diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/api.php | 108 | ||||
-rw-r--r-- | mod/notice.php | 20 | ||||
-rw-r--r-- | mod/settings.php | 136 |
3 files changed, 262 insertions, 2 deletions
diff --git a/mod/api.php b/mod/api.php index fa5e43de9..ad75e6620 100644 --- a/mod/api.php +++ b/mod/api.php @@ -2,7 +2,115 @@ require_once('include/api.php'); +function oauth_get_client($request){ + + + $params = $request->get_parameters(); + $token = $params['oauth_token']; + + $r = q("SELECT `clients`.* + FROM `clients`, `tokens` + WHERE `clients`.`client_id`=`tokens`.`client_id` + AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", + dbesc($token)); + + if (!count($r)) + return null; + + return $r[0]; +} + +function api_post(&$a) { + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return; + } + + if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_user()) { + notice( t('Permission denied.') . EOL); + return; + } + +} + function api_content(&$a) { + if ($a->cmd=='api/oauth/authorize'){ + /* + * api/oauth/authorize interact with the user. return a standard page + */ + + $a->page['template'] = "minimal"; + + + // get consumer/client from request token + try { + $request = OAuthRequest::from_request(); + } catch(Exception $e) { + echo "<pre>"; var_dump($e); killme(); + } + + + if (x($_POST,'oauth_yes')){ + + $app = oauth_get_client($request); + if (is_null($app)) return "Invalid request. Unknown token."; + $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']); + + $verifier = md5($app['secret'].local_user()); + set_config("oauth", $verifier, local_user()); + + + if ($consumer->callback_url!=null) { + $params = $request->get_parameters(); + $glue="?"; + if (strstr($consumer->callback_url,$glue)) $glue="?"; + goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier)); + killme(); + } + + + + $tpl = get_markup_template("oauth_authorize_done.tpl"); + $o = replace_macros($tpl, array( + '$title' => t('Authorize application connection'), + '$info' => t('Return to your app and insert this Securty Code:'), + '$code' => $verifier, + )); + + return $o; + + + } + + + if(! local_user()) { + //TODO: we need login form to redirect to this page + notice( t('Please login to continue.') . EOL ); + return login(false,$request->get_parameters()); + } + //FKOAuth1::loginUser(4); + + $app = oauth_get_client($request); + if (is_null($app)) return "Invalid request. Unknown token."; + + + + + $tpl = get_markup_template('oauth_authorize.tpl'); + $o = replace_macros($tpl, array( + '$title' => t('Authorize application connection'), + '$app' => $app, + '$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'), + '$yes' => t('Yes'), + '$no' => t('No'), + )); + + //echo "<pre>"; var_dump($app); killme(); + + return $o; + } + echo api_call($a); killme(); } diff --git a/mod/notice.php b/mod/notice.php new file mode 100644 index 000000000..9d8aeed70 --- /dev/null +++ b/mod/notice.php @@ -0,0 +1,20 @@ +<?php + /* identi.ca -> friendika items permanent-url compatibility */ + + function notice_init(&$a){ + $id = $a->argv[1]; + $r = q("SELECT user.nickname FROM user LEFT JOIN item ON item.uid=user.uid WHERE item.id=%d", + intval($id) + ); + if (count($r)){ + $nick = $r[0]['nickname']; + $url = $a->get_baseurl()."/display/$nick/$id"; + goaway($url); + } else { + $a->error = 404; + notice( t('Item not found.') . EOL); + + } + return; + + } diff --git a/mod/settings.php b/mod/settings.php index 522ae52de..6cc80e3a6 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -47,6 +47,58 @@ function settings_post(&$a) { return; } + if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){ + $key = $_POST['remove']; + q("DELETE FROM tokens WHERE id='%s' AND uid=%d", + dbesc($key), + local_user()); + goaway($a->get_baseurl()."