7 // Determine the allowed character set in short URLs
\r
8 function yourls_get_shorturl_charset() {
\r
9 static $charset = null;
\r
10 if( $charset !== null )
\r
13 if( !defined('YOURLS_URL_CONVERT') ) {
\r
14 $charset = '0123456789abcdefghijklmnopqrstuvwxyz';
\r
16 switch( YOURLS_URL_CONVERT ) {
\r
18 $charset = '0123456789abcdefghijklmnopqrstuvwxyz';
\r
21 case 64: // just because some people get this wrong in their config.php
\r
22 $charset = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
\r
27 $charset = yourls_apply_filter( 'get_shorturl_charset', $charset );
\r
31 // function to convert an integer (1337) to a string (3jk).
\r
32 function yourls_int2string( $num, $chars = null ) {
\r
33 if( $chars == null )
\r
34 $chars = yourls_get_shorturl_charset();
\r
36 $len = strlen( $chars );
\r
37 while( $num >= $len ) {
\r
38 $mod = bcmod( $num, $len );
\r
39 $num = bcdiv( $num, $len );
\r
40 $string = $chars[$mod] . $string;
\r
42 $string = $chars[$num] . $string;
\r
44 return yourls_apply_filter( 'int2string', $string, $num, $chars );
\r
47 // function to convert a string (3jk) to an integer (1337)
\r
48 function yourls_string2int( $string, $chars = null ) {
\r
49 if( $chars == null )
\r
50 $chars = yourls_get_shorturl_charset();
\r
52 $string = strrev( $string );
\r
53 $baselen = strlen( $chars );
\r
54 $inputlen = strlen( $string );
\r
55 for ($i = 0; $i < $inputlen; $i++) {
\r
56 $index = strpos( $chars, $string[$i] );
\r
57 $integer = bcadd( $integer, bcmul( $index, bcpow( $baselen, $i ) ) );
\r
60 return yourls_apply_filter( 'string2int', $integer, $string, $chars );
\r
63 // return a unique(ish) hash for a string to be used as a valid HTML id
\r
64 function yourls_string2htmlid( $string ) {
\r
65 return yourls_apply_filter( 'string2htmlid', 'y'.abs( crc32( $string ) ) );
\r
68 // Make sure a link keyword (ie "1fv" as in "site.com/1fv") is valid.
\r
69 function yourls_sanitize_string( $string ) {
\r
70 // make a regexp pattern with the shorturl charset, and remove everything but this
\r
71 $pattern = yourls_make_regexp_pattern( yourls_get_shorturl_charset() );
\r
72 $valid = substr(preg_replace('![^'.$pattern.']!', '', $string ), 0, 199);
\r
74 return yourls_apply_filter( 'sanitize_string', $valid, $string );
\r
77 // Make an optimized regexp pattern from a string of characters
\r
78 function yourls_make_regexp_pattern( $string ) {
\r
79 $pattern = preg_quote( $string, '-' ); // add - as an escaped characters -- this is fixed in PHP 5.3
\r
80 // TODO: replace char sequences by smart sequences such as 0-9, a-z, A-Z ... ?
\r
84 // Alias function. I was always getting it wrong.
\r
85 function yourls_sanitize_keyword( $keyword ) {
\r
86 return yourls_sanitize_string( $keyword );
\r
89 // Sanitize a page title. No HTML per W3C http://www.w3.org/TR/html401/struct/global.html#h-7.4.2
\r
90 function yourls_sanitize_title( $title ) {
\r
91 // TODO: make stronger Implement KSES?
\r
92 $title = strip_tags( $title );
\r
93 // Remove extra white space
\r
94 $title = preg_replace( "/\s+/", ' ', trim( $title ) );
\r
98 // Is an URL a short URL?
\r
99 function yourls_is_shorturl( $shorturl ) {
\r
100 // TODO: make sure this function evolves with the feature set.
\r
103 $keyword = preg_replace( '!^'.YOURLS_SITE.'/!', '', $shorturl ); // accept either 'http://ozh.in/abc' or 'abc'
\r
104 if( $keyword && $keyword == yourls_sanitize_string( $keyword ) && yourls_keyword_is_taken( $keyword ) ) {
\r
108 return yourls_apply_filter( 'is_shorturl', $is_short, $shorturl );
\r
111 // A few sanity checks on the URL
\r
112 function yourls_sanitize_url( $url ) {
\r
113 // make sure there's only one 'http://' at the beginning (prevents pasting a URL right after the default 'http://')
\r
114 $url = str_replace('http://http://', 'http://', $url);
\r
116 // make sure there's a protocol, add http:// if not
\r
117 if ( !preg_match('!^([a-zA-Z]+://)!', $url ) )
\r
118 $url = 'http://'.$url;
\r
120 // force scheme and domain to lowercase - see issue 591
\r
121 preg_match( '!^([a-zA-Z]+://([^/]+))(.*)$!', $url, $matches );
\r
122 if( isset( $matches[1] ) && isset( $matches[3] ) )
\r
123 $url = strtolower( $matches[1] ) . $matches[3];
\r
125 $url = yourls_clean_url( $url );
\r
127 return substr( $url, 0, 1999 );
\r
130 // Function to filter all invalid characters from a URL. Stolen from WP's clean_url()
\r
131 function yourls_clean_url( $url ) {
\r
132 $url = preg_replace( '|[^a-z0-9-~+_.?\[\]\^#=!&;,/:%@$\|*\'"()\\x80-\\xff]|i', '', $url );
\r
133 $strip = array( '%0d', '%0a', '%0D', '%0A' );
\r
134 $url = yourls_deep_replace( $strip, $url );
\r
135 $url = str_replace( ';//', '://', $url );
\r
136 $url = str_replace( '&', '&', $url ); // Revert & not to break query strings
\r
141 // Perform a replacement while a string is found, eg $subject = '%0%0%0DDD', $search ='%0D' -> $result =''
\r
142 // Stolen from WP's _deep_replace
\r
143 function yourls_deep_replace($search, $subject){
\r
147 foreach( (array) $search as $val ) {
\r
148 while(strpos($subject, $val) !== false) {
\r
150 $subject = str_replace($val, '', $subject);
\r
158 // Make sure an integer is a valid integer (PHP's intval() limits to too small numbers)
\r
159 // TODO FIXME FFS: unused ?
\r
160 function yourls_sanitize_int($in) {
\r
161 return ( substr(preg_replace('/[^0-9]/', '', strval($in) ), 0, 20) );
\r
164 // Make sure a integer is safe
\r
165 // Note: this is not checking for integers, since integers on 32bits system are way too limited
\r
166 // TODO: find a way to validate as integer
\r
167 function yourls_intval($in) {
\r
168 return yourls_escape($in);
\r
172 function yourls_escape( $in ) {
\r
173 return mysql_real_escape_string($in);
\r
176 // Check to see if a given keyword is reserved (ie reserved URL or an existing page)
\r
178 function yourls_keyword_is_reserved( $keyword ) {
\r
179 global $yourls_reserved_URL;
\r
180 $keyword = yourls_sanitize_keyword( $keyword );
\r
183 if ( in_array( $keyword, $yourls_reserved_URL)
\r
184 or file_exists( YOURLS_ABSPATH ."/pages/$keyword.php" )
\r
185 or is_dir( YOURLS_ABSPATH ."/$keyword" )
\r
189 return yourls_apply_filter( 'keyword_is_reserved', $reserved, $keyword );
\r
192 // Function: Get IP Address. Returns a DB safe string.
\r
193 function yourls_get_IP() {
\r
194 if( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
\r
195 $ip = $_SERVER['REMOTE_ADDR'];
\r
197 if(!empty($_SERVER['HTTP_CLIENT_IP'])) {
\r
198 $ip = $_SERVER['HTTP_CLIENT_IP'];
\r
199 } else if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
\r
200 $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
\r
201 } else if(!empty($_SERVER['HTTP_VIA '])) {
\r
202 $ip = $_SERVER['HTTP_VIA '];
\r
206 return yourls_apply_filter( 'get_IP', yourls_sanitize_ip( $ip ) );
\r
209 // Sanitize an IP address
\r
210 function yourls_sanitize_ip( $ip ) {
\r
211 return preg_replace( '/[^0-9a-fA-F:., ]/', '', $ip );
\r
214 // Make sure a date is m(m)/d(d)/yyyy, return false otherwise
\r
215 function yourls_sanitize_date( $date ) {
\r
216 if( !preg_match( '!^\d{1,2}/\d{1,2}/\d{4}$!' , $date ) ) {
\r
222 // Sanitize a date for SQL search. Return false if malformed input.
