diff --git a/include/api.php b/include/api.php index 594e68d51..33624dcf6 100644 --- a/include/api.php +++ b/include/api.php @@ -13,6 +13,7 @@ use Friendica\Core\NotificationsManager; use Friendica\Core\Worker; use Friendica\Database\DBM; use Friendica\Protocol\Diaspora; +use Friendica\Util\XML; require_once 'include/HTTPExceptions.php'; require_once 'include/bbcode.php'; @@ -32,7 +33,6 @@ require_once 'include/message.php'; require_once 'include/group.php'; require_once 'include/like.php'; require_once 'include/plaintext.php'; -require_once 'include/xml.php'; define('API_METHOD_ANY', '*'); define('API_METHOD_GET', 'GET'); @@ -42,647 +42,658 @@ define('API_METHOD_DELETE', 'POST,DELETE'); $API = array(); $called_api = null; -/// @TODO Fix intending - /** - * @brief Auth API user - * - * It is not sufficient to use local_user() to check whether someone is allowed to use the API, - * because this will open CSRF holes (just embed an image with src=friendicasite.com/api/statuses/update?status=CSRF - * into a page, and visitors will post something without noticing it). - */ - function api_user() { - if (x($_SESSION, 'allow_api')) { - return local_user(); - } - - return false; +/** + * @brief Auth API user + * + * It is not sufficient to use local_user() to check whether someone is allowed to use the API, + * because this will open CSRF holes (just embed an image with src=friendicasite.com/api/statuses/update?status=CSRF + * into a page, and visitors will post something without noticing it). + */ +function api_user() +{ + if (x($_SESSION, 'allow_api')) { + return local_user(); } - /** - * @brief Get source name from API client - * - * Clients can send 'source' parameter to be show in post metadata - * as "sent via ". - * Some clients doesn't send a source param, we support ones we know - * (only Twidere, atm) - * - * @return string - * Client source name, default to "api" if unset/unknown - */ - function api_source() { - if (requestdata('source')) { - return requestdata('source'); - } + return false; +} - // Support for known clients that doesn't send a source name - if (strpos($_SERVER['HTTP_USER_AGENT'], "Twidere") !== false) { - return "Twidere"; - } - - logger("Unrecognized user-agent ".$_SERVER['HTTP_USER_AGENT'], LOGGER_DEBUG); - - return "api"; +/** + * @brief Get source name from API client + * + * Clients can send 'source' parameter to be show in post metadata + * as "sent via ". + * Some clients doesn't send a source param, we support ones we know + * (only Twidere, atm) + * + * @return string + * Client source name, default to "api" if unset/unknown + */ +function api_source() +{ + if (requestdata('source')) { + return requestdata('source'); } - /** - * @brief Format date for API - * - * @param string $str Source date, as UTC - * @return string Date in UTC formatted as "D M d H:i:s +0000 Y" - */ - function api_date($str) { - // Wed May 23 06:01:13 +0000 2007 - return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" ); + // Support for known clients that doesn't send a source name + if (strpos($_SERVER['HTTP_USER_AGENT'], "Twidere") !== false) { + return "Twidere"; } - /** - * @brief Register API endpoint - * - * Register a function to be the endpont for defined API path. - * - * @param string $path API URL path, relative to System::baseUrl() - * @param string $func Function name to call on path request - * @param bool $auth API need logged user - * @param string $method HTTP method reqiured to call this endpoint. - * - * One of API_METHOD_ANY, API_METHOD_GET, API_METHOD_POST. - * Default to API_METHOD_ANY - */ - function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY) { - global $API; + logger("Unrecognized user-agent ".$_SERVER['HTTP_USER_AGENT'], LOGGER_DEBUG); - $API[$path] = array( - 'func' => $func, - 'auth' => $auth, - 'method' => $method, - ); - - // Workaround for hotot - $path = str_replace("api/", "api/1.1/", $path); - - $API[$path] = array( - 'func' => $func, - 'auth' => $auth, - 'method' => $method, + return "api"; +} + +/** + * @brief Format date for API + * + * @param string $str Source date, as UTC + * @return string Date in UTC formatted as "D M d H:i:s +0000 Y" + */ +function api_date($str) +{ + // Wed May 23 06:01:13 +0000 2007 + return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y"); +} + +/** + * @brief Register API endpoint + * + * Register a function to be the endpont for defined API path. + * + * @param string $path API URL path, relative to System::baseUrl() + * @param string $func Function name to call on path request + * @param bool $auth API need logged user + * @param string $method HTTP method reqiured to call this endpoint. + * One of API_METHOD_ANY, API_METHOD_GET, API_METHOD_POST. + * Default to API_METHOD_ANY + */ +function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY) +{ + global $API; + + $API[$path] = array( + 'func' => $func, + 'auth' => $auth, + 'method' => $method, + ); + + // Workaround for hotot + $path = str_replace("api/", "api/1.1/", $path); + + $API[$path] = array( + 'func' => $func, + 'auth' => $auth, + 'method' => $method, + ); +} + +/** + * @brief Login API user + * + * Log in user via OAuth1 or Simple HTTP Auth. + * Simple Auth allow username in form of
user@server
, ignoring server part + * + * @param object $a App + * @hook 'authenticate' + * array $addon_auth + * 'username' => username from login form + * 'password' => password from login form + * 'authenticated' => return status, + * 'user_record' => return authenticated user record + * @hook 'logged_in' + * array $user logged user record + */ +function api_login(App $a) +{ + // login with oauth + try { + $oauth = new FKOAuth1(); + list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); + if (!is_null($token)) { + $oauth->loginUser($token->uid); + call_hooks('logged_in', $a->user); + return; + } + echo __FILE__.__LINE__.__FUNCTION__ . "
";
+		var_dump($consumer, $token);
+		die();
+	} catch (Exception $e) {
+		logger($e);
+	}
+
+	// workaround for HTTP-auth in CGI mode
+	if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+		$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+		if (strlen($userpass)) {
+			list($name, $password) = explode(':', $userpass);
+			$_SERVER['PHP_AUTH_USER'] = $name;
+			$_SERVER['PHP_AUTH_PW'] = $password;
+		}
+	}
+
+	if (!x($_SERVER, 'PHP_AUTH_USER')) {
+		logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+		header('WWW-Authenticate: Basic realm="Friendica"');
+		throw new UnauthorizedException("This API requires login");
+	}
+
+	$user = $_SERVER['PHP_AUTH_USER'];
+	$password = $_SERVER['PHP_AUTH_PW'];
+	$encrypted = hash('whirlpool', trim($password));
+
+	// allow "user@server" login (but ignore 'server' part)
+	$at = strstr($user, "@", true);
+	if ($at) {
+		$user = $at;
+	}
+
+	// next code from mod/auth.php. needs better solution
+	$record = null;
+
+	$addon_auth = array(
+		'username' => trim($user),
+		'password' => trim($password),
+		'authenticated' => 0,
+		'user_record' => null,
+	);
+
+	/*
+		* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
+		* Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
+		* and later plugins should not interfere with an earlier one that succeeded.
+		*/
+	call_hooks('authenticate', $addon_auth);
+
+	if (($addon_auth['authenticated']) && (count($addon_auth['user_record']))) {
+		$record = $addon_auth['user_record'];
+	} else {
+		// process normal login request
+		$r = q(
+			"SELECT * FROM `user` WHERE (`email` = '%s' OR `nickname` = '%s')
+			AND `password` = '%s' AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified` LIMIT 1",
+			dbesc(trim($user)),
+			dbesc(trim($user)),
+			dbesc($encrypted)
 		);
+		if (DBM::is_result($r)) {
+			$record = $r[0];
+		}
 	}
 
