aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-01-16 15:51:21 -0800
committerfriendica <info@friendica.com>2013-01-16 15:51:21 -0800
commitc74bf006cc7012805af3c2965c977f5f36b74f37 (patch)
treefaa19aa0b621e4a843c424123dfba5747190f0be
parent71d710c3f79d31ed629f89a58c0195304cbacba6 (diff)
downloadvolse-hubzilla-c74bf006cc7012805af3c2965c977f5f36b74f37.tar.gz
volse-hubzilla-c74bf006cc7012805af3c2965c977f5f36b74f37.tar.bz2
volse-hubzilla-c74bf006cc7012805af3c2965c977f5f36b74f37.zip
begin the hard slog on the api
-rw-r--r--include/api.php176
-rw-r--r--include/security.php8
-rw-r--r--version.inc2
3 files changed, 99 insertions, 87 deletions
diff --git a/include/api.php b/include/api.php
index d755c7018..93ea82e45 100644
--- a/include/api.php
+++ b/include/api.php
@@ -4,6 +4,7 @@
require_once("conversation.php");
require_once("oauth.php");
require_once("html2plain.php");
+
/*
* Twitter-Like API
*
@@ -12,6 +13,14 @@
$API = Array();
$called_api = Null;
+
+ function api_user() {
+ if ($_SESSION["allow_api"])
+ return local_user();
+ return false;
+ }
+
+
function api_date($str){
//Wed May 23 06:01:13 +0000 2007
return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" );
@@ -30,7 +39,7 @@
function api_login(&$a){
// login with oauth
- try{
+ try {
$oauth = new FKOAuth1();
list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
if (!is_null($token)){
@@ -38,14 +47,15 @@
call_hooks('logged_in', $a->user);
return;
}
- echo __file__.__line__.__function__."<pre>"; var_dump($consumer, $token); die();
- }catch(Exception $e){
+ echo __file__.__line__.__function__."<pre>";
+ var_dump($consumer, $token);
+ die();
+ }
+ catch(Exception $e) {
logger(__file__.__line__.__function__."\n".$e);
- //die(__file__.__line__.__function__."<pre>".$e); die();
}
-
// workaround for HTTP-auth in CGI mode
if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
@@ -58,41 +68,24 @@
if (!isset($_SERVER['PHP_AUTH_USER'])) {
logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Friendica"');
+ header('WWW-Authenticate: Basic realm="Red"');
header('HTTP/1.0 401 Unauthorized');
die('This api requires login');
}
- $user = $_SERVER['PHP_AUTH_USER'];
- $encrypted = hash('whirlpool',trim($_SERVER['PHP_AUTH_PW']));
-
-
- /**
- * next code from mod/auth.php. needs better solution
- */
-
// process normal login request
-
- $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' )
- AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
- dbesc(trim($user)),
- dbesc(trim($user)),
- dbesc($encrypted)
- );
- if(count($r)){
- $record = $r[0];
- } else {
+ require_once('include/auth.php');
+ $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+ if(! $record) {
logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Friendica"');
+ header('WWW-Authenticate: Basic realm="Red"');
header('HTTP/1.0 401 Unauthorized');
die('This api requires login');
}
require_once('include/security.php');
authenticate_success($record);
-
- call_hooks('logged_in', $a->user);
-
+ $_SESSION['allow_api'] = true;
}
/**************************
@@ -108,11 +101,11 @@
if (strpos($a->query_string, $p)===0){
$called_api= explode("/",$p);
//unset($_SERVER['PHP_AUTH_USER']);
- if ($info['auth']===true && local_user()===false) {
+ if ($info['auth']===true && api_user()===false) {
api_login($a);
}
- load_contact_links(local_user());
+ load_contact_links(api_user());
logger('API call for ' . $a->user['username'] . ': ' . $a->query_string);
logger('API parameters: ' . print_r($_REQUEST,true));
@@ -219,7 +212,7 @@
if(is_null($user) && x($_GET, 'screen_name')) {
$user = dbesc($_GET['screen_name']);
$extra_query = "AND `contact`.`nick` = '%s' ";
- if (local_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(local_user());
+ if (api_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(api_user());
}
@@ -232,12 +225,12 @@
} else {
$user = dbesc($user);
$extra_query = "AND `contact`.`nick` = '%s' ";
- if (local_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(local_user());
+ if (api_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(api_user());
}
}
if (! $user) {
- if (local_user()===false) {
+ if (api_user()===false) {
api_login($a); return False;
} else {
$user = $_SESSION['uid'];
@@ -259,10 +252,10 @@
if($uinfo[0]['self']) {
$usr = q("select * from user where uid = %d limit 1",
- intval(local_user())
+ intval(api_user())
);
$profile = q("select * from profile where uid = %d and `is_default` = 1 limit 1",