\r
223 function yourls_sanitize_date_for_sql( $date ) {
\r
224 if( !yourls_sanitize_date( $date ) )
\r
226 return date('Y-m-d', strtotime( $date ) );
\r
229 // Get next id a new link will have if no custom keyword provided
\r
230 function yourls_get_next_decimal() {
\r
231 return yourls_apply_filter( 'get_next_decimal', (int)yourls_get_option( 'next_id' ) );
\r
234 // Update id for next link with no custom keyword
\r
235 function yourls_update_next_decimal( $int = '' ) {
\r
236 $int = ( $int == '' ) ? yourls_get_next_decimal() + 1 : (int)$int ;
\r
237 $update = yourls_update_option( 'next_id', $int );
\r
238 yourls_do_action( 'update_next_decimal', $int, $update );
\r
242 // Delete a link in the DB
\r
243 function yourls_delete_link_by_keyword( $keyword ) {
\r
246 $table = YOURLS_DB_TABLE_URL;
\r
247 $keyword = yourls_sanitize_string( $keyword );
\r
248 $delete = $ydb->query("DELETE FROM `$table` WHERE `keyword` = '$keyword';");
\r
249 yourls_do_action( 'delete_link', $keyword, $delete );
\r
253 // SQL query to insert a new link in the DB. Returns boolean for success or failure of the inserting
\r
254 function yourls_insert_link_in_db( $url, $keyword, $title = '' ) {
\r
257 $url = addslashes( yourls_sanitize_url( $url ) );
\r
258 $keyword = addslashes( yourls_sanitize_keyword( $keyword ) );
\r
259 $title = addslashes( yourls_sanitize_title( $title ) );
\r
261 $table = YOURLS_DB_TABLE_URL;
\r
262 $timestamp = date('Y-m-d H:i:s');
\r
263 $ip = yourls_get_IP();
\r
264 $insert = $ydb->query("INSERT INTO `$table` (`keyword`, `url`, `title`, `timestamp`, `ip`, `clicks`) VALUES('$keyword', '$url', '$title', '$timestamp', '$ip', 0);");
\r
266 yourls_do_action( 'insert_link', (bool)$insert, $url, $keyword, $title, $timestamp, $ip );
\r
268 return (bool)$insert;
\r
271 // Add a new link in the DB, either with custom keyword, or find one
\r
272 function yourls_add_new_link( $url, $keyword = '', $title = '' ) {
\r
275 // Allow plugins to short-circuit the whole function
\r
276 $pre = yourls_apply_filter( 'shunt_add_new_link', false, $url, $keyword, $title );
\r
277 if ( false !== $pre )
\r
280 if ( !$url || $url == 'http://' || $url == 'https://' ) {
\r
281 $return['status'] = 'fail';
\r
282 $return['code'] = 'error:nourl';
\r
283 $return['message'] = 'Missing URL input';
\r
284 $return['errorCode'] = '400';
\r
285 return yourls_apply_filter( 'add_new_link_fail_nourl', $return, $url, $keyword, $title );
\r
288 // Prevent DB flood
\r
289 $ip = yourls_get_IP();
\r
290 yourls_check_IP_flood( $ip );
\r
292 // Prevent internal redirection loops: cannot shorten a shortened URL
\r
293 $url = yourls_escape( yourls_sanitize_url($url) );
\r
294 if( preg_match( '!^'.YOURLS_SITE.'/!', $url ) ) {
\r
295 if( yourls_is_shorturl( $url ) ) {
\r
296 $return['status'] = 'fail';
\r
297 $return['code'] = 'error:noloop';
\r
298 $return['message'] = 'URL is a short URL';
\r
299 $return['errorCode'] = '400';
\r
300 return yourls_apply_filter( 'add_new_link_fail_noloop', $return, $url, $keyword, $title );
\r
304 yourls_do_action( 'pre_add_new_link', $url, $keyword, $title );
\r
306 $table = YOURLS_DB_TABLE_URL;
\r
307 $strip_url = stripslashes($url);
\r
308 $url_exists = $ydb->get_row("SELECT * FROM `$table` WHERE `url` = '".$strip_url."';");
\r
311 // New URL : store it -- or: URL exists, but duplicates allowed
\r
312 if( !$url_exists || yourls_allow_duplicate_longurls() ) {
\r
314 if( isset( $title ) && !empty( $title ) ) {
\r
315 $title = yourls_sanitize_title( $title );
\r
317 $title = yourls_get_remote_title( $url );
\r
319 $title = yourls_apply_filter( 'add_new_title', $title, $url, $keyword );
\r
321 // Custom keyword provided
\r
324 yourls_do_action( 'add_new_link_custom_keyword', $url, $keyword, $title );
\r
326 $keyword = yourls_escape( yourls_sanitize_string($keyword) );
\r
327 $keyword = yourls_apply_filter( 'custom_keyword', $keyword, $url, $title );
\r
328 if ( !yourls_keyword_is_free($keyword) ) {
\r
329 // This shorturl either reserved or taken already
\r
330 $return['status'] = 'fail';
\r
331 $return['code'] = 'error:keyword';
\r
332 $return['message'] = 'Short URL '.$keyword.' already exists in database or is reserved';
\r
334 // all clear, store !
\r
335 yourls_insert_link_in_db( $url, $keyword, $title );
\r
336 $return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'title' => $title, 'date' => date('Y-m-d H:i:s'), 'ip' => $ip );
\r
337 $return['status'] = 'success';
\r
338 $return['message'] = yourls_trim_long_string( $strip_url ).' added to database';
\r
339 $return['title'] = $title;
\r
340 $return['html'] = yourls_table_add_row( $keyword, $url, $title, $ip, 0, time() );
\r
341 $return['shorturl'] = YOURLS_SITE .'/'. $keyword;
\r
344 // Create random keyword
\r
347 yourls_do_action( 'add_new_link_create_keyword', $url, $keyword, $title );
\r
349 $timestamp = date('Y-m-d H:i:s');
\r
350 $id = yourls_get_next_decimal();
\r
353 $keyword = yourls_int2string( $id );
\r
354 $keyword = yourls_apply_filter( 'random_keyword', $keyword, $url, $title );
\r
355 $free = yourls_keyword_is_free($keyword);
\r
356 $add_url = @yourls_insert_link_in_db( $url, $keyword, $title );
\r
357 $ok = ($free && $add_url);
\r
358 if ( $ok === false && $add_url === 1 ) {
\r
359 // we stored something, but shouldn't have (ie reserved id)
\r
360 $delete = yourls_delete_link_by_keyword( $keyword );
\r
361 $return['extra_info'] .= '(deleted '.$keyword.')';
\r
363 // everything ok, populate needed vars
\r
364 $return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'title' => $title, 'date' => $timestamp, 'ip' => $ip );
\r
365 $return['status'] = 'success';
\r
366 $return['message'] = yourls_trim_long_string( $strip_url ).' added to database';
\r
367 $return['title'] = $title;
\r
368 $return['html'] = yourls_table_add_row( $keyword, $url, $title, $ip, 0, time() );
\r
369 $return['shorturl'] = YOURLS_SITE .'/'. $keyword;
\r
373 @yourls_update_next_decimal($id);
\r
376 // URL was already stored
\r
379 yourls_do_action( 'add_new_link_already_stored', $url, $keyword, $title );
\r
381 $return['status'] = 'fail';
\r
382 $return['code'] = 'error:url';
\r
383 $return['url'] = array( 'keyword' => $keyword, 'url' => $strip_url, 'title' => $url_exists->title, 'date' => $url_exists->timestamp, 'ip' => $url_exists->ip, 'clicks' => $url_exists->clicks );
\r
384 $return['message'] = yourls_trim_long_string( $strip_url ).' already exists in database';
\r
385 $return['title'] = $url_exists->title;
\r
386 $return['shorturl'] = YOURLS_SITE .'/'. $url_exists->keyword;
\r
389 yourls_do_action( 'post_add_new_link', $url, $keyword, $title );
\r
391 $return['statusCode'] = 200; // regardless of result, this is still a valid request
\r
392 return yourls_apply_filter( 'add_new_link', $return, $url, $keyword, $title );
\r
397 function yourls_edit_link( $url, $keyword, $newkeyword='', $title='' ) {
\r
400 $table = YOURLS_DB_TABLE_URL;
\r
401 $url = yourls_escape(yourls_sanitize_url($url));
\r
402 $keyword = yourls_escape(yourls_sanitize_string( $keyword ));
\r
403 $title = yourls_escape(yourls_sanitize_title( $title ));
\r
404 $newkeyword = yourls_escape(yourls_sanitize_string( $newkeyword ));
\r
405 $strip_url = stripslashes($url);
\r
406 $strip_title = stripslashes($title);
\r
407 $old_url = $ydb->get_var("SELECT `url` FROM `$table` WHERE `keyword` = '$keyword';");
\r
409 // Check if new URL is not here already
\r
410 if ( $old_url != $url && !yourls_allow_duplicate_longurls() ) {
\r
411 $new_url_already_there = intval($ydb->get_var("SELECT COUNT(keyword) FROM `$table` WHERE `url` = '$strip_url';"));
\r
413 $new_url_already_there = false;
\r
416 // Check if the new keyword is not here already
\r
417 if ( $newkeyword != $keyword ) {
\r
418 $keyword_is_ok = yourls_keyword_is_free( $newkeyword );
\r
420 $keyword_is_ok = true;
\r
423 yourls_do_action( 'pre_edit_link', $url, $keyword, $newkeyword, $new_url_already_there, $keyword_is_ok );
\r
425 // All clear, update
\r
426 if ( ( !$new_url_already_there || yourls_allow_duplicate_longurls() ) && $keyword_is_ok ) {
\r
427 $update_url = $ydb->query("UPDATE `$table` SET `url` = '$url', `keyword` = '$newkeyword', `title` = '$title' WHERE `keyword` = '$keyword';");
\r
428 if( $update_url ) {
\r
429 $return['url'] = array( 'keyword' => $newkeyword, 'shorturl' => YOURLS_SITE.'/'.$newkeyword, 'url' => $strip_url, 'display_url' => yourls_trim_long_string( $strip_url ), 'title' => $strip_title, 'display_title' => yourls_trim_long_string( $strip_title ) );
\r
430 $return['status'] = 'success';
\r
431 $return['message'] = 'Link updated in database';
\r
433 $return['status'] = 'fail';
\r
434 $return['message'] = 'Error updating '. yourls_trim_long_string( $strip_url ).' (Short URL: '.$keyword.') to database';
\r
439 $return['status'] = 'fail';
\r
440 $return['message'] = 'URL or keyword already exists in database';
\r
443 return yourls_apply_filter( 'edit_link', $return, $url, $keyword, $newkeyword, $title, $new_url_already_there, $keyword_is_ok );
\r
446 // Update a title link (no checks for duplicates etc..)