-	/**
-	 * @brief Login API user
-	 *
-	 * Log in user via OAuth1 or Simple HTTP Auth.
-	 * Simple Auth allow username in form of 
user@server
, ignoring server part - * - * @param App $a - * @hook 'authenticate' - * array $addon_auth - * 'username' => username from login form - * 'password' => password from login form - * 'authenticated' => return status, - * 'user_record' => return authenticated user record - * @hook 'logged_in' - * array $user logged user record - */ - function api_login(App $a) { - // login with oauth - try { - $oauth = new FKOAuth1(); - list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); - if (!is_null($token)) { - $oauth->loginUser($token->uid); - call_hooks('logged_in', $a->user); - return; - } - echo __FILE__.__LINE__.__FUNCTION__ . "
";
-			var_dump($consumer, $token);
-			die();
-		} catch (Exception $e) {
-			logger($e);
-		}
-
-		// workaround for HTTP-auth in CGI mode
-		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
-			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-			if (strlen($userpass)) {
-				list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
-
-		if (!x($_SERVER, 'PHP_AUTH_USER')) {
-			logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-			header('WWW-Authenticate: Basic realm="Friendica"');
-			throw new UnauthorizedException("This API requires login");
-		}
-
-		$user = $_SERVER['PHP_AUTH_USER'];
-		$password = $_SERVER['PHP_AUTH_PW'];
-		$encrypted = hash('whirlpool', trim($password));
-
-		// allow "user@server" login (but ignore 'server' part)
-		$at = strstr($user, "@", true);
-		if ($at) {
-			$user = $at;
-		}
-
-		// next code from mod/auth.php. needs better solution
-		$record = null;
-
-		$addon_auth = array(
-			'username' => trim($user),
-			'password' => trim($password),
-			'authenticated' => 0,
-			'user_record' => null,
-		);
-
-		/*
-		 * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
-		 * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
-		 * and later plugins should not interfere with an earlier one that succeeded.
-		 */
-		call_hooks('authenticate', $addon_auth);
-
-		if (($addon_auth['authenticated']) && (count($addon_auth['user_record']))) {
-			$record = $addon_auth['user_record'];
-		} else {
-			// process normal login request
-			$r = q("SELECT * FROM `user` WHERE (`email` = '%s' OR `nickname` = '%s')
-				AND `password` = '%s' AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified` LIMIT 1",
-				dbesc(trim($user)),
-				dbesc(trim($user)),
-				dbesc($encrypted)
-			);
-			if (DBM::is_result($r)) {
-				$record = $r[0];
-			}
-		}
-
-		if ((! $record) || (! count($record))) {
-			logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
-			header('WWW-Authenticate: Basic realm="Friendica"');
-			//header('HTTP/1.0 401 Unauthorized');
-			//die('This api requires login');
-			throw new UnauthorizedException("This API requires login");
-		}
-
-		authenticate_success($record);
-
-		$_SESSION["allow_api"] = true;
-
-		call_hooks('logged_in', $a->user);
-
+	if ((! $record) || (! count($record))) {
+		logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
+		header('WWW-Authenticate: Basic realm="Friendica"');
+		//header('HTTP/1.0 401 Unauthorized');
+		//die('This api requires login');
+		throw new UnauthorizedException("This API requires login");
 	}
 
-	/**
-	 * @brief Check HTTP method of called API
-	 *
-	 * API endpoints can define which HTTP method to accept when called.
-	 * This function check the current HTTP method agains endpoint
-	 * registered method.
-	 *
-	 * @param string $method Required methods, uppercase, separated by comma
-	 * @return bool
-	 */
-	 function api_check_method($method) {
-		if ($method == "*") {
-			return true;
-		}
-		return (strpos($method, $_SERVER['REQUEST_METHOD']) !== false);
-	 }
+	authenticate_success($record);
 
-	/**
-	 * @brief Main API entry point
-	 *
-	 * Authenticate user, call registered API function, set HTTP headers
-	 *
-	 * @param App $a
-	 * @return string API call result
-	 */
-	function api_call(App $a) {
-		global $API, $called_api;
+	$_SESSION["allow_api"] = true;
 
+	call_hooks('logged_in', $a->user);
+}
+
+/**
+ * @brief Check HTTP method of called API
+ *
+ * API endpoints can define which HTTP method to accept when called.
+ * This function check the current HTTP method agains endpoint
+ * registered method.
+ *
+ * @param string $method Required methods, uppercase, separated by comma
+ * @return bool
+ */
+function api_check_method($method)
+{
+	if ($method == "*") {
+		return true;
+	}
+	return (strpos($method, $_SERVER['REQUEST_METHOD']) !== false);
+}
+
+/**
+ * @brief Main API entry point
+ *
+ * Authenticate user, call registered API function, set HTTP headers
+ *
+ * @param object $a App
+ * @return string API call result
+ */
+function api_call(App $a)
+{
+	global $API, $called_api;
+
+	$type = "json";
+	if (strpos($a->query_string, ".xml") > 0) {
+		$type = "xml";
+	}
+	if (strpos($a->query_string, ".json") > 0) {
 		$type = "json";
-		if (strpos($a->query_string, ".xml") > 0) {
-			$type = "xml";
-		}
-		if (strpos($a->query_string, ".json") > 0) {
-			$type = "json";
-		}
-		if (strpos($a->query_string, ".rss") > 0) {
-			$type = "rss";
-		}
-		if (strpos($a->query_string, ".atom") > 0) {
-			$type = "atom";
-		}
+	}
+	if (strpos($a->query_string, ".rss") > 0) {
+		$type = "rss";
+	}
+	if (strpos($a->query_string, ".atom") > 0) {
+		$type = "atom";
+	}
 
