$record = $addon_auth['user_record'];
} else {
$user_id = User::authenticate(trim($user), trim($password));
- if ($user_id) {
+ if ($user_id !== false) {
$record = dba::selectFirst('user', [], ['uid' => $user_id]);
}
}
* @brief Main API entry point
*
* @param object $a App
- * @return string API call result
+ * @return string|array API call result
*/
function api_call(App $a)
{
break;
case "json":
header("Content-Type: application/json");
- foreach ($return as $rr) {
- $json = json_encode($rr);
- }
+ $json = json_encode(end($return));
if (x($_GET, 'callback')) {
$json = $_GET['callback'] . "(" . $json . ")";
}
*
* @param string $type Return type (xml, json, rss, as)
* @param object $e HTTPException Error object
- * @return string error message formatted as $type
+ * @return string|array error message formatted as $type
*/
function api_error($type, $e)
{
// Searching for contact id with uid = 0
if (!is_null($contact_id) && (intval($contact_id) != 0)) {
- $user = dbesc(api_unique_id_to_nurl($contact_id));
+ $user = dbesc(api_unique_id_to_nurl(intval($contact_id)));
if ($user == "") {
throw new BadRequestException("User not found.");
$argid = count($called_api);
list($user, $null) = explode(".", $a->argv[$argid]);
if (is_numeric($user)) {
- $user = dbesc(api_unique_id_to_nurl($user));
-
- if ($user == "") {
- return false;
- }
+ $user = dbesc(api_unique_id_to_nurl(intval($user)));
- $url = $user;
- $extra_query = "AND `contact`.`nurl` = '%s' ";
- if (api_user() !== false) {
- $extra_query .= "AND `contact`.`uid`=" . intval(api_user());
+ if ($user != "") {
+ $url = $user;
+ $extra_query = "AND `contact`.`nurl` = '%s' ";
+ if (api_user() !== false) {
+ $extra_query .= "AND `contact`.`uid`=" . intval(api_user());
+ }
}
} else {
$user = dbesc($user);
);
// Selecting the id by priority, friendica first
- api_best_nickname($uinfo);
+ if (is_array($uinfo)) {
+ api_best_nickname($uinfo);
+ }
// if the contact wasn't found, fetch it from the contacts with uid = 0
if (!DBM::is_result($uinfo)) {
* @param string $type Return type (atom, rss, xml, json)
* @param array $data JSON style array
*
- * @return (string|object|array) XML data or JSON data
+ * @return (string|array) XML data or JSON data
*/
function api_format_data($root_element, $type, $data)
{
$ret = api_create_xml($data, $root_element);
break;
case "json":
+ default:
$ret = $data;
break;
}
$status_info["entities"] = $converted["entities"];
}
- if (($lastwall['item_network'] != "") && ($status["source"] == 'web')) {
+ if (($lastwall['item_network'] != "") && ($status_info["source"] == 'web')) {
$status_info["source"] = ContactSelector::networkToName($lastwall['item_network'], $user_info['url']);
} elseif (($lastwall['item_network'] != "") && (ContactSelector::networkToName($lastwall['item_network'], $user_info['url']) != $status_info["source"])) {
$status_info["source"] = trim($status_info["source"].' ('.ContactSelector::networkToName($lastwall['item_network'], $user_info['url']).')');
// "uid" and "self" are only needed for some internal stuff, so remove it from here
unset($status_info["user"]["uid"]);
unset($status_info["user"]["self"]);
- }
- logger('status_info: '.print_r($status_info, true), LOGGER_DEBUG);
+ logger('status_info: '.print_r($status_info, true), LOGGER_DEBUG);
- if ($type == "raw") {
- return $status_info;
- }
+ if ($type == "raw") {
+ return $status_info;
+ }
- return api_format_data("statuses", $type, ['status' => $status_info]);
+ return api_format_data("statuses", $type, ['status' => $status_info]);
+ }
}
/**
*/
function api_search($type)
{
+ $a = get_app();
+ $user_info = api_get_user($a);
+
+ if (api_user() === false || $user_info === false) {
+ throw new ForbiddenException();
+ }
+
$data = [];
$sql_extra = '';
$since_id
);
- $data['status'] = api_format_items(dba::inArray($r), api_get_user(get_app()));
+ $data['status'] = api_format_items(dba::inArray($r), $user_info);
return api_format_data("statuses", $type, $data);
}
function api_statuses_home_timeline($type)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
unset($_REQUEST["screen_name"]);
unset($_GET["screen_name"]);
- $user_info = api_get_user($a);
- // get last newtork messages
+ // get last network messages
// params
$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
function api_statuses_public_timeline($type)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
- $user_info = api_get_user($a);
- // get last newtork messages
+ // get last network messages
// params
$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
function api_statuses_networkpublic_timeline($type)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
- $user_info = api_get_user($a);
-
$since_id = x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0;
$max_id = x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0;
function api_statuses_show($type)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
- $user_info = api_get_user($a);
-
// params
$id = intval($a->argv[3]);
function api_conversation_show($type)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
- $user_info = api_get_user($a);
-
// params
$id = intval($a->argv[3]);
$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
function api_statuses_mentions($type)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
unset($_REQUEST["screen_name"]);
unset($_GET["screen_name"]);
- $user_info = api_get_user($a);
- // get last newtork messages
-
+ // get last network messages
// params
$since_id = defaults($_REQUEST, 'since_id', 0);
function api_statuses_user_timeline($type)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
- $user_info = api_get_user($a);
-
logger(
"api_statuses_user_timeline: api_user: ". api_user() .
