aboutsummaryrefslogtreecommitdiffstats
path: root/include/api.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/api.php')
-rw-r--r--include/api.php289
1 files changed, 223 insertions, 66 deletions
diff --git a/include/api.php b/include/api.php
index 4d74eb298..57551a3b0 100644
--- a/include/api.php
+++ b/include/api.php
@@ -1,4 +1,4 @@
-<?php
+<?php /** @file */
require_once("bbcode.php");
require_once("datetime.php");
@@ -6,6 +6,8 @@ require_once("conversation.php");
require_once("oauth.php");
require_once("html2plain.php");
require_once('include/security.php');
+require_once('include/photos.php');
+require_once('include/items.php');
/*
*
@@ -71,7 +73,9 @@ require_once('include/security.php');
// login with oauth
try {
$oauth = new FKOAuth1();
- list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
+ $req = OAuthRequest::from_request();
+ list($consumer,$token) = $oauth->verify_request($req);
+// list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
if (!is_null($token)){
$oauth->loginUser($token->uid);
call_hooks('logged_in', $a->user);
@@ -96,6 +100,16 @@ require_once('include/security.php');
}
}
+ if(x($_SERVER,'HTTP_AUTHORIZATION')) {
+ $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
+ }
+ }
+
+
if (!isset($_SERVER['PHP_AUTH_USER'])) {
logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
header('WWW-Authenticate: Basic realm="Red"');
@@ -220,7 +234,7 @@ require_once('include/security.php');
'updated' => api_date(null),
'atom_updated' => datetime_convert('UTC','UTC','now',ATOM_TIME),
'language' => $user_info['language'],
- 'logo' => $a->get_baseurl()."/images/friendica-32.png",
+ 'logo' => $a->get_baseurl()."/images/rm-64.png",
);
return $arr;
@@ -349,7 +363,8 @@ require_once('include/security.php');
'location' => ($usr) ? $usr[0]['channel_location'] : '',
'profile_image_url' => $uinfo[0]['xchan_photo_l'],
'url' => $uinfo[0]['xchan_url'],
- 'contact_url' => $a->get_baseurl()."/connections/".$uinfo[0]['abook_id'],
+//FIXME
+ 'contact_url' => $a->get_baseurl() . "/connections/".$uinfo[0]['abook_id'],
'protected' => false,
'friends_count' => intval($countfriends),
'created_at' => api_date($uinfo[0]['abook_created']),
@@ -515,6 +530,40 @@ require_once('include/security.php');
json_return_and_die(identity_basic_export(api_user()));
}
api_register_func('api/export/basic','api_export_basic', true);
+ api_register_func('api/red/channel/export/basic','api_export_basic', true);
+
+
+ function api_channel_stream(&$a, $type) {
+ if(api_user() === false) {
+ logger('api_channel_stream: no user');
+ return false;
+ }
+
+ if($_SERVER['REQUEST_METHOD'] == 'POST') {
+ json_return_and_die(post_activity_item($_REQUEST));
+ }
+ else {
+ // fetch stream
+
+ }
+ }
+ api_register_func('api/red/channel/stream','api_channel_stream', true);
+
+
+ function api_albums(&$a,$type) {
+ json_return_and_die(photos_albums_list($a->get_channel(),$a->get_observer()));
+ }
+ api_register_func('api/red/albums','api_albums', true);
+
+ function api_photos(&$a,$type) {
+ $album = $_REQUEST['album'];
+ json_return_and_die(photos_list_photos($a->get_channel(),$a->get_observer(),$album));
+ }
+ api_register_func('api/red/photos','api_photos', true);
+
+
+
+
@@ -565,6 +614,15 @@ require_once('include/security.php');
return false;
}
+ logger('api_statuses_update: REQUEST ' . print_r($_REQUEST,true));
+ logger('api_statuses_update: FILES ' . print_r($_FILES,true));
+
+
+ // set this so that the item_post() function is quiet and doesn't redirect or emit json
+
+ $_REQUEST['api_source'] = true;
+
+
$user_info = api_get_user($a);
// convert $_POST array items to the form we use for web posts.