-		try {
-			foreach ($API as $p => $info) {
-				if (strpos($a->query_string, $p) === 0) {
-					if (!api_check_method($info['method'])) {
-						throw new MethodNotAllowedException();
-					}
+	try {
+		foreach ($API as $p => $info) {
+			if (strpos($a->query_string, $p) === 0) {
+				if (!api_check_method($info['method'])) {
+					throw new MethodNotAllowedException();
+				}
 
-					$called_api = explode("/", $p);
-					//unset($_SERVER['PHP_AUTH_USER']);
+				$called_api = explode("/", $p);
+				//unset($_SERVER['PHP_AUTH_USER']);
 
-					/// @TODO should be "true ==[=] $info['auth']", if you miss only one = character, you assign a variable (only with ==). Let's make all this even.
-					if ($info['auth'] === true && api_user() === false) {
-						api_login($a);
-					}
+				/// @TODO should be "true ==[=] $info['auth']", if you miss only one = character, you assign a variable (only with ==). Let's make all this even.
+				if ($info['auth'] === true && api_user() === false) {
+					api_login($a);
+				}
 
-					logger('API call for ' . $a->user['username'] . ': ' . $a->query_string);
-					logger('API parameters: ' . print_r($_REQUEST, true));
+				logger('API call for ' . $a->user['username'] . ': ' . $a->query_string);
+				logger('API parameters: ' . print_r($_REQUEST, true));
 
-					$stamp =  microtime(true);
-					$r = call_user_func($info['func'], $type);
-					$duration = (float) (microtime(true) - $stamp);
-					logger("API call duration: " . round($duration, 2) . "\t" . $a->query_string, LOGGER_DEBUG);
+				$stamp =  microtime(true);
+				$r = call_user_func($info['func'], $type);
+				$duration = (float) (microtime(true) - $stamp);
+				logger("API call duration: " . round($duration, 2) . "\t" . $a->query_string, LOGGER_DEBUG);
 
-					if (Config::get("system", "profiler")) {
-						$duration = microtime(true)-$a->performance["start"];
+				if (Config::get("system", "profiler")) {
+					$duration = microtime(true)-$a->performance["start"];
 
-						/// @TODO round() really everywhere?
-						logger(parse_url($a->query_string, PHP_URL_PATH) . ": " . sprintf("Database: %s/%s, Network: %s, I/O: %s, Other: %s, Total: %s",
+					/// @TODO round() really everywhere?
+					logger(
+						parse_url($a->query_string, PHP_URL_PATH) . ": " . sprintf(
+							"Database: %s/%s, Network: %s, I/O: %s, Other: %s, Total: %s",
 							round($a->performance["database"] - $a->performance["database_write"], 3),
 							round($a->performance["database_write"], 3),
 							round($a->performance["network"], 2),
 							round($a->performance["file"], 2),
-							round($duration - ($a->performance["database"] + $a->performance["network"]
-								+ $a->performance["file"]), 2),
-							round($duration, 2)),
-							LOGGER_DEBUG
-						);
+							round($duration - ($a->performance["database"] + $a->performance["network"]	+ $a->performance["file"]), 2),
+							round($duration, 2)
+						),
+						LOGGER_DEBUG
+					);
 
-						if (Config::get("rendertime", "callstack")) {
-							$o = "Database Read:\n";
-							foreach ($a->callstack["database"] AS $func => $time) {
-								$time = round($time, 3);
-								if ($time > 0) {
-									$o .= $func . ": " . $time . "\n";
-								}
+					if (Config::get("rendertime", "callstack")) {
+						$o = "Database Read:\n";
+						foreach ($a->callstack["database"] as $func => $time) {
+							$time = round($time, 3);
+							if ($time > 0) {
+								$o .= $func . ": " . $time . "\n";
+							}
+						}
+						$o .= "\nDatabase Write:\n";
+						foreach ($a->callstack["database_write"] as $func => $time) {
+							$time = round($time, 3);
+							if ($time > 0) {
+								$o .= $func . ": " . $time . "\n";
 							}
-							$o .= "\nDatabase Write:\n";
-							foreach ($a->callstack["database_write"] AS $func => $time) {
-								$time = round($time, 3);
-								if ($time > 0) {
-									$o .= $func . ": " . $time . "\n";
-								}
-							}
-
-							$o .= "\nNetwork:\n";
-							foreach ($a->callstack["network"] AS $func => $time) {
-								$time = round($time, 3);
-								if ($time > 0) {
-									$o .= $func . ": " . $time . "\n";
-								}
-							}
-							logger($o, LOGGER_DEBUG);
 						}
-					}
 
