8 * Determine the allowed character set in short URLs
11 function yourls_get_shorturl_charset() {
12 static $charset = null;
13 if( $charset !== null )
16 if( !defined('YOURLS_URL_CONVERT') ) {
17 $charset = '0123456789abcdefghijklmnopqrstuvwxyz';
19 switch( YOURLS_URL_CONVERT ) {
21 $charset = '0123456789abcdefghijklmnopqrstuvwxyz';
24 case 64: // just because some people get this wrong in their config.php
25 $charset = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
30 $charset = yourls_apply_filter( 'get_shorturl_charset', $charset );
35 * Make an optimized regexp pattern from a string of characters
38 function yourls_make_regexp_pattern( $string ) {
39 $pattern = preg_quote( $string, '-' ); // add - as an escaped characters -- this is fixed in PHP 5.3
40 // TODO: replace char sequences by smart sequences such as 0-9, a-z, A-Z ... ?
45 * Is a URL a short URL? Accept either 'http://sho.rt/abc' or 'abc'
48 function yourls_is_shorturl( $shorturl ) {
49 // TODO: make sure this function evolves with the feature set.
53 // Is $shorturl a URL (http://sho.rt/abc) or a keyword (abc) ?
54 if( yourls_get_protocol( $shorturl ) ) {
55 $keyword = yourls_get_relative_url( $shorturl );
60 // Check if it's a valid && used keyword
61 if( $keyword && $keyword == yourls_sanitize_string( $keyword ) && yourls_keyword_is_taken( $keyword ) ) {
65 return yourls_apply_filter( 'is_shorturl', $is_short, $shorturl );
69 * Check to see if a given keyword is reserved (ie reserved URL or an existing page). Returns bool
72 function yourls_keyword_is_reserved( $keyword ) {
73 global $yourls_reserved_URL;
74 $keyword = yourls_sanitize_keyword( $keyword );
77 if ( in_array( $keyword, $yourls_reserved_URL)
78 or file_exists( YOURLS_ABSPATH ."/pages/$keyword.php" )
79 or is_dir( YOURLS_ABSPATH ."/$keyword" )
83 return yourls_apply_filter( 'keyword_is_reserved', $reserved, $keyword );
87 * Function: Get client IP Address. Returns a DB safe string.
90 function yourls_get_IP() {
93 // Precedence: if set, X-Forwarded-For > HTTP_X_FORWARDED_FOR > HTTP_CLIENT_IP > HTTP_VIA > REMOTE_ADDR
94 $headers = array( 'X-Forwarded-For', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_VIA', 'REMOTE_ADDR' );
95 foreach( $headers as $header ) {
96 if ( !empty( $_SERVER[ $header ] ) ) {
97 $ip = $_SERVER[ $header ];
102 // headers can contain multiple IPs (X-Forwarded-For = client, proxy1, proxy2). Take first one.
103 if ( strpos( $ip, ',' ) !== false )
104 $ip = substr( $ip, 0, strpos( $ip, ',' ) );
106 return yourls_apply_filter( 'get_IP', yourls_sanitize_ip( $ip ) );
110 * Get next id a new link will have if no custom keyword provided
113 function yourls_get_next_decimal() {
114 return yourls_apply_filter( 'get_next_decimal', (int)yourls_get_option( 'next_id' ) );
118 * Update id for next link with no custom keyword
121 function yourls_update_next_decimal( $int = '' ) {
122 $int = ( $int == '' ) ? yourls_get_next_decimal() + 1 : (int)$int ;
123 $update = yourls_update_option( 'next_id', $int );
124 yourls_do_action( 'update_next_decimal', $int, $update );
129 * Delete a link in the DB
132 function yourls_delete_link_by_keyword( $keyword ) {
135 $table = YOURLS_DB_TABLE_URL;
136 $keyword = yourls_sanitize_string( $keyword );
137 $delete = $ydb->query("DELETE FROM `$table` WHERE `keyword` = '$keyword';");
138 yourls_do_action( 'delete_link', $keyword, $delete );
143 * SQL query to insert a new link in the DB. Returns boolean for success or failure of the inserting
146 function yourls_insert_link_in_db( $url, $keyword, $title = '' ) {
149 $url = yourls_escape( yourls_sanitize_url( $url ) );
150 $keyword = yourls_escape( yourls_sanitize_keyword( $keyword ) );
151 $title = yourls_escape( yourls_sanitize_title( $title ) );
153 $table = YOURLS_DB_TABLE_URL;
154 $timestamp = date('Y-m-d H:i:s');
155 $ip = yourls_get_IP();
156 $insert = $ydb->query("INSERT INTO `$table` (`keyword`, `url`, `title`, `timestamp`, `ip`, `clicks`) VALUES('$keyword', '$url', '$title', '$timestamp', '$ip', 0);");
158 yourls_do_action( 'insert_link', (bool)$insert, $url, $keyword, $title, $timestamp, $ip );
160 return (bool)$insert;
164 * Check if a URL already exists in the DB. Return NULL (doesn't exist) or an object with URL informations.
167 function yourls_url_exists( $url ) {
168 // Allow plugins to short-circuit the whole function
169 $pre = yourls_apply_filter( 'shunt_url_exists', false, $url );
170 if ( false !== $pre )
174 $table = YOURLS_DB_TABLE_URL;
175 $strip_url = stripslashes($url);
176 $url_exists = $ydb->get_row("SELECT * FROM `$table` WHERE `url` = '".$strip_url."';");
178 return yourls_apply_filter( 'url_exists', $url_exists, $url );
182 * Add a new link in the DB, either with custom keyword, or find one
185 function yourls_add_new_link( $url, $keyword = '', $title = '' ) {
186 // Allow plugins to short-circuit the whole function
187 $pre = yourls_apply_filter( 'shunt_add_new_link', false, $url, $keyword, $title );
188 if ( false !== $pre )
191 $url = yourls_encodeURI( $url );
192 $url = yourls_escape( yourls_sanitize_url( $url ) );
193 if ( !$url || $url == 'http://' || $url == 'https://' ) {
194 $return['status'] = 'fail';
195 $return['code'] = 'error:nourl';
196 $return['message'] = yourls__( 'Missing or malformed URL' );
197 $return['errorCode'] = '400';
198 return yourls_apply_filter( 'add_new_link_fail_nourl', $return, $url, $keyword, $title );
202 $ip = yourls_get_IP();
203 yourls_check_IP_flood( $ip );
205 // Prevent internal redirection loops: cannot shorten a shortened URL
206 if( yourls_get_relative_url( $url ) ) {
207 if( yourls_is_shorturl( $url ) ) {
208 $return['status'] = 'fail';
209 $return['code'] = 'error:noloop';
210 $return['message'] = yourls__( 'URL is a short URL' );
211 $return['errorCode'] = '400';
212 return yourls_apply_filter( 'add_new_link_fail_noloop', $return, $url, $keyword, $title );
216 yourls_do_action( 'pre_add_new_link', $url, $keyword, $title );
218 $strip_url = stripslashes( $url );
221 // duplicates allowed or new URL => store it
222 if( yourls_allow_duplicate_longurls() || !( $url_exists = yourls_url_exists( $url ) ) ) {
224 if( isset( $title ) && !empty( $title ) ) {
225 $title = yourls_sanitize_title( $title );
227 $title = yourls_get_remote_title( $url );
229 $title = yourls_apply_filter( 'add_new_title', $title, $url, $keyword );
231 // Custom keyword provided
234 yourls_do_action( 'add_new_link_custom_keyword', $url, $keyword, $title );
236 $keyword = yourls_escape( yourls_sanitize_string( $keyword ) );
237 $keyword = yourls_apply_filter( 'custom_keyword', $keyword, $url, $title );
238 if ( !yourls_keyword_is_free( $keyword ) ) {
239 // This shorturl either reserved or taken already
240 $return['status'] = 'fail';
241 $return['code'] = 'error:keyword';
242 $return['message'] = yourls_s( 'Short URL %s already exists in database or is reserved', $keyword );
244 // all clear, store !
