Please login or register.

Login with username, password and session length
Advanced search  

News:

You need/want an older version of sNews ? Download an older/unsupported version here.

Author Topic: url/banner management  (Read 139 times)

sibas

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 451
    • www.simply4all.net
url/banner management
« on: January 27, 2013, 04:27:22 PM »

Hello all!
Before few days I start a simple URL redirects and count clicks mod, now I come with something bigger.

Is almost a complete url/banner management, but please stick with the "almost". ;D

Let's start, you know the drill.. backup first!!!

database
Code: [Select]
CREATE TABLE banners (
id INT(11) NOT NULL AUTO_INCREMENT,
url VARCHAR(150) NOT  NULL,
banner VARCHAR(100) NOT  NULL,
name VARCHAR(60) NOT  NULL,
clicks INT(11) NOT NULL DEFAULT '0',
expire INT(11) NOT NULL,
PRIMARY KEY (id),
KEY url (url),
UNIQUE (url)
);

CREATE TABLE link_tracker (
id INT(11) NOT NULL AUTO_INCREMENT,
url VARCHAR(150) NOT  NULL,
user_agent VARCHAR(100) NOT NULL,
referer VARCHAR(150) NOT NULL,
timestamp datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (id),
KEY url (url)
);

INSERT INTO banners (id, url, banner, name, clicks) VALUES
(1, 'http://snewscms.com/', 'http://imageshack.us/a/img39/2066/snews.gif', 'snews', 0),
(2, 'http://snewscms.com/forum/', 'http://imageshack.us/a/img534/9780/snewsf.gif', 'snews forum', 0),
(3, 'http://snewscms.com/forum/index.php/topic,10576.msg69842.html', 'http://imageshack.us/a/img580/6417/snewsft.gif', 'snews forum topic', 0);


Add in EN.php
Code: [Select]
$l['countlinks'] = 'Count links';
$l['managelinks'] = 'Manage links';
$l['add_banner'] = 'Add banner';
$l['banner'] = 'Banner';
$l['name'] = 'Name';
$l['error'] = 'Error';
$l['banner_added'] = 'Banner added';
$l['del_banner'] = 'Delete banner';
$l['banner_is_del'] = 'Banner deleted!';
$l['id'] = 'ID';
$l['load_banner'] = 'Load banners';
$l['size'] = 'Size';
$l['order'] = 'Order<br />default defined id you can add <b style="color:red">clicks</b>';
$l['banner_url'] = 'Load only 1 specific URL';
$l['re_url'] = 'URL to redirect';
$l['from_b'] = 'From';
$l['expire'] = 'Expire:<br />How many clicks to count before expire the banner';

In snews.php find
Quote
if (_ADMIN) {$l['cat_listSEF']

in the end of ,admin_groupings add
Code: [Select]
,countlinks,managelinks,addbanner,delbanner,loadbanner
In function center
find
Quote
case isset($_POST['comment']):

and above this, add
Code: [Select]
case isset($_POST['addbanner']): managelinks(); return; break;
case isset($_POST['delbanner']): managelinks(); return; break;
case isset($_POST['loadbanner']): managelinks(); return; break;

few lines bellow find
Quote
case 'process':

and above add
Code: [Select]
case 'managelinks':managelinks(); return; break;
case 'countlinks':countlinks(); return; break;

In function administration()
find this line
Quote
echo '<p><a href="snews_settings/">'.l('settings').'</a>&nbsp;|&nbsp;

and add
Code: [Select]
<a href="managelinks/">Manage links/banners</a>&nbsp;|&nbsp;<a href="countlinks/">Count banners</a>&nbsp;|&nbsp;
Add those new functions
Code: [Select]
<?php
//  function countlinks() is optional and is safe to delete this and all the lines that mar&#954; out with // countlinks()
function countlinks(){
echo 
'<div class="adminpanel"><p class="admintitle">'.l('countlinks').'</p>';
echo 
'<p><a onclick="toggle(\'sub1\')" style="cursor: pointer;" title="">See clicks by URL</a></p>';
echo 
'<div id="sub1" style="display:none;background:#fff;border:1px solid #999;padding:6px;margin:0 0 6px 0">';

