diff options
Diffstat (limited to 'include/api.php')
-rw-r--r-- | include/api.php | 279 |
1 files changed, 194 insertions, 85 deletions
diff --git a/include/api.php b/include/api.php index 258d197a5..b51bcc5f0 100644 --- a/include/api.php +++ b/include/api.php @@ -75,8 +75,9 @@ require_once('include/attach.php'); try { $oauth = new FKOAuth1(); $req = OAuthRequest::from_request(); + list($consumer,$token) = $oauth->verify_request($req); -// list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); + if (!is_null($token)){ $oauth->loginUser($token->uid); @@ -319,7 +320,7 @@ require_once('include/attach.php'); return False; } else { $user = local_channel(); - $extra_query = " AND abook_channel = %d AND (abook_flags & " . ABOOK_FLAG_SELF . " )>0 "; + $extra_query = " AND abook_channel = %d AND abook_self = 1 "; } } @@ -337,7 +338,7 @@ require_once('include/attach.php'); return False; } - if($uinfo[0]['abook_flags'] & ABOOK_FLAG_SELF) { + if(intval($uinfo[0]['abook_self'])) { $usr = q("select * from channel where channel_id = %d limit 1", intval(api_user()) ); @@ -345,13 +346,14 @@ require_once('include/attach.php'); intval(api_user()) ); + $item_normal = item_normal(); + // count public wall messages $r = q("SELECT COUNT(`id`) as `count` FROM `item` WHERE `uid` = %d - AND ( item_flags & %d )>0 and item_restrict = 0 + AND item_wall = 1 $item_normal AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''", - intval($usr[0]['channel_id']), - intval(ITEM_WALL) + intval($usr[0]['channel_id']) ); $countitms = $r[0]['count']; } @@ -368,21 +370,20 @@ require_once('include/attach.php'); // count friends if($usr) { $r = q("SELECT COUNT(abook_id) as `count` FROM abook - WHERE abook_channel = %d AND abook_flags = 0 ", + WHERE abook_channel = %d AND abook_self = 0 ", intval($usr[0]['channel_id']) ); $countfriends = $r[0]['count']; $countfollowers = $r[0]['count']; } - $r = q("SELECT count(`id`) as `count` FROM item where ( item_flags & %d )>0 and uid = %d and item_restrict = 0", - intval($uinfo[0]['channel_id']), - intval(ITEM_STARRED) + $r = q("SELECT count(`id`) as `count` FROM item where item_starred = 1 and uid = %d " . item_normal(), + intval($uinfo[0]['channel_id']) ); $starred = $r[0]['count']; - if(! ($uinfo[0]['abook_flags'] & ABOOK_FLAG_SELF)) { + if(! intval($uinfo[0]['abook_self'])) { $countfriends = 0; $countfollowers = 0; $starred = 0; @@ -390,7 +391,7 @@ require_once('include/attach.php'); $ret = Array( 'id' => intval($uinfo[0]['abook_id']), - 'self' => (($uinfo[0]['abook_flags'] & ABOOK_FLAG_SELF) ? 1 : 0), + 'self' => (intval($uinfo[0]['abook_self']) ? 1 : 0), 'uid' => intval($uinfo[0]['abook_channel']), 'guid' => $uinfo[0]['xchan_hash'], 'name' => (($uinfo[0]['xchan_name']) ? $uinfo[0]['xchan_name'] : substr($uinfo[0]['xchan_addr'],0,strpos($uinfo[0]['xchan_addr'],'@'))), @@ -627,6 +628,71 @@ require_once('include/attach.php'); api_register_func('api/red/files','api_attach_list', true); + + + + function api_file_meta(&$a,$type) { + if (api_user()===false) return false; + if(! $_REQUEST['file_id']) return false; + $r = q("select * from attach where uid = %d and hash = '%s' limit 1", + intval(api_user()), + dbesc($_REQUEST['file_id']) + ); + if($r) { + unset($r[0]['data']); + $ret = array('attach' => $r[0]); + json_return_and_die($ret); + } + killme(); + } + + api_register_func('api/red/filemeta', 'api_file_meta', true); + + + function api_file_data(&$a,$type) { + if (api_user()===false) return false; + if(! $_REQUEST['file_id']) return