admin/index.php

   1 <?php
   2 define( 'YOURLS_ADMIN', true );
   3 require_once( dirname( dirname( __FILE__ ) ).'/includes/load-yourls.php' );
   4 yourls_maybe_require_auth();
   5
   6 // Variables
   7 $table_url = YOURLS_DB_TABLE_URL;
   8 $where = $search_sentence = $search_text = $url = $keyword = '';
   9 $date_filter = $date_first  = $date_second = '';
  10 $base_page   = yourls_admin_url( 'index.php' );
  11
  12 // Default SQL behavior
  13 $search_in_text  = yourls__( 'URL' );
  14 $search_in       = 'all';
  15 $sort_by_text    = yourls__( 'Short URL' );
  16 $sort_by         = 'timestamp';
  17 $sort_order      = 'desc';
  18 $page            = ( isset( $_GET['page'] ) ? intval($_GET['page']) : 1 );
  19 $search          = yourls_get_search_text();
  20 $perpage         = ( isset( $_GET['perpage'] ) && intval( $_GET['perpage'] ) ? intval($_GET['perpage']) : yourls_apply_filter( 'admin_view_per_page', 15 ) );
  21 $click_limit     = ( isset( $_GET['click_limit'] ) && $_GET['click_limit'] !== '' ) ? intval( $_GET['click_limit'] ) : '' ;
  22 if ( $click_limit !== '' ) {
  23         $click_filter   = ( isset( $_GET['click_filter'] ) && $_GET['click_filter'] == 'more' ? 'more' : 'less' ) ;
  24         $click_moreless = ( $click_filter == 'more' ? '>' : '<' );
  25         $where          = " AND clicks $click_moreless $click_limit";
  26 } else {
  27         $click_filter   = '';
  28 }
  29
  30 // Searching
  31 if( !empty( $search ) && !empty( $_GET['search_in'] ) ) {
  32         switch( $_GET['search_in'] ) {
  33                 case 'all':
  34                         $search_in_text = yourls__( 'All fields' );
  35                         $search_in      = 'all';
  36                         break;
  37                 case 'keyword':
  38                         $search_in_text = yourls__( 'Short URL' );
  39                         $search_in      = 'keyword';
  40                         break;
  41                 case 'url':
  42                         $search_in_text = yourls__( 'URL' );
  43                         $search_in      = 'url';
  44                         break;
  45                 case 'title':
  46                         $search_in_text = yourls__( 'Title' );
  47                         $search_in      = 'title';
  48                         break;
  49                 case 'ip':
  50                         $search_in_text = yourls__( 'IP Address' );
  51                         $search_in      = 'ip';
  52                         break;
  53         }
  54         $search_sentence = yourls_s( 'Searching for <strong>%1$s</strong> in <strong>%2$s</strong>.', yourls_esc_html( $search ), yourls_esc_html( $search_in_text ) );
  55         $search_url      = yourls_sanitize_url_safe( "&amp;search=$search&amp;search_in=$search_in" );
  56         $search_text     = $search;
  57         $search          = str_replace( '*', '%', '*' . yourls_escape( $search ) . '*' );
  58     if( $search_in == 'all' ) {
  59         $where .= " AND CONCAT_WS('',`keyword`,`url`,`title`,`ip`) LIKE ('$search')";
  60         // Search across all fields. The resulting SQL will be something like:
  61         // SELECT * FROM `yourls_url` WHERE CONCAT_WS('',`keyword`,`url`,`title`,`ip`) LIKE ("%ozh%")
  62         // CONCAT_WS because CONCAT('foo', 'bar', NULL) = NULL. NULL wins. Not sure if values can be NULL now or in the future, so better safe.