  
$browser_sql 'SELECT COUNT(id) as clicks, url FROM link_tracker GROUP BY url';
  
$result mysql_query($browser_sql);
  while(
$r mysql_fetch_assoc($result)){
    echo 
$r['url'].' - <b>Clicks: ['.$r['clicks'].']</b><br />';

echo 
'</div>';

echo 
'<p><a onclick="toggle(\'sub2\')" style="cursor: pointer;" title="">See clicks by User-Agent</a></p>';
echo 
'<div id="sub2" style="display: none;">';
$agent_sql "SELECT COUNT(id) as clicks, user_agent from link_tracker GROUP BY user_agent";
$result mysql_query($agent_sql);
while($a mysql_fetch_assoc($result)){
echo $a['user_agent'].' - <b>Clicks: ['.$a['clicks'].']</b><br />';

echo 
'</div>';

echo 
'</div>';
}

function 
managelinks(){
echo 
'<div class="adminpanel"><p class="admintitle">'.l('managelinks').'</p>';
echo 
'<p><a onclick="toggle(\'sub1\')" style="cursor:pointer" title="">See banners</a> - <a onclick="toggle(\'sub2\')" style="cursor:pointer" title="">Add banners</a> - <a onclick="toggle(\'sub3\')" style="cursor:pointer" title="">Delete banners</a></p>';
echo 
'<div id="sub1" style="display: none;">';

if (!isset($_POST['loadbanner'])) {
echo html_input('fieldset''''''''''''''''''''''''''',l('load_banner'));
echo html_input('form''''post''''''''''''''''''''post''managelinks/''');
echo html_input('text''burl''burl'''''.l('banner_url'), 'text''''''''''''''''''');
echo html_input('text''bfrom''bfrom'''''.l('from_b'), 'text''''''''''''''''''');
echo html_input('text''bsize''bsize'''l('size'), 'text''''''''''''''''''');
echo html_input('text''border''border'''l('order'), 'text''''''''''''''''''');
echo '<p>By clicking only the "Load banners" display ALL banners.<br />';
echo html_input('submit''loadbanner''loadbanner'l('load_banner'), '''button''''''''''''''''''');
echo '</p></form></fieldset>';
} else {
$burl trim($_POST['burl']);
$bfrom trim($_POST['bfrom']);
$bsize trim($_POST['bsize']);
$border trim($_POST['border']);
if ((empty($bfrom)) && (empty($bsize))){
$allbaners '';
} else {
$allbaners "LIMIT ".$bfrom.", ".$bsize."";
}
if (empty($burl)) {
$burl '';
        } else {
$burl "WHERE url = '".$burl."'";
}
if (empty($border)) {
$border '';
}else{
$border ="ORDER BY ".$border." DESC"//ASC DESC ORDER BY clicks ASC
}
$sql mysql_query("SELECT id, url, banner, name, clicks, expire FROM "._PRE."banners ".$burl." ".$allbaners." ".$border."");
while(
$r mysql_fetch_assoc($sql)){
echo 
'<div style="background:#fff;border:1px solid #999;padding:6px;margin:0 0 6px 0">
<b>Clicks: '
.$r['clicks'].'</b>';
if ( 
$r['clicks'] <= $r['expire']){
echo 
' - Expire in '.$r['expire'].' clicks.<br />';
}else{
echo 
' - <b style="color:red">Clicks passed the limit of ['.$r['clicks'].']</b><br />';
// send email somewhere?
}
echo 
'URL: '.$r['url'].'<br />
ID: '
.$r['id'].'<br />
Name: '
.$r['name'].'<br />
Banner: <br /><img src="'
.$r['banner'].'" alt="'.$r['name'].'" style="border:1px solid #ccc;padding:4px" /><br /><br />
<b>Select link/banner:</b><br />
<textarea rows="3" cols="70" style="width:99%;height:50px;">
<a href="?go='
.$r['url'].'"><img src="'.$r['banner'].'" alt="'.$r['name'].'" /></a>
</textarea></div>'
;
}
}

