/** * Check for valid user via login form or stored cookie. Returns true or an error message * */ function yourls_is_valid_user() { // Allow plugins to short-circuit the whole function $pre = yourls_apply_filter('shunt_is_valid_user', null); if (null !== $pre) { return $pre; } // $unfiltered_valid : are credentials valid? Boolean value. It's "unfiltered" to allow plugins to eventually filter it. $unfiltered_valid = false; // Logout request if (isset($_GET['action']) && $_GET['action'] == 'logout') { yourls_do_action('logout'); yourls_store_cookie(null); return yourls__('Logged out successfully'); } // Check cookies or login request. Login form has precedence. yourls_do_action('pre_login'); // Determine auth method and check credentials if (yourls_is_API() && isset($_REQUEST['timestamp']) && !empty($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) { yourls_do_action('pre_login_signature_timestamp'); $unfiltered_valid = yourls_check_signature_timestamp(); } elseif (yourls_is_API() && !isset($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) { yourls_do_action('pre_login_signature'); $unfiltered_valid = yourls_check_signature(); } elseif (isset($_REQUEST['username']) && isset($_REQUEST['password']) && !empty($_REQUEST['username']) && !empty($_REQUEST['password'])) { yourls_do_action('pre_login_username_password'); $unfiltered_valid = yourls_check_username_password(); } elseif (!yourls_is_API() && isset($_COOKIE[yourls_cookie_name()])) { yourls_do_action('pre_login_cookie'); $unfiltered_valid = yourls_check_auth_cookie(); } // Regardless of validity, allow plugins to filter the boolean and have final word $valid = yourls_apply_filter('is_valid_user', $unfiltered_valid); // Login for the win! if ($valid) { yourls_do_action('login'); // (Re)store encrypted cookie if needed if (!yourls_is_API()) { yourls_store_cookie(YOURLS_USER); // Login form : redirect to requested URL to avoid re-submitting the login form on page reload if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_SERVER['REQUEST_URI'])) { $url = $_SERVER['REQUEST_URI']; yourls_redirect($url); } } // Login successful return true; } // Login failed yourls_do_action('login_failed'); if (isset($_REQUEST['username']) || isset($_REQUEST['password'])) { return yourls__('Invalid username or password'); } else { return yourls__('Please log in'); } }
function temp_instead_function($args) { $url = $args[0]; $code = $args[1]; $match = strpos($url, yourls_site_url(false)); $mode = intval(yourls_get_option('temp_instead_mode', 1)); // We check here if the url contains the YOURLS installation address, // and if it doesn't we'll return a 302 redirect if it isn't getting // one already. if ($code != 302 && ($mode == 1 || $match === false && $mode == 3)) { yourls_redirect($url, 302); } // We check here if the url contains the YOURLS installation address, // and if it does we'll return a 301 redirect if it isn't getting // one already. if ($code != 301 && ($mode == 2 || $match !== false && $mode == 3)) { yourls_redirect($url, 301); } }
yourls_redirect(YOURLS_SITE, 302); } // Get basic infos for this shortened URL $keyword = yourls_sanitize_string($keyword); $longurl = yourls_get_keyword_longurl($keyword); $clicks = yourls_get_keyword_clicks($keyword); $timestamp = yourls_get_keyword_timestamp($keyword); $title = yourls_get_keyword_title($keyword); // Update title if it hasn't been stored yet if ($title == '') { $title = yourls_get_remote_title($longurl); yourls_edit_link_title($keyword, $title); } if ($longurl === false) { yourls_do_action('infos_keyword_not_found'); yourls_redirect(YOURLS_SITE, 302); } yourls_do_action('pre_yourls_infos', $keyword); if (yourls_do_log_redirect()) { $table = YOURLS_DB_TABLE_LOG; $referrers = array(); $direct = $notdirect = 0; $countries = array(); $dates = array(); $list_of_days = array(); $list_of_months = array(); $list_of_years = array(); $last_24h = array(); // Define keyword query range : either a single keyword or a list of keywords if ($aggregate) { $keyword_list = yourls_get_longurl_keywords($longurl);
