]> git.mxchange.org Git - friendica.git/blob - mod/api.php
Merge pull request #6977 from annando/fix-reshare
[friendica.git] / mod / api.php
1 <?php
2 /**
3  * @file mod/api.php
4  */
5 use Friendica\App;
6 use Friendica\Core\Config;
7 use Friendica\Core\L10n;
8 use Friendica\Core\Renderer;
9 use Friendica\Database\DBA;
10 use Friendica\Module\Login;
11
12 require_once 'include/api.php';
13
14 function oauth_get_client(OAuthRequest $request)
15 {
16         $params = $request->get_parameters();
17         $token = $params['oauth_token'];
18
19         $r = q("SELECT `clients`.*
20                         FROM `clients`, `tokens`
21                         WHERE `clients`.`client_id`=`tokens`.`client_id`
22                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
23
24         if (!DBA::isResult($r)) {
25                 return null;
26         }
27
28         return $r[0];
29 }
30
31 function api_post(App $a)
32 {
33         if (!local_user()) {
34                 notice(L10n::t('Permission denied.') . EOL);
35                 return;
36         }
37
38         if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
39                 notice(L10n::t('Permission denied.') . EOL);
40                 return;
41         }
42 }
43
44 function api_content(App $a)
45 {
46         if ($a->cmd == 'api/oauth/authorize') {
47                 /*
48                  * api/oauth/authorize interact with the user. return a standard page
49                  */
50
51                 $a->page['template'] = "minimal";
52
53                 // get consumer/client from request token
54                 try {
55                         $request = OAuthRequest::from_request();
56                 } catch (Exception $e) {
57                         echo "<pre>";
58                         var_dump($e);
59                         exit();
60                 }
61
62                 if (!empty($_POST['oauth_yes'])) {
63                         $app = oauth_get_client($request);
64                         if (is_null($app)) {
65                                 return "Invalid request. Unknown token.";
66                         }
67                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
68
69                         $verifier = md5($app['secret'] . local_user());
70                         Config::set("oauth", $verifier, local_user());
71
72                         if ($consumer->callback_url != null) {
73                                 $params = $request->get_parameters();
74                                 $glue = "?";
75                                 if (strstr($consumer->callback_url, $glue)) {
76                                         $glue = "?";
77                                 }
78                                 $a->internalRedirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));
79                                 exit();
80                         }
81
82                         $tpl = Renderer::getMarkupTemplate("oauth_authorize_done.tpl");
83                         $o = Renderer::replaceMacros($tpl, [
84                                 '$title' => L10n::t('Authorize application connection'),
85                                 '$info' => L10n::t('Return to your app and insert this Securty Code:'),
86                                 '$code' => $verifier,
87                         ]);
88
89                         return $o;
90                 }
91
92                 if (!local_user()) {
93                         /// @TODO We need login form to redirect to this page
94                         notice(L10n::t('Please login to continue.') . EOL);
95                         return Login::form($a->query_string, false, $request->get_parameters());
96                 }
97                 //FKOAuth1::loginUser(4);
98
99                 $app = oauth_get_client($request);
100                 if (is_null($app)) {
101                         return "Invalid request. Unknown token.";
102                 }
103
104                 $tpl = Renderer::getMarkupTemplate('oauth_authorize.tpl');
105                 $o = Renderer::replaceMacros($tpl, [
106                         '$title' => L10n::t('Authorize application connection'),
107                         '$app' => $app,
108                         '$authorize' => L10n::t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
109                         '$yes' => L10n::t('Yes'),
110                         '$no' => L10n::t('No'),
111                 ]);
112
113                 return $o;
114         }
115
116         echo api_call($a);
117         exit();
118 }