echo 
'</div>';
echo 
'<div id="sub2" style="display:none">';
if (!isset($_POST['addbanner'])){
echo html_input('fieldset''''''''''''''''''''''''''',l('add_banner'));
echo html_input('form''''post''''''''''''''''''''post''managelinks/''');
echo html_input('text''url''url'''''.l('re_url'), 'text''''''''''''''''''');
echo html_input('text''banner''banner'''''.l('banner'), 'text''''''''''''''''''');
echo html_input('text''name''name'''l('name'), 'text''''''''''''''''''');
echo html_input('text''expire''expire'''l('expire'), 'text''''''''''''''''''');
echo '<p>';
echo html_input('submit''addbanner''addbanner'l('add_banner'), '''button''''''''''''''''''');
echo '</p></form></fieldset>';
echo 
'</div>';
} else {
$url trim($_POST['url']);
$banner trim($_POST['banner']);
$name trim($_POST['name']);
$expire trim($_POST['expire']);
$sql mysql_query("INSERT INTO "._PRE."banners (url, banner, name, expire) VALUES ('$url', '$banner', '$name', '$expire')");
if (!$sql) {
echo '</div><p>'.l('error').'</p>';
echo '<p><a href="'._SITE.'managelinks/" title="'.l('back').'">'.l('back').'</a></p>';
} else {
echo '</div><p>'.l('banner_added').'</p>';
echo '<p><a href="'._SITE.'managelinks/" title="'.l('back').'">'.l('back').'</a></p>';
}
}

echo 
'<div id="sub3" style="display:none">';
if (!isset($_POST['delbanner'])) {
echo html_input('fieldset''''''''''''''''''''''''''',l('del_banner'));
echo html_input('form''''post''''''''''''''''''''post''managelinks/''');
echo html_input('text''id''id''''* '.l('id'), 'text''''''''''''''''''');
echo '<p>';
echo html_input('submit''delbanner''delbanner'l('del_banner'), '''button''''''''''''''''''');
echo '</p></form></fieldset>';
echo 
'</div>';
} else {
$id trim($_POST['id']);
$sql mysql_query('SELECT url FROM '._PRE.'banners WHERE id = '.$id.' limit 1'); // countlinks()
    
$r mysql_fetch_assoc($sql); // countlinks()
$delurl $r['url']; // countlinks()
$sql mysql_query("DELETE FROM link_tracker WHERE url = '$delurl'")or die(mysql_error());  // countlinks()
if(!$sql){ // countlinks()
echo '</div><p>'.l('error').' in link tracker '.$delurl.'</p>'// countlinks()
echo '<p><a href="'._SITE.'managelinks/" title="'.l('back').'">'.l('back').'</a></p>'// countlinks()
    } else {  // countlinks()
$delsql =  mysql_query("DELETE FROM "._PRE.'banners'." WHERE id = $id limit 1");
if (!$delsql) {
echo '</div><p>'.l('error').'</p>';
echo '<p><a href="'._SITE.'managelinks/" title="'.l('back').'">'.l('back').'</a></p>';
} else {
echo '</div><p>'.l('banner_is_del').'</p>';
echo '<p><a href="'._SITE.'managelinks/" title="'.l('back').'">'.l('back').'</a></p>';
}
// countlinks()
}

echo 
'</div>';
}

?>


add also this function
Code: [Select]
<?php
function display_banner($start$size$limit){
if (empty($limit)){
$limit ='';
} else {
$limit "WHERE clicks  NOT IN ($limit)";
}
$sql mysql_query("SELECT url, banner, name FROM "._PRE."banners ".$limit." LIMIT $start$size");
while($r mysql_fetch_assoc($sql)){
echo '<li><a href="?go='.$r['url'].'"><img src="'.$r['banner'].'" alt="'.$r['name'].'" /></a></li>';
}
}
?>