"\nuser_info: ".print_r($user_info, true) .
global $called_api;
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
$called_api = [];
- $user_info = api_get_user($a);
-
// in friendica starred item are private
// return favorites only for self
logger('api_favorites: self:' . $user_info['self']);
$user_info = api_get_user($a);
$uid = $user_info['uid'];
- $groups = dba::select('group', [], ['deleted' => 0, 'uid' => intval($uid)]);
+ $groups = dba::select('group', [], ['deleted' => 0, 'uid' => $uid]);
// loop through all groups
$lists = [];
{
$a = get_app();
- if (api_user() === false) {
+ $user_info = api_get_user($a);
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
unset($_REQUEST["screen_name"]);
unset($_GET["screen_name"]);
- $user_info = api_get_user($a);
- // get last newtork messages
+ if (empty($_REQUEST['list_id'])) {
+ throw new BadRequestException('list_id not specified');
+ }
// params
$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
}
$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
- //$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
$sql_extra .= ' AND `item`.`parent` = ' . intval($conversation_id);
}
- $statuses = q(
+ $statuses = dba::p(
"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
AND (NOT `contact`.`blocked` OR `contact`.`pending`)
STRAIGHT_JOIN `group_member` ON `group_member`.`contact-id` = `item`.`contact-id`
- WHERE `item`.`uid` = %d AND `verb` = '%s'
+ WHERE `item`.`uid` = ? AND `verb` = ?
AND `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
$sql_extra
- AND `item`.`id`>%d
- AND `group_member`.`gid` = %d
- ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
- intval(api_user()),
- dbesc(ACTIVITY_POST),
- intval($since_id),
- intval($_REQUEST['list_id']),
- intval($start),
- intval($count)
+ AND `item`.`id`>?
+ AND `group_member`.`gid` = ?
+ ORDER BY `item`.`id` DESC LIMIT ".intval($start)." ,".intval($count),
+ api_user(),
+ ACTIVITY_POST,
+ $since_id,
+ $_REQUEST['list_id']
);
- $items = api_format_items($statuses, $user_info, false, $type);
+ $items = api_format_items(dba::inArray($statuses), $user_info, false, $type);
$data = ['status' => $items];
switch ($type) {
* @brief delete a direct_message from mail table through api
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
* @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/delete-message
*/
function api_direct_messages_destroy($type)
function api_direct_messages_box($type, $box, $verbose)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
unset($_REQUEST["screen_name"]);
unset($_GET["screen_name"]);
- $user_info = api_get_user($a);
$profile_url = $user_info["url"];
// pagination
$sender = $user_info;
}
- $ret[] = api_format_messages($item, $recipient, $sender);
+ if (isset($recipient) && isset($sender)) {
+ $ret[] = api_format_messages($item, $recipient, $sender);
+ }
}
* @brief delete a complete photoalbum with all containing photos from database through api
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
*/
function api_fr_photoalbum_delete($type)
{
* @brief update the name of the album for all photos of an album
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
*/
function api_fr_photoalbum_update($type)
{
* @brief list all photos of the authenticated user
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
*/
function api_fr_photos_list($type)
{
* @brief upload a new photo or change an existing photo
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
*/
function api_fr_photo_create_update($type)
{
* @brief delete a single photo from the database through api
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
*/
function api_fr_photo_delete($type)
{
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
*
- * @return string
+ * @return string|array
* @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/post-account-update_profile_image
*/
function api_account_update_profile_image($type)
$fileext = "jpg";
} elseif ($filetype == "image/png") {
$fileext = "png";
+ } else {
+ throw new InternalServerErrorException('Unsupported filetype');
}
// change specified profile or all profiles to the new resource-id
if ($is_default_profile) {
logger("photo upload: new profile image upload ended", LOGGER_DEBUG);
}
- if ($r) {
+ if (isset($r) && $r) {
// create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo
if ($photo_id == null && $mediatype == "photo") {
post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility);
*/
function prepare_photo_data($type, $scale, $photo_id)
{
+ $a = get_app();
+ $user_info = api_get_user($a);
+
+ if ($user_info === false) {