false; + $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0); + $length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0); + + $r = q("select * from attach where uid = %d and hash = '%s' limit 1", + intval(api_user()), + dbesc($_REQUEST['file_id']) + ); + if($r) { + $ptr = $r[0]; + if($length === 0) + $length = intval($ptr['filesize']); + + if($ptr['is_dir']) + $ptr['data'] = ''; + elseif(! intval($r[0]['os_storage'])) { + $ptr['start'] = $start; + $x = substr(dbunescbin($ptr['data'],$start,$length)); + $ptr['length'] = strlen($x); + $ptr['data'] = base64_encode($x); + } + else { + $fp = fopen(dbunescbin($ptr['data']),'r'); + if($fp) { + $seek = fseek($fp,$start,SEEK_SET); + $x = fread($fp,$length); + $ptr['start'] = $start; + $ptr['length'] = strlen($x); + $ptr['data'] = base64_encode($x); + } + } + + $ret = array('attach' => $ptr); + json_return_and_die($ret); + } + killme(); + } + + api_register_func('api/red/filedata', 'api_file_data', true); + + + function api_file_detail(&$a,$type) { if (api_user()===false) return false; if(! $_REQUEST['file_id']) return false; @@ -635,11 +701,9 @@ require_once('include/attach.php'); dbesc($_REQUEST['file_id']) ); if($r) { - if($r[0]['flags'] & ATTACH_FLAG_DIR) { - $r[0]['is_dir'] = '1'; + if($r[0]['is_dir']) $r[0]['data'] = ''; - } - elseif($r[0]['flags'] & ATTACH_FLAG_OS) + elseif(intval($r[0]['os_storage'])) $r[0]['data'] = base64_encode(file_get_contents(dbunescbin($r[0]['data']))); else $r[0]['data'] = base64_encode(dbunescbin($r[0]['data'])); @@ -828,6 +892,7 @@ require_once('include/attach.php'); require_once('include/html2bbcode.php'); $txt = requestdata('htmlstatus'); + if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { $txt = html2bb_video($txt); @@ -839,9 +904,10 @@ require_once('include/attach.php'); $purifier = new HTMLPurifier($config); $txt = $purifier->purify($txt); - $_REQUEST['body'] = html2bbcode($txt); } + $_REQUEST['body'] = html2bbcode($txt); + } else $_REQUEST['body'] = requestdata('status'); @@ -929,11 +995,62 @@ require_once('include/attach.php'); api_register_func('api/red/item/new','red_item_new', true); + function red_item(&$a, $type) { + + if (api_user() === false) { + logger('api_red_item_new: no user'); + return false; + } + + if($_REQUEST['mid']) { + $arr = array('mid' => $_REQUEST['mid']); + } + elseif($_REQUEST['item_id']) { + $arr = array('item_id' => $_REQUEST['item_id']); + } + else + json_return_and_die(array()); + + $arr['start'] = 0; + $arr['records'] = 999999; + $arr['item_type'] = '*'; + + $i = items_fetch($arr,$a->get_channel(),get_observer_hash()); + + if(! $i) + json_return_and_die(array()); + + $ret = array(); + $tmp = array(); + $str = ''; + foreach($i as $ii) { + $tmp[] = encode_item($ii,true); + if($str) + $str .= ','; + $str .= $ii['id']; + } + $ret['item'] = $tmp; + if($str) { + $r = q("select item_id.*, item.mid from item_id left join item on item_id.iid = item.id where item.id in ( $str ) "); + + if($r) + $ret['item_id'] = $r; + } + + json_return_and_die($ret); + } + + api_register_func('api/red/item/full','red_item', true); + + + function api_get_status($xchan_hash) { require_once('include/security.php'); + $item_normal = item_normal(); + $lastwall = q("SELECT * from item where - item_private = 0 and item_restrict = 0 + item_private = 0 $item_normal and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' @@ -995,9 +1112,10 @@ require_once('include/attach.php'); // get last public message require_once('include/security.php'); + $item_normal = item_normal(); $lastwall = q("SELECT * from item where - item_private = 0 and item_restrict = 0 + item_private = 0 $item_normal and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' @@ -1068,9 +1186,10 @@ require_once('include/attach.php'); $user_info = api_get_user($a); require_once('include/security.php'); + $item_normal = item_normal(); $lastwall = q("SELECT * from item where 1 - and item_private != 0 and item_restrict = 0 + and item_private != 0 $item_normal and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' @@ -1171,7 +1290,9 @@ require_once('include/attach.php'); $sql_extra .