In the beginning of snews find
Quote
$l['ignored_items']

and add bellow [updated]
Code: [Select]
<?php
if (isset($_GET['go'])){
if (empty($_GET['go'])) {
$id _SITE;
} else {
    $check_id clean(cleanXSS($_GET['go']));
$counter mysql_query("SELECT url, clicks FROM "._PRE.'banners'." WHERE url= '$check_id' limit 1");
$r mysql_fetch_array($counter);
if ($r 0) {
$id clean(cleanXSS($_GET['go']));
$user_agent $_SERVER['HTTP_USER_AGENT']; // countlinks()
        $referer $_SERVER['HTTP_REFERER']; // countlinks()
$countClicks $r['clicks'];
$countClicks++;
$counterUpdate "UPDATE "._PRE."banners SET clicks = $countClicks WHERE url = '$id' limit 1";
mysql_query($counterUpdate);
$tracker "INSERT into link_tracker (url, user_agent, referer, timestamp)"."VALUES ('$id', '$user_agent', '$referer', NOW())"// countlinks
mysql_query($tracker); // countlinks()
} else {
$id _SITE;
}
}
header("Location: $id"true301); 
exit;
}
?>

Here we finish with the mod so let's try it!!  ::)

in index.php add

Quote
<h3>A simple list banner 125 x 125</h3>
<ul style="list-style:none">
<?php display_banner(0, 10, 100);?>
</ul>

the function display_banner takes 3 values
(0) start from 0, (10) display 10 banners, (100) clicks to count, automatically stop display any banner that exist 100 clicks.

or simply add manual link to count, i.e
Code: [Select]
<p>Download <a href="?go=http://snewscms.com/">sNews cms</a></p>
or select code from "see banners" to add it standalone.

let's go to management
you have "Manage links/banners" and "Count banners"
In Manage links/banners you can see all the banners, you can add banner and you can delete banner.
How to add a banner:
First upload the banners, use files in admin.
Second do the following

How to see banners
Just click the button Load banners to see all the banners
or
*     add only this input.
**   from and size must add both values.
*** optional, you can use it with from-size or just alone.

How to delete banners
Just add the id to delete.

Count banners is optional and there you can see
clicks by URL, and clicks by User-Agent, also i try to add clicks by referer but i have some problems with this.

Hope to work for someone.

Hi and sorry for one type i make,
code updated and also I add one security layer to check if the redirect url exist in database.

« Last Edit: January 28, 2013, 09:02:48 AM by sibas »
Logged

mosh

  • Hero Member
  • *****
  • Karma: 77
  • Posts: 510
  • Awesome day :)
    • cms-zen
Re: url/banner management
« Reply #1 on: January 27, 2013, 08:47:35 PM »

Hi sibas,
I wanted to say, awesome work on this mod.
will try it when i have some time :)

thanks for sharing,
Karma++ 4 you.

sibas

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 451
    • www.simply4all.net
Re: url/banner management
« Reply #2 on: January 28, 2013, 09:05:09 AM »

Code updated after one typo I make.
Hey mosh, thanks for karma, karma 2u also. :)
Logged

sibas

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 451
    • www.simply4all.net
Re: url/banner management
« Reply #3 on: January 28, 2013, 10:35:51 AM »

Seems like working as expect,
but still have doubts about security when it comes in clean(cleanXSS i.e as I have many wanrings
Quote
$id = clean(cleanXSS($_GET['go']));

DON'T get it wrong is working, just I want to be sure before try it for real!!