-					if (false === $r) {
-						/*
-						 * api function returned false withour throw an
-						 * exception. This should not happend, throw a 500
-						 */
-						throw new InternalServerErrorException();
-					}
-
-					switch ($type) {
-						case "xml":
-							header ("Content-Type: text/xml");
-							return $r;
-							break;
-						case "json":
-							header ("Content-Type: application/json");
-							foreach ($r as $rr)
-								$json = json_encode($rr);
-								if (x($_GET, 'callback')) {
-									$json = $_GET['callback'] . "(" . $json . ")";
-								}
-								return $json;
-							break;
-						case "rss":
-							header ("Content-Type: application/rss+xml");
-							return '' . "\n" . $r;
-							break;
-						case "atom":
-							header ("Content-Type: application/atom+xml");
-							return '' . "\n" . $r;
-							break;
+						$o .= "\nNetwork:\n";
+						foreach ($a->callstack["network"] as $func => $time) {
+							$time = round($time, 3);
+							if ($time > 0) {
+								$o .= $func . ": " . $time . "\n";
+							}
+						}
+						logger($o, LOGGER_DEBUG);
 					}
 				}
+
+				if (false === $r) {
+					/*
+						* api function returned false withour throw an
+						* exception. This should not happend, throw a 500
+						*/
+					throw new InternalServerErrorException();
+				}
+
+				switch ($type) {
+					case "xml":
+						header("Content-Type: text/xml");
+						return $r;
+						break;
+					case "json":
+						header("Content-Type: application/json");
+						foreach ($r as $rr)
+							$json = json_encode($rr);
+							if (x($_GET, 'callback')) {
+								$json = $_GET['callback'] . "(" . $json . ")";
+							}
+							return $json;
+						break;
+					case "rss":
+						header("Content-Type: application/rss+xml");
+						return '' . "\n" . $r;
+						break;
+					case "atom":
+						header("Content-Type: application/atom+xml");
+						return '' . "\n" . $r;
+						break;
+				}
+			}
+		}
+
+		logger('API call not implemented: ' . $a->query_string);
+		throw new NotImplementedException();
+	} catch (HTTPException $e) {
+		header("HTTP/1.1 {$e->httpcode} {$e->httpdesc}");
+		return api_error($type, $e);
+	}
+}
+
+/**
+ * @brief Format API error string
+ *
+ * @param string $type Return type (xml, json, rss, as)
+ * @param object $e    HTTPException Error object
+ * @return strin error message formatted as $type
+ */
+function api_error($type, $e)
+{
+	$a = get_app();
+
+	$error = ($e->getMessage() !== "" ? $e->getMessage() : $e->httpdesc);
+	/// @TODO:  https://dev.twitter.com/overview/api/response-codes
+
+	$error = array("error" => $error,
+			"code" => $e->httpcode . " " . $e->httpdesc,
+			"request" => $a->query_string);
+
+	$ret = api_format_data('status', $type, array('status' => $error));
+
+	switch ($type) {
+		case "xml":
+			header("Content-Type: text/xml");
+			return $ret;
+			break;
+		case "json":
+			header("Content-Type: application/json");
+			return json_encode($ret);
+			break;
+		case "rss":
+			header("Content-Type: application/rss+xml");
+			return $ret;
+			break;
+		case "atom":
+			header("Content-Type: application/atom+xml");
+			return $ret;
+			break;
+	}
+}
+
+/**
+ * @brief Set values for RSS template
+ *
+ * @param App $a
+ * @param array $arr       Array to be passed to template
+ * @param array $user_info User info
+ * @return array
+ * @todo find proper type-hints
+ */
+function api_rss_extra(App $a, $arr, $user_info)
+{
+	if (is_null($user_info)) {
+		$user_info = api_get_user($a);
+	}
+
+	$arr['$user'] = $user_info;
+	$arr['$rss'] = array(
+		'alternate'    => $user_info['url'],
+		'self'         => System::baseUrl() . "/" . $a->query_string,
+		'base'         => System::baseUrl(),
+		'updated'      => api_date(null),
+		'atom_updated' => datetime_convert('UTC', 'UTC', 'now', ATOM_TIME),
+		'language'     => $user_info['language'],
+		'logo'         => System::baseUrl() . "/images/friendica-32.png",
+	);
+
+	return $arr;
+}
+
+
+/**
+ * @brief Unique contact to contact url.
+ *
+ * @param int $id Contact id
+ * @return bool|string
+ * 		Contact url or False if contact id is unknown
+ */
+function api_unique_id_to_url($id)
+{
+	$r = dba::select('contact', array('url'), array('uid' => 0, 'id' => $id), array('limit' => 1));
+
+	if (DBM::is_result($r)) {
+		return $r["url"];
+	} else {
+		return false;
+	}
+}
+
+/**
+ * @brief Get user info array.
+ *
+ * @param object     $a          App
+ * @param int|string $contact_id Contact ID or URL
+ * @param string     $type       Return type (for errors)
+ */
+function api_get_user(App $a, $contact_id = null, $type = "json")
+{
+	global $called_api;
+
+	$user = null;
+	$extra_query = "";
+	$url = "";
+	$nick = "";
+
+	logger("api_get_user: Fetching user data for user ".$contact_id, LOGGER_DEBUG);
+
+	// Searching for contact URL
+	if (!is_null($contact_id) && (intval($contact_id) == 0)) {
+		$user = dbesc(normalise_link($contact_id));
+		$url = $user;
+		$extra_query = "AND `contact`.`nurl` = '%s' ";
+		if (api_user() !== false) {
+			$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
+		}
+	}
+
+	// Searching for contact id with uid = 0
+	if (!is_null($contact_id) && (intval($contact_id) != 0)) {
+		$user = dbesc(api_unique_id_to_url($contact_id));
+
+		if ($user == "") {
+			throw new BadRequestException("User not found.");
+		}
+
+		$url = $user;
+		$extra_query = "AND `contact`.`nurl` = '%s' ";
+		if (api_user() !== false) {
+			$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
+		}
+	}
+
+	if (is_null($user) && x($_GET, 'user_id')) {
+		$user = dbesc(api_unique_id_to_url($_GET['user_id']));
+
+		if ($user == "") {
+			throw new BadRequestException("User not found.");
+		}
+
+		$url = $user;
+		$extra_query = "AND `contact`.`nurl` = '%s' ";
+		if (api_user() !== false) {
+			$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
+		}
+	}
+	if (is_null($user) && x($_GET, 'screen_name')) {
+		$user = dbesc($_GET['screen_name']);
+		$nick = $user;
+		$extra_query = "AND `contact`.`nick` = '%s' ";
+		if (api_user() !== false) {
+			$extra_query .= "AND `contact`.`uid`=".intval(api_user());
+		}
+	}
+
+	if (is_null($user) && x($_GET, 'profileurl')) {
+		$user = dbesc(normalise_link($_GET['profileurl']));
+		$nick = $user;
+		$extra_query = "AND `contact`.`nurl` = '%s' ";
+		if (api_user() !== false) {
+			$extra_query .= "AND `contact`.`uid`=".intval(api_user());
+		}
+	}
+
+	if (is_null($user) && ($a->argc > (count($called_api) - 1)) && (count($called_api) > 0)) {
+		$argid = count($called_api);
+		list($user, $null) = explode(".", $a->argv[$argid]);
+		if (is_numeric($user)) {
+			$user = dbesc(api_unique_id_to_url($user));
+
+			if ($user == "") {
+				return false;
 			}
 