245 yourls_insert_link_in_db( $url, $keyword, $title );
246 $return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'title' => $title, 'date' => date('Y-m-d H:i:s'), 'ip' => $ip );
247 $return['status'] = 'success';
248 $return['message'] = /* //translators: eg "http://someurl/ added to DB" */ yourls_s( '%s added to database', yourls_trim_long_string( $strip_url ) );
249 $return['title'] = $title;
250 $return['html'] = yourls_table_add_row( $keyword, $url, $title, $ip, 0, time() );
251 $return['shorturl'] = YOURLS_SITE .'/'. $keyword;
254 // Create random keyword
257 yourls_do_action( 'add_new_link_create_keyword', $url, $keyword, $title );
259 $timestamp = date( 'Y-m-d H:i:s' );
260 $id = yourls_get_next_decimal();
263 $keyword = yourls_int2string( $id );
264 $keyword = yourls_apply_filter( 'random_keyword', $keyword, $url, $title );
265 if ( yourls_keyword_is_free($keyword) ) {
266 if( @yourls_insert_link_in_db( $url, $keyword, $title ) ){
267 // everything ok, populate needed vars
268 $return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'title' => $title, 'date' => $timestamp, 'ip' => $ip );
269 $return['status'] = 'success';
270 $return['message'] = /* //translators: eg "http://someurl/ added to DB" */ yourls_s( '%s added to database', yourls_trim_long_string( $strip_url ) );
271 $return['title'] = $title;
272 $return['html'] = yourls_table_add_row( $keyword, $url, $title, $ip, 0, time() );
273 $return['shorturl'] = YOURLS_SITE .'/'. $keyword;
275 // database error, couldnt store result
276 $return['status'] = 'fail';
277 $return['code'] = 'error:db';
278 $return['message'] = yourls_s( 'Error saving url to database' );
284 @yourls_update_next_decimal( $id );
287 // URL was already stored
290 yourls_do_action( 'add_new_link_already_stored', $url, $keyword, $title );
292 $return['status'] = 'fail';
293 $return['code'] = 'error:url';
294 $return['url'] = array( 'keyword' => $url_exists->keyword, 'url' => $strip_url, 'title' => $url_exists->title, 'date' => $url_exists->timestamp, 'ip' => $url_exists->ip, 'clicks' => $url_exists->clicks );
295 $return['message'] = /* //translators: eg "http://someurl/ already exists" */ yourls_s( '%s already exists in database', yourls_trim_long_string( $strip_url ) );
296 $return['title'] = $url_exists->title;
297 $return['shorturl'] = YOURLS_SITE .'/'. $url_exists->keyword;
300 yourls_do_action( 'post_add_new_link', $url, $keyword, $title );
302 $return['statusCode'] = 200; // regardless of result, this is still a valid request
303 return yourls_apply_filter( 'add_new_link', $return, $url, $keyword, $title );
311 function yourls_edit_link( $url, $keyword, $newkeyword='', $title='' ) {
314 $table = YOURLS_DB_TABLE_URL;
315 $url = yourls_escape (yourls_sanitize_url( $url ) );
316 $keyword = yourls_escape( yourls_sanitize_string( $keyword ) );
317 $title = yourls_escape( yourls_sanitize_title( $title ) );
318 $newkeyword = yourls_escape( yourls_sanitize_string( $newkeyword ) );
319 $strip_url = stripslashes( $url );
320 $strip_title = stripslashes( $title );
321 $old_url = $ydb->get_var( "SELECT `url` FROM `$table` WHERE `keyword` = '$keyword';" );
323 // Check if new URL is not here already
324 if ( $old_url != $url && !yourls_allow_duplicate_longurls() ) {
325 $new_url_already_there = intval($ydb->get_var("SELECT COUNT(keyword) FROM `$table` WHERE `url` = '$strip_url';"));
327 $new_url_already_there = false;
330 // Check if the new keyword is not here already
331 if ( $newkeyword != $keyword ) {
332 $keyword_is_ok = yourls_keyword_is_free( $newkeyword );
334 $keyword_is_ok = true;
337 yourls_do_action( 'pre_edit_link', $url, $keyword, $newkeyword, $new_url_already_there, $keyword_is_ok );
340 if ( ( !$new_url_already_there || yourls_allow_duplicate_longurls() ) && $keyword_is_ok ) {
341 $update_url = $ydb->query( "UPDATE `$table` SET `url` = '$url', `keyword` = '$newkeyword', `title` = '$title' WHERE `keyword` = '$keyword';" );
343 $return['url'] = array( 'keyword' => $newkeyword, 'shorturl' => YOURLS_SITE.'/'.$newkeyword, 'url' => $strip_url, 'display_url' => yourls_trim_long_string( $strip_url ), 'title' => $strip_title, 'display_title' => yourls_trim_long_string( $strip_title ) );
344 $return['status'] = 'success';
345 $return['message'] = yourls__( 'Link updated in database' );
347 $return['status'] = 'fail';
348 $return['message'] = /* //translators: "Error updating http://someurl/ (Shorturl: http://sho.rt/blah)" */ yourls_s( 'Error updating %s (Short URL: %s)', yourls_trim_long_string( $strip_url ), $keyword ) ;
353 $return['status'] = 'fail';
354 $return['message'] = yourls__( 'URL or keyword already exists in database' );
357 return yourls_apply_filter( 'edit_link', $return, $url, $keyword, $newkeyword, $title, $new_url_already_there, $keyword_is_ok );
361 * Update a title link (no checks for duplicates etc..)
364 function yourls_edit_link_title( $keyword, $title ) {
367 $keyword = yourls_escape( yourls_sanitize_keyword( $keyword ) );
368 $title = yourls_escape( yourls_sanitize_title( $title ) );
370 $table = YOURLS_DB_TABLE_URL;
371 $update = $ydb->query("UPDATE `$table` SET `title` = '$title' WHERE `keyword` = '$keyword';");
378 * Check if keyword id is free (ie not already taken, and not reserved). Return bool.
381 function yourls_keyword_is_free( $keyword ) {
383 if ( yourls_keyword_is_reserved( $keyword ) or yourls_keyword_is_taken( $keyword ) )
386 return yourls_apply_filter( 'keyword_is_free', $free, $keyword );
390 * Check if a keyword is taken (ie there is already a short URL with this id). Return bool.
393 function yourls_keyword_is_taken( $keyword ) {
395 // Allow plugins to short-circuit the whole function
396 $pre = yourls_apply_filter( 'shunt_keyword_is_taken', false, $keyword );
397 if ( false !== $pre )
401 $keyword = yourls_sanitize_keyword( $keyword );
403 $table = YOURLS_DB_TABLE_URL;
404 $already_exists = $ydb->get_var( "SELECT COUNT(`keyword`) FROM `$table` WHERE `keyword` = '$keyword';" );
405 if ( $already_exists )
408 return yourls_apply_filter( 'keyword_is_taken', $taken, $keyword );
416 function yourls_db_connect() {
419 if ( !defined( 'YOURLS_DB_USER' )
420 or !defined( 'YOURLS_DB_PASS' )
421 or !defined( 'YOURLS_DB_NAME' )
422 or !defined( 'YOURLS_DB_HOST' )
423 ) yourls_die ( yourls__( 'Incorrect DB config, or could not connect to DB' ), yourls__( 'Fatal error' ), 503 );
425 // Are we standalone or in the WordPress environment?
426 if ( class_exists( 'wpdb', false ) ) {
427 /* TODO: should we deprecate this? Follow WP dev in that area */
428 $ydb = new wpdb( YOURLS_DB_USER, YOURLS_DB_PASS, YOURLS_DB_NAME, YOURLS_DB_HOST );
430 yourls_set_DB_driver();
433 // Check if connection attempt raised an error. It seems that only PDO does, though.