\r
447 function yourls_edit_link_title( $keyword, $title ) {
\r
450 $keyword = yourls_escape( yourls_sanitize_keyword( $keyword ) );
\r
451 $title = yourls_escape( yourls_sanitize_title( $title ) );
\r
453 $table = YOURLS_DB_TABLE_URL;
\r
454 $update = $ydb->query("UPDATE `$table` SET `title` = '$title' WHERE `keyword` = '$keyword';");
\r
460 // Check if keyword id is free (ie not already taken, and not reserved). Return bool.
\r
461 function yourls_keyword_is_free( $keyword ) {
\r
463 if ( yourls_keyword_is_reserved( $keyword ) or yourls_keyword_is_taken( $keyword ) )
\r
466 return yourls_apply_filter( 'keyword_is_free', $free, $keyword );
\r
469 // Check if a keyword is taken (ie there is already a short URL with this id). Return bool.
\r
470 function yourls_keyword_is_taken( $keyword ) {
\r
472 $keyword = yourls_sanitize_keyword( $keyword );
\r
474 $table = YOURLS_DB_TABLE_URL;
\r
475 $already_exists = $ydb->get_var("SELECT COUNT(`keyword`) FROM `$table` WHERE `keyword` = '$keyword';");
\r
476 if ( $already_exists )
\r
479 return yourls_apply_filter( 'keyword_is_taken', $taken, $keyword );
\r
484 function yourls_page( $page ) {
\r
485 $include = YOURLS_ABSPATH . "/pages/$page.php";
\r
486 if (!file_exists($include)) {
\r
487 yourls_die("Page '$page' not found", 'Not found', 404);
\r
489 yourls_do_action( 'pre_page', $page );
\r
491 yourls_do_action( 'post_page', $page );
\r
496 function yourls_db_connect() {
\r
499 if (!defined('YOURLS_DB_USER')
\r
500 or !defined('YOURLS_DB_PASS')
\r
501 or !defined('YOURLS_DB_NAME')
\r
502 or !defined('YOURLS_DB_HOST')
\r
503 or !class_exists('ezSQL_mysql')
\r
504 ) yourls_die ('DB config missing, or could not find DB class', 'Fatal error', 503);
\r
506 // Are we standalone or in the WordPress environment?
\r
507 if ( class_exists('wpdb') ) {
\r
508 $ydb = new wpdb(YOURLS_DB_USER, YOURLS_DB_PASS, YOURLS_DB_NAME, YOURLS_DB_HOST);
\r
510 $ydb = new ezSQL_mysql(YOURLS_DB_USER, YOURLS_DB_PASS, YOURLS_DB_NAME, YOURLS_DB_HOST);
\r
512 if ( $ydb->last_error )
\r
513 yourls_die( $ydb->last_error, 'Fatal error', 503 );
\r
515 if ( defined('YOURLS_DEBUG') && YOURLS_DEBUG === true )
\r
516 $ydb->show_errors = true;
\r
521 // Return XML output.
\r
522 function yourls_xml_encode($array) {
\r
523 require_once(YOURLS_INC.'/functions-xml.php');
\r
524 $converter= new yourls_array2xml;
\r
525 return $converter->array2xml($array);
\r
528 // Return array of all informations associated with keyword. Returns false if keyword not found. Set optional $use_cache to false to force fetching from DB
\r
529 function yourls_get_keyword_infos( $keyword, $use_cache = true ) {
\r
531 $keyword = yourls_sanitize_string( $keyword );
\r
533 yourls_do_action( 'pre_get_keyword', $keyword, $use_cache );
\r
535 if( isset( $ydb->infos[$keyword] ) && $use_cache == true ) {
\r
536 return yourls_apply_filter( 'get_keyword_infos', $ydb->infos[$keyword], $keyword );
\r
539 yourls_do_action( 'get_keyword_not_cached', $keyword );
\r
541 $table = YOURLS_DB_TABLE_URL;
\r
542 $infos = $ydb->get_row("SELECT * FROM `$table` WHERE `keyword` = '$keyword'");
\r
545 $infos = (array)$infos;
\r
546 $ydb->infos[$keyword] = $infos;
\r
548 $ydb->infos[$keyword] = false;
\r
551 return yourls_apply_filter( 'get_keyword_infos', $ydb->infos[$keyword], $keyword );
\r
554 // Return (string) selected information associated with a keyword. Optional $notfound = string default message if nothing found
\r
555 function yourls_get_keyword_info( $keyword, $field, $notfound = false ) {
\r
557 // Allow plugins to short-circuit the whole function
\r
558 $pre = yourls_apply_filter( 'shunt_get_keyword_info', false, $keyword, $field, $notfound );
\r
559 if ( false !== $pre )
\r
562 $keyword = yourls_sanitize_string( $keyword );
\r
563 $infos = yourls_get_keyword_infos( $keyword );
\r
565 $return = $notfound;
\r
566 if ( isset($infos[$field]) && $infos[$field] !== false )
\r
567 $return = $infos[$field];
\r
569 return yourls_apply_filter( 'get_keyword_info', $return, $keyword, $field, $notfound );
\r
572 // Return title associated with keyword. Optional $notfound = string default message if nothing found
\r
573 function yourls_get_keyword_title( $keyword, $notfound = false ) {
\r
574 return yourls_get_keyword_info( $keyword, 'title', $notfound );
\r
577 // Return long URL associated with keyword. Optional $notfound = string default message if nothing found
\r
578 function yourls_get_keyword_longurl( $keyword, $notfound = false ) {
\r
579 return yourls_get_keyword_info( $keyword, 'url', $notfound );
\r
582 // Return number of clicks on a keyword. Optional $notfound = string default message if nothing found
\r
583 function yourls_get_keyword_clicks( $keyword, $notfound = false ) {
\r
584 return yourls_get_keyword_info( $keyword, 'clicks', $notfound );
\r
587 // Return IP that added a keyword. Optional $notfound = string default message if nothing found
\r
588 function yourls_get_keyword_IP( $keyword, $notfound = false ) {
\r
589 return yourls_get_keyword_info( $keyword, 'ip', $notfound );
\r
592 // Return timestamp associated with a keyword. Optional $notfound = string default message if nothing found
\r
593 function yourls_get_keyword_timestamp( $keyword, $notfound = false ) {
\r
594 return yourls_get_keyword_info( $keyword, 'timestamp', $notfound );
\r
597 // Update click count on a short URL. Return 0/1 for error/success.
