/**
* Simple HTTP Login
*/
+
function api_login(&$a){
// login with oauth
try{
if (!isset($_SERVER['PHP_AUTH_USER'])) {
logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Friendika"');
+ header('WWW-Authenticate: Basic realm="Friendica"');
header('HTTP/1.0 401 Unauthorized');
die('This api requires login');
}
header('HTTP/1.0 401 Unauthorized');
die('This api requires login');
}
- $_SESSION['uid'] = $record['uid'];
- $_SESSION['theme'] = $record['theme'];
- $_SESSION['authenticated'] = 1;
- $_SESSION['page_flags'] = $record['page-flags'];
- $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $record['nickname'];
- $_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
-
- //notice( t("Welcome back ") . $record['username'] . EOL);
- $a->user = $record;
-
- if(strlen($a->user['timezone'])) {
- date_default_timezone_set($a->user['timezone']);
- $a->timezone = $a->user['timezone'];
- }
- $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
- intval($_SESSION['uid']));
- if(count($r)) {
- $a->contact = $r[0];
- $a->cid = $r[0]['id'];
- $_SESSION['cid'] = $a->cid;
- }
- q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
- dbesc(datetime_convert()),
- intval($_SESSION['uid'])
- );
+ require_once('include/security.php');
+ authenticate_success($record);
call_hooks('logged_in', $a->user);
- header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"');
}
/**************************
foreach ($API as $p=>$info){
if (strpos($a->query_string, $p)===0){
$called_api= explode("/",$p);
- #unset($_SERVER['PHP_AUTH_USER']);
+ //unset($_SERVER['PHP_AUTH_USER']);
if ($info['auth']===true && local_user()===false) {
api_login($a);
}
// TODO - media uploads
function api_statuses_update(&$a, $type) {
- if (local_user()===false) return false;
+ if (local_user()===false) {
+ logger('api_statuses_update: no user');
+ return false;
+ }
$user_info = api_get_user($a);
// convert $_POST array items to the form we use for web posts.
$purifier = new HTMLPurifier($config);
$txt = $purifier->purify($txt);
- $_POST['body'] = html2bbcode($txt);
+ $_REQUEST['body'] = html2bbcode($txt);
}
}
else
- $_POST['body'] = urldecode(requestdata('status'));
+ $_REQUEST['body'] = urldecode(requestdata('status'));
$parent = requestdata('in_reply_to_status_id');
if(ctype_digit($parent))
- $_POST['parent'] = $parent;
+ $_REQUEST['parent'] = $parent;
else
- $_POST['parent_uri'] = $parent;
+ $_REQUEST['parent_uri'] = $parent;
if(requestdata('lat') && requestdata('long'))
- $_POST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long'));
- $_POST['profile_uid'] = local_user();
+ $_REQUEST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long'));
+ $_REQUEST['profile_uid'] = local_user();
if(requestdata('parent'))
- $_POST['type'] = 'net-comment';
+ $_REQUEST['type'] = 'net-comment';
else
- $_POST['type'] = 'wall';
+ $_REQUEST['type'] = 'wall';
// set this so that the item_post() function is quiet and doesn't redirect or emit json
- $_POST['api_source'] = true;
+ $_REQUEST['api_source'] = true;
// call out normal post function
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item`, `contact`
WHERE `item`.`uid` = %d
- AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
FROM `item`, `contact`
WHERE `item`.`uid` = %d
AND `item`.`contact-id` = %d
- AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item`, `contact`
WHERE `item`.`uid` = %d
- AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
AND `item`.`starred` = 1
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0