Merge pull request #158 from fabrixxm/master

Some works on API

2 files changed, 299 insertions, 5 deletions

diff --git a/include/api.php b/include/api.php
index 7a44cf023..a599f0d9b 100644
--- a/include/api.php
+++ b/include/api.php
@@ -196,6 +196,7 @@
 		$user = null;
 		$extra_query = "";
 
+
 		if(!is_null($contact_id)){
 			$user=$contact_id;
 			$extra_query = "AND `contact`.`id` = %d ";
@@ -332,7 +333,7 @@
 			'notifications' => false,
 			'following' => '', #XXX: fix me
 			'verified' => true, #XXX: fix me
-			#'status' => null
+			'status' => array()
 		);
 	
 		return $ret;
@@ -612,6 +613,13 @@
 		// get last newtork messages
 //		$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
 
+		// params
+		$count = (x($_GET,'count')?$_GET['count']:20);
+		$page = (x($_GET,'page')?$_GET['page']:0);
+		
+		$start = $page*$count;
+
+
 		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, 
 			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
 			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
@@ -624,7 +632,7 @@
 			$sql_extra
 			ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
 			intval($user_info['uid']),
-			0,20
+			intval($start),	intval($count)
 		);
 
 		$ret = api_format_items($r,$user_info);
@@ -651,6 +659,13 @@
 		// get last newtork messages
 //		$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
 
+		// params
+		$count = (x($_GET,'count')?$_GET['count']:20);
+		$page = (x($_GET,'page')?$_GET['page']:0);
+		
+		$start = $page*$count;
+
+
 		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, 
 			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
 			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
@@ -664,7 +679,7 @@
 			$sql_extra
 			ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
 			intval($user_info['uid']),
-			0,20
+			intval($start),	intval($count)
 		);
 
 		$ret = api_format_items($r,$user_info);
@@ -689,6 +704,11 @@
 		$user_info = api_get_user($a);
 		// get last newtork messages
 //		$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
+		// params
+		$count = (x($_GET,'count')?$_GET['count']:20);
+		$page = (x($_GET,'page')?$_GET['page']:0);
+		
+		$start = $page*$count;
 
 		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, 
 			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@@ -703,7 +723,7 @@
 			$sql_extra
 			ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
 			intval($user_info['uid']),
-			0,20
+			intval($start),	intval($count)
 		);
 
 		$ret = api_format_items($r,$user_info);
@@ -780,6 +800,58 @@
 	}
 	api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true);
 
+	/**
+	 *  https://dev.twitter.com/docs/api/1/get/statuses/friends 
+	 *  This function is deprecated by Twitter
+	 *  returns: json, xml 
+	 **/
+	function api_statuses_f(&$a, $type, $qtype) {
+		if (local_user()===false) return false;
+		$user_info = api_get_user($a);
+		
+		if (x($_GET,'cursor') && $_GET['cursor']=='undefined'){
+			/* this is to stop Hotot to load friends multiple times
+			*  I'm not sure if I'm missing return something or
+			*  is a bug in hotot. Workaround, meantime
+			*/
+			
+			$ret=Array();
+			$data = array('$users' => $ret);
+			return  api_apply_template("friends", $type, $data);
+		}
+		
+		if($qtype == 'friends')
+			$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
+		if($qtype == 'followers')
+			$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
+ 
+		$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
+			intval(local_user())
+		);
+
+		$ret = array();
+		foreach($r as $cid){
+			$ret[] = api_get_user($a, $cid['id']);
+		}
+
+		
+		$data = array('$users' => $ret);
+		return  api_apply_template("friends", $type, $data);
+
+	}
+	function api_statuses_friends(&$a, $type){
+		return api_statuses_f($a,$type,"friends");
+	}
+	function api_statuses_followers(&$a, $type){
+		return api_statuses_f($a,$type,"followers");
+	}
+	api_register_func('api/statuses/friends','api_statuses_friends',true);
+	api_register_func('api/statuses/followers','api_statuses_followers',true);
+
+
+
+
+
 
 	function api_statusnet_config(&$a,$type) {
 		$name = $a->config['sitename'];
@@ -808,7 +880,6 @@
 	}
 	api_register_func('api/statusnet/config','api_statusnet_config',false);
 
