mod/api.php

   1 <?php
   2
   3 use Friendica\App;
   4
   5 require_once('include/api.php');
   6
   7 function oauth_get_client($request){
   8
   9
  10         $params = $request->get_parameters();
  11         $token = $params['oauth_token'];
  12
  13         $r = q("SELECT `clients`.*
  14                         FROM `clients`, `tokens`
  15                         WHERE `clients`.`client_id`=`tokens`.`client_id`
  16                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'",
  17                         dbesc($token));
  18
  19         if (!dbm::is_result($r))
  20                 return null;
  21
  22         return $r[0];
  23 }
  24
  25 function api_post(App $a) {
  26
  27         if (! local_user()) {
  28                 notice( t('Permission denied.') . EOL);
  29                 return;
  30         }
  31
  32         if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_user()) {
  33                 notice( t('Permission denied.') . EOL);
  34                 return;
  35         }
  36
  37 }
  38
  39 function api_content(App $a) {
  40         if ($a->cmd=='api/oauth/authorize'){
  41                 /*
  42                  * api/oauth/authorize interact with the user. return a standard page
  43                  */
  44
  45                 $a->page['template'] = "minimal";
  46
  47
  48                 // get consumer/client from request token
  49                 try {
  50                         $request = OAuthRequest::from_request();
  51                 } catch(Exception $e) {
  52                         echo "<pre>"; var_dump($e); killme();
  53                 }
  54
  55
  56                 if (x($_POST,'oauth_yes')){
  57
  58                         $app = oauth_get_client($request);
  59                         if (is_null($app)) return "Invalid request. Unknown token.";
  60                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
  61
  62                         $verifier = md5($app['secret'].local_user());
  63                         set_config("oauth", $verifier, local_user());
  64
  65
  66                         if ($consumer->callback_url!=null) {
  67                                 $params = $request->get_parameters();
  68                                 $glue="?";
  69                                 if (strstr($consumer->callback_url,$glue)) $glue="?";
  70                                 goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier));
  71                                 killme();
  72                         }
  73
  74
  75
  76                         $tpl = get_markup_template("oauth_authorize_done.tpl");
  77                         $o = replace_macros($tpl, array(
  78                                 '$title' => t('Authorize application connection'),
  79                                 '$info' => t('Return to your app and insert this Securty Code:'),
  80                                 '$code' => $verifier,
  81                         ));
  82
  83                         return $o;
  84
  85
  86                 }
  87
  88
  89                 if (! local_user()) {
  90                         /// @TODO We need login form to redirect to this page
  91                         notice( t('Please login to continue.') . EOL );
  92                         return login(false,$request->get_parameters());
  93                 }
  94                 //FKOAuth1::loginUser(4);
  95
  96                 $app = oauth_get_client($request);
  97                 if (is_null($app)) return "Invalid request. Unknown token.";
  98
  99
 100
 101
 102                 $tpl = get_markup_template('oauth_authorize.tpl');
 103                 $o = replace_macros($tpl, array(
 104                         '$title' => t('Authorize application connection'),
 105                         '$app' => $app,
 106                         '$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
 107                         '$yes'  => t('Yes'),
 108                         '$no'   => t('No'),
 109                 ));
 110
 111                 //echo "<pre>"; var_dump($app); killme();
 112
 113                 return $o;
 114         }
 115
 116         echo api_call($a);
 117         killme();
 118 }