Initial commit

2024-10-02 05:31:13 -07:00
commit 33805bade5
3 changed files with 117 additions and 0 deletions
--- a/plugin.php
+++ b/plugin.php
@@ -0,0 +1,70 @@
+<?php
+/*
+Plugin Name: Change Shortlink User
+Plugin URI: https://git.oldgate.org/Sophia/yourls-change-shortlink-user
+Description: Allows admin to change the user of a shortlink, including setting it to nothing 😈
+Version: 1.0
+Author: Sophia Atkinson
+Author URI: https://sophia.wtf
+*/
+
+// Hook the plugin into the admin page
+yourls_add_action('plugins_loaded', 'register_change_username_page');
+
+// Register the plugin page in the admin menu
+function register_change_username_page() {
+    yourls_register_plugin_page('change_username', 'Change Shortlink User', 'change_username_display_page');
+}
+
+// Display the plugin page
+function change_username_display_page() {
+    // If form is submitted
+    if (isset($_POST['keyword']) && isset($_POST['new_username'])) {
+        $keyword = yourls_sanitize_keyword($_POST['keyword']);
+        $new_username = $_POST['new_username']; // No need to escape as we will use prepared statements
+
+        // Call the function to change the username
+        change_username($keyword, $new_username);
+    }
+    
+    // Display the form
+    ?>
+    <h2>Change Shortlink User</h2>
+    <form method="post">
+        <p>
+            <label for="keyword">Shortlink Keyword:</label>
+            <input type="text" id="keyword" name="keyword" required>
+        </p>
+        <p>
+            <label for="new_username">New User (leave blank to clear):</label>
+            <input type="text" id="new_username" name="new_username">
+        </p>
+        <p>
+            <input type="submit" value="Change User">
+        </p>
+    </form>
+    <?php
+}
+
+// Function to change the user field
+function change_username($keyword, $new_username) {
+    global $ydb;
+
+    // If the new username is blank, set it to NULL
+    if (empty($new_username)) {
+        $new_username = NULL;
+    }
+
+    // Update query using PDO prepared statements, which handle escaping
+    $update_query = 'UPDATE `yourls_url` SET `user` = :new_username WHERE `keyword` = :keyword';
+    
+    // Execute the query using prepared statements
+    $stmt = $ydb->prepare($update_query);
+    $stmt->execute(array(
+        ':new_username' => $new_username,
+        ':keyword'      => $keyword
+    ));
+
+    // Display result
+    echo "<p>Username updated for shortlink <strong>$keyword</strong>.</p>";
+}