@@ -599,7 +657,7 @@ require_once('include/security.php');
if(ctype_digit($parent))
$_REQUEST['parent'] = $parent;
else
- $_REQUEST['parent_uri'] = $parent;
+ $_REQUEST['parent_mid'] = $parent;
if(requestdata('lat') && requestdata('long'))
$_REQUEST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long'));
@@ -610,7 +668,9 @@ require_once('include/security.php');
$_REQUEST['type'] = 'net-comment';
else {
$_REQUEST['type'] = 'wall';
+
if(x($_FILES,'media')) {
+ $_FILES['userfile'] = $_FILES['media'];
// upload the image if we have one
$_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
require_once('mod/wall_upload.php');
@@ -620,10 +680,6 @@ require_once('include/security.php');
}
}
- // set this so that the item_post() function is quiet and doesn't redirect or emit json
-
- $_REQUEST['api_source'] = true;
-
// call out normal post function
require_once('mod/item.php');
@@ -635,6 +691,48 @@ require_once('include/security.php');
api_register_func('api/statuses/update','api_statuses_update', true);
+ function red_item_new(&$a, $type) {
+
+ if (api_user() === false) {
+ logger('api_red_item_new: no user');
+ return false;
+ }
+
+ logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true));
+ logger('api_red_item_new: FILES ' . print_r($_FILES,true));
+
+
+ // set this so that the item_post() function is quiet and doesn't redirect or emit json
+
+ $_REQUEST['api_source'] = true;
+ $_REQUEST['profile_uid'] = api_user();
+
+ if(x($_FILES,'media')) {
+ $_FILES['userfile'] = $_FILES['media'];
+ // upload the image if we have one
+ $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
+ require_once('mod/wall_upload.php');
+ $media = wall_upload_post($a);
+ if(strlen($media)>0)
+ $_REQUEST['body'] .= "\n\n".$media;
+ }
+
+ require_once('mod/item.php');
+ $x = item_post($a);
+ json_return_and_die($x);
+ }
+
+ api_register_func('api/red/item/new','red_item_new', true);
+
+
+
+
+
+
+
+
+
+
function api_status_show(&$a, $type){
$user_info = api_get_user($a);
@@ -643,7 +741,7 @@ require_once('include/security.php');
require_once('include/security.php');
$lastwall = q("SELECT * from item where 1
- and item_private != 0 and item_restrict = 0
+ and item_private = 0 and item_restrict = 0
and author_xchan = '%s'
and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
and verb = '%s'
@@ -677,14 +775,15 @@ require_once('include/security.php');
$in_reply_to_user_id = $user_info['id'];
$in_reply_to_screen_name = $user_info['screen_name'];
}
- }
+ }
+ unobscure($lastwall);
$status_info = array(
- 'text' => html2plain(bbcode($lastwall['body']), 0),
+ 'text' => html2plain(prepare_text($lastwall['body'],$lastwall['mimetype']), 0),
'truncated' => false,
'created_at' => api_date($lastwall['created']),
'in_reply_to_status_id' => $in_reply_to_status_id,
'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'),
- 'id' => (($w) ? $w[0]['abook_id'] : $user_info['id']),
+ 'id' => ($lastwall['id']),
'in_reply_to_user_id' => $in_reply_to_user_id,
'in_reply_to_screen_name' => $in_reply_to_screen_name,
'geo' => '',
@@ -695,6 +794,7 @@ require_once('include/security.php');
);
$status_info['user'] = $user_info;
}
+
return api_apply_template("status", $type, array('$status' => $status_info));
}
@@ -750,8 +850,9 @@ require_once('include/security.php');
$in_reply_to_screen_name = $user_info['screen_name'];
}
}
+ unobscure($lastwall);
$user_info['status'] = array(
- 'text' => html2plain(bbcode($lastwall['body']), 0),
+ 'text' => html2plain(prepare_text($lastwall['body'],$lastwall['mimetype']), 0),
'truncated' => false,
'created_at' => api_date($lastwall['created']),
'in_reply_to_status_id' => $in_reply_to_status_id,
@@ -892,7 +993,7 @@ require_once('include/security.php');
