From 25b7d2aab61ae6421398d3abae5da6ffe590333d Mon Sep 17 00:00:00 2001 From: s1n Date: Sat, 28 Mar 2020 10:36:41 -0700 Subject: 3/28/2020, 10:36 --- admin/admin-ajax.php | 51 +++++++ admin/index.php | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++ admin/install.php | 84 ++++++++++++ admin/plugins.php | 166 ++++++++++++++++++++++ admin/tools.php | 337 +++++++++++++++++++++++++++++++++++++++++++++ admin/upgrade.php | 86 ++++++++++++ 6 files changed, 1102 insertions(+) create mode 100644 admin/admin-ajax.php create mode 100644 admin/index.php create mode 100644 admin/install.php create mode 100644 admin/plugins.php create mode 100644 admin/tools.php create mode 100644 admin/upgrade.php (limited to 'admin') diff --git a/admin/admin-ajax.php b/admin/admin-ajax.php new file mode 100644 index 0000000..a89912e --- /dev/null +++ b/admin/admin-ajax.php @@ -0,0 +1,51 @@ + $row) ); + break; + + case 'edit_save': + yourls_verify_nonce( 'edit-save_'.$_REQUEST['id'], $_REQUEST['nonce'], false, 'omg error' ); + $return = yourls_edit_link( $_REQUEST['url'], $_REQUEST['keyword'], $_REQUEST['newkeyword'], $_REQUEST['title'] ); + echo json_encode($return); + break; + + case 'delete': + yourls_verify_nonce( 'delete-link_'.$_REQUEST['id'], $_REQUEST['nonce'], false, 'omg error' ); + $query = yourls_delete_link_by_keyword( $_REQUEST['keyword'] ); + echo json_encode(array('success'=>$query)); + break; + + case 'logout': + // unused for the moment + yourls_logout(); + break; + + default: + yourls_do_action( 'yourls_ajax_'.$action ); + +} + +die(); diff --git a/admin/index.php b/admin/index.php new file mode 100644 index 0000000..c00ee9a --- /dev/null +++ b/admin/index.php @@ -0,0 +1,378 @@ + value) placeholder pairs: $where['binds']['value'] = $value; + */ +$where = array('sql' => '', 'binds' => array()); +$date_filter = $date_first = $date_second = ''; +$base_page = yourls_admin_url( 'index.php' ); + +// Default SQL behavior +$search_in_text = yourls__( 'URL' ); +$search_in = 'all'; +$sort_by_text = yourls__( 'Short URL' ); +$sort_by = 'timestamp'; +$sort_order = 'desc'; +$page = ( isset( $_GET['page'] ) ? intval($_GET['page']) : 1 ); +$search = yourls_get_search_text(); +$perpage = ( isset( $_GET['perpage'] ) && intval( $_GET['perpage'] ) ? intval($_GET['perpage']) : yourls_apply_filter( 'admin_view_per_page', 15 ) ); +$click_limit = ( isset( $_GET['click_limit'] ) && $_GET['click_limit'] !== '' ) ? intval( $_GET['click_limit'] ) : '' ; +if ( $click_limit !== '' ) { + $click_filter = ( isset( $_GET['click_filter'] ) && $_GET['click_filter'] == 'more' ? 'more' : 'less' ) ; + $click_moreless = ( $click_filter == 'more' ? '>' : '<' ); + $where['sql'] = " AND clicks $click_moreless :click_limit"; + $where['binds']['click_limit'] = $click_limit; +} else { + $click_filter = ''; +} + +// Searching +if( !empty( $search ) && !empty( $_GET['search_in'] ) ) { + switch( $_GET['search_in'] ) { + case 'all': + $search_in_text = yourls__( 'All fields' ); + $search_in = 'all'; + break; + case 'keyword': + $search_in_text = yourls__( 'Short URL' ); + $search_in = 'keyword'; + break; + case 'url': + $search_in_text = yourls__( 'URL' ); + $search_in = 'url'; + break; + case 'title': + $search_in_text = yourls__( 'Title' ); + $search_in = 'title'; + break; + case 'ip': + $search_in_text = yourls__( 'IP Address' ); + $search_in = 'ip'; + break; + } + $search_sentence = yourls_s( 'Searching for %1$s in %2$s.', yourls_esc_html( $search ), yourls_esc_html( $search_in_text ) ); + $search_text = $search; + $search = str_replace( '*', '%', '*' . $search . '*' ); + if( $search_in == 'all' ) { + $where['sql'] .