yourls_db_connect(); } // Allow early inclusion of a cache layer if (file_exists(YOURLS_USERDIR . '/cache.php')) { require_once YOURLS_USERDIR . '/cache.php'; } // Read options right from start yourls_get_all_options(); // Register shutdown function register_shutdown_function('yourls_shutdown'); // Core now loaded yourls_do_action('init'); // plugins can't see this, not loaded yet // Check if need to redirect to install procedure if (!yourls_is_installed() && !yourls_is_installing()) { yourls_redirect(yourls_admin_url('install.php'), 302); } // Check if upgrade is needed (bypassed if upgrading or installing) if (!yourls_is_upgrading() && !yourls_is_installing()) { if (yourls_upgrade_is_needed()) { yourls_redirect(YOURLS_SITE . '/admin/upgrade.php', 302); } } // Init all plugins yourls_load_plugins(); yourls_do_action('plugins_loaded'); // Is there a new version of YOURLS ? yourls_new_core_version_notice(); if (yourls_is_admin()) { yourls_do_action('admin_init'); }
$return['errorCode'] = 400; $return['message'] = yourls_s('Short URL created, but could not redirect to %s !', 'Twitter'); break; case 'facebook': // share with Facebook $destination = sprintf("https://www.facebook.com/sharer/sharer.php?u=%s&t=%s", urlencode($return['shorturl']), urlencode($title)); yourls_redirect($destination, 303); // Deal with the case when redirection failed: $return['status'] = 'error'; $return['errorCode'] = 400; $return['message'] = yourls_s('Short URL created, but could not redirect to %s !', 'Facebook'); break; case 'tumblr': // share with Tumblr $destination = sprintf("https://www.tumblr.com/share?v=3&u=%s&t=%s&s=%s", urlencode($return['shorturl']), urlencode($title), urlencode($text)); yourls_redirect($destination, 303); // Deal with the case when redirection failed: $return['status'] = 'error'; $return['errorCode'] = 400; $return['message'] = yourls_s('Short URL created, but could not redirect to %s !', 'Tumblr'); break; default: // Is there a custom registered social bookmark? yourls_do_action('share_redirect_' . $_GET['share'], $return); // Still here? That was an unknown 'share' method, then. $return['status'] = 'error'; $return['errorCode'] = 400; $return['message'] = yourls__('Unknown "Share" bookmarklet'); break; } }
$error_msg = "Signed off."; } if (!isLogged()) { yourls_html_head('login'); mu_html_menu(); // Login form switch ($act) { case "login": $username = yourls_escape($_POST['username']); $password = $_POST['password']; if (!empty($username) && !empty($password)) { if (isValidUser($username, $password)) { $token = getUserTokenByEmail($username); $id = getUserIdByToken($token); $_SESSION['user'] = array("id" => $id, "user" => $username, "token" => $token); yourls_redirect("index.php"); } else { $error_msg = "Problems to login."; require_once 'form.php'; } } break; case "joinform": require_once 'formjoin.php'; break; case "join": $username = yourls_escape($_POST['username']); $password = $_POST['password']; if (captchaEnabled()) { require_once 'recaptchalib.php'; $privatekey = YOURLS_MULTIUSER_CAPTCHA_PRIVATE_KEY;
function authmgr_require_capability($capability) { if (!authmgr_have_capability($capability)) { // TODO: display a much nicer error page //die('Sorry, you are not authorized for the action: '.$capability); yourls_redirect(yourls_admin_url('?access=denied'), 302); die; } }
yourls_verify_nonce('manage_plugins', $_REQUEST['nonce']); // Check plugin file is valid if (isset($_GET['plugin']) && yourls_validate_plugin_file(YOURLS_PLUGINDIR . '/' . $_GET['plugin'] . '/plugin.php')) { global $ydb; // Activate / Deactive switch ($_GET['action']) { case 'activate': $result = yourls_activate_plugin($_GET['plugin'] . '/plugin.php'); if ($result === true) { yourls_redirect(yourls_admin_url('plugins.php?success=activated'), 302); } break; case 'deactivate': $result = yourls_deactivate_plugin($_GET['plugin'] . '/plugin.php'); if ($result === true) { yourls_redirect(yourls_admin_url('plugins.php?success=deactivated'), 302); } break; default: $result = 'Unsupported action'; break; } } else { $result = 'No plugin specified, or not a valid plugin'; } yourls_add_notice($result); } // Handle message upon succesfull (de)activation if (isset($_GET['success'])) { if ($_GET['success'] == 'activated' or $_GET['success'] == 'deactivated') { yourls_add_notice('Plugin ' . $_GET['success']);
} else { echo "<p>No referrer data.</p>"; } ?> </div> <?php } // endif do log redirect ?> <div id="stat_tab_share" class="tab"> <h2>Share</h2> <?php yourls_share_box($longurl, yourls_link($keyword), '', '', '<h3>Short link</h3>', '<h3>Quick Share</h3>'); ?> </div> </div> <?php yourls_html_footer(); die; } else { yourls_redirect(YOURLS_SITE, 401); }