\r
598 function yourls_update_clicks( $keyword ) {
\r
599 // Allow plugins to short-circuit the whole function
\r
600 $pre = yourls_apply_filter( 'shunt_update_clicks', false, $keyword );
\r
601 if ( false !== $pre )
\r
605 $keyword = yourls_sanitize_string( $keyword );
\r
606 $table = YOURLS_DB_TABLE_URL;
\r
607 $update = $ydb->query("UPDATE `$table` SET `clicks` = clicks + 1 WHERE `keyword` = '$keyword'");
\r
608 yourls_do_action( 'update_clicks', $keyword, $update );
\r
612 // Return array of stats. (string)$filter is 'bottom', 'last', 'rand' or 'top'. (int)$limit is the number of links to return
\r
613 function yourls_get_stats( $filter = 'top', $limit = 10, $start = 0 ) {
\r
616 switch( $filter ) {
\r
618 $sort_by = 'clicks';
\r
619 $sort_order = 'asc';
\r
622 $sort_by = 'timestamp';
\r
623 $sort_order = 'desc';
\r
627 $sort_by = 'RAND()';
\r
632 $sort_by = 'clicks';
\r
633 $sort_order = 'desc';
\r
638 $limit = intval( $limit );
\r
639 $start = intval( $start );
\r
640 if ( $limit > 0 ) {
\r
642 $table_url = YOURLS_DB_TABLE_URL;
\r
643 $results = $ydb->get_results("SELECT * FROM `$table_url` WHERE 1=1 ORDER BY `$sort_by` $sort_order LIMIT $start, $limit;");
\r
648 foreach ( (array)$results as $res) {
\r
649 $return['links']['link_'.$i++] = array(
\r
650 'shorturl' => YOURLS_SITE .'/'. $res->keyword,
\r
651 'url' => $res->url,
\r
652 'title' => $res->title,
\r
653 'timestamp'=> $res->timestamp,
\r
655 'clicks' => $res->clicks,
\r
660 $return['stats'] = yourls_get_db_stats();
\r
662 $return['statusCode'] = 200;
\r
664 return yourls_apply_filter( 'get_stats', $return, $filter, $limit, $start );
\r
667 // Return array of stats. (string)$filter is 'bottom', 'last', 'rand' or 'top'. (int)$limit is the number of links to return
\r
668 function yourls_get_link_stats( $shorturl ) {
\r
671 $table_url = YOURLS_DB_TABLE_URL;
\r
672 $res = $ydb->get_row("SELECT * FROM `$table_url` WHERE keyword = '$shorturl';");
\r
676 // non existent link
\r
678 'statusCode' => 404,
\r
679 'message' => 'Error: short URL not found',
\r
683 'statusCode' => 200,
\r
684 'message' => 'success',
\r
686 'shorturl' => YOURLS_SITE .'/'. $res->keyword,
\r
687 'url' => $res->url,
\r
688 'title' => $res->title,
\r
689 'timestamp'=> $res->timestamp,
\r
691 'clicks' => $res->clicks,
\r
696 return yourls_apply_filter( 'get_link_stats', $return, $shorturl );
\r
699 // Return array for API stat requests
\r
700 function yourls_api_stats( $filter = 'top', $limit = 10, $start = 0 ) {
\r
701 $return = yourls_get_stats( $filter, $limit, $start );
\r
702 $return['simple'] = 'Need either XML or JSON format for stats';
\r
703 $return['message'] = 'success';
\r
704 return yourls_apply_filter( 'api_stats', $return, $filter, $limit, $start );
\r
707 // Return array for counts of shorturls and clicks
\r
708 function yourls_api_db_stats() {
\r
709 $return = yourls_get_db_stats();
\r
710 $return['simple'] = 'Need either XML or JSON format for stats';
\r
711 $return['message'] = 'success';
\r
712 return yourls_apply_filter( 'api_db_stats', $return );
\r
715 // Return array for API stat requests
\r
716 function yourls_api_url_stats($shorturl) {
\r
717 $keyword = str_replace( YOURLS_SITE . '/' , '', $shorturl ); // accept either 'http://ozh.in/abc' or 'abc'
\r
718 $keyword = yourls_sanitize_string( $keyword );
\r
720 $return = yourls_get_link_stats( $keyword );
\r
721 $return['simple'] = 'Need either XML or JSON format for stats';
\r
722 return yourls_apply_filter( 'api_url_stats', $return, $shorturl );
\r
725 // Expand short url to long url
\r
726 function yourls_api_expand( $shorturl ) {
\r
727 $keyword = str_replace( YOURLS_SITE . '/' , '', $shorturl ); // accept either 'http://ozh.in/abc' or 'abc'
\r
728 $keyword = yourls_sanitize_string( $keyword );
\r
730 $longurl = yourls_get_keyword_longurl( $keyword );
\r
734 'keyword' => $keyword,
\r
735 'shorturl' => YOURLS_SITE . "/$keyword",
\r
736 'longurl' => $longurl,
\r
737 'simple' => $longurl,
\r
738 'message' => 'success',
\r
739 'statusCode' => 200,
\r
743 'keyword' => $keyword,
\r
744 'simple' => 'not found',
\r
745 'message' => 'Error: short URL not found',
\r
746 'errorCode' => 404,
\r
750 return yourls_apply_filter( 'api_expand', $return, $shorturl );
\r
754 // Get total number of URLs and sum of clicks. Input: optional "AND WHERE" clause. Returns array
\r
755 function yourls_get_db_stats( $where = '' ) {
\r
757 $table_url = YOURLS_DB_TABLE_URL;
\r
759 $totals = $ydb->get_row("SELECT COUNT(keyword) as count, SUM(clicks) as sum FROM `$table_url` WHERE 1=1 $where");
\r
760 $return = array( 'total_links' => $totals->count, 'total_clicks' => $totals->sum );
\r
762 return yourls_apply_filter( 'get_db_stats', $return, $where );
\r
765 // Return API result. Dies after this
\r
766 function yourls_api_output( $mode, $return ) {
\r
767 if( isset( $return['simple'] ) ) {
\r
768 $simple = $return['simple'];
\r
769 unset( $return['simple'] );
\r
772 yourls_do_action( 'pre_api_output', $mode, $return );
\r
776 header('Content-type: application/json');
\r
777 echo json_encode($return);
\r
781 header('Content-type: application/xml');
\r
782 echo yourls_xml_encode($return);
\r
787 if( isset( $simple ) )
\r
792 yourls_do_action( 'api_output', $mode, $return );
\r
797 // Get number of SQL queries performed
\r
798 function yourls_get_num_queries() {
\r
801 return yourls_apply_filter( 'get_num_queries', $ydb->num_queries );
\r
804 // Returns a sanitized a user agent string. Given what I found on http://www.user-agents.org/ it should be OK.
\r
805 function yourls_get_user_agent() {
\r
806 if ( !isset( $_SERVER['HTTP_USER_AGENT'] ) )
\r
809 $ua = strip_tags( html_entity_decode( $_SERVER['HTTP_USER_AGENT'] ));
\r
810 $ua = preg_replace('![^0-9a-zA-Z\':., /{}\(\)\[\]\+@&\!\?;_\-=~\*\#]!', '', $ua );
\r
812 return yourls_apply_filter( 'get_user_agent', substr( $ua, 0, 254 ) );
\r
815 // Redirect to another page
\r
816 function yourls_redirect( $location, $code = 301 ) {
\r
817 yourls_do_action( 'pre_redirect', $location, $code );
\r
818 $location = yourls_apply_filter( 'redirect', $location, $code );
\r
819 // Redirect, either properly if possible, or via Javascript otherwise
\r
820 if( !headers_sent() ) {
\r
821 yourls_status_header( $code );
\r
822 header( "Location: $location" );
\r
824 yourls_redirect_javascript( $location );
\r
829 // Set HTTP status header
\r
830 function yourls_status_header( $code = 200 ) {
\r
831 if( headers_sent() )
\r
834 $protocol = $_SERVER["SERVER_PROTOCOL"];
\r
835 if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol )
\r
836 $protocol = 'HTTP/1.0';
\r
838 $code = intval( $code );
\r
839 $desc = yourls_get_HTTP_status( $code );
\r
841 @header ("$protocol $code $desc"); // This causes problems on IIS and some FastCGI setups
\r
842 yourls_do_action( 'status_header', $code );
\r
845 // Redirect to another page using Javascript. Set optional (bool)$dontwait to false to force manual redirection (make sure a message has been read by user)
\r
846 function yourls_redirect_javascript( $location, $dontwait = true ) {
\r
847 yourls_do_action( 'pre_redirect_javascript', $location, $dontwait );
\r
848 $location = yourls_apply_filter( 'redirect_javascript', $location, $dontwait );
\r
851 <script type="text/javascript">
\r
852 window.location="$location";
\r
854 <small>(if you are not redirected after 10 seconds, please <a href="$location">click here</a>)</small>
\r
