_URI'];
yourls_redirect($url);
}
}
// Login successful
return true;
}
// Login failed
yourls_do_action('login_failed');
if (isset($_REQUEST['username']) || isset($_REQUEST['password'])) {
return yourls__('Invalid username or password');
} else {
return yourls__('Please log in');
}
}
function temp_instead_function($args)
{
$url = $args[0];
$code = $args[1];
$match = strpos($url, yourls_site_url(false));
$mode = intval(yourls_get_option('temp_instead_mode', 1));
// We check here if the url contains the YOURLS installation address,
// and if it doesn't we'll return a 302 redirect if it isn't getting
// one already.
if ($code != 302 && ($mode == 1 || $match === false && $mode == 3)) {
yourls_redirect($url, 302);
}
// We check here if the url contains the YOURLS installation address,
// and if it does we'll return a 301 redirect if it isn't getting
// one already.
if ($code != 301 && ($mode == 2 || $match !== false && $mode == 3)) {
yourls_redirect($url, 301);
}
}
yourls_redirect(YOURLS_SITE, 302);
}
// Get basic infos for this shortened URL
$keyword = yourls_sanitize_string($keyword);
$longurl = yourls_get_keyword_longurl($keyword);
$clicks = yourls_get_keyword_clicks($keyword);
$timestamp = yourls_get_keyword_timestamp($keyword);
$title = yourls_get_keyword_title($keyword);
// Update title if it hasn't been stored yet
if ($title == '') {
$title = yourls_get_remote_title($longurl);
yourls_edit_link_title($keyword, $title);
}
if ($longurl === false) {
yourls_do_action('infos_keyword_not_found');
yourls_redirect(YOURLS_SITE, 302);
}
yourls_do_action('pre_yourls_infos', $keyword);
if (yourls_do_log_redirect()) {
$table = YOURLS_DB_TABLE_LOG;
$referrers = array();
$direct = $notdirect = 0;
$countries = array();
$dates = array();
$list_of_days = array();
$list_of_months = array();
$list_of_years = array();
$last_24h = array();
// Define keyword query range : either a single keyword or a list of keywords
if ($aggregate) {
$keyword_list = yourls_get_longurl_keywords($longurl);
yourls_db_connect();
}
// Allow early inclusion of a cache layer
if (file_exists(YOURLS_USERDIR . '/cache.php')) {
require_once YOURLS_USERDIR . '/cache.php';
}
// Read options right from start
yourls_get_all_options();
// Register shutdown function
register_shutdown_function('yourls_shutdown');
// Core now loaded
yourls_do_action('init');
// plugins can't see this, not loaded yet
// Check if need to redirect to install procedure
if (!yourls_is_installed() && !yourls_is_installing()) {
yourls_redirect(yourls_admin_url('install.php'), 302);
}
// Check if upgrade is needed (bypassed if upgrading or installing)
if (!yourls_is_upgrading() && !yourls_is_installing()) {
if (yourls_upgrade_is_needed()) {
yourls_redirect(YOURLS_SITE . '/admin/upgrade.php', 302);
}
}
// Init all plugins
yourls_load_plugins();
yourls_do_action('plugins_loaded');
// Is there a new version of YOURLS ?
yourls_new_core_version_notice();
if (yourls_is_admin()) {
yourls_do_action('admin_init');
}
$return['errorCode'] = 400;
$return['message'] = yourls_s('Short URL created, but could not redirect to %s !', 'Twitter');
break;
case 'facebook':
// share with Facebook
$destination = sprintf("https://www.facebook.com/sharer/sharer.php?u=%s&t=%s", urlencode($return['shorturl']), urlencode($title));
yourls_redirect($destination, 303);
// Deal with the case when redirection failed:
$return['status'] = 'error';
$return['errorCode'] = 400;
$return['message'] = yourls_s('Short URL created, but could not redirect to %s !', 'Facebook');
break;
case 'tumblr':
// share with Tumblr
$destination = sprintf("https://www.tumblr.com/share?v=3&u=%s&t=%s&s=%s", urlencode($return['shorturl']), urlencode($title), urlencode($text));
yourls_redirect($destination, 303);
// Deal with the case when redirection failed:
$return['status'] = 'error';
$return['errorCode'] = 400;
$return['message'] = yourls_s('Short URL created, but could not redirect to %s !', 'Tumblr');
break;
default:
// Is there a custom registered social bookmark?
yourls_do_action('share_redirect_' . $_GET['share'], $return);
// Still here? That was an unknown 'share' method, then.
$return['status'] = 'error';
$return['errorCode'] = 400;
$return['message'] = yourls__('Unknown "Share" bookmarklet');
break;
}
}
$error_msg = "Signed off.";
}
if (!isLogged()) {
yourls_html_head('login');
mu_html_menu();
// Login form
switch ($act) {
case "login":
$username = yourls_escape($_POST['username']);
$password = $_POST['password'];
if (!empty($username) && !empty($password)) {
if (isValidUser($username, $password)) {
$token = getUserTokenByEmail($username);
$id = getUserIdByToken($token);
$_SESSION['user'] = array("id" => $id, "user" => $username, "token" => $token);
yourls_redirect("index.php");
} else {
$error_msg = "Problems to login.";
require_once 'form.php';
}
}
break;
case "joinform":
require_once 'formjoin.php';
break;
case "join":
$username = yourls_escape($_POST['username']);
$password = $_POST['password'];
if (captchaEnabled()) {
require_once 'recaptchalib.php';
$privatekey = YOURLS_MULTIUSER_CAPTCHA_PRIVATE_KEY;
function authmgr_require_capability($capability)
{
if (!authmgr_have_capability($capability)) {
// TODO: display a much nicer error page
//die('Sorry, you are not authorized for the action: '.$capability);
yourls_redirect(yourls_admin_url('?access=denied'), 302);
die;
}
}
yourls_verify_nonce('manage_plugins', $_REQUEST['nonce']);
// Check plugin file is valid
if (isset($_GET['plugin']) && yourls_validate_plugin_file(YOURLS_PLUGINDIR . '/' . $_GET['plugin'] . '/plugin.php')) {
global $ydb;
// Activate / Deactive
switch ($_GET['action']) {
case 'activate':
$result = yourls_activate_plugin($_GET['plugin'] . '/plugin.php');
if ($result === true) {
yourls_redirect(yourls_admin_url('plugins.php?success=activated'), 302);
}
break;
case 'deactivate':
$result = yourls_deactivate_plugin($_GET['plugin'] . '/plugin.php');
if ($result === true) {
yourls_redirect(yourls_admin_url('plugins.php?success=deactivated'), 302);
}
break;
default:
$result = 'Unsupported action';
break;
}
} else {
$result = 'No plugin specified, or not a valid plugin';
}
yourls_add_notice($result);
}
// Handle message upon succesfull (de)activation
if (isset($_GET['success'])) {
if ($_GET['success'] == 'activated' or $_GET['success'] == 'deactivated') {
yourls_add_notice('Plugin ' . $_GET['success']);
} else {
echo "<p>No referrer data.</p>";
}
?>
</div>
<?php
}
// endif do log redirect
?>
<div id="stat_tab_share" class="tab">
<h2>Share</h2>
<?php
yourls_share_box($longurl, yourls_link($keyword), '', '', '<h3>Short link</h3>', '<h3>Quick Share</h3>');
?>
</div>
</div>
<?php
yourls_html_footer();
die;
} else {
yourls_redirect(YOURLS_SITE, 401);
}