/settings/oauth/"); + return; + } + + if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit'||($a->argv[2] === 'add')) && x($_POST,'submit')) { + + $name = ((x($_POST,'name')) ? $_POST['name'] : ''); + $key = ((x($_POST,'key')) ? $_POST['key'] : ''); + $secret = ((x($_POST,'secret')) ? $_POST['secret'] : ''); + $redirect = ((x($_POST,'redirect')) ? $_POST['redirect'] : ''); + $icon = ((x($_POST,'icon')) ? $_POST['icon'] : ''); + if ($name=="" || $key=="" || $secret==""){ + notice(t("Missing some important data!")); + + } else { + if ($_POST['submit']==t("Update")){ + $r = q("UPDATE clients SET + client_id='%s', + pw='%s', + name='%s', + redirect_uri='%s', + icon='%s', + uid=%d + WHERE client_id='%s'", + dbesc($key), + dbesc($secret), + dbesc($name), + dbesc($redirect), + dbesc($icon), + local_user(), + dbesc($key)); + } else { + $r = q("INSERT INTO clients + (client_id, pw, name, redirect_uri, icon, uid) + VALUES ('%s','%s','%s','%s','%s',%d)", + dbesc($key), + dbesc($secret), + dbesc($name), + dbesc($redirect), + dbesc($icon), + local_user()); + } + } + goaway($a->get_baseurl()."/settings/oauth/"); + return; + } + if(($a->argc > 1) && ($a->argv[1] == 'addon')) { call_hooks('plugin_settings_post', $_POST); return; @@ -342,6 +394,11 @@ function settings_content(&$a) { 'sel' => (($a->argc > 1) && ($a->argv[1] === 'addon')?'active':''), ), array( + 'label' => t('Connections'), + 'url' => $a->get_baseurl() . '/settings/oauth', + 'sel' => (($a->argc > 1) && ($a->argv[1] === 'oauth')?'active':''), + ), + array( 'label' => t('Export personal data'), 'url' => $a->get_baseurl() . '/uexport', 'sel' => '' @@ -353,8 +410,83 @@ function settings_content(&$a) { '$tabs' => $tabs, )); - - + if(($a->argc > 1) && ($a->argv[1] === 'oauth')) { + + if(($a->argc > 2) && ($a->argv[2] === 'add')) { + $tpl = get_markup_template("settings_oauth_edit.tpl"); + $o .= replace_macros($tpl, array( + '$tabs' => $tabs, + '$title' => t('Add application'), + '$submit' => t('Submit'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), '', ''), + '$key' => array('key', t('Consumer Key'), '', ''), + '$secret' => array('secret', t('Consumer Secret'), '', ''), + '$redirect' => array('redirect', t('Redirect'), '', ''), + '$icon' => array('icon', t('Icon url'), '', ''), + )); + return $o; + } + + if(($a->argc > 3) && ($a->argv[2] === 'edit')) { + $r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", + dbesc($a->argv[3]), + local_user()); + + if (!count($r)){ + notice(t("You can't edit this application.")); + return; + } + $app = $r[0]; + + $tpl = get_markup_template("settings_oauth_edit.tpl"); + $o .= replace_macros($tpl, array( + '$tabs' => $tabs, + '$title' => t('Add application'), + '$submit' => t('Update'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), $app['name'] , ''), + '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), + '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), + '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), + '$icon' => array('icon', t('Icon url'), $app['icon'], ''), + )); + return $o; + } + + if(($a->argc > 3) && ($a->argv[2] === 'delete')) { + $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", + dbesc($a->argv[3]), + local_user()); + goaway($a->get_baseurl()."/settings/oauth/"); + return; + } + + + $r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my + FROM clients + LEFT JOIN tokens ON clients.client_id=tokens.client_id + WHERE clients.uid IN (%d,0)", + local_user(), + local_user()); + + + $tpl = get_markup_template("settings_oauth.tpl"); + $o .= replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(), + '$title' => t('Connected Apps'), + '$add' => t('Add application'), + '$edit' => t('Edit'), + '$delete' => t('Delete'), + '$consumerkey' => t('Client key starts with'), + '$noname' => t('No name'), + '$remove' => t('Remove authorization'), + '$tabs' => $tabs, + '$apps' => $r, + )); + return $o; + + } if(($a->argc > 1) && ($a->argv[1] === 'addon')) { $settings_addons = ""; |