434 if ( $ydb->last_error )
435 yourls_die( $ydb->last_error, yourls__( 'Fatal error' ), 503 );
437 if ( defined( 'YOURLS_DEBUG' ) && YOURLS_DEBUG === true )
438 $ydb->show_errors = true;
447 function yourls_xml_encode( $array ) {
448 require_once( YOURLS_INC.'/functions-xml.php' );
449 $converter= new yourls_array2xml;
450 return $converter->array2xml( $array );
454 * Return array of all information associated with keyword. Returns false if keyword not found. Set optional $use_cache to false to force fetching from DB
457 function yourls_get_keyword_infos( $keyword, $use_cache = true ) {
459 $keyword = yourls_sanitize_string( $keyword );
461 yourls_do_action( 'pre_get_keyword', $keyword, $use_cache );
463 if( isset( $ydb->infos[$keyword] ) && $use_cache == true ) {
464 return yourls_apply_filter( 'get_keyword_infos', $ydb->infos[$keyword], $keyword );
467 yourls_do_action( 'get_keyword_not_cached', $keyword );
469 $table = YOURLS_DB_TABLE_URL;
470 $infos = $ydb->get_row( "SELECT * FROM `$table` WHERE `keyword` = '$keyword'" );
473 $infos = (array)$infos;
474 $ydb->infos[ $keyword ] = $infos;
476 $ydb->infos[ $keyword ] = false;
479 return yourls_apply_filter( 'get_keyword_infos', $ydb->infos[$keyword], $keyword );
483 * Return (string) selected information associated with a keyword. Optional $notfound = string default message if nothing found
486 function yourls_get_keyword_info( $keyword, $field, $notfound = false ) {
488 // Allow plugins to short-circuit the whole function
489 $pre = yourls_apply_filter( 'shunt_get_keyword_info', false, $keyword, $field, $notfound );
490 if ( false !== $pre )
493 $keyword = yourls_sanitize_string( $keyword );
494 $infos = yourls_get_keyword_infos( $keyword );
497 if ( isset( $infos[ $field ] ) && $infos[ $field ] !== false )
498 $return = $infos[ $field ];
500 return yourls_apply_filter( 'get_keyword_info', $return, $keyword, $field, $notfound );
504 * Return title associated with keyword. Optional $notfound = string default message if nothing found
507 function yourls_get_keyword_title( $keyword, $notfound = false ) {
508 return yourls_get_keyword_info( $keyword, 'title', $notfound );
512 * Return long URL associated with keyword. Optional $notfound = string default message if nothing found
515 function yourls_get_keyword_longurl( $keyword, $notfound = false ) {
516 return yourls_get_keyword_info( $keyword, 'url', $notfound );
520 * Return number of clicks on a keyword. Optional $notfound = string default message if nothing found
523 function yourls_get_keyword_clicks( $keyword, $notfound = false ) {
524 return yourls_get_keyword_info( $keyword, 'clicks', $notfound );
528 * Return IP that added a keyword. Optional $notfound = string default message if nothing found
531 function yourls_get_keyword_IP( $keyword, $notfound = false ) {
532 return yourls_get_keyword_info( $keyword, 'ip', $notfound );
536 * Return timestamp associated with a keyword. Optional $notfound = string default message if nothing found
539 function yourls_get_keyword_timestamp( $keyword, $notfound = false ) {
540 return yourls_get_keyword_info( $keyword, 'timestamp', $notfound );
544 * Update click count on a short URL. Return 0/1 for error/success.
547 function yourls_update_clicks( $keyword, $clicks = false ) {
548 // Allow plugins to short-circuit the whole function
549 $pre = yourls_apply_filter( 'shunt_update_clicks', false, $keyword, $clicks );
550 if ( false !== $pre )
554 $keyword = yourls_sanitize_string( $keyword );
555 $table = YOURLS_DB_TABLE_URL;
556 if ( $clicks !== false && is_int( $clicks ) && $clicks >= 0 )
557 $update = $ydb->query( "UPDATE `$table` SET `clicks` = $clicks WHERE `keyword` = '$keyword'" );
559 $update = $ydb->query( "UPDATE `$table` SET `clicks` = clicks + 1 WHERE `keyword` = '$keyword'" );
561 yourls_do_action( 'update_clicks', $keyword, $update, $clicks );
566 * Return array of stats. (string)$filter is 'bottom', 'last', 'rand' or 'top'. (int)$limit is the number of links to return
569 function yourls_get_stats( $filter = 'top', $limit = 10, $start = 0 ) {
578 $sort_by = 'timestamp';
579 $sort_order = 'desc';
589 $sort_order = 'desc';
594 $limit = intval( $limit );
595 $start = intval( $start );
598 $table_url = YOURLS_DB_TABLE_URL;
599 $results = $ydb->get_results( "SELECT * FROM `$table_url` WHERE 1=1 ORDER BY `$sort_by` $sort_order LIMIT $start, $limit;" );
604 foreach ( (array)$results as $res ) {
605 $return['links']['link_'.$i++] = array(
606 'shorturl' => YOURLS_SITE .'/'. $res->keyword,
608 'title' => $res->title,
609 'timestamp'=> $res->timestamp,
611 'clicks' => $res->clicks,
616 $return['stats'] = yourls_get_db_stats();
618 $return['statusCode'] = 200;
620 return yourls_apply_filter( 'get_stats', $return, $filter, $limit, $start );
624 * Return array of stats. (string)$filter is 'bottom', 'last', 'rand' or 'top'. (int)$limit is the number of links to return
627 function yourls_get_link_stats( $shorturl ) {
630 $table_url = YOURLS_DB_TABLE_URL;
631 $res = $ydb->get_row( "SELECT * FROM `$table_url` WHERE keyword = '$shorturl';" );
638 'message' => 'Error: short URL not found',
643 'message' => 'success',
645 'shorturl' => YOURLS_SITE .'/'. $res->keyword,
647 'title' => $res->title,
648 'timestamp'=> $res->timestamp,
650 'clicks' => $res->clicks,
655 return yourls_apply_filter( 'get_link_stats', $return, $shorturl );
659 * Get total number of URLs and sum of clicks. Input: optional "AND WHERE" clause. Returns array
662 function yourls_get_db_stats( $where = '' ) {
664 $table_url = YOURLS_DB_TABLE_URL;
666 $totals = $ydb->get_row( "SELECT COUNT(keyword) as count, SUM(clicks) as sum FROM `$table_url` WHERE 1=1 $where" );
667 $return = array( 'total_links' => $totals->count, 'total_clicks' => $totals->sum );
669 return yourls_apply_filter( 'get_db_stats', $return, $where );
673 * Get number of SQL queries performed
676 function yourls_get_num_queries() {
679 return yourls_apply_filter( 'get_num_queries', $ydb->num_queries );
683 * Returns a sanitized a user agent string. Given what I found on http://www.user-agents.org/ it should be OK.
686 function yourls_get_user_agent() {
687 if ( !isset( $_SERVER['HTTP_USER_AGENT'] ) )
690 $ua = strip_tags( html_entity_decode( $_SERVER['HTTP_USER_AGENT'] ));
691 $ua = preg_replace('![^0-9a-zA-Z\':., /{}\(\)\[\]\+@&\!\?;_\-=~\*\#]!', '', $ua );
693 return yourls_apply_filter( 'get_user_agent', substr( $ua, 0, 254 ) );
697 * Redirect to another page
700 function yourls_redirect( $location, $code = 301 ) {
701 yourls_do_action( 'pre_redirect', $location, $code );
702 $location = yourls_apply_filter( 'redirect_location', $location, $code );
703 $code = yourls_apply_filter( 'redirect_code', $code, $location );
704 // Redirect, either properly if possible, or via Javascript otherwise
705 if( !headers_sent() ) {
706 yourls_status_header( $code );
707 header( "Location: $location" );
709 yourls_redirect_javascript( $location );
715 * Set HTTP status header
718 function yourls_status_header( $code = 200 ) {
722 $protocol = $_SERVER['SERVER_PROTOCOL'];
723 if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol )
724 $protocol = 'HTTP/1.0';
726 $code = intval( $code );
727 $desc = yourls_get_HTTP_status( $code );
729 @header ("$protocol $code $desc"); // This causes problems on IIS and some FastCGI setups
730 yourls_do_action( 'status_header', $code );
734 * Redirect to another page using Javascript. Set optional (bool)$dontwait to false to force manual redirection (make sure a message has been read by user)
737 function yourls_redirect_javascript( $location, $dontwait = true ) {
738 yourls_do_action( 'pre_redirect_javascript', $location, $dontwait );
739 $location = yourls_apply_filter( 'redirect_javascript', $location, $dontwait );
741 $message = yourls_s( 'if you are not redirected after 10 seconds, please <a href="%s">click here</a>', $location );
743 <script type="text/javascript">
744 window.location="$location";
746 <small>($message)</small>
749 echo '<p>' . yourls_s( 'Please <a href="%s">click here</a>', $location ) . '</p>';
751 yourls_do_action( 'post_redirect_javascript', $location );
755 * Return a HTTP status code
758 function yourls_get_HTTP_status( $code ) {
759 $code = intval( $code );
760 $headers_desc = array(
762 101 => 'Switching Protocols',
768 203 => 'Non-Authoritative Information',
770 205 => 'Reset Content',
771 206 => 'Partial Content',
772 207 => 'Multi-Status',
775 300 => 'Multiple Choices',
776 301 => 'Moved Permanently',
779 304 => 'Not Modified',
782 307 => 'Temporary Redirect',
784 400 => 'Bad Request',
785 401 => 'Unauthorized',
786 402 => 'Payment Required',
789 405 => 'Method Not Allowed',
790 406 => 'Not Acceptable',
791 407 => 'Proxy Authentication Required',
792 408 => 'Request Timeout',
795 411 => 'Length Required',
796 412 => 'Precondition Failed',
797 413 => 'Request Entity Too Large',
798 414 => 'Request-URI Too Long',
799 415 => 'Unsupported Media Type',
800 416 => 'Requested Range Not Satisfiable',
801 417 => 'Expectation Failed',
802 422 => 'Unprocessable Entity',
804 424 => 'Failed Dependency',
805 426 => 'Upgrade Required',
807 500 => 'Internal Server Error',
808 501 => 'Not Implemented',
809 502 => 'Bad Gateway',
810 503 => 'Service Unavailable',
811 504 => 'Gateway Timeout',
812 505 => 'HTTP Version Not Supported',
813 506 => 'Variant Also Negotiates',
814 507 => 'Insufficient Storage',
815 510 => 'Not Extended'
818 if ( isset( $headers_desc[$code] ) )
819 return $headers_desc[$code];
826 * Log a redirect (for stats)
829 function yourls_log_redirect( $keyword ) {
830 // Allow plugins to short-circuit the whole function
831 $pre = yourls_apply_filter( 'shunt_log_redirect', false, $keyword );
832 if ( false !== $pre )
835 if ( !yourls_do_log_redirect() )
839 $table = YOURLS_DB_TABLE_LOG;
841 $keyword = yourls_sanitize_string( $keyword );
842 $referrer = ( isset( $_SERVER['HTTP_REFERER'] ) ? yourls_sanitize_url( $_SERVER['HTTP_REFERER'] ) : 'direct' );
843 $ua = yourls_get_user_agent();
844 $ip = yourls_get_IP();
845 $location = yourls_geo_ip_to_countrycode( $ip );
847 return $ydb->query( "INSERT INTO `$table` (click_time, shorturl, referrer, user_agent, ip_address, country_code) VALUES (NOW(), '$keyword', '$referrer', '$ua', '$ip', '$location')" );
851 * Check if we want to not log redirects (for stats)
854 function yourls_do_log_redirect() {
855 return ( !defined( 'YOURLS_NOSTATS' ) || YOURLS_NOSTATS != true );
859 * Converts an IP to a 2 letter country code, using GeoIP database if available in includes/geo/
862 * @param string $ip IP or, if empty string, will be current user IP
863 * @param string $defaut Default string to return if IP doesn't resolve to a country (malformed, private IP...)
