X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=c8a313ce198e764187d505ca3d61c6f077001b3e;hb=219932f692e09924685e34f5866135c6956dd347;hp=1ccd3edb3d915a0d3af5df48e8246eb79742b93e;hpb=d60122e7a6ffd395465ca07232d29182e4e878f2;p=friendica.git diff --git a/include/api.php b/include/api.php index 1ccd3edb3d..c8a313ce19 100644 --- a/include/api.php +++ b/include/api.php @@ -26,6 +26,19 @@ return false; } + function api_source() { + if (requestdata('source')) + return (requestdata('source')); + + // Support for known clients that doesn't send a source name + if (strstr($_SERVER['HTTP_USER_AGENT'], "Twidere")) + return ("Twidere"); + + logger("Unrecognized user-agent ".$_SERVER['HTTP_USER_AGENT'], LOGGER_DEBUG); + + return ("api"); + } + function api_date($str){ //Wed May 23 06:01:13 +0000 2007 return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" ); @@ -83,24 +96,49 @@ } $user = $_SERVER['PHP_AUTH_USER']; - $encrypted = hash('whirlpool',trim($_SERVER['PHP_AUTH_PW'])); + $password = $_SERVER['PHP_AUTH_PW']; + $encrypted = hash('whirlpool',trim($password)); /** * next code from mod/auth.php. needs better solution */ + $record = null; - // process normal login request - - $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) - AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", - dbesc(trim($user)), - dbesc(trim($user)), - dbesc($encrypted) + $addon_auth = array( + 'username' => trim($user), + 'password' => trim($password), + 'authenticated' => 0, + 'user_record' => null ); - if(count($r)){ - $record = $r[0]; - } else { + + /** + * + * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record + * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained + * and later plugins should not interfere with an earlier one that succeeded. + * + */ + + call_hooks('authenticate', $addon_auth); + + if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) { + $record = $addon_auth['user_record']; + } + else { + // process normal login request + + $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) + AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", + dbesc(trim($user)), + dbesc(trim($user)), + dbesc($encrypted) + ); + if(count($r)) + $record = $r[0]; + } + + if((! $record) || (! count($record))) { logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); header('WWW-Authenticate: Basic realm="Friendica"'); header('HTTP/1.0 401 Unauthorized'); @@ -153,7 +191,10 @@ case "json": header ("Content-Type: application/json"); foreach($r as $rr) - return json_encode($rr); + $json = json_encode($rr); + if ($_GET['callback']) + $json = $_GET['callback']."(".$json.")"; + return $json; break; case "rss": header ("Content-Type: application/rss+xml"); @@ -181,6 +222,7 @@ } function api_error(&$a, $type, $error) { + # TODO: https://dev.twitter.com/overview/api/response-codes $r = "".$error."".$a->query_string.""; switch($type){ case "xml": @@ -665,6 +707,7 @@ logger('api_statuses_update: no user'); return false; } + $user_info = api_get_user($a); // convert $_POST array items to the form we use for web posts. @@ -709,8 +752,64 @@ if($parent) $_REQUEST['type'] = 'net-comment'; else { -// logger("api_statuses_update: upload ".print_r($_FILES, true)." ".print_r($_POST, true)." ".print_r($_GET, true), LOGGER_DEBUG); -//die("blubb"); + // Check for throttling (maximum posts per day, week and month) + $throttle_day = get_config('system','throttle_limit_day'); + if ($throttle_day > 0) { + $datefrom = date("Y-m-d H:i:s", time() - 24*60*60); + + $r = q("SELECT COUNT(*) AS `posts_day` FROM `item` WHERE `uid`=%d AND `wall` + AND `created` > '%s' AND `id` = `parent`", + intval(api_user()), dbesc($datefrom)); + + if ($r) + $posts_day = $r[0]["posts_day"]; + else + $posts_day = 0; + + if ($posts_day > $throttle_day) { + logger('Daily posting limit reached for user '.api_user(), LOGGER_DEBUG); + die(api_error($a, $type, sprintf(t("Daily posting limit of %d posts reached. The post was rejected."), $throttle_day))); + } + } + + $throttle_week = get_config('system','throttle_limit_week'); + if ($throttle_week > 0) { + $datefrom = date("Y-m-d H:i:s", time() - 24*60*60*7); + + $r = q("SELECT COUNT(*) AS `posts_week` FROM `item` WHERE `uid`=%d AND `wall` + AND `created` > '%s' AND `id` = `parent`", + intval(api_user()), dbesc($datefrom)); + + if ($r) + $posts_week = $r[0]["posts_week"]; + else + $posts_week = 0; + + if ($posts_week > $throttle_week) { + logger('Weekly posting limit reached for user '.api_user(), LOGGER_DEBUG); + die(api_error($a, $type, sprintf(t("Weekly posting limit of %d posts reached. The post was rejected."), $throttle_week))); + } + } + + $throttle_month = get_config('system','throttle_limit_month'); + if ($throttle_month > 0) { + $datefrom = date("Y-m-d H:i:s", time() - 24*60*60*30); + + $r = q("SELECT COUNT(*) AS `posts_month` FROM `item` WHERE `uid`=%d AND `wall` + AND `created` > '%s' AND `id` = `parent`", + intval(api_user()), dbesc($datefrom)); + + if ($r) + $posts_month = $r[0]["posts_month"]; + else + $posts_month = 0; + + if ($posts_month > $throttle_month) { + logger('Monthly posting limit reached for user '.api_user(), LOGGER_DEBUG); + die(api_error($a, $type, sprintf(t("Monthly posting limit of %d posts reached. The post was rejected."), $throttle_month))); + } + } + $_REQUEST['type'] = 'wall'; if(x($_FILES,'media')) { // upload the image if we have one @@ -726,8 +825,8 @@ $_REQUEST['api_source'] = true; - if (!isset($_REQUEST["source"]) OR ($_REQUEST["source"] == "")) - $_REQUEST["source"] = "api"; + if (!x($_REQUEST, "source")) + $_REQUEST["source"] = api_source(); // call out normal post function @@ -749,7 +848,7 @@ // get last public wall message $lastwall = q("SELECT `item`.*, `i`.`contact-id` as `reply_uid`, `i`.`author-link` AS `item-author` FROM `item`, `item` as `i` - WHERE `item`.`contact-id` = %d + WHERE `item`.`contact-id` = %d AND `item`.`uid` = %d AND ((`item`.`author-link` IN ('%s', '%s')) OR (`item`.`owner-link` IN ('%s', '%s'))) AND `i`.`id` = `item`.`parent` AND `item`.`type`!='activity' @@ -757,6 +856,7 @@ ORDER BY `item`.`created` DESC LIMIT 1", intval($user_info['cid']), + intval(api_user()), dbesc($user_info['url']), dbesc(normalise_link($user_info['url'])), dbesc($user_info['url']), @@ -798,8 +898,10 @@ $in_reply_to_screen_name = NULL; } + $converted = api_convert_item($item); + $status_info = array( - 'text' => trim(html2plain(bbcode(api_clean_plain_items($lastwall['body']), false, false, 2, true), 0)), + 'text' => $converted["text"], 'truncated' => false, 'created_at' => api_date($lastwall['created']), 'in_reply_to_status_id' => $in_reply_to_status_id, @@ -811,19 +913,17 @@ 'in_reply_to_user_id_str' => $in_reply_to_user_id_str, 'in_reply_to_screen_name' => $in_reply_to_screen_name, 'geo' => NULL, - 'favorited' => false, - // attachments + 'favorited' => $lastwall['starred'] ? true : false, 'user' => $user_info, - 'statusnet_html' => trim(bbcode($lastwall['body'], false, false)), + 'statusnet_html' => $converted["html"], 'statusnet_conversation_id' => $lastwall['parent'], ); - if ($lastwall['title'] != "") - $status_info['statusnet_html'] = "

".bbcode($lastwall['title'])."

\n".$status_info['statusnet_html']; + if (count($converted["attachments"]) > 0) + $status_info["attachments"] = $converted["attachments"]; - $entities = api_get_entitities($status_info['text'], $lastwall['body']); - if (count($entities) > 0) - $status_info['entities'] = $entities; + if (count($converted["entities"]) > 0) + $status_info["entities"] = $converted["entities"]; if (($lastwall['item_network'] != "") AND ($status["source"] == 'web')) $status_info["source"] = network_to_name($lastwall['item_network']); @@ -897,8 +997,11 @@ } } } + + $converted = api_convert_item($item); + $user_info['status'] = array( - 'text' => trim(html2plain(bbcode(api_clean_plain_items($lastwall['body']), false, false, 2, true), 0)), + 'text' => $converted["text"], 'truncated' => false, 'created_at' => api_date($lastwall['created']), 'in_reply_to_status_id' => $in_reply_to_status_id, @@ -910,17 +1013,16 @@ 'in_reply_to_user_id_str' => $in_reply_to_user_id_str, 'in_reply_to_screen_name' => $in_reply_to_screen_name, 'geo' => NULL, - 'favorited' => false, - 'statusnet_html' => trim(bbcode($lastwall['body'], false, false)), + 'favorited' => $lastwall['starred'] ? true : false, + 'statusnet_html' => $converted["html"], 'statusnet_conversation_id' => $lastwall['parent'], ); - if ($lastwall['title'] != "") - $user_info['statusnet_html'] = "

".bbcode($lastwall['title'])."