= ' AND CONCAT_WS("",`keyword`,`url`,`title`,`ip`) LIKE (:search)'; + $where['binds']['search'] = $search; + // Search across all fields. The resulting SQL will be something like: + // SELECT * FROM `yourls_url` WHERE CONCAT_WS('',`keyword`,`url`,`title`,`ip`) LIKE ("%ozh%") + // CONCAT_WS because CONCAT('foo', 'bar', NULL) = NULL. NULL wins. Not sure if values can be NULL now or in the future, so better safe. + // TODO: pay attention to this bit when the DB schema changes + } else { + $where['sql'] .= " AND `$search_in` LIKE (:search)"; + $where['binds']['search'] = $search; + } +} + +// Time span +if( !empty( $_GET['date_filter'] ) ) { + switch( $_GET['date_filter'] ) { + case 'before': + $date_filter = 'before'; + if( isset( $_GET['date_first'] ) && yourls_sanitize_date( $_GET['date_first'] ) ) { + $date_first = yourls_sanitize_date( $_GET['date_first'] ); + $date_first_sql = yourls_sanitize_date_for_sql( $_GET['date_first'] ); + $where['sql'] .= ' AND `timestamp` < :date_first_sql'; + $where['binds']['date_first_sql'] = $date_first_sql; + } + break; + case 'after': + $date_filter = 'after'; + if( isset( $_GET['date_first'] ) && yourls_sanitize_date( $_GET['date_first'] ) ) { + $date_first_sql = yourls_sanitize_date_for_sql( $_GET['date_first'] ); + $date_first = yourls_sanitize_date( $_GET['date_first'] ); + $where['sql'] .= ' AND `timestamp` > :date_first_sql'; + $where['binds']['date_first_sql'] = $date_first_sql; + } + break; + case 'between': + $date_filter = 'between'; + if( isset( $_GET['date_first'] ) && isset( $_GET['date_second'] ) && yourls_sanitize_date( $_GET['date_first'] ) && yourls_sanitize_date( $_GET['date_second'] ) ) { + $date_first_sql = yourls_sanitize_date_for_sql( $_GET['date_first'] ); + $date_second_sql = yourls_sanitize_date_for_sql( $_GET['date_second'] ); + $date_first = yourls_sanitize_date( $_GET['date_first'] ); + $date_second = yourls_sanitize_date( $_GET['date_second'] ); + $where['sql'] .= ' AND `timestamp` BETWEEN :date_first_sql AND :date_second_sql'; + $where['binds']['date_first_sql'] = $date_first_sql; + $where['binds']['date_second_sql'] = $date_second_sql; + } + break; + } +} + +// Sorting +if( !empty( $_GET['sort_by'] ) || !empty( $_GET['sort_order'] ) ) { + switch( $_GET['sort_by'] ) { + case 'keyword': + $sort_by_text = yourls__( 'Short URL' ); + $sort_by = 'keyword'; + break; + case 'url': + $sort_by_text = yourls__( 'URL' ); + $sort_by = 'url'; + break; + case 'title': + $sort_by_text = yourls__( 'Title' ); + $sort_by = 'title'; + break; + case 'timestamp': + $sort_by_text = yourls__( 'Date' ); + $sort_by = 'timestamp'; + break; + case 'ip': + $sort_by_text = yourls__( 'IP Address' ); + $sort_by = 'ip'; + break; + case 'clicks': + $sort_by_text = yourls__( 'Clicks' ); + $sort_by = 'clicks'; + break; + } + switch( $_GET['sort_order'] ) { + case 'asc': + $sort_order = 'asc'; + break; + case 'desc': + $sort_order = 'desc'; + break; + } +} + +// Get URLs Count for current filter, total links in DB & total clicks +list( $total_urls, $total_clicks ) = array_values( yourls_get_db_stats() ); +if ( !empty($where['sql']) ) { + list( $total_items, $total_items_clicks ) = array_values( yourls_get_db_stats( $where ) ); +} else { + $total_items = $total_urls; + $total_items_clicks = false; +} + +// This is a bookmarklet +if ( isset( $_GET['u'] ) or isset( $_GET['up'] ) ) { + $is_bookmark = true; + yourls_do_action( 'bookmarklet' ); + + // No sanitization needed here: everything happens in yourls_add_new_link() + if( isset( $_GET['u'] ) ) { + // Old school bookmarklet: ?u= + $url = rawurldecode( $_GET['u'] ); + } else { + // New style bookmarklet: ?up=&us=&ur= + $url = rawurldecode( $_GET['up'] . $_GET['us'] . $_GET['ur'] ); + } + $keyword = ( isset( $_GET['k'] ) ? ( $_GET['k'] ) : '' ); + $title = ( isset( $_GET['t'] ) ? ( $_GET['t'] ) : '' ); + $return = yourls_add_new_link( $url, $keyword, $title ); + + // If fails because keyword already exist, retry with no keyword + if ( isset( $return['status'] ) && $return['status'] == 'fail' && isset( $return['code'] ) && $return['code'] == 'error:keyword' ) { + $msg = $return['message']; + $return = yourls_add_new_link( $url, '', $ydb ); + $return['message'] .