-			logger('API call not implemented: ' . $a->query_string);
-			throw new NotImplementedException();
-		} catch (HTTPException $e) {
-			header("HTTP/1.1 {$e->httpcode} {$e->httpdesc}");
-			return api_error($type, $e);
-		}
-	}
-
-	/**
-	 * @brief Format API error string
-	 *
-	 * @param string $type Return type (xml, json, rss, as)
-	 * @param HTTPException $error Error object
-	 * @return strin error message formatted as $type
-	 */
-	function api_error($type, $e) {
-
-		$a = get_app();
-
-		$error = ($e->getMessage() !== "" ? $e->getMessage() : $e->httpdesc);
-		/// @TODO:  https://dev.twitter.com/overview/api/response-codes
-
-		$error = array("error" => $error,
-				"code" => $e->httpcode . " " . $e->httpdesc,
-				"request" => $a->query_string);
-
-		$ret = api_format_data('status', $type, array('status' => $error));
-
-		switch ($type) {
-			case "xml":
-				header ("Content-Type: text/xml");
-				return $ret;
-				break;
-			case "json":
-				header ("Content-Type: application/json");
-				return json_encode($ret);
-				break;
-			case "rss":
-				header ("Content-Type: application/rss+xml");
-				return $ret;
-				break;
-			case "atom":
-				header ("Content-Type: application/atom+xml");
-				return $ret;
-				break;
-		}
-	}
-
-	/**
-	 * @brief Set values for RSS template
-	 *
-	 * @param App $a
-	 * @param array $arr Array to be passed to template
-	 * @param array $user_info
-	 * @return array
-	 * @todo find proper type-hints
-	 */
-	function api_rss_extra(App $a, $arr, $user_info) {
-		if (is_null($user_info)) {
-			$user_info = api_get_user($a);
-		}
-
-		$arr['$user'] = $user_info;
-		$arr['$rss'] = array(
-			'alternate'    => $user_info['url'],
-			'self'         => System::baseUrl() . "/" . $a->query_string,
-			'base'         => System::baseUrl(),
-			'updated'      => api_date(null),
-			'atom_updated' => datetime_convert('UTC', 'UTC', 'now', ATOM_TIME),
-			'language'     => $user_info['language'],
-			'logo'         => System::baseUrl() . "/images/friendica-32.png",
-		);
-
-		return $arr;
-	}
-
-
-	/**
-	 * @brief Unique contact to contact url.
-	 *
-	 * @param int $id Contact id
-	 * @return bool|string
-	 * 		Contact url or False if contact id is unknown
-	 */
-	function api_unique_id_to_url($id) {
-		$r = dba::select('contact', array('url'), array('uid' => 0, 'id' => $id), array('limit' => 1));
-
-		if (DBM::is_result($r)) {
-			return $r["url"];
+			$url = $user;
+			$extra_query = "AND `contact`.`nurl` = '%s' ";
+			if (api_user() !== false) {
+				$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
+			}
 		} else {
-			return false;
-		}
-	}
-
-	/**
-	 * @brief Get user info array.
-	 *
-	 * @param Api $a
-	 * @param int|string $contact_id Contact ID or URL
-	 * @param string $type Return type (for errors)
-	 */
-	function api_get_user(App $a, $contact_id = null, $type = "json") {
-		global $called_api;
-
-		$user = null;
-		$extra_query = "";
-		$url = "";
-		$nick = "";
-
-		logger("api_get_user: Fetching user data for user ".$contact_id, LOGGER_DEBUG);
-
-		// Searching for contact URL
-		if (!is_null($contact_id) && (intval($contact_id) == 0)) {
-			$user = dbesc(normalise_link($contact_id));
-			$url = $user;
-			$extra_query = "AND `contact`.`nurl` = '%s' ";
-			if (api_user() !== false) {
-				$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
-			}
-		}
-
-		// Searching for contact id with uid = 0
-		if (!is_null($contact_id) && (intval($contact_id) != 0)) {
-			$user = dbesc(api_unique_id_to_url($contact_id));
-
-			if ($user == "") {
-				throw new BadRequestException("User not found.");
-			}
-
-			$url = $user;
-			$extra_query = "AND `contact`.`nurl` = '%s' ";
-			if (api_user() !== false) {
-				$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
-			}
-		}
-
-		if (is_null($user) && x($_GET, 'user_id')) {
-			$user = dbesc(api_unique_id_to_url($_GET['user_id']));
-
-			if ($user == "") {
-				throw new BadRequestException("User not found.");
-			}
-
-			$url = $user;
-			$extra_query = "AND `contact`.`nurl` = '%s' ";
-			if (api_user() !== false) {
-				$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
-			}
-		}
-		if (is_null($user) && x($_GET, 'screen_name')) {
-			$user = dbesc($_GET['screen_name']);
+			$user = dbesc($user);
 			$nick = $user;
 			$extra_query = "AND `contact`.`nick` = '%s' ";
 			if (api_user() !== false) {
-				$extra_query .= "AND `contact`.`uid`=".intval(api_user());
+				$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
 			}
 		}
+	}
 
-		if (is_null($user) && x($_GET, 'profileurl')) {
-			$user = dbesc(normalise_link($_GET['profileurl']));
-			$nick = $user;
-			$extra_query = "AND `contact`.`nurl` = '%s' ";
-			if (api_user() !== false) {
-				$extra_query .= "AND `contact`.`uid`=".intval(api_user());
-			}
+	logger("api_get_user: user ".$user, LOGGER_DEBUG);
+
+	if (!$user) {
+		if (api_user() === false) {
+			api_login($a);
+			return false;
+		} else {
+			$user = $_SESSION['uid'];
+			$extra_query = "AND `contact`.`uid` = %d AND `contact`.`self` ";
+		}
+	}
+
+	logger('api_user: ' . $extra_query . ', user: ' . $user);
+
+	// user info
+	$uinfo = q(
+		"SELECT *, `contact`.`id` AS `cid` FROM `contact`
+			WHERE 1
+		$extra_query",
+		$user
+	);
+
+	// Selecting the id by priority, friendica first
+	api_best_nickname($uinfo);
+
+	// if the contact wasn't found, fetch it from the contacts with uid = 0
+	if (!DBM::is_result($uinfo)) {
+		$r = array();
+
+		if ($url != "") {
+			$r = q("SELECT * FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s' LIMIT 1", dbesc(normalise_link($url)));
 		}
 
-		if (is_null($user) && ($a->argc > (count($called_api) - 1)) && (count($called_api) > 0)) {
-			$argid = count($called_api);
-			list($user, $null) = explode(".", $a->argv[$argid]);
-			if (is_numeric($user)) {
-				$user = dbesc(api_unique_id_to_url($user));
+		if (DBM::is_result($r)) {
+			$network_name = network_to_name($r[0]['network'], $r[0]['url']);
 
-				if ($user == "") {
-					return false;
-				}
-
-				$url = $user;
-				$extra_query = "AND `contact`.`nurl` = '%s' ";
-				if (api_user() !== false) {
-					$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
-				}
-			} else {
-				$user = dbesc($user);
-				$nick = $user;
-				$extra_query = "AND `contact`.`nick` = '%s' ";
-				if (api_user() !== false) {
-					$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
-				}
-			}
-		}
-
-		logger("api_get_user: user ".$user, LOGGER_DEBUG);
-
-		if (!$user) {
-			if (api_user() === false) {
-				api_login($a);
-				return false;
-			} else {
-				$user = $_SESSION['uid'];
-				$extra_query = "AND `contact`.`uid` = %d AND `contact`.`self` ";
+			// If no nick where given, extract it from the address
+			if (($r[0]['nick'] == "") || ($r[0]['name'] == $r[0]['nick'])) {
+				$r[0]['nick'] = api_get_nick($r[0]["url"]);
 			}
 