= " and item_private = 0 "; } - $r = q("SELECT * from item WHERE uid = %d and item_restrict = 0 + $item_normal = item_normal(); + + $r = q("SELECT * from item WHERE uid = %d $item_normal $sql_extra AND id > %d ORDER BY received DESC LIMIT %d ,%d ", @@ -1190,7 +1311,7 @@ require_once('include/attach.php'); // at the network timeline just mark everything seen. if (api_user() == $user_info['uid']) { - $r = q("UPDATE `item` SET item_unseen = 0 where item_unseen = 1 and uid = %d", + $r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 and uid = %d", intval($user_info['uid']) ); } @@ -1237,11 +1358,12 @@ require_once('include/attach.php'); if ($max_id > 0) $sql_extra = 'AND `item`.`id` <= '.intval($max_id); require_once('include/security.php'); + $item_normal = item_normal(); - $r = q("select * from item where item_restrict = 0 - and allow_cid = '' and allow_gid = '' + $r = q("select * from item where allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' - and item_private = 0 + and item_private = 0 + $item_normal and uid = " . $sys['channel_id'] . " $sql_extra AND id > %d group by mid @@ -1297,7 +1419,8 @@ require_once('include/attach.php'); else $sql_extra .= " AND `item`.`id` = %d"; - $r = q("select * from item where item_restrict = 0 $sql_extra", + $item_normal = item_normal(); + $r = q("select * from item where true $item_normal $sql_extra", intval($id) ); xchan_query($r,true); @@ -1337,7 +1460,9 @@ require_once('include/attach.php'); $observer = get_app()->get_observer(); - $r = q("SELECT * from item where item_restrict = 0 and id = %d limit 1", + $item_normal = item_normal(); + + $r = q("SELECT * from item where and id = %d $item_normal limit 1", intval($id) ); @@ -1430,7 +1555,7 @@ require_once('include/attach.php'); * */ -// FIXME + function api_statuses_mentions(&$a, $type){ if (api_user()===false) return false; @@ -1455,39 +1580,25 @@ require_once('include/attach.php'); $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); $diasp_url = str_replace('/channel/','/u/',$myurl); - if (get_config('system','use_fulltext_engine')) - $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where (MATCH(`author-link`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(`tag`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(tag) AGAINST ('".'"%s"'."' in boolean mode))) ", - dbesc(protect_sprintf($myurl)), - dbesc(protect_sprintf($myurl)), - dbesc(protect_sprintf($diasp_url)) - ); - else - $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", - dbesc(protect_sprintf('%' . $myurl)), - dbesc(protect_sprintf('%' . $myurl . ']%')), - dbesc(protect_sprintf('%' . $diasp_url . ']%')) - ); - + $sql_extra .= " AND item_mentionsme = 1 "; if ($max_id > 0) - $sql_extra .= ' AND `item`.`id` <= '.intval($max_id); + $sql_extra .= " AND item.id <= " . intval($max_id) . " "; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact` - WHERE `item`.`uid` = %d - AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra - AND `item`.`id`>%d - ORDER BY `item`.