diff options
Diffstat (limited to 'actions/api.php')
-rw-r--r-- | actions/api.php | 48 |
1 files changed, 23 insertions, 25 deletions
diff --git a/actions/api.php b/actions/api.php index c4cfd569d..47a69f152 100644 --- a/actions/api.php +++ b/actions/api.php @@ -26,14 +26,14 @@ class ApiAction extends Action { var $api_arg; var $api_method; var $api_action; - + function handle($args) { parent::handle($args); $this->api_action = $this->arg('apiaction'); $method = $this->arg('method'); $argument = $this->arg('argument'); - + if (isset($argument)) { $cmdext = explode('.', $argument); $this->api_arg = $cmdext[0]; @@ -45,71 +45,70 @@ class ApiAction extends Action { $this->api_method = $cmdext[0]; $this->content_type = strtolower($cmdext[1]); } - + # XXX Maybe check to see if the command actually exists first? if($this->requires_auth()) { if (!isset($_SERVER['PHP_AUTH_USER'])) { - + # This header makes basic auth go header('WWW-Authenticate: Basic realm="Laconica API"'); - + # if the user hits cancel -- bam! - $this->show_basic_auth_error(); + $this->show_basic_auth_error(); } else { $nickname = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $user = common_check_user($nickname, $password); - + if ($user) { $this->user = $user; $this->process_command(); } else { # basic authentication failed - $this->show_basic_auth_error(); - } + $this->show_basic_auth_error(); + } } } else { $this->process_command(); - } + } } - - function process_command() { + + function process_command() { $action = "twitapi$this->api_action"; - $actionfile = INSTALLDIR."/actions/$action.php"; + $actionfile = INSTALLDIR."/actions/$action.php"; if (file_exists($actionfile)) { require_once($actionfile); $action_class = ucfirst($action)."Action"; $action_obj = new $action_class(); if (method_exists($action_obj, $this->api_method)) { - + $apidata = array( 'content-type' => $this->content_type, 'api_method' => $this->api_method, 'api_arg' => $this->api_arg, 'user' => $this->user); - + call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); - # all API methods should exit() } + } else { + common_user_error("API method not found!", $code=404); } - common_user_error("API method not found!", $code=404); } - # Whitelist of API methods that don't need authentication function requires_auth() { static $noauth = array( 'statuses/public_timeline', 'statuses/show', 'users/show', - 'help/test', + 'help/test', 'help/downtime_schedule'); - + static $bareauth = array('statuses/user_timeline', - 'statuses/friends', + 'statuses/friends', 'statuses/followers'); $fullname = "$this->api_action/$this->api_method"; - + if (in_array($fullname, $bareauth)) { # bareauth: only needs auth if without an argument if ($this->api_arg) { @@ -125,12 +124,11 @@ class ApiAction extends Action { return true; } } - + function show_basic_auth_error() { header('HTTP/1.1 401 Unauthorized'); header('Content-type: text/plain'); print("Could not authenticate you."); # exactly what Twitter says - no \n - exit(); } - + } |