From c74bf006cc7012805af3c2965c977f5f36b74f37 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Wed, 16 Jan 2013 15:51:21 -0800
Subject: begin the hard slog on the api

---
 include/api.php      | 176 +++++++++++++++++++++++++++------------------------
 include/security.php |   8 +--
 version.inc          |   2 +-
 3 files changed, 99 insertions(+), 87 deletions(-)

diff --git a/include/api.php b/include/api.php
index d755c7018..93ea82e45 100644
--- a/include/api.php
+++ b/include/api.php
@@ -4,6 +4,7 @@
 	require_once("conversation.php");
 	require_once("oauth.php");
 	require_once("html2plain.php");
+
 	/*
 	 * Twitter-Like API
 	 *
@@ -12,6 +13,14 @@
 	$API = Array();
 	$called_api = Null;
 
+
+	function api_user() {
+		if ($_SESSION["allow_api"])
+			return local_user();
+		return false;
+	}
+
+
 	function api_date($str){
 		//Wed May 23 06:01:13 +0000 2007
 		return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" );
@@ -30,7 +39,7 @@
 
 	function api_login(&$a){
 		// login with oauth
-		try{
+		try {
 			$oauth = new FKOAuth1();
 			list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
 			if (!is_null($token)){
@@ -38,14 +47,15 @@
 				call_hooks('logged_in', $a->user);
 				return;
 			}
-			echo __file__.__line__.__function__."<pre>"; var_dump($consumer, $token); die();
-		}catch(Exception $e){
+			echo __file__.__line__.__function__."<pre>"; 
+			var_dump($consumer, $token); 
+			die();
+		}
+		catch(Exception $e) {
 			logger(__file__.__line__.__function__."\n".$e);
-			//die(__file__.__line__.__function__."<pre>".$e); die();
 		}
 
 		
-		
 		// workaround for HTTP-auth in CGI mode
 		if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
 		 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
@@ -58,41 +68,24 @@
 
 		if (!isset($_SERVER['PHP_AUTH_USER'])) {
 		   logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-		    header('WWW-Authenticate: Basic realm="Friendica"');
+		    header('WWW-Authenticate: Basic realm="Red"');
 		    header('HTTP/1.0 401 Unauthorized');
 		    die('This api requires login');
 		}
 		
-		$user = $_SERVER['PHP_AUTH_USER'];
-		$encrypted = hash('whirlpool',trim($_SERVER['PHP_AUTH_PW']));
-    		
-		
-			/**
-			 *  next code from mod/auth.php. needs better solution
-			 */
-			
 		// process normal login request
-
-		$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) 
-			AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
-			dbesc(trim($user)),
-			dbesc(trim($user)),
-			dbesc($encrypted)
-		);
-		if(count($r)){
-			$record = $r[0];
-		} else {
+		require_once('include/auth.php');
+		$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+		if(! $record) {
 		   logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-		    header('WWW-Authenticate: Basic realm="Friendica"');
+		    header('WWW-Authenticate: Basic realm="Red"');
 		    header('HTTP/1.0 401 Unauthorized');
 		    die('This api requires login');
 		}
 
 		require_once('include/security.php');
 		authenticate_success($record);
-
-		call_hooks('logged_in', $a->user);
-
+		$_SESSION['allow_api'] = true;
 	}
 	
 	/**************************
@@ -108,11 +101,11 @@
 			if (strpos($a->query_string, $p)===0){
 				$called_api= explode("/",$p);
 				//unset($_SERVER['PHP_AUTH_USER']);
-				if ($info['auth']===true && local_user()===false) {
+				if ($info['auth']===true && api_user()===false) {
 						api_login($a);
 				}
 
