api post sort of working - output status,user need to be swapped

.htaccess

@@ -9,13 +9,15 @@ Deny from all
 <IfModule mod_rewrite.c>
   RewriteEngine on
 
+#  RewriteRule api.* - [E=REMOTE_USER:%{HTTP:Authorization},L]
+
   # Protect repo directory from browsing
   RewriteRule "(^|/)\.git" - [F]
 
   # Rewrite current-style URLs of the form 'index.php?q=x'.
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
-  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
+  RewriteRule ^(.*)$ index.php?q=$1 [E=REMOTE_USER:%{HTTP:Authorization},L,QSA]
 
 </IfModule>
 

include/api.php

@@ -27,10 +27,21 @@
 	 * Simple HTTP Login
 	 */
 	function api_login(&$a){
+		// workaround for HTTP-auth in CGI mode
+		if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
+		 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
+			if(strlen($userpass)) {
+			 	list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW'] = $password;
+			}
+		}
+
 		if (!isset($_SERVER['PHP_AUTH_USER'])) {
+		   logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
 		    header('WWW-Authenticate: Basic realm="Friendika"');
 		    header('HTTP/1.0 401 Unauthorized');
-		    die('This api require login');
+		    die('This api requires login');
 		}
 		
 		$user = $_SERVER['PHP_AUTH_USER'];
@@ -52,9 +63,10 @@
 		if(count($r)){
 			$record = $r[0];
 		} else {
+		   logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
 		    header('WWW-Authenticate: Basic realm="Friendika"');
 		    header('HTTP/1.0 401 Unauthorized');
-		    die('This api require login');
+		    die('This api requires login');
 		}
 		$_SESSION['uid'] = $record['uid'];
 		$_SESSION['theme'] = $record['theme'];
@@ -303,7 +315,7 @@
 
 	// TODO - media uploads and alternate 'source'
 	
-	function api_post_message(&$a, $type) {
+	function api_statuses_update(&$a, $type) {
 		if (local_user()===false) return false;
 		$user_info = api_get_user($a);
 
@@ -329,7 +341,7 @@
 		item_post($a);	
 
 		// this should output the last post (the one we just posted).
-		return api_users_show();
+		return api_users_show($a,$type);
 	}
 	api_register_func('api/statuses/update','api_statuses_update', true);
 

mod/item.php

@@ -722,6 +722,8 @@ function item_post(&$a) {
 		logger('return: ' . $_POST['return']);
 		goaway($a->get_baseurl() . "/" . $_POST['return'] );
 	}
+	if($_POST['api_source'])
+		return;
 	$json = array('success' => 1);
 	if(x($_POST,'jsreload') && strlen($_POST['jsreload']))
 		$json['reload'] = $a->get_baseurl() . '/' . $_POST['jsreload'];

view/api_status_xml.tpl

@@ -0,0 +1,46 @@
+<status>{{ if $status }}
+    <created_at>$status.created_at</created_at>
+    <id>$status.id</id>
+    <text>$status.text</text>
+    <source>$status.source</source>
+    <truncated>$status.truncated</truncated>
+    <in_reply_to_status_id>$status.in_reply_to_status_id</in_reply_to_status_id>
+    <in_reply_to_user_id>$status.in_reply_to_user_id</in_reply_to_user_id>
+    <favorited>$status.favorited</favorited>
+    <in_reply_to_screen_name>$status.in_reply_to_screen_name</in_reply_to_screen_name>
+    <geo>$status.geo</geo>
+    <coordinates>$status.coordinates</coordinates>
+    <place>$status.place</place>
+    <contributors>$status.contributors</contributors>
+	<user>
+	  <id>$status.user.id</id>
+	  <name>$status.user.name</name>
+	  <screen_name>$status.user.screen_name</screen_name>
+	  <location>$status.user.location</location>
+	  <description>$status.user.description</description>
+	  <profile_image_url>$status.user.profile_image_url</profile_image_url>
+	  <url>$status.user.url</url>
+	  <protected>$status.user.protected</protected>
+	  <followers_count>$status.user.followers</followers_count>
+	  <profile_background_color>$status.user.profile_background_color</profile_background_color>
+  	  <profile_text_color>$status.user.profile_text_color</profile_text_color>
+  	  <profile_link_color>$status.user.profile_link_color</profile_link_color>
+  	  <profile_sidebar_fill_color>$status.user.profile_sidebar_fill_color</profile_sidebar_fill_color>
+  	  <profile_sidebar_border_color>$status.user.profile_sidebar_border_color</profile_sidebar_border_color>
+  	  <friends_count>$status.user.friends_count</friends_count>
+  	  <created_at>$status.user.created_at</created_at>
+  	  <favourites_count>$status.user.favourites_count</favourites_count>
+  	  <utc_offset>$status.user.utc_offset</utc_offset>
+  	  <time_zone>$status.user.time_zone</time_zone>
+  	  <profile_background_image_url>$status.user.profile_background_image_url</profile_background_image_url>
+  	  <profile_background_tile>$status.user.profile_background_tile</profile_background_tile>
+  	  <profile_use_background_image>$status.user.profile_use_background_image</profile_use_background_image>
+  	  <notifications></notifications>
+  	  <geo_enabled>$status.user.geo_enabled</geo_enabled>
+  	  <verified>$status.user.verified</verified>
+  	  <following></following>
+  	  <statuses_count>$status.user.statuses_count</statuses_count>
+  	  <lang>$status.user.lang</lang>
+  	  <contributors_enabled>$status.user.contributors_enabled</contributors_enabled>
+	  </user>
+{{ endif }}</status>