+			$ret = array(
+				'id' => $r[0]["id"],
+				'id_str' => (string) $r[0]["id"],
+				'name' => $r[0]["name"],
+				'screen_name' => (($r[0]['nick']) ? $r[0]['nick'] : $r[0]['name']),
+				'location' => ($r[0]["location"] != "") ? $r[0]["location"] : $network_name,
+				'description' => $r[0]["about"],
+				'profile_image_url' => $r[0]["micro"],
+				'profile_image_url_https' => $r[0]["micro"],
+				'url' => $r[0]["url"],
+				'protected' => false,
+				'followers_count' => 0,
+				'friends_count' => 0,
+				'listed_count' => 0,
+				'created_at' => api_date($r[0]["created"]),
+				'favourites_count' => 0,
+				'utc_offset' => 0,
+				'time_zone' => 'UTC',
+				'geo_enabled' => false,
+				'verified' => false,
+				'statuses_count' => 0,
+				'lang' => '',
+				'contributors_enabled' => false,
+				'is_translator' => false,
+				'is_translation_enabled' => false,
+				'following' => false,
+				'follow_request_sent' => false,
+				'statusnet_blocking' => false,
+				'notifications' => false,
+				'statusnet_profile_url' => $r[0]["url"],
+				'uid' => 0,
+				'cid' => get_contact($r[0]["url"], api_user(), true),
+				'self' => 0,
+				'network' => $r[0]["network"],
+			);
+
+			return $ret;
+		} else {
+			throw new BadRequestException("User not found.");
+		}
+	}
+
+	if ($uinfo[0]['self']) {
+		if ($uinfo[0]['network'] == "") {
+			$uinfo[0]['network'] = NETWORK_DFRN;
 		}
 
-		logger('api_user: ' . $extra_query . ', user: ' . $user);
-
-		// user info
-		$uinfo = q("SELECT *, `contact`.`id` AS `cid` FROM `contact`
-				WHERE 1
-				$extra_query",
-				$user
+		$usr = q(
+			"SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+			intval(api_user())
+		);
+		$profile = q(
+			"SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
+			intval(api_user())
 		);
 
-		// Selecting the id by priority, friendica first
-		api_best_nickname($uinfo);
-
-		// if the contact wasn't found, fetch it from the contacts with uid = 0
-		if (!DBM::is_result($uinfo)) {
-			$r = array();
-
-			if ($url != "") {
-				$r = q("SELECT * FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s' LIMIT 1", dbesc(normalise_link($url)));
-			}
-
-			if (DBM::is_result($r)) {
-				$network_name = network_to_name($r[0]['network'], $r[0]['url']);
-
-				// If no nick where given, extract it from the address
-				if (($r[0]['nick'] == "") || ($r[0]['name'] == $r[0]['nick'])) {
-					$r[0]['nick'] = api_get_nick($r[0]["url"]);
-				}
-
-				$ret = array(
-					'id' => $r[0]["id"],
-					'id_str' => (string) $r[0]["id"],
-					'name' => $r[0]["name"],
-					'screen_name' => (($r[0]['nick']) ? $r[0]['nick'] : $r[0]['name']),
-					'location' => ($r[0]["location"] != "") ? $r[0]["location"] : $network_name,
-					'description' => $r[0]["about"],
-					'profile_image_url' => $r[0]["micro"],
-					'profile_image_url_https' => $r[0]["micro"],
-					'url' => $r[0]["url"],
-					'protected' => false,
-					'followers_count' => 0,
-					'friends_count' => 0,
-					'listed_count' => 0,
-					'created_at' => api_date($r[0]["created"]),
-					'favourites_count' => 0,
-					'utc_offset' => 0,
-					'time_zone' => 'UTC',
-					'geo_enabled' => false,
-					'verified' => false,
-					'statuses_count' => 0,
-					'lang' => '',
-					'contributors_enabled' => false,
-					'is_translator' => false,
-					'is_translation_enabled' => false,
-					'following' => false,
-					'follow_request_sent' => false,
-					'statusnet_blocking' => false,
-					'notifications' => false,
-					'statusnet_profile_url' => $r[0]["url"],
-					'uid' => 0,
-					'cid' => get_contact($r[0]["url"], api_user(), true),
-					'self' => 0,
-					'network' => $r[0]["network"],
-				);
-
-				return $ret;
-			} else {
-				throw new BadRequestException("User not found.");
-			}
-		}
-
-		if ($uinfo[0]['self']) {
-
-			if ($uinfo[0]['network'] == "") {
-				$uinfo[0]['network'] = NETWORK_DFRN;
-			}
-
-			$usr = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
-				intval(api_user())
-			);
-			$profile = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
-				intval(api_user())
-			);
-
-			/// @TODO old-lost code? (twice)
-			// Counting is deactivated by now, due to performance issues
-			// count public wall messages
-			//$r = q("SELECT COUNT(*) as `count` FROM `item` WHERE `uid` = %d AND `wall`",
-			//		intval($uinfo[0]['uid'])
-			//);
-			//$countitms = $r[0]['count'];
-			$countitms = 0;
-		} else {
-			// Counting is deactivated by now, due to performance issues
-			//$r = q("SELECT count(*) as `count` FROM `item`
-			//		WHERE  `contact-id` = %d",
-			//		intval($uinfo[0]['id'])
-			//);
-			//$countitms = $r[0]['count'];
-			$countitms = 0;
-		}
+		/// @TODO old-lost code? (twice)
+		// Counting is deactivated by now, due to performance issues
+		// count public wall messages
+		//$r = q("SELECT COUNT(*) as `count` FROM `item` WHERE `uid` = %d AND `wall`",
+		//		intval($uinfo[0]['uid'])
+		//);
+		//$countitms = $r[0]['count'];
+		$countitms = 0;
+	} else {
+		// Counting is deactivated by now, due to performance issues
+		//$r = q("SELECT count(*) as `count` FROM `item`
+		//		WHERE  `contact-id` = %d",
+		//		intval($uinfo[0]['id'])
+		//);
+		//$countitms = $r[0]['count'];
+		$countitms = 0;
+	}
 