= ' ('.$msg.')'; + } + + // Stop here if bookmarklet with a JSON callback function + if( isset( $_GET['jsonp'] ) && $_GET['jsonp'] == 'yourls' ) { + $short = $return['shorturl'] ? $return['shorturl'] : ''; + $message = $return['message']; + yourls_content_type_header( 'application/javascript' ); + echo yourls_apply_filter( 'bookmarklet_jsonp', "yourls_callback({'short_url':'$short','message':'$message'});" ); + + die(); + } + + // Now use the URL that has been sanitized and returned by yourls_add_new_link() + $url = $return['url']['url']; + $where['sql'] .= ' AND `url` LIKE :url '; + $where['binds']['url'] = $url; + + $page = $total_pages = $perpage = 1; + $offset = 0; + + $text = ( isset( $_GET['s'] ) ? stripslashes( $_GET['s'] ) : '' ); + + // Sharing with social bookmarklets + if( !empty($_GET['share']) ) { + yourls_do_action( 'pre_share_redirect' ); + switch ( $_GET['share'] ) { + case 'twitter': + // share with Twitter + $destination = sprintf( "https://twitter.com/intent/tweet?url=%s&text=%s", urlencode( $return['shorturl'] ), urlencode( $title ) ); + yourls_redirect( $destination, 303 ); + + // Deal with the case when redirection failed: + $return['status'] = 'error'; + $return['errorCode'] = 400; + $return['message'] = yourls_s( 'Short URL created, but could not redirect to %s !', 'Twitter' ); + break; + + case 'facebook': + // share with Facebook + $destination = sprintf( "https://www.facebook.com/sharer/sharer.php?u=%s&t=%s", urlencode( $return['shorturl'] ), urlencode( $title ) ); + yourls_redirect( $destination, 303 ); + + // Deal with the case when redirection failed: + $return['status'] = 'error'; + $return['errorCode'] = 400; + $return['message'] = yourls_s( 'Short URL created, but could not redirect to %s !', 'Facebook' ); + break; + + case 'tumblr': + // share with Tumblr + $destination = sprintf( "https://www.tumblr.com/share?v=3&u=%s&t=%s&s=%s", urlencode( $return['shorturl'] ), urlencode( $title ), urlencode( $text ) ); + yourls_redirect( $destination, 303 ); + + // Deal with the case when redirection failed: + $return['status'] = 'error'; + $return['errorCode'] = 400; + $return['message'] = yourls_s( 'Short URL created, but could not redirect to %s !', 'Tumblr' ); + break; + + default: + // Is there a custom registered social bookmark? + yourls_do_action( 'share_redirect_' . $_GET['share'], $return ); + + // Still here? That was an unknown 'share' method, then. + $return['status'] = 'error'; + $return['errorCode'] = 400; + $return['message'] = yourls__( 'Unknown "Share" bookmarklet' ); + break; + } + } + +// This is not a bookmarklet +} else { + $is_bookmark = false; + + // Checking $page, $offset, $perpage + if( empty($page) || $page == 0 ) { + $page = 1; + } + if( empty($offset) ) { + $offset = 0; + } + if( empty($perpage) || $perpage == 0) { + $perpage = 50; + } + + // Determine $offset + $offset = ( $page-1 ) * $perpage; + + // Determine Max Number Of Items To Display On Page + if( ( $offset + $perpage ) > $total_items ) { + $max_on_page = $total_items; + } else { + $max_on_page = ( $offset + $perpage ); + } + + // Determine Number Of Items To Display On Page + if ( ( $offset + 1 ) > $total_items ) { + $display_on_page = $total_items; + } else { + $display_on_page = ( $offset + 1 ); + } + + // Determing Total Amount Of Pages + $total_pages = ceil( $total_items / $perpage ); +} + + +// Begin output of the page +$context = ( $is_bookmark ? 'bookmark' : 'index' ); +yourls_html_head( $context ); +yourls_html_logo(); +yourls_html_menu() ; + +yourls_do_action( 'admin_page_before_content' ); + +if ( !$is_bookmark ) { ?> +

