]> git.mxchange.org Git - quix0rs-gnu-social.git/blob - actions/twitapifriendships.php
projects / quix0rs-gnu-social.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add csrf protection to profile settings
[quix0rs-gnu-social.git] / actions / twitapifriendships.php
1 <?php
2 /*
3  * Laconica - a distributed open-source microblogging tool
4  * Copyright (C) 2008, Controlez-Vous, Inc.
5  *
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU Affero General Public License as published by
8  * the Free Software Foundation, either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU Affero General Public License for more details.
15  *
16  * You should have received a copy of the GNU Affero General Public License
17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18  */
19
20 if (!defined('LACONICA')) { exit(1); }
21
22 require_once(INSTALLDIR.'/lib/twitterapi.php');
23
24 class TwitapifriendshipsAction extends TwitterapiAction {
25
26         function is_readonly() {
27                 
28                 static $write_methods = array(  'create',
29                                                                                 'destroy');
30                 
31                 $cmdtext = explode('.', $this->arg('method'));          
32                 
33                 if (in_array($cmdtext[0], $write_methods)) {                    
34                         return false;
35                 }
36                                 
37                 return true;
38         }
39
40         function create($args, $apidata) {
41                 parent::handle($args);
42
43                 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
44                         $this->client_error(_('This method requires a POST.'), 400, $apidata['content-type']);
45                         exit();
46                 }
47
48                 $id = $apidata['api_arg'];
49
50                 $other = $this->get_user($id);
51
52                 if (!$other) {
53                         $this->client_error(_('Could not follow user: User not found.'), 403, $apidata['content-type']);
54                         exit();
55                 }
56                 
57                 $user = $apidata['user'];
58                 
59                 if ($user->isSubscribed($other)) {
60                         $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname);
61                         $this->client_error($errmsg, 403, $apidata['content-type']);
62                         exit();
63                 }
64                 
65                 $sub = new Subscription();
66                 
67                 $sub->query('BEGIN');
68                 
69                 $sub->subscriber = $user->id;
70                 $sub->subscribed = $other->id;
71                 $sub->created = DB_DataObject_Cast::dateTime(); # current time
72                   
73                 $result = $sub->insert();
74
75                 if (!$result) {
76                         $errmsg = sprintf(_('Could not follow user: %s is already on your list.'), $other->nickname);
77                         $this->client_error($errmsg, 400, $apidata['content-type']);                    
78                         exit();
79                 }
80                 
81                 $sub->query('COMMIT');
82                 
83                 mail_subscribe_notify($other, $user);
84
85                 $type = $apidata['content-type'];
86                 $this->init_document($type);
87                 $this->show_profile($other, $type);
88                 $this->end_document($type);
89                 exit();
90         }
91         
92         //destroy
93         //
94         //Discontinues friendship with the user specified in the ID parameter as the authenticating user.  Returns the un-friended user in the requested format when successful.  Returns a string describing the failure condition when unsuccessful. 
95         //
96         //URL: http://twitter.com/friendships/destroy/id.format
97         //
98         //Formats: xml, json
99         //
100         //Parameters:
101         //
102         //* id.  Required.  The ID or screen name of the user with whom to discontinue friendship.  Ex: http://twitter.com/friendships/destroy/12345.json or http://twitter.com/friendships/destroy/bob.xml
103         
104         function destroy($args, $apidata) {
105                 parent::handle($args);
106                 
107                 if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
108                         $this->client_error(_('This method requires a POST or DELETE.'), 400, $apidata['content-type']);
109                         exit();
110                 }
111                 
112                 $id = $apidata['api_arg'];
113
114                 # We can't subscribe to a remote person, but we can unsub
115                 
116                 $other = $this->get_profile($id);
117                 $user = $apidata['user'];
118                 
119                 $sub = new Subscription();
120                 $sub->subscriber = $user->id;
121                 $sub->subscribed = $other->id;
122                 
123                 if ($sub->find(TRUE)) {
124                         $sub->query('BEGIN');
125                         $sub->delete();
126                         $sub->query('COMMIT');
127                 } else {
128                         $this->client_error(_('You are not friends with the specified user.'), 403, $apidata['content-type']);                  
129                         exit();
130                 }
131
132                 $type = $apidata['content-type'];
133                 $this->init_document($type);    
134                 $this->show_profile($other, $type);
135                 $this->end_document($type);
136                 exit();
137         }
138
139         //      Tests if a friendship exists between two users.
140         //        
141         //        
142         //        URL: http://twitter.com/friendships/exists.format
143         //      
144         //      Formats: xml, json, none
145         //        
146         //        Parameters:
147         //      
148         //          * user_a.  Required.  The ID or screen_name of the first user to test friendship for.
149         //            * user_b.  Required.  The ID or screen_name of the second user to test friendship for.
150         //        * Ex: http://twitter.com/friendships/exists.xml?user_a=alice&user_b=bob
151         
152         function exists($args, $apidata) {
153                 parent::handle($args);
154                 
155                 
156                 $user_a_id = $this->trimmed('user_a');
157                 $user_b_id = $this->trimmed('user_b');
158                 
159                 $user_a = $this->get_user($user_a_id);
160                 $user_b = $this->get_user($user_b_id);
161                 
162                 if (!$user_a || !$user_b) {
163                         $this->client_error(_('Two user ids or screen_names must be supplied.'), 400, $apidata['content-type']);
164                         exit();
165                 }
166                 
167                 if ($user_a->isSubscribed($user_b)) {
168                         $result = 'true';
169                 } else {
170                         $result = 'false';
171                 }
172                 
173                 switch ($apidata['content-type']) {
174                  case 'xml':
175                         $this->init_document('xml');
176                         common_element('friends', NULL, $result);
177                         $this->end_document('xml');
178                         break;
179                  case 'json':
180                         $this->init_document('json');
181                         print json_encode($result);
182                         $this->end_document('json');
183                         break;
184                  default:
185                         print $result;  // Really? --Zach
186                         break;
187                 }
188                 
189                 exit();
190         }
191
192         function get_profile($id) {
193                 if (is_numeric($id)) {
194                         return Profile::staticGet($id);
195                 } else {
196                         $user = User::staticGet('nickname', $id);                       
197                         if ($user) {
198                                 return $user->getProfile();
199                         } else {
200                                 return NULL;
201                         }
202                 }
203         }
204         
205         function get_user($id) {
206                 if (is_numeric($id)) {
207                         return User::staticGet($id);
208                 } else {
209                         return User::staticGet('nickname', $id);
210                 }
211         }
212 }
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)