 		/// @TODO old-lost code? (twice)
-/*
+		/*
 		// Counting is deactivated by now, due to performance issues
 		// count friends
 		$r = q("SELECT count(*) as `count` FROM `contact`
@@ -714,4292 +725,4446 @@ $called_api = null;
 			$countfollowers = 0;
 			$starred = 0;
 		}
-*/
-		$countfriends = 0;
-		$countfollowers = 0;
-		$starred = 0;
+		*/
+	$countfriends = 0;
+	$countfollowers = 0;
+	$starred = 0;
 
-		// Add a nick if it isn't present there
-		if (($uinfo[0]['nick'] == "") || ($uinfo[0]['name'] == $uinfo[0]['nick'])) {
-			$uinfo[0]['nick'] = api_get_nick($uinfo[0]["url"]);
+	// Add a nick if it isn't present there
+	if (($uinfo[0]['nick'] == "") || ($uinfo[0]['name'] == $uinfo[0]['nick'])) {
+		$uinfo[0]['nick'] = api_get_nick($uinfo[0]["url"]);
+	}
+
+	$network_name = network_to_name($uinfo[0]['network'], $uinfo[0]['url']);
+
+	$pcontact_id  = get_contact($uinfo[0]['url'], 0, true);
+
+	$ret = array(
+		'id' => intval($pcontact_id),
+		'id_str' => (string) intval($pcontact_id),
+		'name' => (($uinfo[0]['name']) ? $uinfo[0]['name'] : $uinfo[0]['nick']),
+		'screen_name' => (($uinfo[0]['nick']) ? $uinfo[0]['nick'] : $uinfo[0]['name']),
+		'location' => ($usr) ? $usr[0]['default-location'] : $network_name,
+		'description' => (($profile) ? $profile[0]['pdesc'] : null),
+		'profile_image_url' => $uinfo[0]['micro'],
+		'profile_image_url_https' => $uinfo[0]['micro'],
+		'url' => $uinfo[0]['url'],
+		'protected' => false,
+		'followers_count' => intval($countfollowers),
+		'friends_count' => intval($countfriends),
+		'listed_count' => 0,
+		'created_at' => api_date($uinfo[0]['created']),
+		'favourites_count' => intval($starred),
+		'utc_offset' => "0",
+		'time_zone' => 'UTC',
+		'geo_enabled' => false,
+		'verified' => true,
+		'statuses_count' => intval($countitms),
+		'lang' => '',
+		'contributors_enabled' => false,
+		'is_translator' => false,
+		'is_translation_enabled' => false,
+		'following' => (($uinfo[0]['rel'] == CONTACT_IS_FOLLOWER) || ($uinfo[0]['rel'] == CONTACT_IS_FRIEND)),
+		'follow_request_sent' => false,
+		'statusnet_blocking' => false,
+		'notifications' => false,
+		/// @TODO old way?
+		//'statusnet_profile_url' => System::baseUrl()."/contacts/".$uinfo[0]['cid'],
+		'statusnet_profile_url' => $uinfo[0]['url'],
+		'uid' => intval($uinfo[0]['uid']),
+		'cid' => intval($uinfo[0]['cid']),
+		'self' => $uinfo[0]['self'],
+		'network' => $uinfo[0]['network'],
+	);
+
+	return $ret;
+}
+
+/**
+ * @brief return api-formatted array for item's author and owner
+ *
+ * @param object $a    App
+ * @param array  $item item from db
+ * @return array(array:author, array:owner)
+ */
+function api_item_get_user(App $a, $item)
+{
+	$status_user = api_get_user($a, $item["author-link"]);
+
+	$status_user["protected"] = (($item["allow_cid"] != "") ||
+					($item["allow_gid"] != "") ||
+					($item["deny_cid"] != "") ||
+					($item["deny_gid"] != "") ||
+					$item["private"]);
+
+	if ($item['thr-parent'] == $item['uri']) {
+		$owner_user = api_get_user($a, $item["owner-link"]);
+	} else {
+		$owner_user = $status_user;
+	}
+
+	return (array($status_user, $owner_user));
+}
+
+/**
+ * @brief walks recursively through an array with the possibility to change value and key
+ *
+ * @param array  $array    The array to walk through
+ * @param string $callback The callback function
+ *
+ * @return array the transformed array
+ */
+function api_walk_recursive(array &$array, callable $callback)
+{
+	$new_array = array();
+
+	foreach ($array as $k => $v) {
+		if (is_array($v)) {
+			if ($callback($v, $k)) {
+				$new_array[$k] = api_walk_recursive($v, $callback);
+			}
+		} else {
+			if ($callback($v, $k)) {
+				$new_array[$k] = $v;
+			}
+		}
+	}
+	$array = $new_array;
+
+	return $array;
+}
+
+/**
+ * @brief Callback function to transform the array in an array that can be transformed in a XML file
+ *
+ * @param mixed  $item Array item value
+ * @param string $key  Array key
+ *
+ * @return boolean Should the array item be deleted?
+ */
+function api_reformat_xml(&$item, &$key)
+{
+	if (is_bool($item)) {
+		$item = ($item ? "true" : "false");
+	}
+
+	if (substr($key, 0, 10) == "statusnet_") {
+		$key = "statusnet:".substr($key, 10);
+	} elseif (substr($key, 0, 10) == "friendica_") {
+		$key = "friendica:".substr($key, 10);
+	}
+	/// @TODO old-lost code?
+	//else
+	//	$key = "default:".$key;
+
+	return true;
+}
+
+/**
+ * @brief Creates the XML from a JSON style array
+ *
+ * @param array  $data         JSON style array
+ * @param string $root_element Name of the root element
+ *
+ * @return string The XML data
+ */
+function api_create_xml($data, $root_element)
+{
+	$childname = key($data);
+	$data2 = array_pop($data);
+	$key = key($data2);
+
+	$namespaces = array("" => "http://api.twitter.com",
+				"statusnet" => "http://status.net/schema/api/1/",
+				"friendica" => "http://friendi.ca/schema/api/1/",
+				"georss" => "http://www.georss.org/georss");
+
+	/// @todo Auto detection of needed namespaces
+	if (in_array($root_element, array("ok", "hash", "config", "version", "ids", "notes", "photos"))) {
+		$namespaces = array();
+	}
+
+	if (is_array($data2)) {
+		api_walk_recursive($data2, "api_reformat_xml");
+	}
+
+	if ($key == "0") {
+		$data4 = array();
+		$i = 1;
+
+		foreach ($data2 as $item) {
+			$data4[$i++.":".$childname] = $item;
 		}
 
-		$network_name = network_to_name($uinfo[0]['network'], $uinfo[0]['url']);
+		$data2 = $data4;
+	}
 
-		$pcontact_id  = get_contact($uinfo[0]['url'], 0, true);
+	$data3 = array($root_element => $data2);
 
