aboutsummaryrefslogtreecommitdiffstats
path: root/include/api.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/api.php')
-rw-r--r--include/api.php159
1 files changed, 69 insertions, 90 deletions
diff --git a/include/api.php b/include/api.php
index 16dbb569b..24176884c 100644
--- a/include/api.php
+++ b/include/api.php
@@ -66,95 +66,6 @@ require_once('include/attach.php');
'auth'=>$auth);
}
- /**
- * Simple HTTP Login
- */
-
- function api_login(&$a){
- // login with oauth
- try {
- $oauth = new FKOAuth1();
- $req = OAuthRequest::from_request();
- list($consumer,$token) = $oauth->verify_request($req);
-// list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
- if (!is_null($token)){
- $oauth->loginUser($token->uid);
-
- $a->set_oauth_key($consumer->key);
-
- call_hooks('logged_in', $a->user);
- return;
- }
- echo __file__.__line__.__function__."<pre>";
-// var_dump($consumer, $token);
- die();
- }
- catch(Exception $e) {
- logger(__file__.__line__.__function__."\n".$e);
- }
-
-
- // workaround for HTTP-auth in CGI mode
- if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
- $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
- }
-
- if(x($_SERVER,'HTTP_AUTHORIZATION')) {
- $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
- }
-
-
- if (!isset($_SERVER['PHP_AUTH_USER'])) {
- logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
-
- // process normal login request
- require_once('include/auth.php');
- $channel_login = 0;
- $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
- if(! $record) {
- $r = q("select * from channel where channel_address = '%s' limit 1",
- dbesc($_SERVER['PHP_AUTH_USER'])
- );
- if ($r) {
- $x = q("select * from account where account_id = %d limit 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x) {
- $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
- if($record)
- $channel_login = $r[0]['channel_id'];
- }
- }
- if(! $record) {
- logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
- }
-
- require_once('include/security.php');
- authenticate_success($record);
-
- if($channel_login)
- change_channel($channel_login);
-
- $_SESSION['allow_api'] = true;
- }
/**************************
* MAIN API ENTRY POINT *
@@ -627,6 +538,71 @@ require_once('include/attach.php');
api_register_func('api/red/files','api_attach_list', true);
+
+
+
+ function api_file_meta(&$a,$type) {
+ if (api_user()===false) return false;
+ if(! $_REQUEST['file_id']) return false;
+ $r = q("select * from attach where uid = %d and hash = '%s' limit 1",
+ intval(api_user()),
+ dbesc($_REQUEST['file_id'])
+ );
+ if($r) {
+ unset($r[0]['data']);
+ $ret = array('attach' => $r[0]);
+ json_return_and_die($ret);
+ }
+ killme();
+ }
+
+ api_register_func('api/red/filemeta', 'api_file_meta', true);
+
+
+ function api_file_data(&$a,$type) {
+ if (api_user()===false) return false;
+ if(! $_REQUEST['file_id']) return false;
+ $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0);
+ $length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0);
+
+ $r = q("select * from attach where uid = %d and hash = '%s' limit 1",
+ intval(api_user()),
+ dbesc($_REQUEST['file_id'])
+ );
+ if($r) {
+ $ptr = $r[0];
+ if($length === 0)
+ $length = intval($ptr['filesize']);
+
+ if($ptr['is_dir'])
+ $ptr['data'] = '';
+ elseif(! intval($r[0]['os_storage'])) {
+ $ptr['start'] = $start;
+ $x = substr(dbunescbin($ptr['data'],$start,$length));
+ $ptr['length'] = strlen($x);
+ $ptr['data'] = base64_encode($x);
+ }
+ else {
+ $fp = fopen(dbunescbin($ptr['data']),'r');
+ if($fp) {
+ $seek = fseek($fp,$start,SEEK_SET);
+ $x = fread($fp,$length);
+ $ptr['start'] = $start;
+ $ptr['length'] = strlen($x);
+ $ptr['data'] = base64_encode($x);
+ }
+ }
+
+ $ret = array('attach' => $ptr);
+ json_return_and_die($ret);
+ }
+ killme();
+ }
+
+ api_register_func('api/red/filedata', 'api_file_data', true);
+
+
+
function api_file_detail(&$a,$type) {
if (api_user()===false) return false;
if(! $_REQUEST['file_id']) return false;
@@ -826,6 +802,7 @@ require_once('include/attach.php');
require_once('include/html2bbcode.php');
$txt = requestdata('htmlstatus');
+
if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
$txt = html2bb_video($txt);
@@ -837,9 +814,10 @@ require_once('include/attach.php');
$purifier = new HTMLPurifier($config);
$txt = $purifier->purify($txt);
- $_REQUEST['body'] = html2bbcode($txt);
}
+ $_REQUEST['body'] = html2bbcode($txt);
+
}
else
$_REQUEST['body'] = requestdata('status');
@@ -2348,6 +2326,7 @@ logger('Req: ' . var_export($req,true));
api_register_func('api/oauth/request_token', 'api_oauth_request_token', false);
api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
+
/*
Not implemented by now:
statuses/retweets_of_me