diff options
Diffstat (limited to 'include/api.php')
-rw-r--r-- | include/api.php | 159 |
1 files changed, 69 insertions, 90 deletions
diff --git a/include/api.php b/include/api.php index 16dbb569b..24176884c 100644 --- a/include/api.php +++ b/include/api.php @@ -66,95 +66,6 @@ require_once('include/attach.php'); 'auth'=>$auth); } - /** - * Simple HTTP Login - */ - - function api_login(&$a){ - // login with oauth - try { - $oauth = new FKOAuth1(); - $req = OAuthRequest::from_request(); - list($consumer,$token) = $oauth->verify_request($req); -// list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); - if (!is_null($token)){ - $oauth->loginUser($token->uid); - - $a->set_oauth_key($consumer->key); - - call_hooks('logged_in', $a->user); - return; - } - echo __file__.__line__.__function__."<pre>"; -// var_dump($consumer, $token); - die(); - } - catch(Exception $e) { - logger(__file__.__line__.__function__."\n".$e); - } - - - // workaround for HTTP-auth in CGI mode - if(x($_SERVER,'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - - if(x($_SERVER,'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - - - if (!isset($_SERVER['PHP_AUTH_USER'])) { - logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Red"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); - } - - // process normal login request - require_once('include/auth.php'); - $channel_login = 0; - $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); - if(! $record) { - $r = q("select * from channel where channel_address = '%s' limit 1", - dbesc($_SERVER['PHP_AUTH_USER']) - ); - if ($r) { - $x = q("select * from account where account_id = %d limit 1", - intval($r[0]['channel_account_id']) - ); - if ($x) { - $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']); - if($record) - $channel_login = $r[0]['channel_id']; - } - } - if(! $record) { - logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Red"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); - } - } - - require_once('include/security.php'); - authenticate_success($record); - - if($channel_login) - change_channel($channel_login); - - $_SESSION['allow_api'] = true; - } /************************** * MAIN API ENTRY POINT * @@ -627,6 +538,71 @@ require_once('include/attach.php'); api_register_func('api/red/files','api_attach_list', true); + + + + function api_file_meta(&$a,$type) { + if (api_user()===false) return false; + if(! $_REQUEST['file_id']) return false; + $r = q("select * from attach where uid = %d and hash = '%s' limit 1", + intval(api_user()), + dbesc($_REQUEST['file_id']) + ); + if($r) { + unset($r[0]['data']); + $ret = array('attach' => $r[0]); + json_return_and_die($ret); + } + killme(); + } + + api_register_func('api/red/filemeta', 'api_file_meta', true); + + + function api_file_data(&$a,$type) { + if (api_user()===false) return false; + if(! $_REQUEST['file_id']) return false; + $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0); + $length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0); + + $r = q("select * from attach where uid = %d and hash = '%s' limit 1", + intval(api_user()), + dbesc($_REQUEST['file_id']) + ); + if($r) { + $ptr = $r[0]; + if($length === 0) + $length = intval($ptr['filesize']); + + if($ptr['is_dir']) + $ptr['data'] = ''; + elseif(! intval($r[0]['os_storage'])) { + $ptr['start'] = $start; + $x = substr(dbunescbin($ptr['data'],$start,$length)); + $ptr['length'] = strlen($x); + $ptr['data'] = base64_encode($x); + } + else { + $fp = fopen(dbunescbin($ptr['data']),'r'); + if($fp) { + $seek = fseek($fp,$start,SEEK_SET); + $x = fread($fp,$length); + $ptr['start'] = $start; + $ptr['length'] = strlen($x); + $ptr['data'] = base64_encode($x); + } + } + + $ret = array('attach' => $ptr); + json_return_and_die($ret); + } + killme(); + } + + api_register_func('api/red/filedata', 'api_file_data', true); + + + function api_file_detail(&$a,$type) { if (api_user()===false) return false; if(! $_REQUEST['file_id']) return false; @@ -826,6 +802,7 @@ require_once('include/attach.php'); require_once('include/html2bbcode.php'); $txt = requestdata('htmlstatus'); + if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { $txt = html2bb_video($txt); @@ -837,9 +814,10 @@ require_once('include/attach.php'); $purifier = new HTMLPurifier($config); $txt = $purifier->purify($txt); - $_REQUEST['body'] = html2bbcode($txt); } + $_REQUEST['body'] = html2bbcode($txt); + } else $_REQUEST['body'] = requestdata('status'); @@ -2348,6 +2326,7 @@ logger('Req: ' . var_export($req,true)); api_register_func('api/oauth/request_token', 'api_oauth_request_token', false); api_register_func('api/oauth/access_token', 'api_oauth_access_token', false); + /* Not implemented by now: statuses/retweets_of_me |