  63         // TODO: pay attention to this bit when the DB schema changes
  64     } else {
  65         $where .= " AND `$search_in` LIKE ('$search')";
  66     }
  67 }
  68
  69 // Time span
  70 if( !empty( $_GET['date_filter'] ) ) {
  71         switch( $_GET['date_filter'] ) {
  72                 case 'before':
  73                         $date_filter = 'before';
  74                         if( isset( $_GET['date_first'] ) && yourls_sanitize_date( $_GET['date_first'] ) ) {
  75                                 $date_first     = yourls_sanitize_date( $_GET['date_first'] );
  76                                 $date_first_sql = yourls_sanitize_date_for_sql( $_GET['date_first'] );
  77                                 $where .= " AND `timestamp` < '$date_first_sql'";
  78                         }
  79                         break;
  80                 case 'after':
  81                         $date_filter = 'after';
  82                         if( isset( $_GET['date_first'] ) && yourls_sanitize_date( $_GET['date_first'] ) ) {
  83                                 $date_first_sql = yourls_sanitize_date_for_sql( $_GET['date_first'] );
  84                                 $date_first     = yourls_sanitize_date( $_GET['date_first'] );
  85                                 $where .= " AND `timestamp` > '$date_first_sql'";
  86                         }
  87                         break;
  88                 case 'between':
  89                         $date_filter = 'between';
  90                         if( isset( $_GET['date_first'] ) && isset( $_GET['date_second'] ) && yourls_sanitize_date( $_GET['date_first'] ) && yourls_sanitize_date( $_GET['date_second'] ) ) {
  91                                 $date_first_sql  = yourls_sanitize_date_for_sql( $_GET['date_first'] );
  92                                 $date_second_sql = yourls_sanitize_date_for_sql( $_GET['date_second'] );
  93                                 $date_first      = yourls_sanitize_date( $_GET['date_first'] );
  94                                 $date_second     = yourls_sanitize_date( $_GET['date_second'] );
  95                                 $where .= " AND `timestamp` BETWEEN '$date_first_sql' AND '$date_second_sql'";
  96                         }
  97                         break;
  98         }
  99 }
 100
 101 // Sorting
 102 if( !empty( $_GET['sort_by'] ) || !empty( $_GET['sort_order'] ) ) {
 103         switch( $_GET['sort_by'] ) {
 104                 case 'keyword':
 105                         $sort_by_text = yourls__( 'Short URL' );
 106                         $sort_by      = 'keyword';
 107                         break;
 108                 case 'url':
 109                         $sort_by_text = yourls__( 'URL' );
 110                         $sort_by      = 'url';
 111                         break;
 112                 case 'timestamp':
 113                         $sort_by_text = yourls__( 'Date' );
 114                         $sort_by      = 'timestamp';
 115                         break;
 116                 case 'ip':
 117                         $sort_by_text = yourls__( 'IP Address' );
 118                         $sort_by      = 'ip';
 119                         break;
 120                 case 'clicks':
 121                         $sort_by_text = yourls__( 'Clicks' );
 122                         $sort_by      = 'clicks';
 123                         break;
 124         }
 125         switch( $_GET['sort_order'] ) {
 126                 case 'asc':
 127                         $sort_order      = 'asc';
 128                         break;
 129                 case 'desc':
 130                         $sort_order      = 'desc';
 131                         break;
 132         }
 133 }
 134
 135 // Get URLs Count for current filter, total links in DB & total clicks
 136 list( $total_urls, $total_clicks ) = array_values( yourls_get_db_stats() );
 137 if ( $where ) {
 138         list( $total_items, $total_items_clicks ) = array_values( yourls_get_db_stats( $where ) );
 139 } else {
 140         $total_items        = $total_urls;
 141         $total_items_clicks = false;
 142 }
 143
 144 // This is a bookmarklet
 145 if ( isset( $_GET['u'] ) or isset( $_GET['up'] ) ) {
 146         $is_bookmark = true;
 147         yourls_do_action( 'bookmarklet' );
 148
 149         // No sanitization needed here: everything happens in yourls_add_new_link()
 150         if( isset( $_GET['u'] ) ) {
 151                 // Old school bookmarklet: ?u=<url>
 152                 $url = rawurldecode( $_GET['u'] );
 153         } else {