864 * @return string 2 letter country code (eg 'US') or $default
866 function yourls_geo_ip_to_countrycode( $ip = '', $default = '' ) {
867 // Allow plugins to short-circuit the Geo IP API
868 $location = yourls_apply_filter( 'shunt_geo_ip_to_countrycode', false, $ip, $default ); // at this point $ip can be '', check if your plugin hooks in here
869 if ( false !== $location )
873 $ip = yourls_get_IP();
875 // Use IPv4 or IPv6 DB & functions
876 if( false === filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) ) {
878 $func = 'geoip_country_code_by_addr';
881 $func = 'geoip_country_code_by_addr_v6';
884 if ( !file_exists( YOURLS_INC . '/geo/' . $db ) || !file_exists( YOURLS_INC .'/geo/geoip.inc' ) )
887 require_once( YOURLS_INC . '/geo/geoip.inc' );
888 $gi = geoip_open( YOURLS_INC . '/geo/' . $db, GEOIP_STANDARD );
890 $location = call_user_func( $func, $gi, $ip );
891 } catch ( Exception $e ) {
896 if( '' == $location )
897 $location = $default;
899 return yourls_apply_filter( 'geo_ip_to_countrycode', $location, $ip, $default );
903 * Converts a 2 letter country code to long name (ie AU -> Australia)
906 function yourls_geo_countrycode_to_countryname( $code ) {
907 // Allow plugins to short-circuit the Geo IP API
908 $country = yourls_apply_filter( 'shunt_geo_countrycode_to_countryname', false, $code );
909 if ( false !== $country )
912 // Load the Geo class if not already done
913 if( !class_exists( 'GeoIP', false ) ) {
914 $temp = yourls_geo_ip_to_countrycode( '127.0.0.1' );
917 if( class_exists( 'GeoIP', false ) ) {
919 $id = $geo->GEOIP_COUNTRY_CODE_TO_NUMBER[ $code ];
920 $long = $geo->GEOIP_COUNTRY_NAMES[ $id ];
928 * Return flag URL from 2 letter country code
931 function yourls_geo_get_flag( $code ) {
932 if( file_exists( YOURLS_INC.'/geo/flags/flag_'.strtolower($code).'.gif' ) ) {
933 $img = yourls_match_current_protocol( YOURLS_SITE.'/includes/geo/flags/flag_'.( strtolower( $code ) ).'.gif' );
937 return yourls_apply_filter( 'geo_get_flag', $img, $code );
942 * Check if an upgrade is needed
945 function yourls_upgrade_is_needed() {
946 // check YOURLS_DB_VERSION exist && match values stored in YOURLS_DB_TABLE_OPTIONS
947 list( $currentver, $currentsql ) = yourls_get_current_version_from_sql();
948 if( $currentsql < YOURLS_DB_VERSION )
955 * Get current version & db version as stored in the options DB. Prior to 1.4 there's no option table.
958 function yourls_get_current_version_from_sql() {
959 $currentver = yourls_get_option( 'version' );
960 $currentsql = yourls_get_option( 'db_version' );
962 // Values if version is 1.3
968 return array( $currentver, $currentsql);
972 * Read an option from DB (or from cache if available). Return value or $default if not found
974 * Pretty much stolen from WordPress
977 * @param string $option Option name. Expected to not be SQL-escaped.
978 * @param mixed $default Optional value to return if option doesn't exist. Default false.
979 * @return mixed Value set for the option.
981 function yourls_get_option( $option_name, $default = false ) {
984 // Allow plugins to short-circuit options
985 $pre = yourls_apply_filter( 'shunt_option_'.$option_name, false );
986 if ( false !== $pre )
989 // If option not cached already, get its value from the DB
990 if ( !isset( $ydb->option[$option_name] ) ) {
991 $table = YOURLS_DB_TABLE_OPTIONS;
992 $option_name = yourls_escape( $option_name );
993 $row = $ydb->get_row( "SELECT `option_value` FROM `$table` WHERE `option_name` = '$option_name' LIMIT 1" );
994 if ( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values
995 $value = $row->option_value;
996 } else { // option does not exist, so we must cache its non-existence
999 $ydb->option[ $option_name ] = yourls_maybe_unserialize( $value );
1002 return yourls_apply_filter( 'get_option_'.$option_name, $ydb->option[$option_name] );
1006 * Read all options from DB at once
1008 * The goal is to read all option at once and then populate array $ydb->option, to prevent further
1009 * SQL queries if we need to read an option value later.
1010 * It's also a simple check whether YOURLS is installed or not (no option = assuming not installed)
1014 function yourls_get_all_options() {
1017 // Allow plugins to short-circuit all options. (Note: regular plugins are loaded after all options)
1018 $pre = yourls_apply_filter( 'shunt_all_options', false );
1019 if ( false !== $pre )
1022 $table = YOURLS_DB_TABLE_OPTIONS;
1024 $allopt = $ydb->get_results( "SELECT `option_name`, `option_value` FROM `$table` WHERE 1=1" );
1026 foreach( (array)$allopt as $option ) {
1027 $ydb->option[ $option->option_name ] = yourls_maybe_unserialize( $option->option_value );
1030 if( property_exists( $ydb, 'option' ) ) {
1031 $ydb->option = yourls_apply_filter( 'get_all_options', $ydb->option );
1032 $ydb->installed = true;
1034 // Zero option found: assume YOURLS is not installed
1035 $ydb->installed = false;
1040 * Update (add if doesn't exist) an option to DB
1042 * Pretty much stolen from WordPress
1045 * @param string $option Option name. Expected to not be SQL-escaped.
1046 * @param mixed $newvalue Option value. Must be serializable if non-scalar. Expected to not be SQL-escaped.
1047 * @return bool False if value was not updated, true otherwise.
1049 function yourls_update_option( $option_name, $newvalue ) {
1051 $table = YOURLS_DB_TABLE_OPTIONS;
1053 $option_name = trim( $option_name );
1054 if ( empty( $option_name ) )
1057 if ( is_object( $newvalue ) )
1058 $newvalue = clone $newvalue;
1060 $safe_option_name = yourls_escape( $option_name );
1062 $oldvalue = yourls_get_option( $safe_option_name );
1064 // If the new and old values are the same, no need to update.
