aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/api.php108
-rw-r--r--mod/notice.php20
-rw-r--r--mod/settings.php136
3 files changed, 262 insertions, 2 deletions
diff --git a/mod/api.php b/mod/api.php
index fa5e43de9..ad75e6620 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -2,7 +2,115 @@
require_once('include/api.php');
+function oauth_get_client($request){
+
+
+ $params = $request->get_parameters();
+ $token = $params['oauth_token'];
+
+ $r = q("SELECT `clients`.*
+ FROM `clients`, `tokens`
+ WHERE `clients`.`client_id`=`tokens`.`client_id`
+ AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'",
+ dbesc($token));
+
+ if (!count($r))
+ return null;
+
+ return $r[0];
+}
+
+function api_post(&$a) {
+
+ if(! local_user()) {
+ notice( t('Permission denied.') . EOL);
+ return;
+ }
+
+ if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_user()) {
+ notice( t('Permission denied.') . EOL);
+ return;
+ }
+
+}
+
function api_content(&$a) {
+ if ($a->cmd=='api/oauth/authorize'){
+ /*
+ * api/oauth/authorize interact with the user. return a standard page
+ */
+
+ $a->page['template'] = "minimal";
+
+
+ // get consumer/client from request token
+ try {
+ $request = OAuthRequest::from_request();
+ } catch(Exception $e) {
+ echo "<pre>"; var_dump($e); killme();
+ }
+
+
+ if (x($_POST,'oauth_yes')){
+
+ $app = oauth_get_client($request);
+ if (is_null($app)) return "Invalid request. Unknown token.";
+ $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
+
+ $verifier = md5($app['secret'].local_user());
+ set_config("oauth", $verifier, local_user());
+
+
+ if ($consumer->callback_url!=null) {
+ $params = $request->get_parameters();
+ $glue="?";
+ if (strstr($consumer->callback_url,$glue)) $glue="?";
+ goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier));
+ killme();
+ }
+
+
+
+ $tpl = get_markup_template("oauth_authorize_done.tpl");
+ $o = replace_macros($tpl, array(
+ '$title' => t('Authorize application connection'),
+ '$info' => t('Return to your app and insert this Securty Code:'),
+ '$code' => $verifier,
+ ));
+
+ return $o;
+
+
+ }
+
+
+ if(! local_user()) {
+ //TODO: we need login form to redirect to this page
+ notice( t('Please login to continue.') . EOL );
+ return login(false,$request->get_parameters());
+ }
+ //FKOAuth1::loginUser(4);
+
+ $app = oauth_get_client($request);
+ if (is_null($app)) return "Invalid request. Unknown token.";
+
+
+
+
+ $tpl = get_markup_template('oauth_authorize.tpl');
+ $o = replace_macros($tpl, array(
+ '$title' => t('Authorize application connection'),
+ '$app' => $app,
+ '$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
+ '$yes' => t('Yes'),
+ '$no' => t('No'),
+ ));
+
+ //echo "<pre>"; var_dump($app); killme();
+
+ return $o;
+ }
+
echo api_call($a);
killme();
}
diff --git a/mod/notice.php b/mod/notice.php
new file mode 100644
index 000000000..9d8aeed70
--- /dev/null
+++ b/mod/notice.php
@@ -0,0 +1,20 @@
+<?php
+ /* identi.ca -> friendika items permanent-url compatibility */
+
+ function notice_init(&$a){
+ $id = $a->argv[1];
+ $r = q("SELECT user.nickname FROM user LEFT JOIN item ON item.uid=user.uid WHERE item.id=%d",
+ intval($id)
+ );
+ if (count($r)){
+ $nick = $r[0]['nickname'];
+ $url = $a->get_baseurl()."/display/$nick/$id";
+ goaway($url);
+ } else {
+ $a->error = 404;
+ notice( t('Item not found.') . EOL);
+
+ }
+ return;
+
+ }
diff --git a/mod/settings.php b/mod/settings.php
index 522ae52de..938f6a0d5 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -47,6 +47,58 @@ function settings_post(&$a) {
return;
}
+ if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){
+ $key = $_POST['remove'];
+ q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
+ dbesc($key),
+ local_user());
+ goaway($a->get_baseurl()."/settings/oauth/");
+ return;
+ }
+
+ if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit') && x($_POST,'submit')) {