858 <p>Please <a href="$location">click here</a></p>
\r
861 yourls_do_action( 'post_redirect_javascript', $location );
\r
864 // Return a HTTP status code
\r
865 function yourls_get_HTTP_status( $code ) {
\r
866 $code = intval( $code );
\r
867 $headers_desc = array(
\r
869 101 => 'Switching Protocols',
\r
870 102 => 'Processing',
\r
875 203 => 'Non-Authoritative Information',
\r
876 204 => 'No Content',
\r
877 205 => 'Reset Content',
\r
878 206 => 'Partial Content',
\r
879 207 => 'Multi-Status',
\r
882 300 => 'Multiple Choices',
\r
883 301 => 'Moved Permanently',
\r
885 303 => 'See Other',
\r
886 304 => 'Not Modified',
\r
887 305 => 'Use Proxy',
\r
889 307 => 'Temporary Redirect',
\r
891 400 => 'Bad Request',
\r
892 401 => 'Unauthorized',
\r
893 402 => 'Payment Required',
\r
894 403 => 'Forbidden',
\r
895 404 => 'Not Found',
\r
896 405 => 'Method Not Allowed',
\r
897 406 => 'Not Acceptable',
\r
898 407 => 'Proxy Authentication Required',
\r
899 408 => 'Request Timeout',
\r
902 411 => 'Length Required',
\r
903 412 => 'Precondition Failed',
\r
904 413 => 'Request Entity Too Large',
\r
905 414 => 'Request-URI Too Long',
\r
906 415 => 'Unsupported Media Type',
\r
907 416 => 'Requested Range Not Satisfiable',
\r
908 417 => 'Expectation Failed',
\r
909 422 => 'Unprocessable Entity',
\r
911 424 => 'Failed Dependency',
\r
912 426 => 'Upgrade Required',
\r
914 500 => 'Internal Server Error',
\r
915 501 => 'Not Implemented',
\r
916 502 => 'Bad Gateway',
\r
917 503 => 'Service Unavailable',
\r
918 504 => 'Gateway Timeout',
\r
919 505 => 'HTTP Version Not Supported',
\r
920 506 => 'Variant Also Negotiates',
\r
921 507 => 'Insufficient Storage',
\r
922 510 => 'Not Extended'
\r
925 if ( isset( $headers_desc[$code] ) )
\r
926 return $headers_desc[$code];
\r
932 // Log a redirect (for stats)
\r
933 function yourls_log_redirect( $keyword ) {
\r
934 // Allow plugins to short-circuit the whole function
\r
935 $pre = yourls_apply_filter( 'shunt_log_redirect', false, $keyword );
\r
936 if ( false !== $pre )
\r
939 if ( !yourls_do_log_redirect() )
\r
943 $table = YOURLS_DB_TABLE_LOG;
\r
945 $keyword = yourls_sanitize_string( $keyword );
\r
946 $referrer = ( isset( $_SERVER['HTTP_REFERER'] ) ? yourls_sanitize_url( $_SERVER['HTTP_REFERER'] ) : 'direct' );
\r
947 $ua = yourls_get_user_agent();
\r
948 $ip = yourls_get_IP();
\r
949 $location = yourls_geo_ip_to_countrycode( $ip );
\r
951 return $ydb->query( "INSERT INTO `$table` (click_time, shorturl, referrer, user_agent, ip_address, country_code) VALUES (NOW(), '$keyword', '$referrer', '$ua', '$ip', '$location')" );
\r
954 // Check if we want to not log redirects (for stats)
\r
955 function yourls_do_log_redirect() {
\r
956 return ( !defined('YOURLS_NOSTATS') || YOURLS_NOSTATS != true );
\r
959 // Converts an IP to a 2 letter country code, using GeoIP database if available in includes/geo/
\r
960 function yourls_geo_ip_to_countrycode( $ip = '', $default = '' ) {
\r
961 // Allow plugins to short-circuit the Geo IP API
\r
962 $location = yourls_apply_filter( 'shunt_geo_ip_to_countrycode', false, $ip, $default ); // at this point $ip can be '', check if your plugin hooks in here
\r
963 if ( false !== $location )
\r
966 if ( !file_exists( YOURLS_INC.'/geo/GeoIP.dat') || !file_exists( YOURLS_INC.'/geo/geoip.inc') )
\r
970 $ip = yourls_get_IP();
\r
972 require_once( YOURLS_INC.'/geo/geoip.inc') ;
\r
973 $gi = geoip_open( YOURLS_INC.'/geo/GeoIP.dat', GEOIP_STANDARD);
\r
974 $location = geoip_country_code_by_addr($gi, $ip);
\r
977 return yourls_apply_filter( 'geo_ip_to_countrycode', $location, $ip, $default );
\r
980 // Converts a 2 letter country code to long name (ie AU -> Australia)
\r
981 function yourls_geo_countrycode_to_countryname( $code ) {
\r
982 // Allow plugins to short-circuit the Geo IP API
\r
983 $country = yourls_apply_filter( 'shunt_geo_countrycode_to_countryname', false, $code );
\r
984 if ( false !== $country )
\r
987 // Load the Geo class if not already done
\r
988 if( !class_exists('GeoIP') ) {
\r
989 $temp = yourls_geo_ip_to_countrycode('127.0.0.1');
\r
992 if( class_exists('GeoIP') ) {
\r
994 $id = $geo->GEOIP_COUNTRY_CODE_TO_NUMBER[$code];
\r
995 $long = $geo->GEOIP_COUNTRY_NAMES[$id];
\r
1002 // Return flag URL from 2 letter country code
\r
1003 function yourls_geo_get_flag( $code ) {
\r
1004 if( file_exists( YOURLS_INC.'/geo/flags/flag_'.strtolower($code).'.gif' ) ) {
\r
1005 $img = yourls_match_current_protocol( YOURLS_SITE.'/includes/geo/flags/flag_'.(strtolower($code)).'.gif' );
\r
1009 return yourls_apply_filter( 'geo_get_flag', $img, $code );
\r
1013 // Check if an upgrade is needed
\r
1014 function yourls_upgrade_is_needed() {
\r
1015 // check YOURLS_DB_VERSION exist && match values stored in YOURLS_DB_TABLE_OPTIONS
\r
1016 list( $currentver, $currentsql ) = yourls_get_current_version_from_sql();
\r
1017 if( $currentsql < YOURLS_DB_VERSION )
\r
1023 // Get current version & db version as stored in the options DB. Prior to 1.4 there's no option table.
\r
1024 function yourls_get_current_version_from_sql() {
\r
1025 $currentver = yourls_get_option( 'version' );
\r
1026 $currentsql = yourls_get_option( 'db_version' );
\r
1028 // Values if version is 1.3
\r
1029 if( !$currentver )
\r
1030 $currentver = '1.3';
\r
1031 if( !$currentsql )
\r
1032 $currentsql = '100';
\r
1034 return array( $currentver, $currentsql);
\r
1037 // Read an option from DB (or from cache if available). Return value or $default if not found
\r
1038 function yourls_get_option( $option_name, $default = false ) {
\r
1041 // Allow plugins to short-circuit options
\r
1042 $pre = yourls_apply_filter( 'shunt_option_'.$option_name, false );
\r
1043 if ( false !== $pre )
\r
1046 // If option not cached already, get its value from the DB
\r
1047 if ( !isset( $ydb->option[$option_name] ) ) {
\r
1048 $table = YOURLS_DB_TABLE_OPTIONS;
\r
1049 $option_name = yourls_escape( $option_name );
\r
1050 $row = $ydb->get_row( "SELECT `option_value` FROM `$table` WHERE `option_name` = '$option_name' LIMIT 1" );
\r
1051 if ( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values
\r
1052 $value = $row->option_value;
\r
1053 } else { // option does not exist, so we must cache its non-existence
\r
1054 $value = $default;
\r
1056 $ydb->option[$option_name] = yourls_maybe_unserialize( $value );
\r
1059 return yourls_apply_filter( 'get_option_'.$option_name, $ydb->option[$option_name] );
\r
1062 // Read all options from DB at once
\r
1063 function yourls_get_all_options() {
\r
1066 // Allow plugins to short-circuit all options. (Note: regular plugins are loaded after all options)
\r
1067 $pre = yourls_apply_filter( 'shunt_all_options', false );
\r
1068 if ( false !== $pre )
\r
1071 $table = YOURLS_DB_TABLE_OPTIONS;
\r
1073 $allopt = $ydb->get_results("SELECT `option_name`, `option_value` FROM `$table` WHERE 1=1");
\r
1075 foreach( (array)$allopt as $option ) {
\r
1076 $ydb->option[$option->option_name] = yourls_maybe_unserialize( $option->option_value );
\r
1079 $ydb->option = yourls_apply_filter( 'get_all_options', $ydb->option );
\r
1082 // Update (add if doesn't exist) an option to DB
\r
1083 function yourls_update_option( $option_name, $newvalue ) {
\r
1085 $table = YOURLS_DB_TABLE_OPTIONS;
\r
1087 $safe_option_name = yourls_escape( $option_name );
\r
1089 $oldvalue = yourls_get_option( $safe_option_name );
\r
1091 // If the new and old values are the same, no need to update.