 154                 // New style bookmarklet: ?up=<url protocol>&us=<url slashes>&ur=<url rest>
 155                 $url = rawurldecode( $_GET['up'] . $_GET['us'] . $_GET['ur'] );
 156         }
 157         $keyword = ( isset( $_GET['k'] ) ? ( $_GET['k'] ) : '' );
 158         $title   = ( isset( $_GET['t'] ) ? ( $_GET['t'] ) : '' );
 159         $return  = yourls_add_new_link( $url, $keyword, $title );
 160
 161         // If fails because keyword already exist, retry with no keyword
 162         if ( isset( $return['status'] ) && $return['status'] == 'fail' && isset( $return['code'] ) && $return['code'] == 'error:keyword' ) {
 163                 $msg = $return['message'];
 164                 $return = yourls_add_new_link( $url, '', $ydb );
 165                 $return['message'] .= ' ('.$msg.')';
 166         }
 167
 168         // Stop here if bookmarklet with a JSON callback function
 169         if( isset( $_GET['jsonp'] ) && $_GET['jsonp'] == 'yourls' ) {
 170                 $short   = $return['shorturl'] ? $return['shorturl'] : '';
 171                 $message = $return['message'];
 172                 yourls_content_type_header( 'application/javascript' );
 173                 echo yourls_apply_filter( 'bookmarklet_jsonp', "yourls_callback({'short_url':'$short','message':'$message'});" );
 174
 175                 die();
 176         }
 177
 178         // Now use the URL that has been sanitized and returned by yourls_add_new_link()
 179         $url = $return['url']['url'];
 180         $where  = sprintf( " AND `url` LIKE '%s' ", yourls_escape( $url ) );
 181
 182         $page   = $total_pages = $perpage = 1;
 183         $offset = 0;
 184
 185         $text   = ( isset( $_GET['s'] ) ? stripslashes( $_GET['s'] ) : '' );
 186
 187         // Sharing with social bookmarklets
 188         if( !empty($_GET['share']) ) {
 189                 yourls_do_action( 'pre_share_redirect' );
 190                 switch ( $_GET['share'] ) {
 191                         case 'twitter':
 192                                 // share with Twitter
 193                                 $destination = sprintf( "https://twitter.com/intent/tweet?url=%s&text=%s", urlencode( $return['shorturl'] ), urlencode( $title ) );
 194                                 yourls_redirect( $destination, 303 );
 195
 196                                 // Deal with the case when redirection failed:
 197                                 $return['status']    = 'error';
 198                                 $return['errorCode'] = 400;
 199                                 $return['message']   = yourls_s( 'Short URL created, but could not redirect to %s !', 'Twitter' );
 200                                 break;
 201
 202                         case 'facebook':
 203                                 // share with Facebook
 204                                 $destination = sprintf( "https://www.facebook.com/sharer/sharer.php?u=%s&t=%s", urlencode( $return['shorturl'] ), urlencode( $title ) );
 205                                 yourls_redirect( $destination, 303 );
 206
 207                                 // Deal with the case when redirection failed:
 208                                 $return['status']    = 'error';
 209                                 $return['errorCode'] = 400;
 210                                 $return['message']   = yourls_s( 'Short URL created, but could not redirect to %s !', 'Facebook' );
 211                                 break;
 212
 213                         case 'tumblr':
 214                                 // share with Tumblr
 215                                 $destination = sprintf( "https://www.tumblr.com/share?v=3&u=%s&t=%s&s=%s", urlencode( $return['shorturl'] ), urlencode( $title ), urlencode( $text ) );
 216                                 yourls_redirect( $destination, 303 );
 217
 218                                 // Deal with the case when redirection failed:
 219                                 $return['status']    = 'error';
 220                                 $return['errorCode'] = 400;
 221                                 $return['message']   = yourls_s( 'Short URL created, but could not redirect to %s !', 'Tumblr' );
 222                                 break;
 223
 224                         default:
 225                                 // Is there a custom registered social bookmark?
 226                                 yourls_do_action( 'share_redirect_' . $_GET['share'], $return );
 227
 228                                 // Still here? That was an unknown 'share' method, then.
