diff options
| -rw-r--r-- | include/api.php | 176 | ||||
| -rw-r--r-- | include/security.php | 8 | ||||
| -rw-r--r-- | version.inc | 2 |
3 files changed, 99 insertions, 87 deletions
diff --git a/include/api.php b/include/api.php index d755c7018..93ea82e45 100644 --- a/include/api.php +++ b/include/api.php @@ -4,6 +4,7 @@ require_once("conversation.php"); require_once("oauth.php"); require_once("html2plain.php"); + /* * Twitter-Like API * @@ -12,6 +13,14 @@ $API = Array(); $called_api = Null; + + function api_user() { + if ($_SESSION["allow_api"]) + return local_user(); + return false; + } + + function api_date($str){ //Wed May 23 06:01:13 +0000 2007 return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" ); @@ -30,7 +39,7 @@ function api_login(&$a){ // login with oauth - try{ + try { $oauth = new FKOAuth1(); list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); if (!is_null($token)){ @@ -38,14 +47,15 @@ call_hooks('logged_in', $a->user); return; } - echo __file__.__line__.__function__."<pre>"; var_dump($consumer, $token); die(); - }catch(Exception $e){ + echo __file__.__line__.__function__."<pre>"; + var_dump($consumer, $token); + die(); + } + catch(Exception $e) { logger(__file__.__line__.__function__."\n".$e); - //die(__file__.__line__.__function__."<pre>".$e); die(); } - // workaround for HTTP-auth in CGI mode if(x($_SERVER,'REDIRECT_REMOTE_USER')) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; @@ -58,41 +68,24 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) { logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Friendica"'); + header('WWW-Authenticate: Basic realm="Red"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } - $user = $_SERVER['PHP_AUTH_USER']; - $encrypted = hash('whirlpool',trim($_SERVER['PHP_AUTH_PW'])); - - - /** - * next code from mod/auth.php. needs better solution - */ - // process normal login request - - $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) - AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", - dbesc(trim($user)), - dbesc(trim($user)), - dbesc($encrypted) - ); - if(count($r)){ - $record = $r[0]; - } else { + require_once('include/auth.php'); + $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); + if(! $record) { logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Friendica"'); + header('WWW-Authenticate: Basic realm="Red"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } require_once('include/security.php'); authenticate_success($record); - - call_hooks('logged_in', $a->user); - + $_SESSION['allow_api'] = true; } /************************** @@ -108,11 +101,11 @@ if (strpos($a->query_string, $p)===0){ $called_api= explode("/",$p); //unset($_SERVER['PHP_AUTH_USER']); - if ($info['auth']===true && local_user()===false) { + if ($info['auth']===true && api_user()===false) { api_login($a); } - load_contact_links(local_user()); + load_contact_links(api_user()); logger('API call for ' . $a->user['username'] . ': ' . $a->query_string); logger('API parameters: ' . print_r($_REQUEST,true)); @@ -219,7 +212,7 @@ if(is_null($user) && x($_GET, 'screen_name')) { $user = dbesc($_GET['screen_name']); $extra_query = "AND `contact`.`nick` = '%s' "; - if (local_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(local_user()); + if (api_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(api_user()); } @@ -232,12 +225,12 @@ } else { $user = dbesc($user); $extra_query = "AND `contact`.`nick` = '%s' "; - if (local_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(local_user()); + if (api_user()!==false) $extra_query .= "AND `contact`.`uid`=".intval(api_user()); } } if (! $user) { - if (local_user()===false) { + if (api_user()===false) { api_login($a); return False; } else { $user = $_SESSION['uid']; @@ -259,10 +252,10 @@ if($uinfo[0]['self']) { $usr = q("select * from user where uid = %d limit 1", - intval(local_user()) + intval(api_user()) ); $profile = q("select * from profile where uid = %d and `is_default` = 1 limit 1", - intval(local_user()) + intval(api_user()) ); // count public wall messages @@ -458,7 +451,7 @@ * http://developer.twitter.com/doc/get/account/verify_credentials */ function api_account_verify_credentials(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); return api_apply_template("user", $type, array('$user' => $user_info)); @@ -482,14 +475,14 @@ function api_statuses_mediap(&$a, $type) { - if (local_user()===false) { + if (api_user()===false) { logger('api_statuses_update: no user'); return false; } $user_info = api_get_user($a); $_REQUEST['type'] = 'wall'; - $_REQUEST['profile_uid'] = local_user(); + $_REQUEST['profile_uid'] = api_user(); $_REQUEST['api_source'] = true; $txt = requestdata('status'); //$txt = urldecode(requestdata('status')); @@ -525,7 +518,7 @@ function api_statuses_update(&$a, $type) { - if (local_user()===false) { + if (api_user()===false) { logger('api_statuses_update: no user'); return false; } @@ -567,7 +560,7 @@ if(requestdata('lat') && requestdata('long')) $_REQUEST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long')); - $_REQUEST['profile_uid'] = local_user(); + $_REQUEST['profile_uid'] = api_user(); if($parent) $_REQUEST['type'] = 'net-comment'; @@ -711,7 +704,7 @@ * TODO: Add reply info */ function api_statuses_home_timeline(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); // get last newtork messages @@ -785,7 +778,7 @@ api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true); function api_statuses_public_timeline(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); // get last newtork messages @@ -867,7 +860,7 @@ * */ function api_statuses_show(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); @@ -919,7 +912,7 @@ * */ function api_statuses_repeat(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); @@ -945,7 +938,7 @@ if ($r[0]['body'] != "") { $_REQUEST['body'] = html_entity_decode("♲ ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body']; - $_REQUEST['profile_uid'] = local_user(); + $_REQUEST['profile_uid'] = api_user(); $_REQUEST['type'] = 'wall'; $_REQUEST['api_source'] = true; @@ -966,7 +959,7 @@ * */ function api_statuses_destroy(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); @@ -993,7 +986,7 @@ * */ function api_statuses_mentions(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); // get last newtork messages @@ -1073,13 +1066,13 @@ function api_statuses_user_timeline(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); // get last newtork messages - logger("api_statuses_user_timeline: local_user: ". local_user() . + logger("api_statuses_user_timeline: api_user: ". api_user() . "\nuser_info: ".print_r($user_info, true) . "\n_REQUEST: ".print_r($_REQUEST, true), LOGGER_DEBUG); @@ -1111,7 +1104,7 @@ $sql_extra AND `item`.`id`>%d ORDER BY `item`.`received` DESC LIMIT %d ,%d ", - intval(local_user()), + intval(api_user()), intval($user_info['id']), intval($since_id), intval($start), intval($count) @@ -1134,7 +1127,7 @@ function api_favorites(&$a, $type){ - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); // in friendica starred item are private @@ -1406,7 +1399,7 @@ * returns: json, xml **/ function api_statuses_f(&$a, $type, $qtype) { - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); @@ -1432,7 +1425,7 @@ $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", - intval(local_user()) + intval(api_user()) ); $ret = array(); @@ -1463,37 +1456,41 @@ function api_statusnet_config(&$a,$type) { - $name = $a->config['sitename']; + + load_config('system'); + + $name = get_config('system','sitename'); $server = $a->get_hostname(); - $logo = $a->get_baseurl() . '/images/friendica-64.png'; - $email = $a->config['admin_email']; - $closed = (($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false'); - $private = (($a->config['system']['block_public']) ? 'true' : 'false'); - $textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000); - if($a->config['api_import_size']) - $texlimit = string($a->config['api_import_size']); - $ssl = (($a->config['system']['have_ssl']) ? 'true' : 'false'); + $logo = $a->get_baseurl() . '/images/fred-64.png'; + $email = get_config('system','admin_email'); + $closed = ((get_config('system','register_policy') == REGISTER_CLOSED) ? 'true' : 'false'); + $private = ((get_config('system','block_public')) ? 'true' : 'false'); + $textlimit = (string) ((get_config('system','max_import_size')) ? get_config('system','max_import_size') : 200000); + if(get_config('system','api_import_size')) + $texlimit = string(get_config('system','api_import_size')); + $ssl = ((get_config('system','have_ssl')) ? 