\r
1092 if ( $newvalue === $oldvalue )
\r
1095 if ( false === $oldvalue ) {
\r
1096 yourls_add_option( $option_name, $newvalue );
\r
1100 $_newvalue = yourls_escape( yourls_maybe_serialize( $newvalue ) );
\r
1102 yourls_do_action( 'update_option', $option_name, $oldvalue, $newvalue );
\r
1104 $ydb->query( "UPDATE `$table` SET `option_value` = '$_newvalue' WHERE `option_name` = '$option_name'");
\r
1106 if ( $ydb->rows_affected == 1 ) {
\r
1107 $ydb->option[$option_name] = $newvalue;
\r
1113 // Add an option to the DB
\r
1114 function yourls_add_option( $name, $value = '' ) {
\r
1116 $table = YOURLS_DB_TABLE_OPTIONS;
\r
1117 $safe_name = yourls_escape( $name );
\r
1119 // Make sure the option doesn't already exist
\r
1120 if ( false !== yourls_get_option( $safe_name ) )
\r
1123 $_value = yourls_escape( yourls_maybe_serialize( $value ) );
\r
1125 yourls_do_action( 'add_option', $safe_name, $_value );
\r
1127 $ydb->query( "INSERT INTO `$table` (`option_name`, `option_value`) VALUES ('$name', '$_value')" );
\r
1128 $ydb->option[$name] = $value;
\r
1133 // Delete an option from the DB
\r
1134 function yourls_delete_option( $name ) {
\r
1136 $table = YOURLS_DB_TABLE_OPTIONS;
\r
1137 $name = yourls_escape( $name );
\r
1139 // Get the ID, if no ID then return
\r
1140 $option = $ydb->get_row( "SELECT option_id FROM `$table` WHERE `option_name` = '$name'" );
\r
1141 if ( is_null($option) || !$option->option_id )
\r
1144 yourls_do_action( 'delete_option', $option_name );
\r
1146 $ydb->query( "DELETE FROM `$table` WHERE `option_name` = '$name'" );
\r
1152 // Serialize data if needed. Stolen from WordPress
\r
1153 function yourls_maybe_serialize( $data ) {
\r
1154 if ( is_array( $data ) || is_object( $data ) )
\r
1155 return serialize( $data );
\r
1157 if ( yourls_is_serialized( $data ) )
\r
1158 return serialize( $data );
\r
1163 // Check value to find if it was serialized. Stolen from WordPress
\r
1164 function yourls_is_serialized( $data ) {
\r
1165 // if it isn't a string, it isn't serialized
\r
1166 if ( !is_string( $data ) )
\r
1168 $data = trim( $data );
\r
1169 if ( 'N;' == $data )
\r
1171 if ( !preg_match( '/^([adObis]):/', $data, $badions ) )
\r
1173 switch ( $badions[1] ) {
\r
1177 if ( preg_match( "/^{$badions[1]}:[0-9]+:.*[;}]\$/s", $data ) )
\r
1183 if ( preg_match( "/^{$badions[1]}:[0-9.E-]+;\$/", $data ) )
\r
1190 // Unserialize value only if it was serialized. Stolen from WP
\r
1191 function yourls_maybe_unserialize( $original ) {
\r
1192 if ( yourls_is_serialized( $original ) ) // don't attempt to unserialize data that wasn't serialized going in
\r
1193 return @unserialize( $original );
\r
1197 // Determine if the current page is private
\r
1198 function yourls_is_private() {
\r
1201 if ( defined('YOURLS_PRIVATE') && YOURLS_PRIVATE == true ) {
\r
1203 // Allow overruling for particular pages:
\r
1206 if( yourls_is_API() ) {
\r
1207 if( !defined('YOURLS_PRIVATE_API') || YOURLS_PRIVATE_API != false )
\r
1211 } elseif( yourls_is_infos() ) {
\r
1212 if( !defined('YOURLS_PRIVATE_INFOS') || YOURLS_PRIVATE_INFOS !== false )
\r
1222 return yourls_apply_filter( 'is_private', $private );
\r
1225 // Show login form if required
\r
1226 function yourls_maybe_require_auth() {
\r
1227 if( yourls_is_private() )
\r
1228 require_once( YOURLS_INC.'/auth.php' );
\r
1231 // Return word or words if more than one
\r
1232 function yourls_plural( $word, $count=1 ) {
\r
1233 return $word . ($count > 1 ? 's' : '');
\r
1236 // Return trimmed string
\r
1237 function yourls_trim_long_string( $string, $length = 60, $append = '[...]' ) {
\r
1238 $newstring = $string;
\r
1239 if( function_exists('mb_substr') ) {
\r
1240 if ( mb_strlen( $newstring ) > $length ) {
\r
1241 $newstring = mb_substr( $newstring, 0, $length - mb_strlen( $append ), 'UTF-8' ) . $append;
\r
1244 if ( strlen( $newstring ) > $length ) {
\r
1245 $newstring = substr( $newstring, 0, $length - strlen( $append ) ) . $append;
\r
1248 return yourls_apply_filter( 'trim_long_string', $newstring, $string, $length, $append );
\r
1251 // Allow several short URLs for the same long URL ?
\r
1252 function yourls_allow_duplicate_longurls() {
\r
1253 // special treatment if API to check for WordPress plugin requests
\r
1254 if( yourls_is_API() ) {
\r
1255 if ( isset($_REQUEST['source']) && $_REQUEST['source'] == 'plugin' )
\r
1258 return ( defined( 'YOURLS_UNIQUE_URLS' ) && YOURLS_UNIQUE_URLS == false );
\r
1261 // Return list of all shorturls associated to the same long URL. Returns NULL or array of keywords.
\r
1262 function yourls_get_duplicate_keywords( $longurl ) {
\r
1263 if( !yourls_allow_duplicate_longurls() )
\r
1267 $longurl = yourls_escape( yourls_sanitize_url($longurl) );
\r
1268 $table = YOURLS_DB_TABLE_URL;
\r
1270 $return = $ydb->get_col( "SELECT `keyword` FROM `$table` WHERE `url` = '$longurl'" );
\r
1271 return yourls_apply_filter( 'get_duplicate_keywords', $return, $longurl );
\r
1274 // Check if an IP shortens URL too fast to prevent DB flood. Return true, or die.
\r
1275 function yourls_check_IP_flood( $ip = '' ) {
\r
1277 // Allow plugins to short-circuit the whole function
\r
1278 $pre = yourls_apply_filter( 'shunt_check_IP_flood', false, $ip );
\r
1279 if ( false !== $pre )
\r
1282 yourls_do_action( 'pre_check_ip_flood', $ip ); // at this point $ip can be '', check it if your plugin hooks in here
\r
1285 ( defined('YOURLS_FLOOD_DELAY_SECONDS') && YOURLS_FLOOD_DELAY_SECONDS === 0 ) ||
\r
1286 !defined('YOURLS_FLOOD_DELAY_SECONDS')
\r
1290 $ip = ( $ip ? yourls_sanitize_ip( $ip ) : yourls_get_IP() );
\r
1292 // Don't throttle whitelist IPs
\r
1293 if( defined('YOURLS_FLOOD_IP_WHITELIST' && YOURLS_FLOOD_IP_WHITELIST ) ) {
\r
1294 $whitelist_ips = explode( ',', YOURLS_FLOOD_IP_WHITELIST );
\r
1295 foreach( (array)$whitelist_ips as $whitelist_ip ) {
\r
1296 $whitelist_ip = trim( $whitelist_ip );
\r
1297 if ( $whitelist_ip == $ip )
\r
1302 // Don't throttle logged in users
\r
1303 if( yourls_is_private() ) {
\r
1304 if( yourls_is_valid_user() === true )
\r
1308 yourls_do_action( 'check_ip_flood', $ip );
\r
1311 $table = YOURLS_DB_TABLE_URL;
\r
1313 $lasttime = $ydb->get_var( "SELECT `timestamp` FROM $table WHERE `ip` = '$ip' ORDER BY `timestamp` DESC LIMIT 1" );
\r
1315 $now = date( 'U' );
\r
1316 $then = date( 'U', strtotime( $lasttime ) );
\r
1317 if( ( $now - $then ) <= YOURLS_FLOOD_DELAY_SECONDS ) {
\r
1319 yourls_do_action( 'ip_flood', $ip, $now - $then );
\r
1320 yourls_die( 'Too many URLs added too fast. Slow down please.', 'Forbidden', 403 );
\r
1327 // Check if YOURLS is installed
\r
1328 function yourls_is_installed() {
\r
1329 static $is_installed = false;
\r
1330 if ( $is_installed === false ) {
\r
1331 $check_14 = $check_13 = false;
\r
1333 if( defined('YOURLS_DB_TABLE_NEXTDEC') )
\r
1334 $check_13 = $ydb->get_var('SELECT `next_id` FROM '.YOURLS_DB_TABLE_NEXTDEC);
\r
1335 $check_14 = yourls_get_option( 'version' );
\r
1336 $is_installed = $check_13 || $check_14;
\r
1338 return yourls_apply_filter( 'is_installed', $is_installed );
\r
1341 // Generate random string of (int)$length length and type $type (see function for details)
\r
1342 function yourls_rnd_string ( $length = 5, $type = 0, $charlist = '' ) {
\r
1344 $length = intval( $length );
\r
1346 // define possible characters
\r
1347 switch ( $type ) {
\r
1349 // custom char list, or comply to charset as defined in config
\r
1351 $possible = $charlist ? $charlist : yourls_get_shorturl_charset() ;
\r
1354 // no vowels to make no offending word, no 0/1/o/l to avoid confusion between letters & digits. Perfect for passwords.
\r
1356 $possible = "23456789bcdfghjkmnpqrstvwxyz";
\r
1359 // Same, with lower + upper
\r
1361 $possible = "23456789bcdfghjkmnpqrstvwxyzBCDFGHJKMNPQRSTVWXYZ";
\r
1364 // all letters, lowercase
\r
1366 $possible = "abcdefghijklmnopqrstuvwxyz";
\r
1369 // all letters, lowercase + uppercase
\r
1371 $possible = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
\r
1374 // all digits & letters lowercase
\r
1376 $possible = "0123456789abcdefghijklmnopqrstuvwxyz";
\r
1379 // all digits & letters lowercase + uppercase
\r
1381 $possible = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
\r
1387 while ($i < $length) {
\r
1388 $str .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
\r
1392 return yourls_apply_filter( 'rnd_string', $str, $length, $type, $charlist );
\r
1395 // Return salted string
\r
1396 function yourls_salt( $string ) {
\r
1397 $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ;
\r
1398 return yourls_apply_filter( 'yourls_salt', md5 ($string . $salt), $string );
\r
1401 // Add a query var to a URL and return URL. Completely stolen from WP.