-
 	function api_statusnet_version(&$a,$type) {
 
 		// liar
@@ -869,3 +940,130 @@
 	api_register_func('api/friends/ids','api_friends_ids',true);
 	api_register_func('api/followers/ids','api_followers_ids',true);
 
+
+	function api_direct_messages_new(&$a, $type) {
+		if (local_user()===false) return false;
+		
+		if (!x($_POST, "text") || !x($_POST,"screen_name")) return;
+		
+		$sender = api_get_user($a);
+		
+		$r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'",
+				intval(local_user()),
+				dbesc($_POST['screen_name']));
+		
+		$recipient = api_get_user($a, $r[0]['id']);			
+		
+
+		require_once("include/message.php");
+		$sub = ( (strlen($_POST['text'])>10)?substr($_POST['text'],0,10)."...":$_POST['text']);
+		$id = send_message($recipient['id'], $_POST['text'], $sub);
+		
+		
+		if ($id>-1) {
+			$r = q("SELECT * FROM `mail` WHERE id=%d", intval($id));
+			$item = $r[0];
+			$ret=Array(
+					'id' => $item['id'],
+					'created_at'=> datetime_convert('UTC','UTC',$item['created'],ATOM_TIME),
+					'sender_id'=> $sender['id'] ,
+					'sender_screen_name'=> $sender['screen_name'],
+					'sender'=> $sender,
+					'recipient_id'=> $recipient['id'],
+					'recipient_screen_name'=> $recipient['screen_name'],
+					'recipient'=> $recipient,
+					
+					'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) ,
+					
+			);
+		
+		} else {
+			$ret = array("error"=>$id);	
+		}
+		
+		$data = Array('$messages'=>$ret);
+		
+		switch($type){
+			case "atom":
+			case "rss":
+				$data = api_rss_extra($a, $data, $user_info);
+		}
+				
+		return  api_apply_template("direct_messages", $type, $data);
+				
+	}
+	api_register_func('api/direct_messages/new','api_direct_messages_new',true);
+
+    function api_direct_messages_box(&$a, $type, $box) {
+		if (local_user()===false) return false;
+		
+		$user_info = api_get_user($a);
+		
+		// params
+		$count = (x($_GET,'count')?$_GET['count']:20);
+		$page = (x($_GET,'page')?$_GET['page']:0);
+		
+		$start = $page*$count;
+		
+	
+		if ($box=="sentbox") {
+			$sql_extra = "`from-url`='%s'";
+		} else {
+			$sql_extra = "`from-url`!='%s'";
+		}
+		
+		$r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d",
+				intval(local_user()),
+				dbesc( $a->get_baseurl() . '/profile/' . $a->user['nickname'] ),
+				intval($start),	intval($count)
+			   );
+		
+		$ret = Array();
+		foreach($r as $item){
+			switch ($box){
+				case "inbox":
+					$recipient = $user_info;
+					$sender = api_get_user($a,$item['contact-id']);
+					break;
+				case "sentbox":
+					$recipient = api_get_user($a,$item['contact-id']);
+					$sender = $user_info;
+					break;
+			}
+				
+			$ret[]=Array(
+				'id' => $item['id'],
+				'created_at'=> datetime_convert('UTC','UTC',$item['created'],ATOM_TIME),
+				'sender_id'=> $sender['id'] ,
+				'sender_screen_name'=> $sender['screen_name'],
+				'sender'=> $sender,
+				'recipient_id'=> $recipient['id'],
+				'recipient_screen_name'=> $recipient['screen_name'],
+				'recipient'=> $recipient,
+				
+				'text'=> $item['title']."\n".strip_tags(bbcode($item['body'])) ,
+				
+			);
+			
+		}
+		
+
+		$data = array('$messages' => $ret);
+		switch($type){
+			case "atom":
+			case "rss":
+				$data = api_rss_extra($a, $data, $user_info);