`received` DESC LIMIT %d ,%d ", - intval($user_info['uid']), + require_once('include/security.php'); + $item_normal = item_normal(); + + $r = q("select * from item where uid = " . intval(api_user()) . " + $item_normal $sql_extra + AND id > %d group by mid + order by received desc LIMIT %d OFFSET %d ", intval($since_id), - intval($start), intval($count) + intval($count), + intval($start) ); + xchan_query($r,true); + + $ret = api_format_items($r,$user_info); @@ -1610,39 +1721,36 @@ require_once('include/attach.php'); $itemid = intval($_REQUEST['id']); } - $item = q("SELECT * FROM item WHERE id = %d AND uid = %d", - intval($itemid), - intval(api_user()) + $item = q("SELECT * FROM item WHERE id = %d AND uid = %d", + intval($itemid), + intval(api_user()) ); if (! $item) return false; - switch($action){ - case "create": - - $flags = $item[0]['item_flags'] | ITEM_STARRED; - - break; - case "destroy": - - $flags = $item[0]['item_flags'] | (~ ITEM_STARRED); - break; - default: - return false; - } - - $r = q("UPDATE item SET item_flags = %d where id = %d and uid = %d", - intval($flags), + switch($action){ + case "create": + $flags = $item[0]['item_starred'] = 1; + break; + case "destroy": + $flags = $item[0]['item_starred'] = 0; + break; + default: + return false; + } + + $r = q("UPDATE item SET item_starred = %d where id = %d and uid = %d", + intval($flags), intval($itemid), intval(api_user()) ); if(! $r) return false; - $item = q("SELECT * FROM item WHERE id = %d AND uid = %d", - intval($itemid), - intval(api_user()) + $item = q("SELECT * FROM item WHERE id = %d AND uid = %d", + intval($itemid), + intval(api_user()) ); xchan_query($item,true); @@ -1700,12 +1808,13 @@ require_once('include/attach.php'); $sql_extra .= " and item_private = 0 "; } - $r = q("SELECT * from item WHERE uid = %d and item_restrict = 0 - and ( item_flags & %d ) > 0 $sql_extra + $item_normal = item_normal(); + + $r = q("SELECT * from item WHERE uid = %d $item_normal + and item_starred = 1 $sql_extra AND id > %d ORDER BY received DESC LIMIT %d ,%d ", intval($user_info['uid']), - intval(ITEM_STARRED), intval($since_id), intval($start), intval($count) @@ -1897,7 +2006,7 @@ require_once('include/attach.php'); 'in_reply_to_user_id' => $in_reply_to_user_id, 'in_reply_to_screen_name' => $in_reply_to_screen_name, 'geo' => '', - 'favorited' => (($item['item_flags'] & ITEM_STARRED) ? true : false), + 'favorited' => (intval($item['item_starred']) ? true : false), 'user' => $status_user , 'statusnet_html' => trim(prepare_text($item['body'],$item['mimetype'])), @@ -1992,7 +2101,7 @@ require_once('include/attach.php'); if($qtype == 'followers') $sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); - $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", + $r = q("SELECT abook_id FROM abook where abook_self = 0 and abook_channel = %d $sql_extra", intval(api_user()) ); @@ -2045,7 +2154,7 @@ require_once('include/attach.php'); 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false', 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, 'shorturllength' => '30', - 'redmatrix' => array( + 'hubzilla' => array( 'PLATFORM_NAME' => PLATFORM_NAME, 'RED_VERSION' => RED_VERSION, 'ZOT_REVISION' => ZOT_REVISION, @@ -2108,7 +2217,7 @@ require_once('include/attach.php'); if($qtype == 'followers') $sql_extra = sprintf(" AND ( abook_my_perms & %d )>0 and not ( abook_their_perms & %d )>0 ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM)); - $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra", + $r = q("SELECT abook_id FROM abook where abook_self = 0 and abook_channel = %d $sql_extra", intval(api_user()) ); |