- intval(local_user())
+ intval(api_user())
);
// count public wall messages
@@ -458,7 +451,7 @@
* http://developer.twitter.com/doc/get/account/verify_credentials
*/
function api_account_verify_credentials(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
return api_apply_template("user", $type, array('$user' => $user_info));
@@ -482,14 +475,14 @@
function api_statuses_mediap(&$a, $type) {
- if (local_user()===false) {
+ if (api_user()===false) {
logger('api_statuses_update: no user');
return false;
}
$user_info = api_get_user($a);
$_REQUEST['type'] = 'wall';
- $_REQUEST['profile_uid'] = local_user();
+ $_REQUEST['profile_uid'] = api_user();
$_REQUEST['api_source'] = true;
$txt = requestdata('status');
//$txt = urldecode(requestdata('status'));
@@ -525,7 +518,7 @@
function api_statuses_update(&$a, $type) {
- if (local_user()===false) {
+ if (api_user()===false) {
logger('api_statuses_update: no user');
return false;
}
@@ -567,7 +560,7 @@
if(requestdata('lat') && requestdata('long'))
$_REQUEST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long'));
- $_REQUEST['profile_uid'] = local_user();
+ $_REQUEST['profile_uid'] = api_user();
if($parent)
$_REQUEST['type'] = 'net-comment';
@@ -711,7 +704,7 @@
* TODO: Add reply info
*/
function api_statuses_home_timeline(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
// get last newtork messages
@@ -785,7 +778,7 @@
api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true);
function api_statuses_public_timeline(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
// get last newtork messages
@@ -867,7 +860,7 @@
*
*/
function api_statuses_show(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
@@ -919,7 +912,7 @@
*
*/
function api_statuses_repeat(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
@@ -945,7 +938,7 @@
if ($r[0]['body'] != "") {
$_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
- $_REQUEST['profile_uid'] = local_user();
+ $_REQUEST['profile_uid'] = api_user();
$_REQUEST['type'] = 'wall';
$_REQUEST['api_source'] = true;
@@ -966,7 +959,7 @@
*
*/
function api_statuses_destroy(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
@@ -993,7 +986,7 @@
*
*/
function api_statuses_mentions(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
// get last newtork messages
@@ -1073,13 +1066,13 @@
function api_statuses_user_timeline(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
// get last newtork messages
- logger("api_statuses_user_timeline: local_user: ". local_user() .
+ logger("api_statuses_user_timeline: api_user: ". api_user() .
"\nuser_info: ".print_r($user_info, true) .
"\n_REQUEST: ".print_r($_REQUEST, true),
LOGGER_DEBUG);
@@ -1111,7 +1104,7 @@
$sql_extra
AND `item`.`id`>%d
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
- intval(local_user()),
+ intval(api_user()),
intval($user_info['id']),
intval($since_id),
intval($start), intval($count)
@@ -1134,7 +1127,7 @@
function api_favorites(&$a, $type){
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
// in friendica starred item are private
@@ -1406,7 +1399,7 @@
* returns: json, xml
**/
function api_statuses_f(&$a, $type, $qtype) {
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
@@ -1432,7 +1425,7 @@
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
- intval(local_user())
+ intval(api_user())
);
$ret = array();
@@ -1463,37 +1456,41 @@
function api_statusnet_config(&$a,$type) {
- $name = $a->config['sitename'];
+
+ load_config('system');
+
+ $name = get_config('system','sitename');
$server = $a->get_hostname();
- $logo = $a->get_baseurl() . '/images/friendica-64.png';
- $email = $a->config['admin_email'];
- $closed = (($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false');
- $private = (($a->config['system']['block_public']) ? 'true' : 'false');
- $textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000);
- if($a->config['api_import_size'])
- $texlimit = string($a->config['api_import_size']);
- $ssl = (($a->config['system']['have_ssl']) ? 'true' : 'false');
+ $logo = $a->get_baseurl() . '/images/fred-64.png';
+ $email = get_config('system','admin_email');
+ $closed = ((get_config('system','register_policy') == REGISTER_CLOSED) ? 'true' : 'false');
+ $private = ((get_config('system','block_public')) ? 'true' : 'false');
+ $textlimit = (string) ((get_config('system','max_import_size')) ? get_config('system','max_import_size') : 200000);
+ if(get_config('system','api_import_size'))