+

%1$s to %2$s of %3$s URLs' ), $display_on_page, $max_on_page, $total_items ); + if( $total_items_clicks !== false ) + echo ", " . sprintf( yourls_n( 'counting 1 click', 'counting %s clicks', $total_items_clicks ), yourls_number_format_i18n( $total_items_clicks ) ); + ?>.

+ +

%1$s links, %2$s clicks, and counting!' ), yourls_number_format_i18n( $total_urls ), yourls_number_format_i18n( $total_clicks ) ); ?>

+$(document).ready(function(){ + feedback( "' . $return['message'] . '", "'. $return['status'] .'"); + init_clipboard(); + });'; +} + +yourls_do_action( 'admin_page_before_table' ); + +yourls_table_head(); + +if ( !$is_bookmark ) { + $params = array( + 'search' => $search, + 'search_text' => $search_text, + 'search_in' => $search_in, + 'sort_by' => $sort_by, + 'sort_order' => $sort_order, + 'page' => $page, + 'perpage' => $perpage, + 'click_filter' => $click_filter, + 'click_limit' => $click_limit, + 'total_pages' => $total_pages, + 'date_filter' => $date_filter, + 'date_first' => $date_first, + 'date_second' => $date_second, + ); + yourls_html_tfooter( $params ); +} + +yourls_table_tbody_start(); + +// Main Query +$where = yourls_apply_filter( 'admin_list_where', $where ); +$url_results = $ydb->fetchObjects( "SELECT * FROM `$table_url` WHERE 1=1 ${where['sql']} ORDER BY `$sort_by` $sort_order LIMIT $offset, $perpage;", $where['binds'] ); +$found_rows = false; +if( $url_results ) { + $found_rows = true; + foreach( $url_results as $url_result ) { + $keyword = yourls_sanitize_string( $url_result->keyword ); + $timestamp = strtotime( $url_result->timestamp ); + $url = stripslashes( $url_result->url ); + $ip = $url_result->ip; + $title = $url_result->title ? $url_result->title : ''; + $clicks = $url_result->clicks; + + echo yourls_table_add_row( $keyword, $url, $title, $ip, $clicks, $timestamp ); + } +} + +$display = $found_rows ? 'display:none' : ''; +echo '' . yourls__('No URL') . ''; + +yourls_table_tbody_end(); + +yourls_table_end(); + +yourls_do_action( 'admin_page_after_table' ); + +if ( $is_bookmark ) + yourls_share_box( $url, $return['shorturl'], $title, $text ); +?> + + diff --git a/admin/install.php b/admin/install.php new file mode 100644 index 0000000..02a1485 --- /dev/null +++ b/admin/install.php @@ -0,0 +1,84 @@ +.htaccess successfully created/updated.' ); + } else { + $warning[] = yourls__( 'Could not write file .htaccess in YOURLS root directory. You will have to do it manually. See how.' ); + } + + // Create SQL tables + $install = yourls_create_sql_tables(); + if ( isset( $install['error'] ) ) + $error = array_merge( $error, $install['error'] ); + if ( isset( $install['success'] ) ) + $success = array_merge( $success, $install['success'] ); +} + + +// Start output +yourls_html_head( 'install', yourls__( 'Install YOURLS' ) ); +?> +
+
+