and item_private = 0
and uid in ( " . stream_perms_api_uids() . " )
$sql_extra
- AND id > %d group by uri
+ AND id > %d group by mid
order by received desc LIMIT %d, %d ",
intval($since_id),
intval($start),
@@ -991,7 +1092,7 @@ require_once('include/security.php');
if(perm_is_allowed($r[0]['uid'],$observer['xchan_hash'],'view_stream')) {
if ($r[0]['body'] != "") {
- $_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
+ $_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[zrl=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/zrl] \n".$r[0]['body'];
$_REQUEST['profile_uid'] = api_user();
$_REQUEST['type'] = 'wall';
$_REQUEST['api_source'] = true;
@@ -1023,12 +1124,46 @@ require_once('include/security.php');
// params
$id = intval(argv(3));
+ if($id) {
+ // first prove that we own the item
- logger('API: api_statuses_destroy: '.$id);
+ $r = q("select * from item where id = %d and uid = %d limit 1",
+ intval($id),
+ intval($user_info['uid'])
+ );
+ if(! $r)
+ return false;
+ }
+ else {
+ if($_REQUEST['namespace'] && $_REQUEST['remote_id']) {
+ $r = q("select * from item_id where service = '%s' and sid = '%s' and uid = %d limit 1",
+ dbesc($_REQUEST['namespace']),
+ dbesc($_REQUEST['remote_id']),
+ intval($user_info['uid'])
+ );
+ if(! $r)
+ return false;
+ $id = $r[0]['iid'];
+ }
+ if($_REQUEST['namespace'] && $_REQUEST['comment_id']) {
+ $r = q("select * from item_id left join item on item.id = item_id.iid where service = '%s' and sid = '%s' and uid = %d and item.id != item.parent limit 1",
+ dbesc($_REQUEST['namespace']),
+ dbesc($_REQUEST['comment_id']),
+ intval($user_info['uid'])
+ );
+ if(! $r)
+ return false;
+ $id = $r[0]['iid'];
+ }
+ }
+ if(! $id)
+ return false;
+ logger('API: api_statuses_destroy: '.$id);
require_once('include/items.php');
drop_item($id, false);
+
if ($type == 'xml')
$ok = "true";
else
@@ -1049,7 +1184,7 @@ require_once('include/security.php');
if (api_user()===false) return false;
$user_info = api_get_user($a);
- // get last newtork messages
+ // get last network messages
// params
@@ -1150,27 +1285,43 @@ require_once('include/security.php');
$sql_extra = '';
if ($user_info['self']==1) $sql_extra .= " AND `item`.`wall` = 1 ";
+
+//FIXME - this isn't yet implemented
if ($exclude_replies > 0) $sql_extra .= ' AND `item`.`parent` = `item`.`id`';
- $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
- FROM `item`, `contact`
- WHERE `item`.`uid` = %d
- AND `item`.`contact-id` = %d
- AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
- AND `contact`.`id` = `item`.`contact-id`
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- $sql_extra
- AND `item`.`id`>%d
- ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
- intval(api_user()),
- intval($user_info['id']),
- intval($since_id),
- intval($start), intval($count)
- );
+// $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
+// `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+// `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
+// `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
+// FROM `item`, `contact`
+// WHERE `item`.`uid` = %d
+// AND `item`.`contact-id` = %d
+// AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
+// AND `contact`.`id` = `item`.`contact-id`
+// AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+// $sql_extra
+// AND `item`.`id`>%d
+// ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
+// intval(api_user()),
+// intval($user_info['id']),
+// intval($since_id),
+// intval($start), intval($count)
+// );
+
+ $arr = array(
+ 'uid' => api_user(),
+ 'since_id' => $since_id,
+ 'start' => $start,
+ 'records' => $count);
+
+ if ($user_info['self']==1)
+ $arr['wall'] = 1;
+ else