\n".$user_info['statusnet_html']; + if (count($converted["attachments"]) > 0) + $user_info["status"]["attachments"] = $converted["attachments"]; - $entities = api_get_entitities($user_info['text'], $lastwall['body']); - if (count($entities) > 0) - $user_info['entities'] = $entities; + if (count($converted["entities"]) > 0) + $user_info["status"]["entities"] = $converted["entities"]; if (($lastwall['item_network'] != "") AND ($user_info["status"]["source"] == 'web')) $user_info["status"]["source"] = network_to_name($lastwall['item_network']); @@ -1029,9 +1131,9 @@ // We aren't going to try to figure out at the item, group, and page // level which items you've seen and which you haven't. If you're looking - // at the network timeline just mark everything seen. + // at the network timeline just mark everything seen. - $r = q("UPDATE `item` SET `unseen` = 0 + $r = q("UPDATE `item` SET `unseen` = 0 WHERE `unseen` = 1 AND `uid` = %d", //intval($user_info['uid']) intval(api_user()) @@ -1125,7 +1227,7 @@ api_register_func('api/statuses/public_timeline','api_statuses_public_timeline', true); /** - * + * */ function api_statuses_show(&$a, $type){ if (api_user()===false) return false; @@ -1303,8 +1405,8 @@ $_REQUEST['type'] = 'wall'; $_REQUEST['api_source'] = true; - if (!isset($_REQUEST["source"]) OR ($_REQUEST["source"] == "")) - $_REQUEST["source"] = "api"; + if (!x($_REQUEST, "source")) + $_REQUEST["source"] = api_source(); require_once('mod/item.php'); item_post($a); @@ -1346,9 +1448,9 @@ api_register_func('api/statuses/destroy','api_statuses_destroy', true); /** - * + * * http://developer.twitter.com/doc/get/statuses/mentions - * + * */ function api_statuses_mentions(&$a, $type){ if (api_user()===false) return false; @@ -1495,6 +1597,69 @@ api_register_func('api/statuses/user_timeline','api_statuses_user_timeline', true); + /** + * Star/unstar an item + * param: id : id of the item + * + * api v1 : https://web.archive.org/web/20131019055350/https://dev.twitter.com/docs/api/1/post/favorites/create/%3Aid + */ + function api_favorites_create_destroy(&$a, $type){ + if (api_user()===false) return false; + + # for versioned api. + # TODO: we need a better global soluton + $action_argv_id=2; + if ($a->argv[1]=="1.1") $action_argv_id=3; + + if ($a->argc<=$action_argv_id) die(api_error($a, $type, t("Invalid request."))); + $action = str_replace(".".$type,"",$a->argv[$action_argv_id]); + if ($a->argc==$action_argv_id+2) { + $itemid = intval($a->argv[$action_argv_id+1]); + } else { + $itemid = intval($_REQUEST['id']); + } + + $item = q("SELECT * FROM item WHERE id=%d AND uid=%d", + $itemid, api_user()); + + if ($item===false || count($item)==0) die(api_error($a, $type, t("Invalid item."))); + + switch($action){ + case "create": + $item[0]['starred']=1; + break; + case "destroy": + $item[0]['starred']=0; + break; + default: + die(api_error($a, $type, t("Invalid action. ".$action))); + } + $r = q("UPDATE item SET starred=%d WHERE id=%d AND uid=%d", + $item[0]['starred'], $itemid, api_user()); + + q("UPDATE thread SET starred=%d WHERE iid=%d AND uid=%d", + $item[0]['starred'], $itemid, api_user()); + + if ($r===false) die(api_error($a, $type, t("DB error"))); + + + $user_info = api_get_user($a); + $rets = api_format_items($item,$user_info); + $ret = $rets[0]; + + $data = array('$status' => $ret); + switch($type){ + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_apply_template("status", $type, $data); + } + + api_register_func('api/favorites/create', 'api_favorites_create_destroy', true); + api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true); + function api_favorites(&$a, $type){ global $called_api; @@ -1530,7 +1695,7 @@ `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` FROM `item`, `contact` - WHERE `item`.`uid` = %d AND `verb` = '%s' + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 AND `item`.`starred` = 1 AND `contact`.`id` = `item`.`contact-id` @@ -1539,7 +1704,6 @@ AND `item`.`id`>%d ORDER BY `item`.