+ $texlimit = string(get_config('system','api_import_size'));
+ $ssl = ((get_config('system','have_ssl')) ? 'true' : 'false');
$sslserver = (($ssl === 'true') ? str_replace('http:','https:',$a->get_baseurl()) : '');
$config = array(
'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '',
- 'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '',
- 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
- 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
- 'shorturllength' => '30',
- 'friendica' => array(
- 'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM,
- 'FRIENDICA_VERSION' => FRIENDICA_VERSION,
- 'DFRN_PROTOCOL_VERSION' => DFRN_PROTOCOL_VERSION,
- 'DB_UPDATE_VERSION' => DB_UPDATE_VERSION
- )
- ),
- );
+ 'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '',
+ 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
+ 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
+ 'shorturllength' => '30',
+ 'friendica' => array(
+ 'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM,
+ 'FRIENDICA_VERSION' => FRIENDICA_VERSION,
+ 'ZOT_REVISION' => ZOT_REVISION,
+ 'DB_UPDATE_VERSION' => DB_UPDATE_VERSION
+ )
+ ));
return api_apply_template('config', $type, array('$config' => $config));
}
api_register_func('api/statusnet/config','api_statusnet_config',false);
+ api_register_func('api/friendica/config','api_statusnet_config',false);
+ api_register_func('api/red/config','api_statusnet_config',false);
function api_statusnet_version(&$a,$type) {
@@ -1513,8 +1510,25 @@
api_register_func('api/statusnet/version','api_statusnet_version',false);
+ function api_friendica_version(&$a,$type) {
+
+ if($type === 'xml') {
+ header("Content-type: application/xml");
+ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>' . FRIENDICA_VERSION . '</version>' . "\r\n";
+ killme();
+ }
+ elseif($type === 'json') {
+ header("Content-type: application/json");
+ echo '"' . FRIENDICA_VERSION . '"';
+ killme();
+ }
+ }
+ api_register_func('api/friendica/version','api_friendica_version',false);
+ api_register_func('api/red/version','api_friendica_version',false);
+
+
function api_ff_ids(&$a,$type,$qtype) {
- if(! local_user())
+ if(! api_user())
return false;
if($qtype == 'friends')
@@ -1524,7 +1538,7 @@
$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
- intval(local_user())
+ intval(api_user())
);
if(is_array($r)) {
@@ -1557,7 +1571,7 @@
function api_direct_messages_new(&$a, $type) {
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
if (!x($_POST, "text") || !x($_POST,"screen_name")) return;
@@ -1566,7 +1580,7 @@
require_once("include/message.php");
$r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'",
- intval(local_user()),
+ intval(api_user()),
dbesc($_POST['screen_name']));
$recipient = api_get_user($a, $r[0]['id']);
@@ -1574,7 +1588,7 @@
$sub = '';
if (x($_REQUEST,'replyto')) {
$r = q('SELECT `parent_uri`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d',
- intval(local_user()),
+ intval(api_user()),
intval($_REQUEST['replyto']));
$replyto = $r[0]['parent_uri'];
$sub = $r[0]['title'];
@@ -1612,7 +1626,7 @@
api_register_func('api/direct_messages/new','api_direct_messages_new',true);
function api_direct_messages_box(&$a, $type, $box) {
- if (local_user()===false) return false;
+ if (api_user()===false) return false;
$user_info = api_get_user($a);
@@ -1638,7 +1652,7 @@
}
$r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d",
- intval(local_user()),
+ intval(api_user()),
intval($start), intval($count)
);
diff --git a/include/security.php b/include/security.php
index 276c8f97c..0783a3c20 100644
--- a/include/security.php
+++ b/include/security.php
@@ -6,11 +6,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
-// logger('authenticate_success: ' . print_r($user_record,true));
-// logger('authenticate_success: ' . print_r($_SESSION,true));
-
if(x($user_record,'account_id')) {
-// logger('authenticate_success: Red-style');
$a->account = $user_record;
$_SESSION['account_id'] = $user_record['account_id'];
$_SESSION['authenticated'] = 1;
@@ -115,10 +111,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive
intval($_SESSION['uid'])
);
- call_hooks('logged_in', $a->user);
}
}
+
+ if($login_initial)
+ call_hooks('logged_in', $user_record);
if($return || x($_SESSION,'workflow')) {
diff --git a/version.inc b/version.inc
index 9a868e78e..f7f909959 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-15.201
+2013-01-16.202