aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/api.php179
-rw-r--r--include/api_auth.php95
-rw-r--r--include/auth.php1
3 files changed, 96 insertions, 179 deletions
diff --git a/include/api.php b/include/api.php
index 875bf121f..24176884c 100644
--- a/include/api.php
+++ b/include/api.php
@@ -66,96 +66,6 @@ require_once('include/attach.php');
'auth'=>$auth);
}
- /**
- * Simple HTTP Login
- */
-
- function api_login(&$a){
- // login with oauth
- try {
- $oauth = new FKOAuth1();
- $req = OAuthRequest::from_request();
-
- list($consumer,$token) = $oauth->verify_request($req);
-
- if (!is_null($token)){
- $oauth->loginUser($token->uid);
-
- $a->set_oauth_key($consumer->key);
-
- call_hooks('logged_in', $a->user);
- return;
- }
- echo __file__.__line__.__function__."<pre>";
-// var_dump($consumer, $token);
- die();
- }
- catch(Exception $e) {
- logger(__file__.__line__.__function__."\n".$e);
- }
-
-
- // workaround for HTTP-auth in CGI mode
- if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
- $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
- }
-
- if(x($_SERVER,'HTTP_AUTHORIZATION')) {
- $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
- }
-
-
- if (!isset($_SERVER['PHP_AUTH_USER'])) {
- logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
-
- // process normal login request
- require_once('include/auth.php');
- $channel_login = 0;
- $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
- if(! $record) {
- $r = q("select * from channel where channel_address = '%s' limit 1",
- dbesc($_SERVER['PHP_AUTH_USER'])
- );
- if ($r) {
- $x = q("select * from account where account_id = %d limit 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x) {
- $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
- if($record)
- $channel_login = $r[0]['channel_id'];
- }
- }
- if(! $record) {
- logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
- }
-
- require_once('include/security.php');
- authenticate_success($record);
-
- if($channel_login)
- change_channel($channel_login);
-
- $_SESSION['allow_api'] = true;
- }
/**************************
* MAIN API ENTRY POINT *
@@ -2417,95 +2327,6 @@ logger('Req: ' . var_export($req,true));
api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
-
-function api_export_users(&$a,$type) {
-
- if (! is_site_admin()){
- header('HTTP/1.0 401 Unauthorized');
- die('Only admin accounts may use this endpoint.');
- }
-
- $r = q("SELECT * FROM account");
-
- // TODO: paginating!
-
- $ret = array();
- foreach($r as $u){
- $ret[] = $u;
- }
-
- json_return_and_die(array('status' => 'OK',
- 'users' => $u));
-}
-api_register_func('api/export/users','api_export_users', true);
-
-
-
-function api_export_channel_hashes(&$a, $type) {
-
- if (! is_site_admin()){
- header('HTTP/1.0 401 Unauthorized');
- die('Only admin accounts may use this endpoint.');
- }
-
- if( $_REQUEST['account_id'] == ''){
- header('HTTP/1.0 422 Unprocessable Entity');
- die('Must supply account_id parameter.');
-
- }
-
- $c = q("select * from channel where channel_account_id = '%d'",
- intval($_REQUEST['account_id']));
-
- if(! $c){
- header('HTTP/1.0 404 Not Found');
- die('No such account_id '. $_REQUEST['account_id']);
-
- }
-
- $ret = array();
- foreach ($c as $r){
- $ret[] = $r['channel_hash'];
- }
- json_return_and_die(array('status' => 'OK',
- 'channel_hashes' => $ret));
-}
-api_register_func('api/export/channels','api_export_channel_hashes', true);
-
-
-
-
-function api_export_identity(&$a, $type) {
-
- if (! is_site_admin()){
- header('HTTP/1.0 401 Unauthorized');
- die('Only admin accounts may use this endpoint.');
- }
-
- if( $_REQUEST['channel_hash'] == ''){
- header('HTTP/1.0 422 Unprocessable Entity');
- die('Must supply channel_hash parameter.');
-
- }
-
- require_once('include/identity.php');
-
- $c = q("select channel_id from channel where channel_hash = '%s' LIMIT 1",
- dbesc($_REQUEST['channel_hash']));
-
- if(! $c){
- header('HTTP/1.0 404 Not Found');
- die('No such channel '. $_REQUEST['channel_hash']);
-
- }
- json_return_and_die(
- identity_basic_export($c[0]['channel_id'],
- (($_REQUEST['posts']) ? intval($_REQUEST['posts']) : 0 )));
-}
-api_register_func('api/export/identity','api_export_identity', true);
-
-
-
/*
Not implemented by now:
statuses/retweets_of_me
diff --git a/include/api_auth.php b/include/api_auth.php
new file mode 100644
index 000000000..ee9db3f55
--- /dev/null
+++ b/include/api_auth.php
@@ -0,0 +1,95 @@
+<?php /** @file */
+
+require_once("oauth.php");
+
+
+/**
+ * Simple HTTP Login
+ */
+
+function api_login(&$a){
+ // login with oauth
+ try {
+ $oauth = new FKOAuth1();
+ $req = OAuthRequest::from_request();
+
+ list($consumer,$token) = $oauth->verify_request($req);
+
+ if (!is_null($token)){
+ $oauth->loginUser($token->uid);
+
+ $a->set_oauth_key($consumer->key);
+
+ call_hooks('logged_in', $a->user);
+ return;
+ }
+ echo __file__.__line__.__function__."<pre>";
+// var_dump($consumer, $token);
+ die();
+ }
+ catch(Exception $e) {
+ logger(__file__.__line__.__function__."\n".$e);
+ }
+
+
+ // workaround for HTTP-auth in CGI mode
+ if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
+ $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
+ }
+ }
+
+ if(x($_SERVER,'HTTP_AUTHORIZATION')) {
+ $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
+ }
+ }
+
+
+ if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+ header('WWW-Authenticate: Basic realm="Red"');
+ header('HTTP/1.0 401 Unauthorized');
+ die('This api requires login');
+ }
+
+ // process normal login request
+ require_once('include/auth.php');
+ $channel_login = 0;
+ $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+ if(! $record) {
+ $r = q("select * from channel where channel_address = '%s' limit 1",
+ dbesc($_SERVER['PHP_AUTH_USER'])
+ );
+ if ($r) {
+ $x = q("select * from account where account_id = %d limit 1",
+ intval($r[0]['channel_account_id'])
+ );
+ if ($x) {
+ $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+ if($record)
+ $channel_login = $r[0]['channel_id'];
+ }
+ }
+ if(! $record) {
+ logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+ header('WWW-Authenticate: Basic realm="Red"');
+ header('HTTP/1.0 401 Unauthorized');
+ die('This api requires login');
+ }
+ }
+
+ require_once('include/security.php');
+ authenticate_success($record);
+
+ if($channel_login)
+ change_channel($channel_login);
+
+ $_SESSION['allow_api'] = true;
+}
diff --git a/include/auth.php b/include/auth.php
index 643894e32..4f0c4c928 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -9,6 +9,7 @@
* Also provides a function for OpenID identiy matching.
*/
+require_once('include/api_auth.php');
require_once('include/security.php');
/**