`id` DESC LIMIT %d ,%d ", intval(api_user()), - dbesc(ACTIVITY_POST), intval($since_id), intval($start), intval($count) ); @@ -1560,6 +1724,9 @@ api_register_func('api/favorites','api_favorites', true); + + + function api_format_as($a, $ret, $user_info) { $as = array(); @@ -1667,6 +1834,67 @@ return $ret; } + function api_convert_item($item) { + + $body = $item['body']; + $attachments = api_get_attachments($body); + + // Workaround for ostatus messages where the title is identically to the body + $html = bbcode(api_clean_plain_items($body), false, false, 2, true); + $statusbody = trim(html2plain($html, 0)); + + // handle data: images + $statusbody = api_format_items_embeded_images($item,$statusbody); + + $statustitle = trim($item['title']); + + if (($statustitle != '') and (strpos($statusbody, $statustitle) !== false)) + $statustext = trim($statusbody); + else + $statustext = trim($statustitle."\n\n".$statusbody); + + if (($item["network"] == NETWORK_FEED) and (strlen($statustext)> 1000)) + $statustext = substr($statustext, 0, 1000)."... \n".$item["plink"]; + + $statushtml = trim(bbcode($body, false, false)); + + if ($item['title'] != "") + $statushtml = "

".bbcode($item['title'])."

\n".$statushtml; + + $entities = api_get_entitities($statustext, $body); + + return(array("text" => $statustext, "html" => $statushtml, "attachments" => $attachments, "entities" => $entities)); + } + + function api_get_attachments(&$body) { + + $text = $body; + $text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $text); + + $URLSearchString = "^\[\]"; + $ret = preg_match_all("/\[img\]([$URLSearchString]*)\[\/img\]/ism", $text, $images); + + if (!$ret) + return false; + + require_once("include/Photo.php"); + + $attachments = array(); + + foreach ($images[1] AS $image) { + $imagedata = get_photo_info($image); + + if ($imagedata) + $attachments[] = array("url" => $image, "mimetype" => $imagedata["mime"], "size" => $imagedata["size"]); + } + + if (strstr($_SERVER['HTTP_USER_AGENT'], "AndStatus")) + foreach ($images[0] AS $orig) + $body = str_replace($orig, "", $body); + + return $attachments; + } + function api_get_entitities(&$text, $bbcode) { /* To-Do: @@ -1824,6 +2052,16 @@ return($entities); } + function api_format_items_embeded_images($item, $text){ + $a = get_app(); + $text = preg_replace_callback( + "|data:image/([^;]+)[^=]+=*|m", + function($match) use ($a, $item) { + return $a->get_baseurl()."/display/".$item['guid']; + }, + $text); + return $text; + } function api_format_items($r,$user_info, $filter_user = false) { @@ -1831,7 +2069,7 @@ $ret = Array(); foreach($r as $item) { - api_share_as_retweet($a, api_user(), $item); + api_share_as_retweet($item); localize_item($item); $status_user = api_item_get_user($a,$item); @@ -1878,23 +2116,10 @@ $in_reply_to_status_id_str = NULL; } - // Workaround for ostatus messages where the title is identically to the body - //$statusbody = trim(html2plain(bbcode(api_clean_plain_items($item['body']), false, false, 5, true), 0)); - $html = bbcode(api_clean_plain_items($item['body']), false, false, 2, true); - $statusbody = trim(html2plain($html, 0)); - - $statustitle = trim($item['title']); - - if (($statustitle != '') and (strpos($statusbody, $statustitle) !== false)) - $statustext = trim($statusbody); - else - $statustext = trim($statustitle."\n\n".$statusbody); - - if (($item["network"] == NETWORK_FEED) and (strlen($statustext)> 1000)) - $statustext = substr($statustext, 0, 1000)."... \n".$item["plink"]; + $converted = api_convert_item($item); $status = array( - 'text' => $statustext, + 'text' => $converted["text"], 'truncated' => False, 'created_at'=> api_date($item['created']), 'in_reply_to_status_id' => $in_reply_to_status_id, @@ -1907,19 +2132,17 @@ 'in_reply_to_screen_name' => $in_reply_to_screen_name, 'geo' => NULL, 'favorited' => $item['starred'] ? true : false, - //'attachments' => array(), 'user' => $status_user , //'entities' => NULL, - 'statusnet_html' => trim(bbcode($item['body'], false, false)), + 'statusnet_html' => $converted["html"], 'statusnet_conversation_id' => $item['parent'], ); - if ($item['title'] != "") - $status['statusnet_html'] = "

".bbcode($item['title'])."