1065 if ( $newvalue === $oldvalue )
1068 if ( false === $oldvalue ) {
1069 yourls_add_option( $option_name, $newvalue );
1073 $_newvalue = yourls_escape( yourls_maybe_serialize( $newvalue ) );
1075 yourls_do_action( 'update_option', $option_name, $oldvalue, $newvalue );
1077 $ydb->query( "UPDATE `$table` SET `option_value` = '$_newvalue' WHERE `option_name` = '$option_name'" );
1079 if ( $ydb->rows_affected == 1 ) {
1080 $ydb->option[ $option_name ] = $newvalue;
1087 * Add an option to the DB
1089 * Pretty much stolen from WordPress
1092 * @param string $option Name of option to add. Expected to not be SQL-escaped.
1093 * @param mixed $value Optional option value. Must be serializable if non-scalar. Expected to not be SQL-escaped.
1094 * @return bool False if option was not added and true otherwise.
1096 function yourls_add_option( $name, $value = '' ) {
1098 $table = YOURLS_DB_TABLE_OPTIONS;
1100 $name = trim( $name );
1101 if ( empty( $name ) )
1104 if ( is_object( $value ) )
1105 $value = clone $value;
1107 $safe_name = yourls_escape( $name );
1109 // Make sure the option doesn't already exist
1110 if ( false !== yourls_get_option( $safe_name ) )
1113 $_value = yourls_escape( yourls_maybe_serialize( $value ) );
1115 yourls_do_action( 'add_option', $safe_name, $_value );
1117 $ydb->query( "INSERT INTO `$table` (`option_name`, `option_value`) VALUES ('$name', '$_value')" );
1118 $ydb->option[ $name ] = $value;
1124 * Delete an option from the DB
1126 * Pretty much stolen from WordPress
1129 * @param string $option Option name to delete. Expected to not be SQL-escaped.
1130 * @return bool True, if option is successfully deleted. False on failure.
1132 function yourls_delete_option( $name ) {
1134 $table = YOURLS_DB_TABLE_OPTIONS;
1135 $name = yourls_escape( $name );
1137 // Get the ID, if no ID then return
1138 $option = $ydb->get_row( "SELECT option_id FROM `$table` WHERE `option_name` = '$name'" );
1139 if ( is_null( $option ) || !$option->option_id )
1142 yourls_do_action( 'delete_option', $name );
1144 $ydb->query( "DELETE FROM `$table` WHERE `option_name` = '$name'" );
1145 unset( $ydb->option[ $name ] );
1151 * Serialize data if needed. Stolen from WordPress
1154 * @param mixed $data Data that might be serialized.
1155 * @return mixed A scalar data
1157 function yourls_maybe_serialize( $data ) {
1158 if ( is_array( $data ) || is_object( $data ) )
1159 return serialize( $data );
1161 if ( yourls_is_serialized( $data, false ) )
1162 return serialize( $data );
1168 * Check value to find if it was serialized. Stolen from WordPress
1171 * @param mixed $data Value to check to see if was serialized.
1172 * @param bool $strict Optional. Whether to be strict about the end of the string. Defaults true.
1173 * @return bool False if not serialized and true if it was.
1175 function yourls_is_serialized( $data, $strict = true ) {
1176 // if it isn't a string, it isn't serialized
1177 if ( ! is_string( $data ) )
1179 $data = trim( $data );
1180 if ( 'N;' == $data )
1182 $length = strlen( $data );
1185 if ( ':' !== $data[1] )
1188 $lastc = $data[ $length - 1 ];
1189 if ( ';' !== $lastc && '}' !== $lastc )
1192 $semicolon = strpos( $data, ';' );
1193 $brace = strpos( $data, '}' );
1194 // Either ; or } must exist.
1195 if ( false === $semicolon && false === $brace )
1197 // But neither must be in the first X characters.
1198 if ( false !== $semicolon && $semicolon < 3 )
1200 if ( false !== $brace && $brace < 4 )
1207 if ( '"' !== $data[ $length - 2 ] )
1209 } elseif ( false === strpos( $data, '"' ) ) {
1212 // or else fall through
1215 return (bool) preg_match( "/^{$token}:[0-9]+:/s", $data );
1219 $end = $strict ? '$' : '';
1220 return (bool) preg_match( "/^{$token}:[0-9.E-]+;$end/", $data );
1226 * Unserialize value only if it was serialized. Stolen from WP
1229 * @param string $original Maybe unserialized original, if is needed.
1230 * @return mixed Unserialized data can be any type.
1232 function yourls_maybe_unserialize( $original ) {
1233 if ( yourls_is_serialized( $original ) ) // don't attempt to unserialize data that wasn't serialized going in
1234 return @unserialize( $original );
1239 * Determine if the current page is private
1242 function yourls_is_private() {
1245 if ( defined('YOURLS_PRIVATE') && YOURLS_PRIVATE == true ) {
1247 // Allow overruling for particular pages:
1250 if( yourls_is_API() ) {
1251 if( !defined('YOURLS_PRIVATE_API') || YOURLS_PRIVATE_API != false )
1255 } elseif( yourls_is_infos() ) {
1256 if( !defined('YOURLS_PRIVATE_INFOS') || YOURLS_PRIVATE_INFOS !== false )
1266 return yourls_apply_filter( 'is_private', $private );
1270 * Show login form if required
1273 function yourls_maybe_require_auth() {
1274 if( yourls_is_private() ) {
1275 yourls_do_action( 'require_auth' );
1276 require_once( YOURLS_INC.'/auth.php' );
1278 yourls_do_action( 'require_no_auth' );
1283 * Allow several short URLs for the same long URL ?
1286 function yourls_allow_duplicate_longurls() {
1287 // special treatment if API to check for WordPress plugin requests
1288 if( yourls_is_API() ) {
1289 if ( isset($_REQUEST['source']) && $_REQUEST['source'] == 'plugin' )
1292 return ( defined( 'YOURLS_UNIQUE_URLS' ) && YOURLS_UNIQUE_URLS == false );
1296 * @deprecated Return list of all shorturls associated to the same long URL. Returns NULL or array of keywords.
1299 function yourls_get_duplicate_keywords( $longurl ) {
1300 yourls_deprecated_function( __FUNCTION__, 1.7, 'yourls_get_longurl_keywords' );
1301 if( !yourls_allow_duplicate_longurls() )
1303 return yourls_apply_filter( 'get_duplicate_keywords', yourls_get_longurl_keywords ( $longurl ), $longurl );
1307 * Return array of keywords that redirect to the submitted long URL
1310 * @param string $longurl long url
1311 * @param string $sort Optional ORDER BY order (can be 'keyword', 'title', 'timestamp' or'clicks')
1312 * @param string $order Optional SORT order (can be 'ASC' or 'DESC')
1313 * @return array array of keywords
1315 function yourls_get_longurl_keywords( $longurl, $sort = 'none', $order = 'ASC' ) {
1317 $longurl = yourls_escape( yourls_sanitize_url( $longurl ) );
1318 $table = YOURLS_DB_TABLE_URL;
1319 $query = "SELECT `keyword` FROM `$table` WHERE `url` = '$longurl'";
1321 // Ensure sort is a column in database (@TODO: update verification array if database changes)
1322 if ( in_array( $sort, array('keyword','title','timestamp','clicks') ) ) {
1323 $query .= " ORDER BY '".$sort."'";
1324 if ( in_array( $order, array( 'ASC','DESC' ) ) ) {
1325 $query .= " ".$order;
1328 return yourls_apply_filter( 'get_longurl_keywords', $ydb->get_col( $query ), $longurl );
1332 * Check if an IP shortens URL too fast to prevent DB flood. Return true, or die.
