diff options
| -rw-r--r-- | .htaccess | 4 | ||||
| -rw-r--r-- | include/api.php | 20 | ||||
| -rw-r--r-- | mod/item.php | 2 | ||||
| -rw-r--r-- | view/api_status_xml.tpl | 46 |
4 files changed, 67 insertions, 5 deletions
@@ -9,13 +9,15 @@ Deny from all <IfModule mod_rewrite.c> RewriteEngine on +# RewriteRule api.* - [E=REMOTE_USER:%{HTTP:Authorization},L] + # Protect repo directory from browsing RewriteRule "(^|/)\.git" - [F] # Rewrite current-style URLs of the form 'index.php?q=x'. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + RewriteRule ^(.*)$ index.php?q=$1 [E=REMOTE_USER:%{HTTP:Authorization},L,QSA] </IfModule> diff --git a/include/api.php b/include/api.php index ef41c411c..d1f0f9330 100644 --- a/include/api.php +++ b/include/api.php @@ -27,10 +27,21 @@ * Simple HTTP Login */ function api_login(&$a){ + // workaround for HTTP-auth in CGI mode + if(x($_SERVER,'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + if (!isset($_SERVER['PHP_AUTH_USER'])) { + logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG); header('WWW-Authenticate: Basic realm="Friendika"'); header('HTTP/1.0 401 Unauthorized'); - die('This api require login'); + die('This api requires login'); } $user = $_SERVER['PHP_AUTH_USER']; @@ -52,9 +63,10 @@ if(count($r)){ $record = $r[0]; } else { + logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); header('WWW-Authenticate: Basic realm="Friendika"'); header('HTTP/1.0 401 Unauthorized'); - die('This api require login'); + die('This api requires login'); } $_SESSION['uid'] = $record['uid']; $_SESSION['theme'] = $record['theme']; @@ -303,7 +315,7 @@ // TODO - media uploads and alternate 'source' - function api_post_message(&$a, $type) { + function api_statuses_update(&$a, $type) { if (local_user()===false) return false; $user_info = api_get_user($a); @@ -329,7 +341,7 @@ item_post($a); // this should output the last post (the one we just posted). - return api_users_show(); + return api_users_show($a,$type); } api_register_func('api/statuses/update','api_statuses_update', true); diff --git a/mod/item.php b/mod/item.php index 98f4ff90c..e8714f955 100644 --- a/mod/item.php +++ b/mod/item.php @@ -722,6 +722,8 @@ function item_post(&$a) { logger('return: ' . $_POST['return']); goaway($a->get_baseurl() . "/" . $_POST['return'] ); } + if($_POST['api_source']) + return; $json = array('success' => 1); if(x($_POST,'jsreload') && strlen($_POST['jsreload'])) $json['reload'] = $a->get_baseurl() . '/' . $_POST['jsreload']; diff --git a/view/api_status_xml.tpl b/view/api_status_xml.tpl new file mode 100644 index 000000000..f6cd9c2c0 --- /dev/null +++ b/view/api_status_xml.tpl @@ -0,0 +1,46 @@ +<status>{{ if $status }} + <created_at>$status.created_at</created_at> + <id>$status.id</id> + <text>$status.text</text> + <source>$status.source</source> + <truncated>$status.truncated</truncated> + <in_reply_to_status_id>$status.in_reply_to_status_id</in_reply_to_status_id> + <in_reply_to_user_id>$status.in_reply_to_user_id</in_reply_to_user_id> + <favorited>$status.favorited</favorited> + <in_reply_to_screen_name>$status.in_reply_to_screen_name</in_reply_to_screen_name> + <geo>$status.geo</geo> + <coordinates>$status.coordinates</coordinates> + <place>$status.place</place> + <contributors>$status.contributors</contributors> + <user> + <id>$status.user.id</id> + <name>$status.user.name</name> + <screen_name>$status.user.screen_name</screen_name> + <location>$status.user.location</location> + <description>$status.user.description</description> + <profile_image_url>$status.user.profile_image_url</profile_image_url> + <url>$status.user.url</url> + <protected>$status.user.protected</protected> + <followers_count>$status.user.followers</followers_count> + <profile_background_color>$status.user.profile_background_color</profile_background_color> + <profile_text_color>$status.user.profile_text_color</profile_text_color> + <profile_link_color>$status.user.profile_link_color</profile_link_color> + <profile_sidebar_fill_color>$status.user.profile_sidebar_fill_color</profile_sidebar_fill_color> + <profile_sidebar_border_color>$status.user.profile_sidebar_border_color</profile_sidebar_border_color> + <friends_count>$status.user.friends_count</friends_count> + <created_at>$status.user.created_at</created_at> + <favourites_count>$status.user.favourites_count</favourites_count> + <utc_offset>$status.user.utc_offset</utc_offset> + <time_zone>$status.user.time_zone</time_zone> + <profile_background_image_url>$status.user.profile_background_image_url</profile_background_image_url> + <profile_background_tile>$status.user.profile_background_tile</profile_background_tile> + <profile_use_background_image>$status.user.profile_use_background_image</profile_use_background_image> + <notifications></notifications> + <geo_enabled>$status.user.geo_enabled</geo_enabled> + <verified>$status.user.verified</verified> + <following></following> + <statuses_count>$status.user.statuses_count</statuses_count> + <lang>$status.user.lang</lang> + <contributors_enabled>$status.user.contributors_enabled</contributors_enabled> + </user> +{{ endif }}</status> |