diff --git a/plugin.php b/plugin.php index a3209c4..a70130b 100644 --- a/plugin.php +++ b/plugin.php @@ -1,11 +1,11 @@ alertify.error(\"Incorrect Password, try again\")" : ""); - $matthew_ppu = yourls__( "Password Protected URL", "matthew_pwp" ); //Translate Password Title - $matthew_ph = yourls__( "Password" , "matthew_pwp" ); //Translate the word Password - $matthew_sm = yourls__( "Please enter the password below to continue.", "matthew_pwp" ); //Translate the main message - $matthew_submit = yourls__( "Send!" , "matthew_pwp" ); //Translate the Submit button - //Displays main "Insert Password" area + $matthew_ppu = yourls__( "Password Protected URL", "matthew_pwp" ); // Translate Password Title + $matthew_ph = yourls__( "Password" , "matthew_pwp" ); // Translate the word Password + $matthew_sm = yourls__( "Please enter the password below to continue.", "matthew_pwp" ); // Translate the main message + $matthew_submit = yourls__( "Send!" , "matthew_pwp" ); // Translate the Submit button + // Displays main "Insert Password" area echo << @@ -211,29 +215,39 @@ function matthew_pwprotection_display_page() { // Set/Delete password from DB function matthew_pwprotection_process_new() { - if( isset( $_POST[ 'checked' ] ) ){ - yourls_update_option( 'matthew_pwprotection', json_encode( $_POST[ 'password' ] ) ); - } - if( isset( $_POST[ 'unchecked' ] ) ){ - $matthew_pwprotection_array = json_decode(yourls_get_option('matthew_pwprotection'), true); //Get's array of currently active Password Protected URLs - foreach ( $_POST[ 'unchecked' ] as $matthew_pwprotection_unchecked ){ - unset($matthew_pwprotection_array[ $matthew_pwprotection_unchecked ]); + // Verify nonce token. + yourls_verify_nonce( "matthew_pwprotection_update" ); + + $matthew_pwprotection_array = json_decode(yourls_get_option('matthew_pwprotection'), true); + + foreach( $_POST[ 'password' ] as $url => $url_password) { + if($url_password != "DONOTCHANGE_8fggwrFrRXvqndzw") { + $_POST[ 'password' ][ $url ] = password_hash($url_password, PASSWORD_BCRYPT); + } else { + $_POST[ 'password' ][ $url ] = $matthew_pwprotection_array[ $url ]; } - yourls_update_option( 'matthew_pwprotection', json_encode( $_POST[ 'password' ] ) ); } + + // Update database + yourls_update_option( 'matthew_pwprotection', json_encode( $_POST[ 'password' ] ) ); + echo "

Success!

"; } -//Display Form +// Display Form function matthew_pwprotection_process_display() { - global $ydb; + $ydb = yourls_get_db(); $table = YOURLS_DB_TABLE_URL; - $query = $ydb->get_results( "SELECT * FROM `$table` WHERE 1=1" ); + $sql = "SELECT * FROM `$table` WHERE 1=1"; + $query = $ydb->fetchAll( $sql ); - $matthew_su = yourls__( "Short URL" , "matthew_pwp" ); //Translate "Short URL" - $matthew_ou = yourls__( "Original URL", "matthew_pwp" ); //Translate "Original URL" - $matthew_pw = yourls__( "Password" , "matthew_pwp" ); //Translate "Password" + $matthew_su = yourls__( "Short URL" , "matthew_pwp" ); // Translate "Short URL" + $matthew_ou = yourls__( "Original URL", "matthew_pwp" ); // Translate "Original URL" + $matthew_pw = yourls__( "Password" , "matthew_pwp" ); // Translate "Password" + + // Protect action with nonce + $matthew_pwprotection_noncefield = yourls_nonce_field( "matthew_pwprotection_update" ); echo << @@ -259,18 +273,19 @@ function matthew_pwprotection_process_display() { $matthew_pw TB; + foreach( $query as $link ) { // Displays all shorturls in the YOURLS DB - $short = $link->keyword; - $url = $link->url; - $matthew_pwprotection_array = json_decode(yourls_get_option('matthew_pwprotection'), true); //Get's array of currently active Password Protected URLs - if( strlen( $url ) > 51 ) { //If URL is too long it will shorten it + $short = $link["keyword"]; + $url = $link["url"]; + $matthew_pwprotection_array = json_decode(yourls_get_option('matthew_pwprotection'), true); // Get array of currently active Password Protected URLs + if( strlen( $url ) > 51 ) { // If URL is too long, shorten it with '...' $sURL = substr( $url, 0, 30 ). "..."; } else { $sURL = $url; } - if( array_key_exists( $short, (array)$matthew_pwprotection_array ) ){ //Check's if URL is currently password protected or not + if( array_key_exists( $short, (array)$matthew_pwprotection_array ) ){ // Check if URL is currently password protected or not $text = yourls__( "Enable?" ); - $password = $matthew_pwprotection_array[ $short ]; + $password = "DONOTCHANGE_8fggwrFrRXvqndzw"; $checked = " checked"; $unchecked = ''; $style = ''; @@ -298,6 +313,7 @@ function matthew_pwprotection_process_display() { } echo << + $matthew_pwprotection_noncefield