 229                                 $return['status']    = 'error';
 230                                 $return['errorCode'] = 400;
 231                                 $return['message']   = yourls__( 'Unknown "Share" bookmarklet' );
 232                                 break;
 233                 }
 234         }
 235
 236 // This is not a bookmarklet
 237 } else {
 238         $is_bookmark = false;
 239
 240         // Checking $page, $offset, $perpage
 241         if( empty($page) || $page == 0 ) {
 242                 $page = 1;
 243         }
 244         if( empty($offset) ) {
 245                 $offset = 0;
 246         }
 247         if( empty($perpage) || $perpage == 0) {
 248                 $perpage = 50;
 249         }
 250
 251         // Determine $offset
 252         $offset = ( $page-1 ) * $perpage;
 253
 254         // Determine Max Number Of Items To Display On Page
 255         if( ( $offset + $perpage ) > $total_items ) {
 256                 $max_on_page = $total_items;
 257         } else {
 258                 $max_on_page = ( $offset + $perpage );
 259         }
 260
 261         // Determine Number Of Items To Display On Page
 262         if ( ( $offset + 1 ) > $total_items ) {
 263                 $display_on_page = $total_items;
 264         } else {
 265                 $display_on_page = ( $offset + 1 );
 266         }
 267
 268         // Determing Total Amount Of Pages
 269         $total_pages = ceil( $total_items / $perpage );
 270 }
 271
 272
 273 // Begin output of the page
 274 $context = ( $is_bookmark ? 'bookmark' : 'index' );
 275 yourls_html_head( $context );
 276 yourls_html_logo();
 277 yourls_html_menu() ;
 278
 279 yourls_do_action( 'admin_page_before_content' );
 280
 281 if ( !$is_bookmark ) { ?>
 282         <p><?php echo $search_sentence; ?></p>
 283         <p><?php
 284                 printf( yourls__( 'Display <strong>%1$s</strong> to <strong class="increment">%2$s</strong> of <strong class="increment">%3$s</strong> URLs' ), $display_on_page, $max_on_page, $total_items );
 285                 if( $total_items_clicks !== false )
 286                         echo ", " . sprintf( yourls_n( 'counting <strong>1</strong> click', 'counting <strong>%s</strong> clicks', $total_items_clicks ), yourls_number_format_i18n( $total_items_clicks ) );
 287         ?>.</p>
 288 <?php } ?>
 289 <p id="overall_tracking"><?php printf( yourls__( 'Overall, tracking <strong class="increment">%1$s</strong> links, <strong>%2$s</strong> clicks, and counting!' ), yourls_number_format_i18n( $total_urls ), yourls_number_format_i18n( $total_clicks ) ); ?></p>
 290 <?php
 291
 292 yourls_do_action( 'admin_page_before_form' );
 293
 294 yourls_html_addnew();
 295
 296 // If bookmarklet, add message. Otherwise, hide hidden share box.
 297 if ( !$is_bookmark ) {
 298         yourls_share_box( '', '', '', '', '', '', true );
 299 } else {
 300         echo '<script type="text/javascript">$(document).ready(function(){
 301                 feedback( "' . $return['message'] . '", "'. $return['status'] .'");
 302                 init_clipboard();
 303         });</script>';
 304 }
 305
 306 yourls_do_action( 'admin_page_before_table' );
 307
 308 yourls_table_head();
 309
 310 if ( !$is_bookmark ) {
 311         $params = array(
 312                 'search'       => $search,
 313                 'search_text'  => $search_text,
 314                 'search_in'    => $search_in,
 315                 'sort_by'      => $sort_by,
 316                 'sort_order'   => $sort_order,
 317                 'page'         => $page,
 318                 'perpage'      => $perpage,
 319                 'click_filter' => $click_filter,
 320                 'click_limit'  => $click_limit,
 321                 'total_pages'  => $total_pages,
 322                 'date_filter'  => $date_filter,
 323                 'date_first'   => $date_first,
 324                 'date_second'  => $date_second,
 325         );
 326         yourls_html_tfooter( $params );
 327 }
 328
 329 yourls_table_tbody_start();
 330
 331 // Main Query
 332 $where = yourls_apply_filter( 'admin_list_where', $where );
 333 $url_results = $ydb->get_results( "SELECT * FROM `$table_url` WHERE 1=1 $where ORDER BY `$sort_by` $sort_order LIMIT $offset, $perpage;" );
 334 $found_rows = false;
 335 if( $url_results ) {
 336         $found_rows = true;
 337         foreach( $url_results as $url_result ) {
 338                 $keyword = yourls_sanitize_string( $url_result->keyword );
 339                 $timestamp = strtotime( $url_result->timestamp );
 340                 $url = stripslashes( $url_result->url );
 341                 $ip = $url_result->ip;
 342                 $title = $url_result->title ? $url_result->title : '';
 343                 $clicks = $url_result->clicks;
 344
 345                 echo yourls_table_add_row( $keyword, $url, $title, $ip, $clicks, $timestamp );
 346         }
 347 }
 348
 349 $display = $found_rows ? 'display:none' : '';
 350 echo '<tr id="nourl_found" style="'.$display.'"><td colspan="6">' . yourls__('No URL') . '</td></tr>';
 351
 352 yourls_table_tbody_end();
 353
 354 yourls_table_end();
 355
 356 yourls_do_action( 'admin_page_after_table' );
 357
 358 if ( $is_bookmark )
 359         yourls_share_box( $url, $return['shorturl'], $title, $text );
 360 ?>
 361
 362 <?php yourls_html_footer( ); ?>