// This one will be used in case output mode is 'simple' unset($return['html']); // in API mode, no need for our internal HTML output break; // Global stats // Global stats case 'stats': $filter = isset($_REQUEST['filter']) ? $_REQUEST['filter'] : ''; $limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : ''; $return = yourls_api_stats($filter, $limit); break; // Stats for a shorturl // Stats for a shorturl case 'url-stats': $shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : ''; $return = yourls_api_url_stats($shorturl); break; // Expand a short link // Expand a short link case 'expand': $shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : ''; $return = yourls_api_expand($shorturl); break; // Missing or incorrect action parameter // Missing or incorrect action parameter default: $return = array('errorCode' => 400, 'message' => 'Unknown or missing "action" parameter', 'simple' => 'Unknown or missing "action" parameter'); } $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml'; yourls_api_output($format, $return); die;
<?php $auth = yourls_is_valid_user(); if ($auth !== true) { // API mode, if (yourls_is_API()) { $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml'; yourls_api_output($format, array('simple' => $auth, 'message' => $auth, 'errorCode' => 403)); // Regular mode } else { yourls_login_screen($auth); } die; }
<?php // No direct call if (!defined('YOURLS_ABSPATH')) { die; } $auth = yourls_is_valid_user(); if ($auth !== true) { // API mode, if (yourls_is_API()) { $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml'; $callback = isset($_REQUEST['callback']) ? $_REQUEST['callback'] : ''; yourls_api_output($format, array('simple' => $auth, 'message' => $auth, 'errorCode' => 403, 'callback' => $callback)); // Regular mode } else { yourls_login_screen($auth); } die; } yourls_do_action('auth_successful');
function trapApi($args) { $action = $args[0]; $admin = yourls_is_valid_user(); // Uses this name but REFERS to ADMIN! if ($admin === true || $action == "expand") { return; } if (YOURLS_MULTUSER_PROTECTED === false && ($action == "stats" || $action == "db-stats" || $action == 'url-stats')) { return; } switch ($action) { case "shorturl": if (YOURLS_MULTIUSER_ANONYMOUS === true) { return; } else { $token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : ''; $user = getUserIdByToken($token); if ($user == false) { $u = $_SESSION["user"]; $user = getUserIdByToken($u["token"]); } if ($user == false) { $return = array('simple' => 'You can\'t be anonymous', 'message' => 'You can\'t be anonymous', 'errorCode' => 403); } else { return; } } break; // Stats for a shorturl // Stats for a shorturl case 'url-stats': $token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : ''; $user = getUserIdByToken($token); if ($user == false) { $u = $_SESSION["user"]; $user = getUserIdByToken($u["token"]); } if ($user == false) { $return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403); } else { if (verifyUrlOwner($keyword, $user)) { $shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : ''; $return = yourls_api_url_stats($shorturl); } else { $return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403); } } break; default: $return = array('errorCode' => 400, 'message' => 'Unknown or missing or forbidden "action" parameter', 'simple' => 'Unknown or missing or forbidden "action" parameter'); } $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml'; yourls_api_output($format, $return); die; }