+		}
+				
+		return  api_apply_template("direct_messages", $type, $data);
+		
+	}
+
+	function api_direct_messages_sentbox(&$a, $type){
+		return api_direct_messages_box($a, $type, "sentbox");
+	}
+	function api_direct_messages_inbox(&$a, $type){
+		return api_direct_messages_box($a, $type, "inbox");
+	}
+	api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true);
+	api_register_func('api/direct_messages','api_direct_messages_inbox',true);
diff --git a/include/message.php b/include/message.php
new file mode 100644
index 000000000..cca913b4e
--- /dev/null
+++ b/include/message.php
@@ -0,0 +1,96 @@
+<?php
+	// send a private message
+	
+
+
+
+function send_message($recipient=0, $body='', $subject='', $replyto=''){ 
+	$a = get_app();
+
+	if(! $recipient) return -1;
+	
+	if(! strlen($subject))
+		$subject = t('[no subject]');
+
+	$me = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
+		intval(local_user())
+	);
+	$contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+			intval($recipient),
+			intval(local_user())
+	);
+
+	if(! (count($me) && (count($contact)))) {
+		return -2;
+	}
+
+	$hash = random_string();
+ 	$uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . local_user() . ':' . $hash ;
+
+	if(! strlen($replyto))
+		$replyto = $uri;
+
+	$r = q("INSERT INTO `mail` ( `uid`, `from-name`, `from-photo`, `from-url`, 
+		`contact-id`, `title`, `body`, `seen`, `replied`, `uri`, `parent-uri`, `created`)
+		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s', '%s', '%s' )",
+		intval(local_user()),
+		dbesc($me[0]['name']),
+		dbesc($me[0]['thumb']),
+		dbesc($me[0]['url']),
+		intval($recipient),
+		dbesc($subject),
+		dbesc($body),
+		1,
+		0,
+		dbesc($uri),
+		dbesc($replyto),
+		datetime_convert()
+	);
+	$r = q("SELECT * FROM `mail` WHERE `uri` = '%s' and `uid` = %d LIMIT 1",
+		dbesc($uri),
+		intval(local_user())
+	);
+	if(count($r))
+		$post_id = $r[0]['id'];
+
+	/**
+	 *
+	 * When a photo was uploaded into the message using the (profile wall) ajax 
+	 * uploader, The permissions are initially set to disallow anybody but the
+	 * owner from seeing it. This is because the permissions may not yet have been
+	 * set for the post. If it's private, the photo permissions should be set
+	 * appropriately. But we didn't know the final permissions on the post until
+	 * now. So now we'll look for links of uploaded messages that are in the
+	 * post and set them to the same permissions as the post itself.
+	 *
+	 */
+
+	$match = null;
+
+	if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) {
+		$images = $match[1];
+		if(count($images)) {
+			foreach($images as $image) {
+				if(! stristr($image,$a->get_baseurl() . '/photo/'))
+					continue;
+				$image_uri = substr($image,strrpos($image,'/') + 1);
+				$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
+				$r = q("UPDATE `photo` SET `allow_cid` = '%s'
+					WHERE `resource-id` = '%s' AND `album` = '%s' AND `uid` = %d ",
+					dbesc('<' . $recipient . '>'),
+					dbesc($image_uri),
+					dbesc( t('Wall Photos')),
+					intval(local_user())
+				); 
+			}
+		}
+	}
+	
+	if($post_id) {
+		proc_run('php',"include/notifier.php","mail","$post_id");
+		return intval($post_id);
+	} else {
+		return -3;
+	}
+
+}