+ $arr['cid'] = $user_info['id'];
+
+ $r = items_fetch($arr,get_app()->get_channel(),get_observer_hash());
+
$ret = api_format_items($r,$user_info);
@@ -1316,19 +1467,19 @@ require_once('include/security.php');
'recipient_screen_name' => $recipient['screen_name'],
'recipient' => $recipient,
);
-
+ unobscure($item);
//don't send title to regular StatusNET requests to avoid confusing these apps
if (x($_GET, 'getText')) {
$ret['title'] = $item['title'] ;
if ($_GET["getText"] == "html") {
- $ret['text'] = bbcode($item['body']);
+ $ret['text'] = prepare_text($item['body'],$item['mimetype']);
}
elseif ($_GET["getText"] == "plain") {
- $ret['text'] = html2plain(bbcode($item['body']), 0);
+ $ret['text'] = html2plain(prepare_text($item['body'],$item['mimetype']), 0);
}
}
else {
- $ret['text'] = $item['title']."\n".html2plain(bbcode($item['body']), 0);
+ $ret['text'] = $item['title']."\n".html2plain(prepare_text($item['body'],$item['mimetype']), 0);
}
if (isset($_GET["getUserObjects"]) && $_GET["getUserObjects"] == "false") {
unset($ret['sender']);
@@ -1372,9 +1523,9 @@ require_once('include/security.php');
$in_reply_to_user_id = 0;
$in_reply_to_status_id = 0;
}
-
+ unobscure($item);
// Workaround for ostatus messages where the title is identically to the body
- $statusbody = trim(html2plain(bbcode($item['body']), 0));
+ $statusbody = trim(html2plain(prepare_text($item['body'],$item['mimetype']), 0));
$statustitle = trim($item['title']);
if (($statustitle != '') and (strpos($statusbody, $statustitle) !== false))
@@ -1395,7 +1546,8 @@ require_once('include/security.php');
'geo' => '',
'favorited' => (($item['item_flags'] & ITEM_STARRED) ? true : false),
'user' => $status_user ,
- 'statusnet_html' => trim(bbcode($item['body'])),
+ 'statusnet_html' => trim(prepare_text($item['body'],$item['mimetype'])),
+
'statusnet_conversation_id' => $item['parent'],
);
@@ -1404,7 +1556,7 @@ require_once('include/security.php');
$status2 = array(
'updated' => api_date($item['edited']),
'published' => api_date($item['created']),
- 'message_id' => $item['uri'],
+ 'message_id' => $item['mid'],
'url' => $item['plink'],
'coordinates' => $item['coord'],
'place' => $item['location'],
@@ -1452,7 +1604,7 @@ require_once('include/security.php');
return api_apply_template('test', $type, array('$ok' => $ok));
}
- api_register_func('api/help/test','api_help_test',true);
+ api_register_func('api/help/test','api_help_test',false);
/**
* https://dev.twitter.com/docs/api/1/get/statuses/friends
@@ -1483,17 +1635,17 @@ require_once('include/security.php');
// For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
// This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends')
- $sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
+ $sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers')
- $sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
+ $sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
- $r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
+ $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user())
);
$ret = array();
foreach($r as $cid){
- $ret[] = api_get_user($a, $cid['id']);
+ $ret[] = api_get_user($a, $cid['abook_id']);
}
@@ -1524,7 +1676,7 @@ require_once('include/security.php');
$name = get_config('system','sitename');
$server = $a->get_hostname();
- $logo = $a->get_baseurl() . '/images/fred-64.png';
+ $logo = $a->get_baseurl() . '/images/rm-64.png';
$email = get_config('system','admin_email');
$closed = ((get_config('system','register_policy') == REGISTER_CLOSED) ? 'true' : 'false');
$private = ((get_config('system','block_public')) ? 'true' : 'false');
@@ -1540,9 +1692,9 @@ require_once('include/security.php');
'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
