From b56e00c7c5ed1ee7043852b4ce025a3d02f139e8 Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Sun, 19 Jun 2011 20:13:24 -0700
Subject: [PATCH] api post sort of working - output status,user need to be
 swapped

---
 .htaccess               |  4 +++-
 include/api.php         | 20 ++++++++++++++----
 mod/item.php            |  2 ++
 view/api_status_xml.tpl | 46 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 67 insertions(+), 5 deletions(-)
 create mode 100644 view/api_status_xml.tpl

diff --git a/.htaccess b/.htaccess
index fe09fc5224..9cd6fa34c7 100644
--- a/.htaccess
+++ b/.htaccess
@@ -9,13 +9,15 @@ Deny from all
 <IfModule mod_rewrite.c>
   RewriteEngine on
 
+#  RewriteRule api.* - [E=REMOTE_USER:%{HTTP:Authorization},L]
+
   # Protect repo directory from browsing
   RewriteRule "(^|/)\.git" - [F]
 
   # Rewrite current-style URLs of the form 'index.php?q=x'.
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
-  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
+  RewriteRule ^(.*)$ index.php?q=$1 [E=REMOTE_USER:%{HTTP:Authorization},L,QSA]
 
 </IfModule>
 
diff --git a/include/api.php b/include/api.php
index ef41c411c5..d1f0f9330c 100644
--- a/include/api.php
+++ b/include/api.php
@@ -27,10 +27,21 @@
 	 * Simple HTTP Login
 	 */
 	function api_login(&$a){
+		// workaround for HTTP-auth in CGI mode
+		if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
+		 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
+			if(strlen($userpass)) {
+			 	list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW'] = $password;
+			}
+		}
+
 		if (!isset($_SERVER['PHP_AUTH_USER'])) {
+		   logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
 		    header('WWW-Authenticate: Basic realm="Friendika"');
 		    header('HTTP/1.0 401 Unauthorized');
-		    die('This api require login');
+		    die('This api requires login');
 		}
 		
 		$user = $_SERVER['PHP_AUTH_USER'];
@@ -52,9 +63,10 @@
 		if(count($r)){
 			$record = $r[0];
 		} else {
+		   logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
 		    header('WWW-Authenticate: Basic realm="Friendika"');
 		    header('HTTP/1.0 401 Unauthorized');
-		    die('This api require login');
+		    die('This api requires login');
 		}
 		$_SESSION['uid'] = $record['uid'];
 		$_SESSION['theme'] = $record['theme'];
@@ -303,7 +315,7 @@
 
 	// TODO - media uploads and alternate 'source'
 	
-	function api_post_message(&$a, $type) {
+	function api_statuses_update(&$a, $type) {
 		if (local_user()===false) return false;
 		$user_info = api_get_user($a);
 
@@ -329,7 +341,7 @@
 		item_post($a);	
 
 		// this should output the last post (the one we just posted).
-		return api_users_show();
+		return api_users_show($a,$type);
 	}
 	api_register_func('api/statuses/update','api_statuses_update', true);
 
diff --git a/mod/item.php b/mod/item.php
index 98f4ff90c2..e8714f955f 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -722,6 +722,8 @@ function item_post(&$a) {
 		logger('return: ' . $_POST['return']);
 		goaway($a->get_baseurl() . "/" . $_POST['return'] );
 	}
+	if($_POST['api_source'])
+		return;
 	$json = array('success' => 1);
 	if(x($_POST,'jsreload') && strlen($_POST['jsreload']))
 		$json['reload'] = $a->get_baseurl() . '/' . $_POST['jsreload'];
diff --git a/view/api_status_xml.tpl b/view/api_status_xml.tpl
new file mode 100644
index 0000000000..f6cd9c2c02
--- /dev/null
+++ b/view/api_status_xml.tpl
@@ -0,0 +1,46 @@
+<status>{{ if $status }}
+    <created_at>$status.created_at</created_at>
+    <id>$status.id</id>
+    <text>$status.text</text>
+    <source>$status.source</source>
+    <truncated>$status.truncated</truncated>
+    <in_reply_to_status_id>$status.in_reply_to_status_id</in_reply_to_status_id>
+    <in_reply_to_user_id>$status.in_reply_to_user_id</in_reply_to_user_id>
+    <favorited>$status.favorited</favorited>
+    <in_reply_to_screen_name>$status.in_reply_to_screen_name</in_reply_to_screen_name>
+    <geo>$status.geo</geo>
+    <coordinates>$status.coordinates</coordinates>
+    <place>$status.place</place>
+    <contributors>$status.contributors</contributors>
+	<user>
+	  <id>$status.user.id</id>
+	  <name>$status.user.name</name>
+	  <screen_name>$status.user.screen_name</screen_name>
+	  <location>$status.user.location</location>
+	  <description>$status.user.description</description>
+	  <profile_image_url>$status.user.profile_image_url</profile_image_url>
+	  <url>$status.user.url</url>
+	  <protected>$status.user.protected</protected>
+	  <followers_count>$status.user.followers</followers_count>
+	  <profile_background_color>$status.user.profile_background_color</profile_background_color>
+  	  <profile_text_color>$status.user.profile_text_color</profile_text_color>
+  	  <profile_link_color>$status.user.profile_link_color</profile_link_color>
+  	  <profile_sidebar_fill_color>$status.user.profile_sidebar_fill_color</profile_sidebar_fill_color>
+  	  <profile_sidebar_border_color>$status.user.profile_sidebar_border_color</profile_sidebar_border_color>
+  	  <friends_count>$status.user.friends_count</friends_count>
+  	  <created_at>$status.user.created_at</created_at>
+  	  <favourites_count>$status.user.favourites_count</favourites_count>
+  	  <utc_offset>$status.user.utc_offset</utc_offset>
+  	  <time_zone>$status.user.time_zone</time_zone>
+  	  <profile_background_image_url>$status.user.profile_background_image_url</profile_background_image_url>
+  	  <profile_background_tile>$status.user.profile_background_tile</profile_background_tile>
+  	  <profile_use_background_image>$status.user.profile_use_background_image</profile_use_background_image>
+  	  <notifications></notifications>
+  	  <geo_enabled>$status.user.geo_enabled</geo_enabled>
+  	  <verified>$status.user.verified</verified>
+  	  <following></following>
+  	  <statuses_count>$status.user.statuses_count</statuses_count>
+  	  <lang>$status.user.lang</lang>
+  	  <contributors_enabled>$status.user.contributors_enabled</contributors_enabled>
+	  </user>
+{{ endif }}</status>