+ throw new ForbiddenException();
+ }
+
$scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale)));
$data_sql = ($scale === false ? "" : "data, ");
);
// prepare output of comments
- $commentData = api_format_items($r, api_get_user(get_app()), false, $type);
+ $commentData = api_format_items($r, $user_info, false, $type);
$comments = [];
if ($type == "xml") {
$k = 0;
{
$data = BBCode::getAttachmentData($body);
- if (!$data) {
+ if (empty($data)) {
return $body;
}
$body = "";
}
// loop through all groups and retrieve all members for adding data in the user array
+ $grps = [];
foreach ($r as $rr) {
$members = Contact::getByGroupId($rr['id']);
$users = [];
}
// get data of the specified group id
- $group = dba::selectFirst('group', [], ['uid' => intval($uid), 'id' => intval($gid)]);
+ $group = dba::selectFirst('group', [], ['uid' => $uid, 'id' => $gid]);
// error message if specified gid is not in database
if (!$group) {
throw new BadRequestException('gid not available');
}
// return success message incl. missing users in array
- $status = ($erroraddinguser ? "missing user" : ($reactivate_group ? "reactivated" : "ok"));
+ $status = ($erroraddinguser ? "missing user" : ((isset($reactivate_group) && $reactivate_group) ? "reactivated" : "ok"));
return ['success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers];
}
foreach ($users as $user) {
$found = ($user['cid'] == $cid ? true : false);
}
- if (!$found) {
+ if (!isset($found) || !$found) {
Group::removeMemberByName($uid, $name, $cid);
}
}
}
// get data of the specified group id
- $group = dba::selectFirst('group', [], ['uid' => intval($uid), 'id' => intval($gid)]);
+ $group = dba::selectFirst('group', [], ['uid' => $uid, 'id' => $gid]);
// error message if specified gid is not in database
if (!$group) {
throw new BadRequestException('gid not available');
return api_format_data("lists", $type, ['lists' => $list]);
}
-
- return api_format_data("group_update", $type, ['result' => $success]);
}
api_register_func('api/lists/update', 'api_lists_update', true, API_METHOD_POST);
* @brief Returns notifications
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
*/
function api_friendica_notification($type)
{
* @brief Set notification as seen and returns associated item (if possible)
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
*/
function api_friendica_notification_seen($type)
{
$a = get_app();
+ $user_info = api_get_user($a);
- if (api_user() === false) {
+ if (api_user() === false || $user_info === false) {
throw new ForbiddenException();
}
if ($a->argc!==4) {
);
if ($r!==false) {
// we found the item, return it to the user
- $user_info = api_get_user($a);
$ret = api_format_items($r, $user_info, false, $type);
$data = ['status' => $ret];
return api_format_data("status", $type, $data);
* @brief update a direct_message to seen state
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string (success result=ok, error result=error with error message)
+ * @return string|array (success result=ok, error result=error with error message)
*/
function api_friendica_direct_messages_setseen($type)
{
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
* @param string $box
- * @return string (success: success=true if found and search_result contains found messages,
+ * @return string|array (success: success=true if found and search_result contains found messages,
* success=false if nothing was found, search_result='nothing found',
* error: result=error with error message)
*/
$sender = $user_info;
}
- $ret[] = api_format_messages($item, $recipient, $sender);
+ if (isset($recipient) && isset($sender)) {
+ $ret[] = api_format_messages($item, $recipient, $sender);
+ }
}
$success = ['success' => true, 'search_results' => $ret];
}
* @brief return data of all the profiles a user has to the client
*
* @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string
+ * @return string|array
*/
function api_friendica_profile_show($type)
{
}
// loop through all returned profiles and retrieve data and users
$k = 0;
+ $profiles = [];
foreach ($r as $rr) {
$profile = api_format_items_profiles($rr);
// select all users from contact table, loop and prepare standard return for user data
$users = [];
- $r = q(
+ $nurls = q(
"SELECT `id`, `nurl` FROM `contact` WHERE `uid`= %d AND `profile-id` = %d",
intval(api_user()),
intval($rr['profile_id'])
);
- foreach ($r as $rr) {
- $user = api_get_user($a, $rr['nurl']);
+ foreach ($nurls as $nurl) {
+ $user = api_get_user($a, $nurl['nurl']);
($type == "xml") ? $users[$k++ . ":user"] = $user : $users[] = $user;
}
$profile['users'] = $users;