mod/api.php

   1 <?php
   2
   3 use Friendica\App;
   4 use Friendica\Core\Config;
   5 use Friendica\Database\DBM;
   6
   7 require_once('include/api.php');
   8
   9 function oauth_get_client($request)
  10 {
  11
  12
  13         $params = $request->get_parameters();
  14         $token = $params['oauth_token'];
  15
  16         $r = q("SELECT `clients`.*
  17                         FROM `clients`, `tokens`
  18                         WHERE `clients`.`client_id`=`tokens`.`client_id`
  19                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", dbesc($token));
  20
  21         if (!DBM::is_result($r))
  22                 return null;
  23
  24         return $r[0];
  25 }
  26
  27 function api_post(App $a)
  28 {
  29         if (!local_user()) {
  30                 notice(t('Permission denied.') . EOL);
  31                 return;
  32         }
  33
  34         if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) {
  35                 notice(t('Permission denied.') . EOL);
  36                 return;
  37         }
  38 }
  39
  40 function api_content(App $a)
  41 {
  42         if ($a->cmd == 'api/oauth/authorize') {
  43                 /*
  44                  * api/oauth/authorize interact with the user. return a standard page
  45                  */
  46
  47                 $a->page['template'] = "minimal";
  48
  49                 // get consumer/client from request token
  50                 try {
  51                         $request = OAuthRequest::from_request();
  52                 } catch (Exception $e) {
  53                         echo "<pre>";
  54                         var_dump($e);
  55                         killme();
  56                 }
  57
  58                 if (x($_POST, 'oauth_yes')) {
  59                         $app = oauth_get_client($request);
  60                         if (is_null($app)) {
  61                                 return "Invalid request. Unknown token.";
  62                         }
  63                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
  64
  65                         $verifier = md5($app['secret'] . local_user());
  66                         Config::set("oauth", $verifier, local_user());
  67
  68                         if ($consumer->callback_url != null) {
  69                                 $params = $request->get_parameters();
  70                                 $glue = "?";
  71                                 if (strstr($consumer->callback_url, $glue)) {
  72                                         $glue = "?";
  73                                 }
  74                                 goaway($consumer->callback_url . $glue . "oauth_token=" . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuthUtil::urlencode_rfc3986($verifier));
  75                                 killme();
  76                         }
  77
  78                         $tpl = get_markup_template("oauth_authorize_done.tpl");
  79                         $o = replace_macros($tpl, array(
  80                                 '$title' => t('Authorize application connection'),
  81                                 '$info' => t('Return to your app and insert this Securty Code:'),
  82                                 '$code' => $verifier,
  83                         ));
  84
  85                         return $o;
  86                 }
  87
  88                 if (!local_user()) {
  89                         /// @TODO We need login form to redirect to this page
  90                         notice( t('Please login to continue.') . EOL );
  91                         return login(false,$request->get_parameters());
  92                 }
  93                 //FKOAuth1::loginUser(4);
  94
  95                 $app = oauth_get_client($request);
  96                 if (is_null($app)) {
  97                         return "Invalid request. Unknown token.";
  98                 }
  99
 100                 $tpl = get_markup_template('oauth_authorize.tpl');
 101                 $o = replace_macros($tpl, array(
 102                         '$title' => t('Authorize application connection'),
 103                         '$app' => $app,
 104                         '$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
 105                         '$yes' => t('Yes'),
 106                         '$no' => t('No'),
 107                 ));
 108
 109                 return $o;
 110         }
 111
 112         echo api_call($a);
 113         killme();
 114 }