I make some tests and seems like avoid xss like
Quote
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

warnigs to display is

Code: [Select]
<?php
Warning
in_array() expects parameter 2 to be array, null given in D:\xampp\htdocs\snews17\snews.php on line 4883
Call Stack
# Time Memory Function Location
1 0.0008 149888 {main}( ) ..\index.php:0
2
0.0141 1154072 include( 'D:\xampp\htdocs\snews17\snews.php' ) ..\index.php:30
3
1.0452 1240328 cleanXSS( ) ..\snews.php:224
4
1.0602 1241048 filterTags( ) ..\snews.php:4793
5
1.0605 1241792 in_array ( ) ..\snews.php:4883
Variables in local scope 
(#4)

$attr Undefined

$attrSet 
= array (size=0)
  empty
$closeQuotes Undefined
$currentSpace 
int 6
$currentTag 
string 'IFRAME SRC="javascript:alert('XSS');"' (length=37)
$fromSpace Undefined
$fromTagOpen 
string 'IFRAME SRC="javascript:alert('XSS');"></IFRAME>' (length=47)
$isCloseTag boolean false
$nextSpace 
Undefined
$openQuotes 
Undefined
$postTag 
string '<IFRAME SRC="javascript:alert('XSS');"></IFRAME>' (length=48)
$preTag string '' (length=0)
$source string '<IFRAME SRC="javascript:alert('XSS');"></IFRAME>' (length=48)
$tagBlacklist = &null
$tagLeft 
string 'IFRAME SRC="javascript:alert('XSS');"' (length=37)
$tagLength int 37
$tagName 
string 'IFRAME' (length=6)
$tagOpen_end int 37
$tagOpen_nested 
int 39
$tagOpen_start 
int 0
?>

line 4883 bellong to function filterTags($source) and is
Quote
if ((!preg_match('/^[a-z][a-z0-9]*$/i',$tagName)) || (!$tagName) || ((in_array(strtolower($tagName), $tagBlacklist)))) {


if someone test it please try this
Code: [Select]
<?php
if (isset($_GET['go'])){
if (empty($_GET['go'])) {
$id _SITE;
} else {
    $check_id clean(cleanXSS($_GET['go']));;
$counter mysql_query("SELECT url, clicks FROM "._PRE.'banners'." WHERE url= '$check_id' limit 1");
$r mysql_fetch_array($counter);
if ($r 0) {
$id clean(cleanXSS($_GET['go']));
$user_agent $_SERVER['HTTP_USER_AGENT']; // countlinks()
        $referer $_SERVER['HTTP_REFERER']; // countlinks()
$countClicks $r['clicks'];
$countClicks++;
$counterUpdate "UPDATE "._PRE."banners SET clicks = $countClicks WHERE url = '$id' limit 1";
mysql_query($counterUpdate);
$tracker "INSERT into link_tracker (url, user_agent, referer, timestamp)"."VALUES ('$id', '$user_agent', '$referer', NOW())"// countlinks
mysql_query($tracker); // countlinks()

} else {
$id _SITE;
echo 'zip';
}
}

$file 'log_go.txt';
// test like ?go=<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
//$id = $_GET['go']; // If get only this xss occurs
//$id = clean(cleanXSS($_GET['go'])); // working but with many warnings
$fp fopen($file'a+') or die('Could not open file!'); 
fwrite($fp"$id \r\n") or die('Could not write to file'); 
fclose($fp);
echo 
$id;
// header("Location: $id", true, 301); 
//exit;
}
?>



Logged

sibas

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 451
    • www.simply4all.net
Re: url/banner management
« Reply #4 on: January 28, 2013, 12:45:53 PM »

Logged

sibas

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 451
    • www.simply4all.net
Re: url/banner management
« Reply #5 on: January 29, 2013, 03:44:18 PM »

OK perhaps the
RewriteRule ^(.*)$ index.php?category=$1 [L]
don't let redirect, but I am not sure.

add this in index to see what occurs
Code: [Select]
<?php
if (isset($_SERVER['QUERY_STRING'])) { 
echo 
$_SERVER['REQUEST_URI'].='?'.$_SERVER['QUERY_STRING'];
echo 
'<br />'.$_SERVER['QUERY_STRING'];
}
?>

try it like
Quote
http://127.0.0.1/snews17/cat1/?go=http://snewscms.com/
Logged