aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Api.php
blob: 3e7f23b6c4c21046aee7e83415cdce591556f1b8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
namespace Zotlabs\Module;

require_once('include/api.php');



class Api extends \Zotlabs\Web\Controller {

	function post() {
	
		if(! local_channel()) {
			notice( t('Permission denied.') . EOL);
			return;
		}
	
		if(count(\App::$user) && x(\App::$user,'uid') && \App::$user['uid'] != local_channel()) {
			notice( t('Permission denied.') . EOL);
			return;
		}
	
	}
	
		function get() {
		if(\App::$cmd=='api/oauth/authorize'){
	
			/* 
			 * api/oauth/authorize interact with the user. return a standard page
			 */
			
			\App::$page['template'] = "minimal";
					
			// get consumer/client from request token
			try {
				$request = OAuth1Request::from_request();
			} catch(Exception $e) {
				echo "<pre>"; var_dump($e); killme();
			}
			
			
			if(x($_POST,'oauth_yes')){
			
				$app = $this->oauth_get_client($request);
				if (is_null($app)) return "Invalid request. Unknown token.";
				$consumer = new OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']);
	
				$verifier = md5($app['secret'].local_channel());
				set_config("oauth", $verifier, local_channel());
				
				
				if($consumer->callback_url!=null) {
					$params = $request->get_parameters();
					$glue="?";
					if (strstr($consumer->callback_url,$glue)) $glue="?";
					goaway($consumer->callback_url . $glue . "oauth_token=" . OAuth1Util::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuth1Util::urlencode_rfc3986($verifier));
					killme();
				}
							
				$tpl = get_markup_template("oauth_authorize_done.tpl");
				$o = replace_macros($tpl, array(
					'$title' => t('Authorize application connection'),
					'$info' => t('Return to your app and insert this Securty Code:'),
					'$code' => $verifier,
				));
			
				return $o;
			}
			
			
			if(! local_channel()) {
				//TODO: we need login form to redirect to this page
				notice( t('Please login to continue.') . EOL );
				return login(false,'api-login',$request->get_parameters());
			}
			//FKOAuth1::loginUser(4);
			
			$app = $this->oauth_get_client($request);
			if (is_null($app)) return "Invalid request. Unknown token.";
			
			
	
			
			$tpl = get_markup_template('oauth_authorize.tpl');
			$o = replace_macros($tpl, array(
				'$title' => t('Authorize application connection'),
				'$app' => $app,
				'$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
				'$yes'	=> t('Yes'),
				'$no'	=> t('No'),
			));
			
			//echo "<pre>"; var_dump($app); killme();
			
			return $o;
		}
		
		echo api_call($a);
		killme();
	}

	function oauth_get_client($request){

	
		$params = $request->get_parameters();
		$token = $params['oauth_token'];
	
		$r = q("SELECT `clients`.* 
			FROM `clients`, `tokens` 
			WHERE `clients`.`client_id`=`tokens`.`client_id` 
			AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'",
			dbesc($token));

		if (!count($r))
			return null;
	
		return $r[0];
	}
	
	
	
	
}