1335 function yourls_check_IP_flood( $ip = '' ) {
1337 // Allow plugins to short-circuit the whole function
1338 $pre = yourls_apply_filter( 'shunt_check_IP_flood', false, $ip );
1339 if ( false !== $pre )
1342 yourls_do_action( 'pre_check_ip_flood', $ip ); // at this point $ip can be '', check it if your plugin hooks in here
1344 // Raise white flag if installing or if no flood delay defined
1346 ( defined('YOURLS_FLOOD_DELAY_SECONDS') && YOURLS_FLOOD_DELAY_SECONDS === 0 ) ||
1347 !defined('YOURLS_FLOOD_DELAY_SECONDS') ||
1348 yourls_is_installing()
1352 // Don't throttle logged in users
1353 if( yourls_is_private() ) {
1354 if( yourls_is_valid_user() === true )
1358 // Don't throttle whitelist IPs
1359 if( defined( 'YOURLS_FLOOD_IP_WHITELIST' ) && YOURLS_FLOOD_IP_WHITELIST ) {
1360 $whitelist_ips = explode( ',', YOURLS_FLOOD_IP_WHITELIST );
1361 foreach( (array)$whitelist_ips as $whitelist_ip ) {
1362 $whitelist_ip = trim( $whitelist_ip );
1363 if ( $whitelist_ip == $ip )
1368 $ip = ( $ip ? yourls_sanitize_ip( $ip ) : yourls_get_IP() );
1370 yourls_do_action( 'check_ip_flood', $ip );
1373 $table = YOURLS_DB_TABLE_URL;
1375 $lasttime = $ydb->get_var( "SELECT `timestamp` FROM $table WHERE `ip` = '$ip' ORDER BY `timestamp` DESC LIMIT 1" );
1378 $then = date( 'U', strtotime( $lasttime ) );
1379 if( ( $now - $then ) <= YOURLS_FLOOD_DELAY_SECONDS ) {
1381 yourls_do_action( 'ip_flood', $ip, $now - $then );
1382 yourls_die( yourls__( 'Too many URLs added too fast. Slow down please.' ), yourls__( 'Forbidden' ), 403 );
1390 * Check if YOURLS is installing
1395 function yourls_is_installing() {
1396 $installing = defined( 'YOURLS_INSTALLING' ) && YOURLS_INSTALLING == true;
1397 return yourls_apply_filter( 'is_installing', $installing );
1401 * Check if YOURLS is upgrading
1406 function yourls_is_upgrading() {
1407 $upgrading = defined( 'YOURLS_UPGRADING' ) && YOURLS_UPGRADING == true;
1408 return yourls_apply_filter( 'is_upgrading', $upgrading );
1413 * Check if YOURLS is installed
1415 * Checks property $ydb->installed that is created by yourls_get_all_options()
1417 * See inline comment for updating from 1.3 or prior.
1420 function yourls_is_installed() {
1422 $is_installed = ( property_exists( $ydb, 'installed' ) && $ydb->installed == true );
1423 return yourls_apply_filter( 'is_installed', $is_installed );
1425 /* Note: this test won't work on YOURLS 1.3 or older (Aug 2009...)
1426 Should someone complain that they cannot upgrade directly from
1427 1.3 to 1.7: first, laugh at them, then ask them to install 1.6 first.
1432 * Generate random string of (int)$length length and type $type (see function for details)
1435 function yourls_rnd_string ( $length = 5, $type = 0, $charlist = '' ) {
1437 $length = intval( $length );
1439 // define possible characters
1442 // custom char list, or comply to charset as defined in config
1444 $possible = $charlist ? $charlist : yourls_get_shorturl_charset() ;
1447 // no vowels to make no offending word, no 0/1/o/l to avoid confusion between letters & digits. Perfect for passwords.
1449 $possible = "23456789bcdfghjkmnpqrstvwxyz";
1452 // Same, with lower + upper
1454 $possible = "23456789bcdfghjkmnpqrstvwxyzBCDFGHJKMNPQRSTVWXYZ";
1457 // all letters, lowercase
1459 $possible = "abcdefghijklmnopqrstuvwxyz";
1462 // all letters, lowercase + uppercase
1464 $possible = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
1467 // all digits & letters lowercase
1469 $possible = "0123456789abcdefghijklmnopqrstuvwxyz";
1472 // all digits & letters lowercase + uppercase
1474 $possible = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
1480 while ($i < $length) {
1481 $str .= substr( $possible, mt_rand( 0, strlen( $possible )-1 ), 1 );
1485 return yourls_apply_filter( 'rnd_string', $str, $length, $type, $charlist );
1489 * Return salted string
1492 function yourls_salt( $string ) {
1493 $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ;
1494 return yourls_apply_filter( 'yourls_salt', md5 ($string . $salt), $string );
1498 * Add a query var to a URL and return URL. Completely stolen from WP.
1500 * Works with one of these parameter patterns:
1501 * array( 'var' => 'value' )
1502 * array( 'var' => 'value' ), $url
1504 * 'var', 'value', $url
1505 * If $url omitted, uses $_SERVER['REQUEST_URI']
1508 function yourls_add_query_arg() {
1510 if ( is_array( func_get_arg(0) ) ) {
1511 if ( @func_num_args() < 2 || false === @func_get_arg( 1 ) )
1512 $uri = $_SERVER['REQUEST_URI'];
1514 $uri = @func_get_arg( 1 );
1516 if ( @func_num_args() < 3 || false === @func_get_arg( 2 ) )
1517 $uri = $_SERVER['REQUEST_URI'];
1519 $uri = @func_get_arg( 2 );
1522 $uri = str_replace( '&', '&', $uri );
1525 if ( $frag = strstr( $uri, '#' ) )
1526 $uri = substr( $uri, 0, -strlen( $frag ) );
1530 if ( preg_match( '|^https?://|i', $uri, $matches ) ) {
1531 $protocol = $matches[0];
1532 $uri = substr( $uri, strlen( $protocol ) );
1537 if ( strpos( $uri, '?' ) !== false ) {
1538 $parts = explode( '?', $uri, 2 );
1539 if ( 1 == count( $parts ) ) {
1543 $base = $parts[0] . '?';
1546 } elseif ( !empty( $protocol ) || strpos( $uri, '=' ) === false ) {
1554 parse_str( $query, $qs );
1555 $qs = yourls_urlencode_deep( $qs ); // this re-URL-encodes things that were already in the query string
1556 if ( is_array( func_get_arg( 0 ) ) ) {
1557 $kayvees = func_get_arg( 0 );
1558 $qs = array_merge( $qs, $kayvees );
1560 $qs[func_get_arg( 0 )] = func_get_arg( 1 );
1563 foreach ( (array) $qs as $k => $v ) {
1568 $ret = http_build_query( $qs );
1569 $ret = trim( $ret, '?' );
1570 $ret = preg_replace( '#=(&|$)#', '$1', $ret );
1571 $ret = $protocol . $base . $ret . $frag;
1572 $ret = rtrim( $ret, '?' );
1577 * Navigates through an array and encodes the values to be used in a URL. Stolen from WP, used in yourls_add_query_arg()
1580 function yourls_urlencode_deep( $value ) {
1581 $value = is_array( $value ) ? array_map( 'yourls_urlencode_deep', $value ) : urlencode( $value );
1586 * Remove arg from query. Opposite of yourls_add_query_arg. Stolen from WP.
1589 function yourls_remove_query_arg( $key, $query = false ) {
1590 if ( is_array( $key ) ) { // removing multiple keys
1591 foreach ( $key as $k )
1592 $query = yourls_add_query_arg( $k, false, $query );
1595 return yourls_add_query_arg( $key, false, $query );
1599 * Return a time-dependent string for nonce creation
1602 function yourls_tick() {
1603 return ceil( time() / YOURLS_NONCE_LIFE );
1607 * Create a time limited, action limited and user limited token
1610 function yourls_create_nonce( $action, $user = false ) {
1611 if( false == $user )
1612 $user = defined( 'YOURLS_USER' ) ? YOURLS_USER : '-1';
1613 $tick = yourls_tick();
1614 return substr( yourls_salt($tick . $action . $user), 0, 10 );
1618 * Create a nonce field for inclusion into a form
1621 function yourls_nonce_field( $action, $name = 'nonce', $user = false, $echo = true ) {
1622 $field = '<input type="hidden" id="'.$name.'" name="'.$name.'" value="'.yourls_create_nonce( $action, $user ).'" />';
1629 * Add a nonce to a URL. If URL omitted, adds nonce to current URL
1632 function yourls_nonce_url( $action, $url = false, $name = 'nonce', $user = false ) {
1633 $nonce = yourls_create_nonce( $action, $user );
1634 return yourls_add_query_arg( $name, $nonce, $url );
1638 * Check validity of a nonce (ie time span, user and action match).