\r
1402 // Works with one of these parameter patterns:
\r
1403 // array( 'var' => 'value' )
\r
1404 // array( 'var' => 'value' ), $url
\r
1406 // 'var', 'value', $url
\r
1407 // If $url ommited, uses $_SERVER['REQUEST_URI']
\r
1408 function yourls_add_query_arg() {
\r
1410 if ( is_array( func_get_arg(0) ) ) {
\r
1411 if ( @func_num_args() < 2 || false === @func_get_arg( 1 ) )
\r
1412 $uri = $_SERVER['REQUEST_URI'];
\r
1414 $uri = @func_get_arg( 1 );
\r
1416 if ( @func_num_args() < 3 || false === @func_get_arg( 2 ) )
\r
1417 $uri = $_SERVER['REQUEST_URI'];
\r
1419 $uri = @func_get_arg( 2 );
\r
1422 $uri = str_replace( '&', '&', $uri );
\r
1425 if ( $frag = strstr( $uri, '#' ) )
\r
1426 $uri = substr( $uri, 0, -strlen( $frag ) );
\r
1430 if ( preg_match( '|^https?://|i', $uri, $matches ) ) {
\r
1431 $protocol = $matches[0];
\r
1432 $uri = substr( $uri, strlen( $protocol ) );
\r
1437 if ( strpos( $uri, '?' ) !== false ) {
\r
1438 $parts = explode( '?', $uri, 2 );
\r
1439 if ( 1 == count( $parts ) ) {
\r
1441 $query = $parts[0];
\r
1443 $base = $parts[0] . '?';
\r
1444 $query = $parts[1];
\r
1446 } elseif ( !empty( $protocol ) || strpos( $uri, '=' ) === false ) {
\r
1447 $base = $uri . '?';
\r
1454 parse_str( $query, $qs );
\r
1455 $qs = yourls_urlencode_deep( $qs ); // this re-URL-encodes things that were already in the query string
\r
1456 if ( is_array( func_get_arg( 0 ) ) ) {
\r
1457 $kayvees = func_get_arg( 0 );
\r
1458 $qs = array_merge( $qs, $kayvees );
\r
1460 $qs[func_get_arg( 0 )] = func_get_arg( 1 );
\r
1463 foreach ( (array) $qs as $k => $v ) {
\r
1464 if ( $v === false )
\r
1468 $ret = http_build_query( $qs );
\r
1469 $ret = trim( $ret, '?' );
\r
1470 $ret = preg_replace( '#=(&|$)#', '$1', $ret );
\r
1471 $ret = $protocol . $base . $ret . $frag;
\r
1472 $ret = rtrim( $ret, '?' );
\r
1476 // Navigates through an array and encodes the values to be used in a URL. Stolen from WP, used in yourls_add_query_arg()
\r
1477 function yourls_urlencode_deep($value) {
\r
1478 $value = is_array($value) ? array_map('yourls_urlencode_deep', $value) : urlencode($value);
\r
1482 // Remove arg from query. Opposite of yourls_add_query_arg. Stolen from WP.
\r
1483 function yourls_remove_query_arg( $key, $query = false ) {
\r
1484 if ( is_array( $key ) ) { // removing multiple keys
\r
1485 foreach ( $key as $k )
\r
1486 $query = add_query_arg( $k, false, $query );
\r
1489 return add_query_arg( $key, false, $query );
\r
1492 // Return a time-dependent string for nonce creation
\r
1493 function yourls_tick() {
\r
1494 return ceil( time() / YOURLS_NONCE_LIFE );
\r
1497 // Create a time limited, action limited and user limited token
\r
1498 function yourls_create_nonce( $action, $user = false ) {
\r
1499 if( false == $user )
\r
1500 $user = defined('YOURLS_USER') ? YOURLS_USER : '-1';
\r
1501 $tick = yourls_tick();
\r
1502 return substr( yourls_salt($tick . $action . $user), 0, 10 );
\r
1505 // Create a nonce field for inclusion into a form
\r
1506 function yourls_nonce_field( $action, $name = 'nonce', $user = false, $echo = true ) {
\r
1507 $field = '<input type="hidden" id="'.$name.'" name="'.$name.'" value="'.yourls_create_nonce( $action, $user ).'" />';
\r
1513 // Add a nonce to a URL. If URL omitted, adds nonce to current URL
\r
1514 function yourls_nonce_url( $action, $url = false, $name = 'nonce', $user = false ) {
\r
1515 $nonce = yourls_create_nonce( $action, $user );
\r
1516 return yourls_add_query_arg( $name, $nonce, $url );
\r
1519 // Check validity of a nonce (ie time span, user and action match).
\r
1520 // Returns true if valid, dies otherwise (yourls_die() or die($return) if defined)
\r
1521 // if $nonce is false or unspecified, it will use $_REQUEST['nonce']
\r
1522 function yourls_verify_nonce( $action, $nonce = false, $user = false, $return = '' ) {
\r
1524 if( false == $user )
\r
1525 $user = defined('YOURLS_USER') ? YOURLS_USER : '-1';
\r
1527 // get current nonce value
\r
1528 if( false == $nonce && isset( $_REQUEST['nonce'] ) )
\r
1529 $nonce = $_REQUEST['nonce'];
\r
1531 // what nonce should be
\r
1532 $valid = yourls_create_nonce( $action, $user );
\r
1534 if( $nonce == $valid ) {
\r
1539 yourls_die( 'Unauthorized action or expired link', 'Error', 403 );
\r
1543 // Sanitize a version number (1.4.1-whatever -> 1.4.1)
\r
1544 function yourls_sanitize_version( $ver ) {
\r
1545 return preg_replace( '/[^0-9.]/', '', $ver );
\r
1548 // Converts keyword into short link (prepend with YOURLS base URL)
\r
1549 function yourls_link( $keyword = '' ) {
\r
1550 $link = YOURLS_SITE . '/' . yourls_sanitize_keyword( $keyword );
\r
1551 return yourls_apply_filter( 'yourls_link', $link, $keyword );
\r
1554 // Converts keyword into stat link (prepend with YOURLS base URL, append +)
\r
1555 function yourls_statlink( $keyword = '' ) {
\r
1556 $link = YOURLS_SITE . '/' . yourls_sanitize_keyword( $keyword ) . '+';
\r
1557 return yourls_apply_filter( 'yourls_statlink', $link, $keyword );
\r
1560 // Check if we're in API mode. Returns bool
\r
1561 function yourls_is_API() {
\r
1562 if ( defined('YOURLS_API') && YOURLS_API == true )
\r
1567 // Check if we're in Ajax mode. Returns bool
\r
1568 function yourls_is_Ajax() {
\r
1569 if ( defined('YOURLS_AJAX') && YOURLS_AJAX == true )
\r
1574 // Check if we're in GO mode (yourls-go.php). Returns bool
\r
1575 function yourls_is_GO() {
\r
1576 if ( defined('YOURLS_GO') && YOURLS_GO == true )
\r
1581 // Check if we're displaying stats infos (yourls-infos.php). Returns bool
\r
1582 function yourls_is_infos() {
\r
1583 if ( defined('YOURLS_INFOS') && YOURLS_INFOS == true )
\r
1588 // Check if we'll need interface display function (ie not API or redirection)
\r
1589 function yourls_has_interface() {
\r
1590 if( yourls_is_API() or yourls_is_GO() )
\r
1595 // Check if we're in the admin area. Returns bool
\r
1596 function yourls_is_admin() {
\r
1597 if ( defined('YOURLS_ADMIN') && YOURLS_ADMIN == true )
\r
1602 // Check if the server seems to be running on Windows. Not exactly sure how reliable this is.
\r
1603 function yourls_is_windows() {
\r
1604 return defined( 'DIRECTORY_SEPARATOR' ) && DIRECTORY_SEPARATOR == '\\';
\r
1607 // Check if SSL is required. Returns bool.
\r
1608 function yourls_needs_ssl() {
\r
1609 if ( defined('YOURLS_ADMIN_SSL') && YOURLS_ADMIN_SSL == true )
\r
1614 // Return admin link, with SSL preference if applicable.
\r
1615 function yourls_admin_url( $page = '' ) {
\r
1616 $admin = YOURLS_SITE . '/admin/' . $page;
\r
1617 if( yourls_is_ssl() or yourls_needs_ssl() )
\r
1618 $admin = str_replace('http://', 'https://', $admin);
\r
1619 return yourls_apply_filter( 'admin_url', $admin, $page );
\r
1622 // Return YOURLS_SITE, with SSL preference
\r
1623 function yourls_site_url( $echo = true ) {
\r
1624 $site = YOURLS_SITE;
\r
1625 // Do not enforce (checking yourls_need_ssl() ) but check current usage so it won't force SSL on non-admin pages
\r
1626 if( yourls_is_ssl() )
\r
1627 $site = str_replace( 'http://', 'https://', $site );
\r
1628 $site = yourls_apply_filter( 'site_url', $site );
\r
1634 // Check if SSL is used, returns bool. Stolen from WP.