+ YOURLS +

+ 0 ) { + echo "
    "; + foreach( $$info as $msg ) { + echo '
  • '.$msg."
    • \n"; + } + echo '
'; + } + } + + // Display install button or link to admin area if applicable + if( !yourls_is_installed() && !isset($_REQUEST['install']) ) { + echo '

'; + } else { + if( count($error) == 0 ) + echo '

» ' . yourls__( 'YOURLS Administration Page') . '

'; + } + ?> +
+
+ diff --git a/admin/plugins.php b/admin/plugins.php new file mode 100644 index 0000000..57b6616 --- /dev/null +++ b/admin/plugins.php @@ -0,0 +1,166 @@ + + +
+

+ + + +

%1$s installed, and %2$s activated', $plugins_count, $count_active ); ?>

+ + + + + + + + + + + + + $plugin ) { + + // default fields to read from the plugin header + $fields = array( + 'name' => 'Plugin Name', + 'uri' => 'Plugin URI', + 'desc' => 'Description', + 'version' => 'Version', + 'author' => 'Author', + 'author_uri' => 'Author URI' + ); + + // Loop through all default fields, get value if any and reset it + foreach( $fields as $field=>$value ) { + if( isset( $plugin[ $value ] ) ) { + $data[ $field ] = $plugin[ $value ]; + } else { + $data[ $field ] = '(no info)'; + } + unset( $plugin[$value] ); + } + + $plugindir = trim( dirname( $file ), '/' ); + + if( yourls_is_active_plugin( $file ) ) { + $class = 'active'; + $action_url = yourls_nonce_url( 'manage_plugins', yourls_add_query_arg( array('action' => 'deactivate', 'plugin' => $plugindir ) ) ); + $action_anchor = yourls__( 'Deactivate' ); + } else { + $class = 'inactive'; + $action_url = yourls_nonce_url( 'manage_plugins', yourls_add_query_arg( array('action' => 'activate', 'plugin' => $plugindir ) ) ); + $action_anchor = yourls__( 'Activate' ); + } + + // Other "Fields: Value" in the header? Get them too + if( $plugin ) { + foreach( $plugin as $extra_field=>$extra_value ) { + $data['desc'] .= "
\n$extra_field: $extra_value"; + unset( $plugin[$extra_value] ); + } + } + + $data['desc'] .= '
' . yourls_s( 'plugin file location: %s', $file) . ''; + + printf( "", + $class, $data['uri'], $data['name'], $data['version'], $data['desc'], $data['author_uri'], $data['author'], $action_url, $action_anchor + ); + + } + ?> + +
%s%s%s%s%s
+ + + +

plugin.php.' ); ?>

+ +

+ +

Plugin list.' ); ?>

+
+ + diff --git a/admin/tools.php b/admin/tools.php new file mode 100644 index 0000000..f5f5043 --- /dev/null +++ b/admin/tools.php @@ -0,0 +1,337 @@ + + +
+ +