1640 * Returns true if valid, dies otherwise (yourls_die() or die($return) if defined)
1641 * if $nonce is false or unspecified, it will use $_REQUEST['nonce']
1644 function yourls_verify_nonce( $action, $nonce = false, $user = false, $return = '' ) {
1646 if( false == $user )
1647 $user = defined( 'YOURLS_USER' ) ? YOURLS_USER : '-1';
1649 // get current nonce value
1650 if( false == $nonce && isset( $_REQUEST['nonce'] ) )
1651 $nonce = $_REQUEST['nonce'];
1653 // what nonce should be
1654 $valid = yourls_create_nonce( $action, $user );
1656 if( $nonce == $valid ) {
1661 yourls_die( yourls__( 'Unauthorized action or expired link' ), yourls__( 'Error' ), 403 );
1666 * Converts keyword into short link (prepend with YOURLS base URL)
1669 function yourls_link( $keyword = '' ) {
1670 $link = YOURLS_SITE . '/' . yourls_sanitize_keyword( $keyword );
1671 return yourls_apply_filter( 'yourls_link', $link, $keyword );
1675 * Converts keyword into stat link (prepend with YOURLS base URL, append +)
1678 function yourls_statlink( $keyword = '' ) {
1679 $link = YOURLS_SITE . '/' . yourls_sanitize_keyword( $keyword ) . '+';
1680 if( yourls_is_ssl() )
1681 $link = str_replace( 'http://', 'https://', $link );
1682 return yourls_apply_filter( 'yourls_statlink', $link, $keyword );
1686 * Check if we're in API mode. Returns bool
1689 function yourls_is_API() {
1690 if ( defined( 'YOURLS_API' ) && YOURLS_API == true )
1696 * Check if we're in Ajax mode. Returns bool
1699 function yourls_is_Ajax() {
1700 if ( defined( 'YOURLS_AJAX' ) && YOURLS_AJAX == true )
1706 * Check if we're in GO mode (yourls-go.php). Returns bool
1709 function yourls_is_GO() {
1710 if ( defined( 'YOURLS_GO' ) && YOURLS_GO == true )
1716 * Check if we're displaying stats infos (yourls-infos.php). Returns bool
1719 function yourls_is_infos() {
1720 if ( defined( 'YOURLS_INFOS' ) && YOURLS_INFOS == true )
1726 * Check if we'll need interface display function (ie not API or redirection)
1729 function yourls_has_interface() {
1730 if( yourls_is_API() or yourls_is_GO() )
1736 * Check if we're in the admin area. Returns bool
1739 function yourls_is_admin() {
1740 if ( defined( 'YOURLS_ADMIN' ) && YOURLS_ADMIN == true )
1746 * Check if the server seems to be running on Windows. Not exactly sure how reliable this is.
1749 function yourls_is_windows() {
1750 return defined( 'DIRECTORY_SEPARATOR' ) && DIRECTORY_SEPARATOR == '\\';
1754 * Check if SSL is required. Returns bool.
1757 function yourls_needs_ssl() {
1758 if ( defined('YOURLS_ADMIN_SSL') && YOURLS_ADMIN_SSL == true )
1764 * Return admin link, with SSL preference if applicable.
1767 function yourls_admin_url( $page = '' ) {
1768 $admin = YOURLS_SITE . '/admin/' . $page;
1769 if( yourls_is_ssl() or yourls_needs_ssl() )
1770 $admin = str_replace('http://', 'https://', $admin);
1771 return yourls_apply_filter( 'admin_url', $admin, $page );
1775 * Return YOURLS_SITE or URL under YOURLS setup, with SSL preference
1778 function yourls_site_url( $echo = true, $url = '' ) {
1779 $url = yourls_get_relative_url( $url );
1780 $url = trim( YOURLS_SITE . '/' . $url, '/' );
1782 // Do not enforce (checking yourls_need_ssl() ) but check current usage so it won't force SSL on non-admin pages
1783 if( yourls_is_ssl() )
1784 $url = str_replace( 'http://', 'https://', $url );
1785 $url = yourls_apply_filter( 'site_url', $url );
1792 * Check if SSL is used, returns bool. Stolen from WP.
1795 function yourls_is_ssl() {
1797 if ( isset( $_SERVER['HTTPS'] ) ) {
1798 if ( 'on' == strtolower( $_SERVER['HTTPS'] ) )
1800 if ( '1' == $_SERVER['HTTPS'] )
1802 } elseif ( isset( $_SERVER['SERVER_PORT'] ) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
1805 return yourls_apply_filter( 'is_ssl', $is_ssl );
1809 * Get a remote page title
1811 * This function returns a string: either the page title as defined in HTML, or the URL if not found
1812 * The function tries to convert funky characters found in titles to UTF8, from the detected charset.
1813 * Charset in use is guessed from HTML meta tag, or if not found, from server's 'content-type' response.
1815 * @param string $url URL
1816 * @return string Title (sanitized) or the URL if no title found
1818 function yourls_get_remote_title( $url ) {
1819 // Allow plugins to short-circuit the whole function
1820 $pre = yourls_apply_filter( 'shunt_get_remote_title', false, $url );
1821 if ( false !== $pre )
1824 $url = yourls_sanitize_url( $url );
1826 // Only deal with http(s)://
1827 if( !in_array( yourls_get_protocol( $url ), array( 'http://', 'https://' ) ) )
1830 $title = $charset = false;
1832 $response = yourls_http_get( $url ); // can be a Request object or an error string
1833 if( is_string( $response ) ) {
1837 // Page content. No content? Return the URL
1838 $content = $response->body;
1842 // look for <title>. No title found? Return the URL
1843 if ( preg_match('/<title>(.*?)<\/title>/is', $content, $found ) ) {
1850 // Now we have a title. We'll try to get proper utf8 from it.
1852 // Get charset as (and if) defined by the HTML meta tag. We should match
1853 // <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1854 // or <meta charset='utf-8'> and all possible variations: see https://gist.github.com/ozh/7951236
1855 if ( preg_match( '/<meta[^>]*charset\s*=["\' ]*([a-zA-Z0-9\-_]+)/is', $content, $found ) ) {
1856 $charset = $found[1];
1859 // No charset found in HTML. Get charset as (and if) defined by the server response
1860 $_charset = current( $response->headers->getValues( 'content-type' ) );
1861 if( preg_match( '/charset=(\S+)/', $_charset, $found ) ) {
1862 $charset = trim( $found[1], ';' );
1867 // Conversion to utf-8 if what we have is not utf8 already
1868 if( strtolower( $charset ) != 'utf-8' && function_exists( 'mb_convert_encoding' ) ) {
1869 // We use @ to remove warnings because mb_ functions are easily bitching about illegal chars
1871 $title = @mb_convert_encoding( $title, 'UTF-8', $charset );
1873 $title = @mb_convert_encoding( $title, 'UTF-8' );
1877 // Remove HTML entities
1878 $title = html_entity_decode( $title, ENT_QUOTES, 'UTF-8' );
1880 // Strip out evil things
1881 $title = yourls_sanitize_title( $title );
1883 return yourls_apply_filter( 'get_remote_title', $title, $url );
1887 * Quick UA check for mobile devices. Return boolean.
1890 function yourls_is_mobile_device() {
1893 'android', 'blackberry', 'blazer',
1894 'compal', 'elaine', 'fennec', 'hiptop',
1895 'iemobile', 'iphone', 'ipod', 'ipad',
1896 'iris', 'kindle', 'opera mobi', 'opera mini',
1897 'palm', 'phone', 'pocket', 'psp', 'symbian',
1898 'treo', 'wap', 'windows ce', 'windows phone'
1901 // Current user-agent
1902 $current = strtolower( $_SERVER['HTTP_USER_AGENT'] );
1905 $is_mobile = ( str_replace( $mobiles, '', $current ) != $current );
1906 return yourls_apply_filter( 'is_mobile_device', $is_mobile );
1910 * Get request in YOURLS base (eg in 'http://site.com/yourls/abcd' get 'abdc')
1913 function yourls_get_request() {
1914 // Allow plugins to short-circuit the whole function
1915 $pre = yourls_apply_filter( 'shunt_get_request', false );
1916 if ( false !== $pre )
1919 static $request = null;
1921 yourls_do_action( 'pre_get_request', $request );
1923 if( $request !== null )
1926 // Ignore protocol & www. prefix
1927 $root = str_replace( array( 'https://', 'http://', 'https://www.', 'http://www.' ), '', YOURLS_SITE );
1928 // Case insensitive comparison of the YOURLS root to match both http://Sho.rt/blah and http://sho.rt/blah
1929 $request = preg_replace( "!$root/!i", '', $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 1 );
1931 // Unless request looks like a full URL (ie request is a simple keyword) strip query string
1932 if( !preg_match( "@^[a-zA-Z]+://.+@", $request ) ) {
1933 $request = current( explode( '?', $request ) );
1936 return yourls_apply_filter( 'get_request', $request );
1940 * Change protocol to match current scheme used (http or https)
1943 function yourls_match_current_protocol( $url, $normal = 'http://', $ssl = 'https://' ) {
1944 if( yourls_is_ssl() )
1945 $url = str_replace( $normal, $ssl, $url );
1946 return yourls_apply_filter( 'match_current_protocol', $url );
1950 * Fix $_SERVER['REQUEST_URI'] variable for various setups. Stolen from WP.