\n".$status['statusnet_html']; + if (count($converted["attachments"]) > 0) + $status["attachments"] = $converted["attachments"]; - $entities = api_get_entitities($status['text'], $item['body']); - if (count($entities) > 0) - $status['entities'] = $entities; + if (count($converted["entities"]) > 0) + $status["entities"] = $converted["entities"]; if (($item['item_network'] != "") AND ($status["source"] == 'web')) $status["source"] = network_to_name($item['item_network']); @@ -2232,13 +2455,6 @@ function api_direct_messages_box(&$a, $type, $box) { if (api_user()===false) return false; - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); - - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); - - $user_info = api_get_user($a); // params $count = (x($_GET,'count')?$_GET['count']:20); @@ -2248,11 +2464,25 @@ $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0); - $start = $page*$count; + $user_id = (x($_REQUEST,'user_id')?$_REQUEST['user_id']:""); + $screen_name = (x($_REQUEST,'screen_name')?$_REQUEST['screen_name']:""); + + // caller user info + unset($_REQUEST["user_id"]); + unset($_GET["user_id"]); + + unset($_REQUEST["screen_name"]); + unset($_GET["screen_name"]); + $user_info = api_get_user($a); //$profile_url = $a->get_baseurl() . '/profile/' . $a->user['nickname']; $profile_url = $user_info["url"]; + + // pagination + $start = $page*$count; + + // filters if ($box=="sentbox") { $sql_extra = "`mail`.`from-url`='".dbesc( $profile_url )."'"; } @@ -2269,24 +2499,31 @@ if ($max_id > 0) $sql_extra .= ' AND `mail`.`id` <= '.intval($max_id); + if ($user_id !="") { + $sql_extra .= ' AND `mail`.`contact-id` = ' . intval($user_id); + } + elseif($screen_name !=""){ + $sql_extra .= " AND `contact`.`nick` = '" . dbesc($screen_name). "'"; + } + $r = q("SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND $sql_extra AND `mail`.`id` > %d ORDER BY `mail`.`id` DESC LIMIT %d,%d", intval(api_user()), intval($since_id), intval($start), intval($count) ); + $ret = Array(); foreach($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url){ $recipient = $user_info; $sender = api_get_user($a,normalise_link($item['contact-url'])); } - elseif ($box == "sentbox" || $item['from-url'] != $profile_url){ + elseif ($box == "sentbox" || $item['from-url'] == $profile_url){ $recipient = api_get_user($a,normalise_link($item['contact-url'])); $sender = $user_info; } - $ret[]=api_format_messages($item, $recipient, $sender); } @@ -2376,7 +2613,7 @@ echo json_encode($r[0]); } - killme(); + killme(); } api_register_func('api/friendica/photos/list', 'api_fr_photos_list', true); @@ -2384,10 +2621,7 @@ - - - -function api_share_as_retweet($a, $uid, &$item) { +function api_share_as_retweet(&$item) { $body = trim($item["body"]); // Skip if it isn't a pure repeated messages @@ -2431,6 +2665,15 @@ function api_share_as_retweet($a, $uid, &$item) { if ($matches[1] != "") $avatar = $matches[1]; + $link = ""; + preg_match("/link='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $link = $matches[1]; + + preg_match('/link="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") + $link = $matches[1]; + $shared_body = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","$2",$body); if (($shared_body == "") OR ($profile == "") OR ($author == "") OR ($avatar == "")) @@ -2440,6 +2683,7 @@ function api_share_as_retweet($a, $uid, &$item) { $item["author-name"] = $author; $item["author-link"] = $profile; $item["author-avatar"] = $avatar; + $item["plink"] = $link; return(true); @@ -2597,9 +2841,6 @@ function api_best_nickname(&$contacts) { /* Not implemented by now: -favorites -favorites/create -favorites/destroy statuses/retweets_of_me friendships/create friendships/destroy