-				load_contact_links(local_user());
+				load_contact_links(api_user());
 
 				logger('API call for ' . $a->user['username'] . ': ' . $a->query_string);
 				logger('API parameters: ' . print_r($_REQUEST,true));
@@ -219,7 +212,7 @@
 		if(is_null($user) && x($_GET, 'screen_name')) {
 			$user = dbesc($_GET['screen_name']);	
 			$extra_query = "AND `contact`.`nick` = '%s' ";
-			if (local_user()!==false)  $extra_query .= "AND `contact`.`uid`=".intval(local_user());
+			if (api_user()!==false)  $extra_query .= "AND `contact`.`uid`=".intval(api_user());
 			
 		}
 		
@@ -232,12 +225,12 @@
 			} else {
 				$user = dbesc($user);
 				$extra_query = "AND `contact`.`nick` = '%s' ";
-				if (local_user()!==false)  $extra_query .= "AND `contact`.`uid`=".intval(local_user());
+				if (api_user()!==false)  $extra_query .= "AND `contact`.`uid`=".intval(api_user());
 			}
 		}
 		
 		if (! $user) {
-			if (local_user()===false) {
+			if (api_user()===false) {
 				api_login($a); return False;
 			} else {
 				$user = $_SESSION['uid'];
@@ -259,10 +252,10 @@
 		
 		if($uinfo[0]['self']) {
 			$usr = q("select * from user where uid = %d limit 1",
-				intval(local_user())
+				intval(api_user())
 			);
 			$profile = q("select * from profile where uid = %d and `is_default` = 1 limit 1",
-				intval(local_user())
+				intval(api_user())
 			);
 
 			// count public wall messages
@@ -458,7 +451,7 @@
 	 * http://developer.twitter.com/doc/get/account/verify_credentials
 	 */
 	function api_account_verify_credentials(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 		$user_info = api_get_user($a);
 		
 		return api_apply_template("user", $type, array('$user' => $user_info));
@@ -482,14 +475,14 @@
 
 
     function api_statuses_mediap(&$a, $type) {
-                if (local_user()===false) {
+                if (api_user()===false) {
                         logger('api_statuses_update: no user');
                         return false;
                 }
                 $user_info = api_get_user($a);
 
                 $_REQUEST['type'] = 'wall';
-                $_REQUEST['profile_uid'] = local_user();
+                $_REQUEST['profile_uid'] = api_user();
                 $_REQUEST['api_source'] = true;
                 $txt = requestdata('status');
                 //$txt = urldecode(requestdata('status'));
@@ -525,7 +518,7 @@
 
 
 	function api_statuses_update(&$a, $type) {
-		if (local_user()===false) {
+		if (api_user()===false) {
 			logger('api_statuses_update: no user');
 			return false;
 		}
@@ -567,7 +560,7 @@
 
 		if(requestdata('lat') && requestdata('long'))
 			$_REQUEST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long'));
-		$_REQUEST['profile_uid'] = local_user();
+		$_REQUEST['profile_uid'] = api_user();
 
 		if($parent)
 			$_REQUEST['type'] = 'net-comment';
@@ -711,7 +704,7 @@
 	 * TODO: Add reply info
 	 */
 	function api_statuses_home_timeline(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 
 		$user_info = api_get_user($a);
 		// get last newtork messages
@@ -785,7 +778,7 @@
 	api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true);
 
 	function api_statuses_public_timeline(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 
 		$user_info = api_get_user($a);
 		// get last newtork messages
@@ -867,7 +860,7 @@
 	 * 
 	 */
 	function api_statuses_show(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 
 		$user_info = api_get_user($a);
 
@@ -919,7 +912,7 @@
 	 * 
 	 */
 	function api_statuses_repeat(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 
 		$user_info = api_get_user($a);
 
@@ -945,7 +938,7 @@
 
 		if ($r[0]['body'] != "") {
 			$_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
-			$_REQUEST['profile_uid'] = local_user();
+			$_REQUEST['profile_uid'] = api_user();
 			$_REQUEST['type'] = 'wall';
 			$_REQUEST['api_source'] = true;
 