'true' : 'false'); $sslserver = (($ssl === 'true') ? str_replace('http:','https:',$a->get_baseurl()) : ''); $config = array( 'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '', - 'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '', - 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false', - 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, - 'shorturllength' => '30', - 'friendica' => array( - 'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM, - 'FRIENDICA_VERSION' => FRIENDICA_VERSION, - 'DFRN_PROTOCOL_VERSION' => DFRN_PROTOCOL_VERSION, - 'DB_UPDATE_VERSION' => DB_UPDATE_VERSION - ) - ), - ); + 'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '', + 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false', + 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, + 'shorturllength' => '30', + 'friendica' => array( + 'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM, + 'FRIENDICA_VERSION' => FRIENDICA_VERSION, + 'ZOT_REVISION' => ZOT_REVISION, + 'DB_UPDATE_VERSION' => DB_UPDATE_VERSION + ) + )); return api_apply_template('config', $type, array('$config' => $config)); } api_register_func('api/statusnet/config','api_statusnet_config',false); + api_register_func('api/friendica/config','api_statusnet_config',false); + api_register_func('api/red/config','api_statusnet_config',false); function api_statusnet_version(&$a,$type) { @@ -1513,8 +1510,25 @@ api_register_func('api/statusnet/version','api_statusnet_version',false); + function api_friendica_version(&$a,$type) { + + if($type === 'xml') { + header("Content-type: application/xml"); + echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>' . FRIENDICA_VERSION . '</version>' . "\r\n"; + killme(); + } + elseif($type === 'json') { + header("Content-type: application/json"); + echo '"' . FRIENDICA_VERSION . '"'; + killme(); + } + } + api_register_func('api/friendica/version','api_friendica_version',false); + api_register_func('api/red/version','api_friendica_version',false); + + function api_ff_ids(&$a,$type,$qtype) { - if(! local_user()) + if(! api_user()) return false; if($qtype == 'friends') @@ -1524,7 +1538,7 @@ $r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra", - intval(local_user()) + intval(api_user()) ); if(is_array($r)) { @@ -1557,7 +1571,7 @@ function api_direct_messages_new(&$a, $type) { - if (local_user()===false) return false; + if (api_user()===false) return false; if (!x($_POST, "text") || !x($_POST,"screen_name")) return; @@ -1566,7 +1580,7 @@ require_once("include/message.php"); $r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'", - intval(local_user()), + intval(api_user()), dbesc($_POST['screen_name'])); $recipient = api_get_user($a, $r[0]['id']); @@ -1574,7 +1588,7 @@ $sub = ''; if (x($_REQUEST,'replyto')) { $r = q('SELECT `parent_uri`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d', - intval(local_user()), + intval(api_user()), intval($_REQUEST['replyto'])); $replyto = $r[0]['parent_uri']; $sub = $r[0]['title']; @@ -1612,7 +1626,7 @@ api_register_func('api/direct_messages/new','api_direct_messages_new',true); function api_direct_messages_box(&$a, $type, $box) { - if (local_user()===false) return false; + if (api_user()===false) return false; $user_info = api_get_user($a); @@ -1638,7 +1652,7 @@ } $r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d", - intval(local_user()), + intval(api_user()), intval($start), intval($count) ); diff --git a/include/security.php b/include/security.php index 276c8f97c..0783a3c20 100644 --- a/include/security.php +++ b/include/security.php @@ -6,11 +6,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; -// logger('authenticate_success: ' . print_r($user_record,true)); -// logger('authenticate_success: ' . print_r($_SESSION,true)); - if(x($user_record,'account_id')) { -// logger('authenticate_success: Red-style'); $a->account = $user_record; $_SESSION['account_id'] = $user_record['account_id']; $_SESSION['authenticated'] = 1; @@ -115,10 +111,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive intval($_SESSION['uid']) ); - call_hooks('logged_in', $a->user); } } + + if($login_initial) + call_hooks('logged_in', $user_record); if($return || x($_SESSION,'workflow')) { diff --git a/version.inc b/version.inc index 9a868e78e..f7f909959 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-01-15.201 +2013-01-16.202 |