\r
1635 function yourls_is_ssl() {
\r
1637 if ( isset($_SERVER['HTTPS']) ) {
\r
1638 if ( 'on' == strtolower($_SERVER['HTTPS']) )
\r
1640 if ( '1' == $_SERVER['HTTPS'] )
\r
1642 } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
\r
1645 return yourls_apply_filter( 'is_ssl', $is_ssl );
\r
1649 // Get a remote page <title>, return a string (either title or url)
\r
1650 function yourls_get_remote_title( $url ) {
\r
1651 // Allow plugins to short-circuit the whole function
\r
1652 $pre = yourls_apply_filter( 'shunt_get_remote_title', false, $url );
\r
1653 if ( false !== $pre )
\r
1656 require_once( YOURLS_INC.'/functions-http.php' );
\r
1658 $url = yourls_sanitize_url( $url );
\r
1660 $title = $charset = false;
\r
1662 $content = yourls_get_remote_content( $url );
\r
1664 // If false, return url as title.
\r
1665 // Todo: improve this with temporary title when shorturl_meta available?
\r
1666 if( false === $content )
\r
1669 if( $content !== false ) {
\r
1670 // look for <title>
\r
1671 if ( preg_match('/<title>(.*?)<\/title>/is', $content, $found ) ) {
\r
1672 $title = $found[1];
\r
1676 // look for charset
\r
1677 // <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
\r
1678 if ( preg_match('/<meta[^>]*?charset=([^>]*?)\/?>/is', $content, $found ) ) {
\r
1679 $charset = trim($found[1], '"\' ');
\r
1684 // if title not found, guess if returned content was actually an error message
\r
1685 if( $title == false && strpos( $content, 'Error' ) === 0 ) {
\r
1686 $title = $content;
\r
1689 if( $title == false )
\r
1693 if( !yourls_seems_utf8( $title ) )
\r
1694 $title = utf8_encode( $title );
\r
1697 // Charset conversion. We use @ to remove warnings (mb_ functions are easily bitching about illegal chars)
\r
1698 if( function_exists( 'mb_convert_encoding' ) ) {
\r
1700 $title = @mb_convert_encoding( $title, 'UTF-8', $charset );
\r
1702 $title = @mb_convert_encoding( $title, 'UTF-8' );
\r
1706 // Remove HTML entities
\r
1707 $title = html_entity_decode( $title, ENT_QUOTES, 'UTF-8' );
\r
1709 // Strip out evil things
\r
1710 $title = yourls_sanitize_title( $title );
\r
1712 return yourls_apply_filter( 'get_remote_title', $title, $url );
\r
1715 // Sanitize a filename (no Win32 stuff)
\r
1716 function yourls_sanitize_filename( $file ) {
\r
1717 $file = str_replace( '\\', '/', $file ); // sanitize for Win32 installs
\r
1718 $file = preg_replace( '|/+|' ,'/', $file ); // remove any duplicate slash
\r
1722 // Check for maintenance mode that will shortcut everything
\r
1723 function yourls_check_maintenance_mode() {
\r
1725 // TODO: all cases that always display the sites (is_admin but not is_ajax?)
\r
1729 // first case: /user/maintenance.php file
\r
1730 if( file_exists( YOURLS_USERDIR.'/maintenance.php' ) ) {
\r
1731 include( YOURLS_USERDIR.'/maintenance.php' );
\r
1735 // second case: option in DB
\r
1736 if( yourls_get_option( 'maintenance_mode' ) !== false ) {
\r
1737 require_once( YOURLS_INC.'/functions-html.php' );
\r
1738 $title = 'Service temporarily unavailable';
\r
1739 $message = 'Our service is currently undergoing scheduled maintenance.</p>
\r
1740 <p>Things should not last very long, thank you for your patience and please excuse the inconvenience';
\r
1741 yourls_die( $message, $title , 503 );
\r
1746 // Toggle maintenance mode
\r
1747 function yourls_maintenance_mode( $maintenance = true ) {
\r
1748 yourls_update_option( 'maintenance_mode', (bool)$maintenance );
\r
1751 // Check if a string seems to be UTF-8. Stolen from WP.
\r
1752 function yourls_seems_utf8($str) {
\r
1753 $length = strlen($str);
\r
1754 for ($i=0; $i < $length; $i++) {
\r
1755 $c = ord($str[$i]);
\r
1756 if ($c < 0x80) $n = 0; # 0bbbbbbb
\r
1757 elseif (($c & 0xE0) == 0xC0) $n=1; # 110bbbbb
\r
1758 elseif (($c & 0xF0) == 0xE0) $n=2; # 1110bbbb
\r
1759 elseif (($c & 0xF8) == 0xF0) $n=3; # 11110bbb
\r
1760 elseif (($c & 0xFC) == 0xF8) $n=4; # 111110bb
\r
1761 elseif (($c & 0xFE) == 0xFC) $n=5; # 1111110b
\r
1762 else return false; # Does not match any model
\r
1763 for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
\r
1764 if ((++$i == $length) || ((ord($str[$i]) & 0xC0) != 0x80))
\r
1771 // Quick UA check for mobile devices. Return boolean.
\r
1772 function yourls_is_mobile_device() {
\r
1773 // Strings searched
\r
1775 'android', 'blackberry', 'blazer',
\r
1776 'compal', 'elaine', 'fennec', 'hiptop',
\r
1777 'iemobile', 'iphone', 'ipod', 'ipad',
\r
1778 'iris', 'kindle', 'opera mobi', 'opera mini',
\r
1779 'palm', 'phone', 'pocket', 'psp', 'symbian',
\r
1780 'treo', 'wap', 'windows ce', 'windows phone'
\r
1783 // Current user-agent
\r
1784 $current = strtolower( $_SERVER['HTTP_USER_AGENT'] );
\r
1786 // Check and return
\r
1787 $is_mobile = ( str_replace( $mobiles, '', $current ) != $current );
\r
1788 return yourls_apply_filter( 'is_mobile_device', $is_mobile );
\r
1791 // Get request in YOURLS base (eg in 'http://site.com/yourls/abcd' get 'abdc')
\r
1792 function yourls_get_request() {
\r
1793 // Allow plugins to short-circuit the whole function
\r
1794 $pre = yourls_apply_filter( 'shunt_get_request', false );
\r
1795 if ( false !== $pre )
\r
1798 yourls_do_action( 'pre_get_request' );
\r
1800 // Ignore protocol and extract keyword
\r
1801 $base = str_replace( array( 'https://', 'http://' ), '', YOURLS_SITE );
\r
1802 $request = str_replace( $base.'/', '', $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
\r
1804 return yourls_apply_filter( 'get_request', $request );
\r
1807 // Change protocol to match current scheme used (http or https)
\r
1808 function yourls_match_current_protocol( $url, $normal = 'http', $ssl = 'https' ) {
\r
1809 if( yourls_is_ssl() )
\r
1810 $url = str_replace( $normal, $ssl, $url );
\r
1811 return yourls_apply_filter( 'match_current_protocol', $url );
\r
1814 // Fix $_SERVER['REQUEST_URI'] variable for various setups. Stolen from WP.
\r
1815 function yourls_fix_request_uri() {
\r
1817 $default_server_values = array(
\r
1818 'SERVER_SOFTWARE' => '',
\r
1819 'REQUEST_URI' => '',
\r
1821 $_SERVER = array_merge( $default_server_values, $_SERVER );
\r
1823 // Fix for IIS when running with PHP ISAPI
\r
1824 if ( empty( $_SERVER['REQUEST_URI'] ) || ( php_sapi_name() != 'cgi-fcgi' && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) ) ) {
\r
1826 // IIS Mod-Rewrite
\r
1827 if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {
\r
1828 $_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];
\r
1830 // IIS Isapi_Rewrite
\r
1831 else if ( isset( $_SERVER['HTTP_X_REWRITE_URL'] ) ) {
\r
1832 $_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_REWRITE_URL'];
\r
1834 // Use ORIG_PATH_INFO if there is no PATH_INFO
\r
1835 if ( !isset( $_SERVER['PATH_INFO'] ) && isset( $_SERVER['ORIG_PATH_INFO'] ) )
\r
1836 $_SERVER['PATH_INFO'] = $_SERVER['ORIG_PATH_INFO'];
\r
1838 // Some IIS + PHP configurations puts the script-name in the path-info (No need to append it twice)
\r
1839 if ( isset( $_SERVER['PATH_INFO'] ) ) {
\r
1840 if ( $_SERVER['PATH_INFO'] == $_SERVER['SCRIPT_NAME'] )
\r
1841 $_SERVER['REQUEST_URI'] = $_SERVER['PATH_INFO'];
\r
1843 $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
\r
1846 // Append the query string if it exists and isn't null
\r
1847 if ( ! empty( $_SERVER['QUERY_STRING'] ) ) {
\r
1848 $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
\r
1854 // Shutdown function, runs just before PHP shuts down execution. Stolen from WP
\r
1855 function yourls_shutdown() {
\r
1856 yourls_do_action( 'shutdown' );
\r