'shorturllength' => '30',
- 'friendica' => array(
- 'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM,
- 'FRIENDICA_VERSION' => FRIENDICA_VERSION,
+ 'redmatrix' => array(
+ 'RED_PLATFORM' => RED_PLATFORM,
+ 'RED_VERSION' => RED_VERSION,
'ZOT_REVISION' => ZOT_REVISION,
'DB_UPDATE_VERSION' => DB_UPDATE_VERSION
)
@@ -1577,12 +1729,12 @@ require_once('include/security.php');
if($type === 'xml') {
header("Content-type: application/xml");
- echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>' . FRIENDICA_VERSION . '</version>' . "\r\n";
+ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>' . RED_VERSION . '</version>' . "\r\n";
killme();
}
elseif($type === 'json') {
header("Content-type: application/json");
- echo '"' . FRIENDICA_VERSION . '"';
+ echo '"' . RED_VERSION . '"';
killme();
}
}
@@ -1599,11 +1751,11 @@ require_once('include/security.php');
// This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends')
- $sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
+ $sql_extra = sprintf(" AND ( abook_their_perms & %d ) and ( abook_my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers')
- $sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
+ $sql_extra = sprintf(" AND ( abook_my_perms & %d ) and not ( abook_their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
- $r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
+ $r = q("SELECT abook_id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user())
);
@@ -1612,14 +1764,14 @@ require_once('include/security.php');
header("Content-type: application/xml");
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<ids>' . "\r\n";
foreach($r as $rr)
- echo '<id>' . $rr['id'] . '</id>' . "\r\n";
+ echo '<id>' . $rr['abook_id'] . '</id>' . "\r\n";
echo '</ids>' . "\r\n";
killme();
}
elseif($type === 'json') {
$ret = array();
header("Content-type: application/json");
- foreach($r as $rr) $ret[] = $rr['id'];
+ foreach($r as $rr) $ret[] = $rr['abook_id'];
echo json_encode($ret);
killme();
}
@@ -1653,10 +1805,10 @@ require_once('include/security.php');
$replyto = '';
$sub = '';
if (x($_REQUEST,'replyto')) {
- $r = q('SELECT `parent_uri`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d',
+ $r = q('SELECT `parent_mid`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d',
intval(api_user()),
intval($_REQUEST['replyto']));
- $replyto = $r[0]['parent_uri'];
+ $replyto = $r[0]['parent_mid'];
$sub = $r[0]['title'];
}
else {
@@ -1708,7 +1860,7 @@ require_once('include/security.php');
$sql_extra = "`from-url`='".dbesc( $profile_url )."'";
}
elseif ($box=="conversation") {
- $sql_extra = "`parent_uri`='".dbesc( $_GET["uri"] ) ."'";
+ $sql_extra = "`parent_mid`='".dbesc( $_GET["uri"] ) ."'";
}
elseif ($box=="all") {
$sql_extra = "true";
@@ -1770,9 +1922,13 @@ require_once('include/security.php');
function api_oauth_request_token(&$a, $type){
try{
$oauth = new FKOAuth1();
- $r = $oauth->fetch_request_token(OAuthRequest::from_request());
+ $req = OAuthRequest::from_request();
+logger('Req: ' . var_export($req,true));
+ $r = $oauth->fetch_request_token($req);
}catch(Exception $e){
- echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
+ logger('oauth_exception: ' . print_r($e->getMessage(),true));
+ echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage());
+ killme();
}
echo $r;
killme();
@@ -1780,7 +1936,8 @@ require_once('include/security.php');
function api_oauth_access_token(&$a, $type){
try{
$oauth = new FKOAuth1();
- $r = $oauth->fetch_access_token(OAuthRequest::from_request());
+ $req = OAuthRequest::from_request();
+ $r = $oauth->fetch_access_token($req);
}catch(Exception $e){
echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 02:16:09 +0000