aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/api.php78
1 files changed, 54 insertions, 24 deletions
diff --git a/include/api.php b/include/api.php
index 93ea82e45..4404058da 100644
--- a/include/api.php
+++ b/include/api.php
@@ -4,17 +4,40 @@
require_once("conversation.php");
require_once("oauth.php");
require_once("html2plain.php");
+ require_once('include/security.php');
/*
- * Twitter-Like API
+ *
+ * Red API. Loosely based on and possibly compatible with a Twitter-Like API but all similarities end there.
*
*/
$API = Array();
$called_api = Null;
+ // All commands which require authentication accept a "channel" parameter
+ // which is the left hand side of the channel address/nickname.
+ // If provided, the desired channel is selected before caarying out the command.
+ // If not provided, the default channel associated with the account is used.
+ // If channel selection fails, the API command requiring login will fail.
function api_user() {
+ $aid = get_account_id();
+ $channel = get_app()->get_channel();
+
+ if(($aid) && (x($_REQUEST,'channel'))) {
+
+ // Only change channel if it is different than the current channel
+
+ if($channel && x($channel,'channel_address') && $channel['channel_address'] != $_REQUEST['channel']) {
+ $c = q("select channel_id from channel where channel_address = '%s' and channel_account_id = %d limit 1",
+ dbesc($_REQUEST['channel']),
+ intval($aid)
+ );
+ if((! $c) || (! change_channel($c[0]['channel_id'])))
+ return false;
+ }
+ }
if ($_SESSION["allow_api"])
return local_user();
return false;
@@ -194,6 +217,7 @@
/**
* Returns user info array.
*/
+
function api_get_user(&$a, $contact_id = Null){
global $called_api;
$user = null;
@@ -202,46 +226,48 @@
if(!is_null($contact_id)){
$user=$contact_id;
- $extra_query = "AND `contact`.`id` = %d ";
+ $extra_query = " AND abook_id = %d ";
}
if(is_null($user) && x($_GET, 'user_id')) {
$user = intval($_GET['user_id']);
- $extra_query = "AND `contact`.`id` = %d ";
+ $extra_query = " AND abook_id = %d ";
}
if(is_null($user) && x($_GET, 'screen_name')) {
$user = dbesc($_GET['screen_name']);
- $extra_query = "AND `contact`.`nick` = '%s' ";
- if (api_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(api_user());
-
+ $extra_query = " AND xchan_addr like '%s@%%' ";
+ if (api_user()!==false)
+ $extra_query .= " AND abook_channel = ".intval(api_user());
}
- if (is_null($user) && $a->argc > (count($called_api)-1)){
+ if (is_null($user) && argc() > (count($called_api)-1)){
$argid = count($called_api);
- list($user, $null) = explode(".",$a->argv[$argid]);
+ list($user, $null) = explode(".",argv($argid));
if(is_numeric($user)){
$user = intval($user);
- $extra_query = "AND `contact`.`id` = %d ";
+ $extra_query = " AND abook_id = %d ";
} else {
$user = dbesc($user);
- $extra_query = "AND `contact`.`nick` = '%s' ";
- if (api_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(api_user());
+ $extra_query = " AND xchan_addr like '%s@%%' ";
+ if (api_user() !== false)
+ $extra_query .= " AND abook_channel = ".intval(api_user());
}
}
if (! $user) {
- if (api_user()===false) {
- api_login($a); return False;
+ if (api_user() === false) {
+ api_login($a);
+ return False;
} else {
- $user = $_SESSION['uid'];
- $extra_query = "AND `contact`.`uid` = %d AND `contact`.`self` = 1 ";
+ $user = local_user();
+ $extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " ) ";
}
}
logger('api_user: ' . $extra_query . ', user: ' . $user);
// user info
- $uinfo = q("SELECT *, `contact`.`id` as `cid` FROM `contact`
+ $uinfo = q("SELECT * from abook left join xchan on abook_xchan = xchan_hash
WHERE 1
$extra_query",
$user
@@ -250,8 +276,8 @@
return False;
}
- if($uinfo[0]['self']) {
- $usr = q("select * from user where uid = %d limit 1",
+ if($uinfo[0]['abook_flags'] & ABOOK_FLAG_SELF) {
+ $usr = q("select * from channel where channel_id = %d limit 1",
intval(api_user())
);
$profile = q("select * from profile where uid = %d and `is_default` = 1 limit 1",
@@ -261,21 +287,23 @@
// count public wall messages
$r = q("SELECT COUNT(`id`) as `count` FROM `item`
WHERE `uid` = %d
- AND `type`='wall'
+ AND ( item_flags & %d ) and item_restrict = 0
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
- intval($uinfo[0]['uid'])
+ intval($uinfo[0]['uid']),
+ intval(ITEM_WALL)
);
$countitms = $r[0]['count'];
}
else {
$r = q("SELECT COUNT(`id`) as `count` FROM `item`
- WHERE `contact-id` = %d
+ WHERE author_xchan = '%s'
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
- intval($uinfo[0]['id'])
+ intval($uinfo[0]['xchan_hash'])
);
$countitms = $r[0]['count'];
}
+
// count friends
$r = q("SELECT COUNT(`id`) as `count` FROM `contact`
WHERE `uid` = %d AND `rel` IN ( %d, %d )
@@ -518,10 +546,11 @@
function api_statuses_update(&$a, $type) {
- if (api_user()===false) {
+ if (api_user() === false) {
logger('api_statuses_update: no user');
return false;
}
+
$user_info = api_get_user($a);
// convert $_POST array items to the form we use for web posts.
@@ -550,9 +579,9 @@
}
else
$_REQUEST['body'] = requestdata('status');
- //$_REQUEST['body'] = urldecode(requestdata('status'));
$parent = requestdata('in_reply_to_status_id');
+
if(ctype_digit($parent))
$_REQUEST['parent'] = $parent;
else
@@ -560,6 +589,7 @@
if(requestdata('lat') && requestdata('long'))
$_REQUEST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long'));
+
$_REQUEST['profile_uid'] = api_user();
if($parent)