1953 function yourls_fix_request_uri() {
1955 $default_server_values = array(
1956 'SERVER_SOFTWARE' => '',
1957 'REQUEST_URI' => '',
1959 $_SERVER = array_merge( $default_server_values, $_SERVER );
1961 // Fix for IIS when running with PHP ISAPI
1962 if ( empty( $_SERVER['REQUEST_URI'] ) || ( php_sapi_name() != 'cgi-fcgi' && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) ) ) {
1965 if ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) {
1966 $_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];
1968 // IIS Isapi_Rewrite
1969 else if ( isset( $_SERVER['HTTP_X_REWRITE_URL'] ) ) {
1970 $_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_REWRITE_URL'];
1972 // Use ORIG_PATH_INFO if there is no PATH_INFO
1973 if ( !isset( $_SERVER['PATH_INFO'] ) && isset( $_SERVER['ORIG_PATH_INFO'] ) )
1974 $_SERVER['PATH_INFO'] = $_SERVER['ORIG_PATH_INFO'];
1976 // Some IIS + PHP configurations puts the script-name in the path-info (No need to append it twice)
1977 if ( isset( $_SERVER['PATH_INFO'] ) ) {
1978 if ( $_SERVER['PATH_INFO'] == $_SERVER['SCRIPT_NAME'] )
1979 $_SERVER['REQUEST_URI'] = $_SERVER['PATH_INFO'];
1981 $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
1984 // Append the query string if it exists and isn't null
1985 if ( ! empty( $_SERVER['QUERY_STRING'] ) ) {
1986 $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
1993 * Shutdown function, runs just before PHP shuts down execution. Stolen from WP
1996 function yourls_shutdown() {
1997 yourls_do_action( 'shutdown' );
2001 * Auto detect custom favicon in /user directory, fallback to YOURLS favicon, and echo/return its URL
2004 function yourls_favicon( $echo = true ) {
2005 static $favicon = null;
2006 if( $favicon !== null )
2010 // search for favicon.(gif|ico|png|jpg|svg)
2011 foreach( array( 'gif', 'ico', 'png', 'jpg', 'svg' ) as $ext ) {
2012 if( file_exists( YOURLS_USERDIR. '/favicon.' . $ext ) ) {
2013 $custom = 'favicon.' . $ext;
2019 $favicon = yourls_site_url( false, YOURLS_USERURL . '/' . $custom );
2021 $favicon = yourls_site_url( false ) . '/images/favicon.gif';
2029 * Check for maintenance mode. If yes, die. See yourls_maintenance_mode(). Stolen from WP.
2032 function yourls_check_maintenance_mode() {
2034 $file = YOURLS_ABSPATH . '/.maintenance' ;
2035 if ( !file_exists( $file ) || yourls_is_upgrading() || yourls_is_installing() )
2038 global $maintenance_start;
2040 include_once( $file );
2041 // If the $maintenance_start timestamp is older than 10 minutes, don't die.
2042 if ( ( time() - $maintenance_start ) >= 600 )
2045 // Use any /user/maintenance.php file
2046 if( file_exists( YOURLS_USERDIR.'/maintenance.php' ) ) {
2047 include_once( YOURLS_USERDIR.'/maintenance.php' );
2051 // https://www.youtube.com/watch?v=Xw-m4jEY-Ns
2052 $title = yourls__( 'Service temporarily unavailable' );
2053 $message = yourls__( 'Our service is currently undergoing scheduled maintenance.' ) . "</p>\n<p>" .
2054 yourls__( 'Things should not last very long, thank you for your patience and please excuse the inconvenience' );
2055 yourls_die( $message, $title , 503 );
2060 * Return current admin page, or null if not an admin page
2062 * @return mixed string if admin page, null if not an admin page
2065 function yourls_current_admin_page() {
2066 if( yourls_is_admin() ) {
2067 $current = substr( yourls_get_request(), 6 );
2068 if( $current === false )
2069 $current = 'index.php'; // if current page is http://sho.rt/admin/ instead of http://sho.rt/admin/index.php
2077 * Check if a URL protocol is allowed
2079 * Checks a URL against a list of whitelisted protocols. Protocols must be defined with
2080 * their complete scheme name, ie 'stuff:' or 'stuff://' (for instance, 'mailto:' is a valid
2081 * protocol, 'mailto://' isn't, and 'http:' with no double slashed isn't either
2085 * @param string $url URL to be check
2086 * @param array $protocols Optional. Array of protocols, defaults to global $yourls_allowedprotocols
2087 * @return boolean true if protocol allowed, false otherwise
2089 function yourls_is_allowed_protocol( $url, $protocols = array() ) {
2090 if( ! $protocols ) {
2091 global $yourls_allowedprotocols;
2092 $protocols = $yourls_allowedprotocols;
2095 $protocol = yourls_get_protocol( $url );
2096 return yourls_apply_filter( 'is_allowed_protocol', in_array( $protocol, $protocols ), $url, $protocols );
2100 * Get protocol from a URL (eg mailto:, http:// ...)
2104 * @param string $url URL to be check
2105 * @return string Protocol, with slash slash if applicable. Empty string if no protocol
2107 function yourls_get_protocol( $url ) {
2108 preg_match( '!^[a-zA-Z0-9\+\.-]+:(//)?!', $url, $matches );
2110 http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax
2111 The scheme name consists of a sequence of characters beginning with a letter and followed by any
2112 combination of letters, digits, plus ("+"), period ("."), or hyphen ("-"). Although schemes are
2113 case-insensitive, the canonical form is lowercase and documents that specify schemes must do so
2114 with lowercase letters. It is followed by a colon (":").
2116 $protocol = ( isset( $matches[0] ) ? $matches[0] : '' );
2117 return yourls_apply_filter( 'get_protocol', $protocol, $url );
2121 * Get relative URL (eg 'abc' from 'http://sho.rt/abc')
2123 * Treat indifferently http & https. If a URL isn't relative to the YOURLS install, return it as is
2124 * or return empty string if $strict is true
2127 * @param string $url URL to relativize
2128 * @param bool $strict if true and if URL isn't relative to YOURLS install, return empty string
2129 * @return string URL
2131 function yourls_get_relative_url( $url, $strict = true ) {
2132 $url = yourls_sanitize_url( $url );
2134 // Remove protocols to make it easier
2135 $noproto_url = str_replace( 'https:', 'http:', $url );
2136 $noproto_site = str_replace( 'https:', 'http:', YOURLS_SITE );
2138 // Trim URL from YOURLS root URL : if no modification made, URL wasn't relative
2139 $_url = str_replace( $noproto_site . '/', '', $noproto_url );
2140 if( $_url == $noproto_url )
2141 $_url = ( $strict ? '' : $url );
2143 return yourls_apply_filter( 'get_relative_url', $_url, $url );
2147 * Marks a function as deprecated and informs when it has been used. Stolen from WP.
2149 * There is a hook deprecated_function that will be called that can be used
2150 * to get the backtrace up to what file and function called the deprecated
2153 * The current behavior is to trigger a user error if YOURLS_DEBUG is true.
2155 * This function is to be used in every function that is deprecated.
2158 * @uses yourls_do_action() Calls 'deprecated_function' and passes the function name, what to use instead,
2159 * and the version the function was deprecated in.
2160 * @uses yourls_apply_filters() Calls 'deprecated_function_trigger_error' and expects boolean value of true to do
2161 * trigger or false to not trigger error.
2163 * @param string $function The function that was called
2164 * @param string $version The version of WordPress that deprecated the function
2165 * @param string $replacement Optional. The function that should have been called
2167 function yourls_deprecated_function( $function, $version, $replacement = null ) {
2169 yourls_do_action( 'deprecated_function', $function, $replacement, $version );
2171 // Allow plugin to filter the output error trigger
2172 if ( YOURLS_DEBUG && yourls_apply_filters( 'deprecated_function_trigger_error', true ) ) {
2173 if ( ! is_null( $replacement ) )
2174 trigger_error( sprintf( yourls__('%1$s is <strong>deprecated</strong> since version %2$s! Use %3$s instead.'), $function, $version, $replacement ) );
2176 trigger_error( sprintf( yourls__('%1$s is <strong>deprecated</strong> since version %2$s with no alternative available.'), $function, $version ) );
2181 * Return the value if not an empty string
2183 * Used with array_filter(), to remove empty keys but not keys with value 0 or false
2186 * @param mixed $val Value to test against ''
2187 * @return bool True if not an empty string
2189 function yourls_return_if_not_empty_string( $val ) {
2190 return( $val !== '' );