X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=1196e0aac75b77246830f65ed82dc0da6eb91611;hb=4b95e8ebe8719827566b484810dfe140f7b51726;hp=1f58a6baae3e77a264789d754ebe95003bc1949e;hpb=d49895a8a10442e1a585732e94230ac51e92396d;p=friendica.git diff --git a/include/api.php b/include/api.php index 1f58a6baae..1196e0aac7 100644 --- a/include/api.php +++ b/include/api.php @@ -2,7 +2,7 @@ require_once("bbcode.php"); require_once("datetime.php"); require_once("conversation.php"); - + require_once("oauth.php"); /* * Twitter-Like API * @@ -27,6 +27,23 @@ * Simple HTTP Login */ function api_login(&$a){ + // login with oauth + try{ + $oauth = new FKOAuth1(); + list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); + if (!is_null($token)){ + $oauth->loginUser($token->uid); + call_hooks('logged_in', $a->user); + return; + } + echo __file__.__line__.__function__."
"; var_dump($consumer, $token); die();
+		}catch(Exception $e){
+			logger(__file__.__line__.__function__."\n".$e);
+			//die(__file__.__line__.__function__."
".$e); die();
+		}
+
+		
+		
 		// workaround for HTTP-auth in CGI mode
 		if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
 		 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
@@ -55,7 +72,7 @@
 		// process normal login request
 
 		$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) 
-			AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
+			AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
 			dbesc(trim($user)),
 			dbesc(trim($user)),
 			dbesc($encrypted)
@@ -404,14 +421,6 @@
 		return $ret; 
 	}
 
-	/**
-	 * apply xmlify() to all values of array $val, recursively
-	 */
-	function api_xmlify($val){
-		if (is_bool($val)) return $val?"true":"false";
-		if (is_array($val)) return array_map('api_xmlify', $val);
-		return xmlify((string) $val);
-	}
 
 	/**
 	 *  load api $templatename for $type and replace $data array
@@ -424,7 +433,7 @@
 			case "atom":
 			case "rss":
 			case "xml":
-				$data = api_xmlify($data);
+				$data = array_xmlify($data);
 				$tpl = get_markup_template("api_".$templatename."_".$type.".tpl");
 				$ret = replace_macros($tpl, $data);
 				break;
@@ -466,6 +475,7 @@
 		}
 		return null;
 	}
+
 	// TODO - media uploads
 	function api_statuses_update(&$a, $type) {
 		if (local_user()===false) return false;
@@ -475,7 +485,28 @@
 
 		// logger('api_post: ' . print_r($_POST,true));
 
-		$_POST['body'] = urldecode(requestdata('status'));
+		if(requestdata('htmlstatus')) {
+			require_once('library/HTMLPurifier.auto.php');
+			require_once('include/html2bbcode.php');
+
+			$txt = requestdata('htmlstatus');
+			if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
+
+				$txt = html2bb_video($txt);
+
+				$config = HTMLPurifier_Config::createDefault();
+				$config->set('Cache.DefinitionImpl', null);
+
+
+				$purifier = new HTMLPurifier($config);
+				$txt = $purifier->purify($txt);
+
+				$_POST['body'] = html2bbcode($txt);
+			}
+
+		}
+		else
+			$_POST['body'] = urldecode(requestdata('status'));
 
 		$parent = requestdata('in_reply_to_status_id');
 		if(ctype_digit($parent))
@@ -1113,3 +1144,31 @@
 	}
 	api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true);
 	api_register_func('api/direct_messages','api_direct_messages_inbox',true);
+
+
+
+	function api_oauth_request_token(&$a, $type){
+		try{
+			$oauth = new FKOAuth1();
+			$r = $oauth->fetch_request_token(OAuthRequest::from_request());
+		}catch(Exception $e){
+			echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
+		}
+		echo $r;
+		killme();	
+	}
+	function api_oauth_access_token(&$a, $type){
+		try{
+			$oauth = new FKOAuth1();
+			$r = $oauth->fetch_access_token(OAuthRequest::from_request());
+		}catch(Exception $e){
+			echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
+		}
+		echo $r;
+		killme();			
+	}
+
+	api_register_func('api/oauth/request_token', 'api_oauth_request_token', false);
+	api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
+
+