// This one will be used in case output mode is 'simple'
unset($return['html']);
// in API mode, no need for our internal HTML output
break;
// Global stats
// Global stats
case 'stats':
$filter = isset($_REQUEST['filter']) ? $_REQUEST['filter'] : '';
$limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : '';
$return = yourls_api_stats($filter, $limit);
break;
// Stats for a shorturl
// Stats for a shorturl
case 'url-stats':
$shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : '';
$return = yourls_api_url_stats($shorturl);
break;
// Expand a short link
// Expand a short link
case 'expand':
$shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : '';
$return = yourls_api_expand($shorturl);
break;
// Missing or incorrect action parameter
// Missing or incorrect action parameter
default:
$return = array('errorCode' => 400, 'message' => 'Unknown or missing "action" parameter', 'simple' => 'Unknown or missing "action" parameter');
}
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
yourls_api_output($format, $return);
die;
<?php
$auth = yourls_is_valid_user();
if ($auth !== true) {
// API mode,
if (yourls_is_API()) {
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
yourls_api_output($format, array('simple' => $auth, 'message' => $auth, 'errorCode' => 403));
// Regular mode
} else {
yourls_login_screen($auth);
}
die;
}
<?php
// No direct call
if (!defined('YOURLS_ABSPATH')) {
die;
}
$auth = yourls_is_valid_user();
if ($auth !== true) {
// API mode,
if (yourls_is_API()) {
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
$callback = isset($_REQUEST['callback']) ? $_REQUEST['callback'] : '';
yourls_api_output($format, array('simple' => $auth, 'message' => $auth, 'errorCode' => 403, 'callback' => $callback));
// Regular mode
} else {
yourls_login_screen($auth);
}
die;
}
yourls_do_action('auth_successful');
function trapApi($args)
{
$action = $args[0];
$admin = yourls_is_valid_user();
// Uses this name but REFERS to ADMIN!
if ($admin === true || $action == "expand") {
return;
}
if (YOURLS_MULTUSER_PROTECTED === false && ($action == "stats" || $action == "db-stats" || $action == 'url-stats')) {
return;
}
switch ($action) {
case "shorturl":
if (YOURLS_MULTIUSER_ANONYMOUS === true) {
return;
} else {
$token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : '';
$user = getUserIdByToken($token);
if ($user == false) {
$u = $_SESSION["user"];
$user = getUserIdByToken($u["token"]);
}
if ($user == false) {
$return = array('simple' => 'You can\'t be anonymous', 'message' => 'You can\'t be anonymous', 'errorCode' => 403);
} else {
return;
}
}
break;
// Stats for a shorturl
// Stats for a shorturl
case 'url-stats':
$token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : '';
$user = getUserIdByToken($token);
if ($user == false) {
$u = $_SESSION["user"];
$user = getUserIdByToken($u["token"]);
}
if ($user == false) {
$return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403);
} else {
if (verifyUrlOwner($keyword, $user)) {
$shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : '';
$return = yourls_api_url_stats($shorturl);
} else {
$return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403);
}
}
break;
default:
$return = array('errorCode' => 400, 'message' => 'Unknown or missing or forbidden "action" parameter', 'simple' => 'Unknown or missing or forbidden "action" parameter');
}
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
yourls_api_output($format, $return);
die;
}