@@ -966,7 +959,7 @@
 	 * 
 	 */
 	function api_statuses_destroy(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 
 		$user_info = api_get_user($a);
 
@@ -993,7 +986,7 @@
 	 * 
 	 */
 	function api_statuses_mentions(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 				
 		$user_info = api_get_user($a);
 		// get last newtork messages
@@ -1073,13 +1066,13 @@
 
 
 	function api_statuses_user_timeline(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 		
 		$user_info = api_get_user($a);
 		// get last newtork messages
 
 
-		logger("api_statuses_user_timeline: local_user: ". local_user() .
+		logger("api_statuses_user_timeline: api_user: ". api_user() .
 			   "\nuser_info: ".print_r($user_info, true) .
 			   "\n_REQUEST:  ".print_r($_REQUEST, true),
 			   LOGGER_DEBUG);
@@ -1111,7 +1104,7 @@
 			$sql_extra
 			AND `item`.`id`>%d
 			ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
-			intval(local_user()),
+			intval(api_user()),
 			intval($user_info['id']),
 			intval($since_id),
 			intval($start),	intval($count)
@@ -1134,7 +1127,7 @@
 
 
 	function api_favorites(&$a, $type){
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 
 		$user_info = api_get_user($a);
 		// in friendica starred item are private
@@ -1406,7 +1399,7 @@
 	 *  returns: json, xml 
 	 **/
 	function api_statuses_f(&$a, $type, $qtype) {
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 		$user_info = api_get_user($a);
 		
 		
@@ -1432,7 +1425,7 @@
 			$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
  
 		$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
-			intval(local_user())
+			intval(api_user())
 		);
 
 		$ret = array();
@@ -1463,37 +1456,41 @@
 
 
 	function api_statusnet_config(&$a,$type) {
-		$name = $a->config['sitename'];
+
+		load_config('system');
+
+		$name   = get_config('system','sitename');
 		$server = $a->get_hostname();
-		$logo = $a->get_baseurl() . '/images/friendica-64.png';
-		$email = $a->config['admin_email'];
-		$closed = (($a->config['system']['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false');
-		$private = (($a->config['system']['block_public']) ? 'true' : 'false');
-		$textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000);
-		if($a->config['api_import_size'])
-			$texlimit = string($a->config['api_import_size']);
-		$ssl = (($a->config['system']['have_ssl']) ? 'true' : 'false');
+		$logo   = $a->get_baseurl() . '/images/fred-64.png';
+		$email  = get_config('system','admin_email');
+		$closed = ((get_config('system','register_policy') == REGISTER_CLOSED) ? 'true' : 'false');
+		$private = ((get_config('system','block_public')) ? 'true' : 'false');
+		$textlimit = (string) ((get_config('system','max_import_size')) ? get_config('system','max_import_size') : 200000);
+		if(get_config('system','api_import_size'))
+			$texlimit = string(get_config('system','api_import_size'));
+		$ssl = ((get_config('system','have_ssl')) ? 'true' : 'false');
 		$sslserver = (($ssl === 'true') ? str_replace('http:','https:',$a->get_baseurl()) : '');
 
 		$config = array(
 			'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '',
-				'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '',
-				'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
-				'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
-				'shorturllength' => '30',
-        'friendica' => array(
-                             'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM,
-                             'FRIENDICA_VERSION' => FRIENDICA_VERSION,
-                             'DFRN_PROTOCOL_VERSION' => DFRN_PROTOCOL_VERSION,
-                             'DB_UPDATE_VERSION' => DB_UPDATE_VERSION
-                             )
-			),
-		);  
+			'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '',
+			'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
+			'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
+			'shorturllength' => '30',
+        	'friendica' => array(
+				'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM,
+				'FRIENDICA_VERSION' => FRIENDICA_VERSION,
+				'ZOT_REVISION' => ZOT_REVISION,
+				'DB_UPDATE_VERSION' => DB_UPDATE_VERSION
+			)
+		));  
 
 		return api_apply_template('config', $type, array('$config' => $config));
 