+
+ $name = ((x($_POST,'name')) ? $_POST['name'] : '');
+ $key = ((x($_POST,'key')) ? $_POST['key'] : '');
+ $secret = ((x($_POST,'secret')) ? $_POST['secret'] : '');
+ $redirect = ((x($_POST,'redirect')) ? $_POST['redirect'] : '');
+ $icon = ((x($_POST,'icon')) ? $_POST['icon'] : '');
+ if ($name=="" || $key=="" || $secret==""){
+ notice(t("Missing some important data!"));
+
+ } else {
+ if ($_POST['submit']==t("Update")){
+ $r = q("UPDATE clients SET
+ client_id='%s',
+ pw='%s',
+ name='%s',
+ redirect_uri='%s',
+ icon='%s',
+ uid=%d
+ WHERE client_id='%s'",
+ dbesc($key),
+ dbesc($secret),
+ dbesc($name),
+ dbesc($redirect),
+ dbesc($icon),
+ local_user(),
+ dbesc($key));
+ } else {
+ $r = q("INSERT INTO clients
+ (client_id, pw, name, redirect_uri, icon, uid)
+ VALUES ('%s','%s','%s','%s','%s',%d)",
+ dbesc($key),
+ dbesc($secret),
+ dbesc($name),
+ dbesc($redirect),
+ dbesc($icon),
+ local_user());
+ }
+ }
+ goaway($a->get_baseurl()."/settings/oauth/");
+ return;
+ }
+
if(($a->argc > 1) && ($a->argv[1] == 'addon')) {
call_hooks('plugin_settings_post', $_POST);
return;
@@ -342,6 +394,11 @@ function settings_content(&$a) {
'sel' => (($a->argc > 1) && ($a->argv[1] === 'addon')?'active':''),
),
array(
+ 'label' => t('Connections'),
+ 'url' => $a->get_baseurl() . '/settings/oauth',
+ 'sel' => (($a->argc > 1) && ($a->argv[1] === 'oauth')?'active':''),
+ ),
+ array(
'label' => t('Export personal data'),
'url' => $a->get_baseurl() . '/uexport',
'sel' => ''
@@ -353,8 +410,83 @@ function settings_content(&$a) {
'$tabs' => $tabs,
));
-
-
+ if(($a->argc > 1) && ($a->argv[1] === 'oauth')) {
+
+ if(($a->argc > 2) && ($a->argv[2] === 'add')) {
+ $tpl = get_markup_template("settings_oauth_edit.tpl");
+ $o .= replace_macros($tpl, array(
+ '$tabs' => $tabs,
+ '$title' => t('Add application'),
+ '$submit' => t('Submit'),
+ '$cancel' => t('Cancel'),
+ '$name' => array('name', t('Name'), '', ''),
+ '$key' => array('key', t('Consumer Key'), '', ''),
+ '$secret' => array('secret', t('Consumer Secret'), '', ''),
+ '$redirect' => array('redirect', t('Redirect'), '', ''),
+ '$icon' => array('icon', t('Icon url'), '', ''),
+ ));
+ return $o;
+ }
+
+ if(($a->argc > 3) && ($a->argv[2] === 'edit')) {
+ $r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
+ dbesc($a->argv[3]),
+ local_user());
+
+ if (!count($r)){
+ notice(t("You can't edit this application."));
+ return;
+ }
+ $app = $r[0];
+
+ $tpl = get_markup_template("settings_oauth_edit.tpl");
+ $o .= replace_macros($tpl, array(
+ '$tabs' => $tabs,
+ '$title' => t('Add application'),
+ '$submit' => t('Update'),
+ '$cancel' => t('Cancel'),
+ '$name' => array('name', t('Name'), $app['name'] , ''),
+ '$key' => array('key', t('Consumer Key'), $app['client_id'], ''),
+ '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''),
+ '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''),
+ '$icon' => array('icon', t('Icon url'), $app['icon'], ''),
+ ));
+ return $o;
+ }
+
+ if(($a->argc > 3) && ($a->argv[2] === 'delete')) {
+ $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
+ dbesc($a->argv[3]),
+ local_user());
+ goaway($a->get_baseurl()."/settings/oauth/");
+ return;
+ }
+
+
+ $r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my
+ FROM clients
+ LEFT JOIN tokens ON clients.client_id=tokens.client_id
+ WHERE clients.uid IN (%d,0)",
+ local_user(),
+ local_user());
+
+
+ $tpl = get_markup_template("settings_oauth.tpl");
+ $o .= replace_macros($tpl, array(
+ '$baseurl' => $a->get_baseurl(),
+ '$title' => t('Connected Apps'),
+ '$add' => t('Add application'),
+ '$edit' => t('Edit'),
+ '$delete' => t('Delete'),
+ '$consumerkey' => t('Client key starts with'),
+ '$noname' => t('No name'),
+ '$remove' => t('Remove authorization'),
+ '$tabs' => $tabs,
+ '$apps' => $r,
+ ));
+ return $o;
+
+ }
if(($a->argc > 1) && ($a->argv[1] === 'addon')) {
$settings_addons = "";