+ +

bookmarklets for easier link shortening and sharing.' ); ?>

+ +

+ +
    +
  • Standard Bookmarklets will take you to a page where you can easily edit or delete your brand new short URL.' ); ?>
    • + +
  • Instant Bookmarklets will pop the short URL without leaving the page you are viewing.' ); ?>
    • + +
  • Simple Bookmarklets will generate a short URL with a random or sequential keyword.' ); ?>
    • + +
  • Custom Keyword Bookmarklets will prompt you for a custom keyword first.' ); ?>
    • +
+ +

select text on the page you're viewing before clicking on your bookmarklet link" ); + ?>

+ +

+ + + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
 
+ + + +
+ + + +
+ + +

+ +

+

+ +

+ +

+ + + + + + + + +

+ +

+ +

%s\" to the beginning of the current URL (right before its 'http://' part) and hit enter.", preg_replace('@https?://@', '', YOURLS_SITE) . '/' ); ?>

+ +

.

+ + + + +

+ +

username and password parameters.' ); + echo "\n"; + yourls_e( "If you're worried about sending your credentials into the wild, you can also make API calls without using your login or your password, using a secret signature token." ); + ?>

+ +

%s', yourls_auth_signature() ); ?> +

+ +

+ +
    +

  • +

    signature in your API requests. Example:' ); ?>

    +

    /yourls-api.php?signature=&action=...

    +
    • + +

  • +
    <?php
+$timestamp = time();
+//  $time = 
+$signature = md5( $timestamp . '' ); 
+//  $signature = ""
+?> 
+
    +

    signature and timestamp in your API requests. Example:' ); ?>

    +

    /yourls-api.php?timestamp=$timestamp&signature=$signature&action=...

    +


    + /yourls-api.php?timestamp=&signature=&action=...

    +

    +
    • +
+ +

API documentation for more', YOURLS_SITE . '/readme.html#API' ); ?>

+ +
+ + + + diff --git a/admin/upgrade.php b/admin/upgrade.php new file mode 100644 index 0000000..de46369 --- /dev/null +++ b/admin/upgrade.php @@ -0,0 +1,86 @@ + +

+' . yourls_s( 'Upgrade not required. Go back to play!', yourls_admin_url('index.php') ) . '

'; + + +} else { + /* + step 1: create new tables and populate them, update old tables structure, + step 2: convert each row of outdated tables if needed + step 3: - if applicable finish updating outdated tables (indexes etc) + - update version & db_version in options, this is all done! + */ + + // From what are we upgrading? + if ( isset( $_GET['oldver'] ) && isset( $_GET['oldsql'] ) ) { + $oldver = yourls_sanitize_version( $_GET['oldver'] ); + $oldsql = yourls_sanitize_version( $_GET['oldsql'] ); + } else { + list( $oldver, $oldsql ) = yourls_get_current_version_from_sql(); + } + + // To what are we upgrading ? + $newver = YOURLS_VERSION; + $newsql = YOURLS_DB_VERSION; + + // Verbose & ugly details + yourls_debug_mode(true); + + // Let's go + $step = ( isset( $_GET['step'] ) ? intval( $_GET['step'] ) : 0 ); + switch( $step ) { + + default: + case 0: + ?> +

+

backup your database
(you should do this regularly anyway)' ); ?>

+

should happen, but this doesn't mean it won't happen, right? ;)" ); ?>

+

something goes wrong, you'll see a message and hopefully a way to fix." ); ?>

+

good for you, let it go :)' ); ?>

+

+ + + + + + + + "; + + break; + + case 1: + case 2: + $upgrade = yourls_upgrade( $step, $oldver, $newver, $oldsql, $newsql ); + break; + + case 3: + $upgrade = yourls_upgrade( 3, $oldver, $newver, $oldsql, $newsql ); + echo '

' . yourls__( 'Your installation is now up to date ! ' ) . '

'; + echo '

' . yourls_s( 'Go back to the admin interface', yourls_admin_url('index.php') ) . '

'; + } + +} + + +?> + + -- cgit v1.2.3