 	}
 	api_register_func('api/statusnet/config','api_statusnet_config',false);
+	api_register_func('api/friendica/config','api_statusnet_config',false);
+	api_register_func('api/red/config','api_statusnet_config',false);
 
 	function api_statusnet_version(&$a,$type) {
 
@@ -1513,8 +1510,25 @@
 	api_register_func('api/statusnet/version','api_statusnet_version',false);
 
 
+	function api_friendica_version(&$a,$type) {
+
+		if($type === 'xml') {
+			header("Content-type: application/xml");
+			echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>' . FRIENDICA_VERSION . '</version>' . "\r\n";
+			killme();
+		}
+		elseif($type === 'json') {
+			header("Content-type: application/json");
+			echo '"' . FRIENDICA_VERSION . '"';
+			killme();
+		}
+	}
+	api_register_func('api/friendica/version','api_friendica_version',false);
+	api_register_func('api/red/version','api_friendica_version',false);
+
+
 	function api_ff_ids(&$a,$type,$qtype) {
-		if(! local_user())
+		if(! api_user())
 			return false;
 
 		if($qtype == 'friends')
@@ -1524,7 +1538,7 @@
  
 
 		$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
-			intval(local_user())
+			intval(api_user())
 		);
 
 		if(is_array($r)) {
@@ -1557,7 +1571,7 @@
 
 
 	function api_direct_messages_new(&$a, $type) {
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 		
 		if (!x($_POST, "text") || !x($_POST,"screen_name")) return;
 
@@ -1566,7 +1580,7 @@
 		require_once("include/message.php");
 
 		$r = q("SELECT `id` FROM `contact` WHERE `uid`=%d AND `nick`='%s'",
-				intval(local_user()),
+				intval(api_user()),
 				dbesc($_POST['screen_name']));
 
 		$recipient = api_get_user($a, $r[0]['id']);			
@@ -1574,7 +1588,7 @@
 		$sub     = '';
 		if (x($_REQUEST,'replyto')) {
 			$r = q('SELECT `parent_uri`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d',
-					intval(local_user()),
+					intval(api_user()),
 					intval($_REQUEST['replyto']));
 			$replyto = $r[0]['parent_uri'];
 			$sub     = $r[0]['title'];
@@ -1612,7 +1626,7 @@
 	api_register_func('api/direct_messages/new','api_direct_messages_new',true);
 
 	function api_direct_messages_box(&$a, $type, $box) {
-		if (local_user()===false) return false;
+		if (api_user()===false) return false;
 		
 		$user_info = api_get_user($a);
 		
@@ -1638,7 +1652,7 @@
 		}
 		
 		$r = q("SELECT * FROM `mail` WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d,%d",
-				intval(local_user()),
+				intval(api_user()),
 				intval($start),	intval($count)
 		);
 		
diff --git a/include/security.php b/include/security.php
index 276c8f97c..0783a3c20 100644
--- a/include/security.php
+++ b/include/security.php
@@ -6,11 +6,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 
 	$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
 
-//	logger('authenticate_success: ' . print_r($user_record,true));
-//	logger('authenticate_success: ' . print_r($_SESSION,true));
-
 	if(x($user_record,'account_id')) {
-//		logger('authenticate_success: Red-style');
 		$a->account = $user_record;
 		$_SESSION['account_id'] = $user_record['account_id'];
 		$_SESSION['authenticated'] = 1;
@@ -115,10 +111,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 				intval($_SESSION['uid'])
 			);
 
-			call_hooks('logged_in', $a->user);
 
 		}
 	}
+
+	if($login_initial)
+		call_hooks('logged_in', $user_record);
 	
 
 	if($return || x($_SESSION,'workflow')) {
diff --git a/version.inc b/version.inc
index 9a868e78e..f7f909959 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-01-15.201
+2013-01-16.202
-- 
cgit v1.2.3