-		$ret = array(
-			'id' => intval($pcontact_id),
-			'id_str' => (string) intval($pcontact_id),
-			'name' => (($uinfo[0]['name']) ? $uinfo[0]['name'] : $uinfo[0]['nick']),
-			'screen_name' => (($uinfo[0]['nick']) ? $uinfo[0]['nick'] : $uinfo[0]['name']),
-			'location' => ($usr) ? $usr[0]['default-location'] : $network_name,
-			'description' => (($profile) ? $profile[0]['pdesc'] : NULL),
-			'profile_image_url' => $uinfo[0]['micro'],
-			'profile_image_url_https' => $uinfo[0]['micro'],
-			'url' => $uinfo[0]['url'],
-			'protected' => false,
-			'followers_count' => intval($countfollowers),
-			'friends_count' => intval($countfriends),
-			'listed_count' => 0,
-			'created_at' => api_date($uinfo[0]['created']),
-			'favourites_count' => intval($starred),
-			'utc_offset' => "0",
-			'time_zone' => 'UTC',
-			'geo_enabled' => false,
-			'verified' => true,
-			'statuses_count' => intval($countitms),
-			'lang' => '',
-			'contributors_enabled' => false,
-			'is_translator' => false,
-			'is_translation_enabled' => false,
-			'following' => (($uinfo[0]['rel'] == CONTACT_IS_FOLLOWER) || ($uinfo[0]['rel'] == CONTACT_IS_FRIEND)),
-			'follow_request_sent' => false,
-			'statusnet_blocking' => false,
-			'notifications' => false,
-			/// @TODO old way?
-			//'statusnet_profile_url' => System::baseUrl()."/contacts/".$uinfo[0]['cid'],
-			'statusnet_profile_url' => $uinfo[0]['url'],
-			'uid' => intval($uinfo[0]['uid']),
-			'cid' => intval($uinfo[0]['cid']),
-			'self' => $uinfo[0]['self'],
-			'network' => $uinfo[0]['network'],
+	$ret = XML::from_array($data3, $xml, false, $namespaces);
+	return $ret;
+}
+
+/**
+ * @brief Formats the data according to the data type
+ *
+ * @param string $root_element Name of the root element
+ * @param string $type         Return type (atom, rss, xml, json)
+ * @param array  $data         JSON style array
+ *
+ * @return (string|object) XML data or JSON data
+ */
+function api_format_data($root_element, $type, $data)
+{
+	$a = get_app();
+
+	switch ($type) {
+		case "atom":
+		case "rss":
+		case "xml":
+			$ret = api_create_xml($data, $root_element);
+			break;
+		case "json":
+			$ret = $data;
+			break;
+	}
+
+	return $ret;
+}
+
+/**
+ * TWITTER API
+ */
+
+/**
+ * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful;
+ * returns a 401 status code and an error message if not.
+ * http://developer.twitter.com/doc/get/account/verify_credentials
+ */
+function api_account_verify_credentials($type)
+{
+
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	unset($_REQUEST["user_id"]);
+	unset($_GET["user_id"]);
+
+	unset($_REQUEST["screen_name"]);
+	unset($_GET["screen_name"]);
+
+	$skip_status = (x($_REQUEST, 'skip_status')?$_REQUEST['skip_status'] : false);
+
+	$user_info = api_get_user($a);
+
+	// "verified" isn't used here in the standard
+	unset($user_info["verified"]);
+
+	// - Adding last status
+	if (!$skip_status) {
+		$user_info["status"] = api_status_show("raw");
+		if (!count($user_info["status"])) {
+			unset($user_info["status"]);
+		} else {
+			unset($user_info["status"]["user"]);
+		}
+	}
+
+	// "uid" and "self" are only needed for some internal stuff, so remove it from here
+	unset($user_info["uid"]);
+	unset($user_info["self"]);
+
+	return api_format_data("user", $type, array('user' => $user_info));
+}
+
+/// @TODO move to top of file or somwhere better
+api_register_func('api/account/verify_credentials', 'api_account_verify_credentials', true);
+
+/**
+ * Get data from $_POST or $_GET
+ */
+function requestdata($k)
+{
+	if (x($_POST, $k)) {
+		return $_POST[$k];
+	}
+	if (x($_GET, $k)) {
+		return $_GET[$k];
+	}
+	return null;
+}
+
+/*Waitman Gobble Mod*/
+function api_statuses_mediap($type)
+{
+	$a = get_app();
+
+	if (api_user() === false) {
+		logger('api_statuses_update: no user');
+		throw new ForbiddenException();
+	}
+	$user_info = api_get_user($a);
+
+	$_REQUEST['type'] = 'wall';
+	$_REQUEST['profile_uid'] = api_user();
+	$_REQUEST['api_source'] = true;
+	$txt = requestdata('status');
+	/// @TODO old-lost code?
+	//$txt = urldecode(requestdata('status'));
+
+	if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) {
+		$txt = html2bb_video($txt);
+		$config = HTMLPurifier_Config::createDefault();
+		$config->set('Cache.DefinitionImpl', null);
+		$purifier = new HTMLPurifier($config);
+		$txt = $purifier->purify($txt);
+	}
+	$txt = html2bbcode($txt);
+
+	$a->argv[1]=$user_info['screen_name']; //should be set to username?
+
+	// tell wall_upload function to return img info instead of echo
+	$_REQUEST['hush'] = 'yeah';
+	$bebop = wall_upload_post($a);
+
+	// now that we have the img url in bbcode we can add it to the status and insert the wall item.
+	$_REQUEST['body'] = $txt . "\n\n" . $bebop;
+	item_post($a);
+
+	// this should output the last post (the one we just posted).
+	return api_status_show($type);
+}
+
+/// @TODO move this to top of file or somewhere better!
+api_register_func('api/statuses/mediap', 'api_statuses_mediap', true, API_METHOD_POST);
+
+function api_statuses_update($type)
+{
+
+	$a = get_app();
+
+	if (api_user() === false) {
+		logger('api_statuses_update: no user');
+		throw new ForbiddenException();
+	}
+
+	$user_info = api_get_user($a);
+
+	// convert $_POST array items to the form we use for web posts.
+
+	// logger('api_post: ' . print_r($_POST,true));
+
+	if (requestdata('htmlstatus')) {
+		$txt = requestdata('htmlstatus');
+		if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) {
+			$txt = html2bb_video($txt);
+
+			$config = HTMLPurifier_Config::createDefault();
+			$config->set('Cache.DefinitionImpl', null);
+
+			$purifier = new HTMLPurifier($config);
+			$txt = $purifier->purify($txt);
+
+			$_REQUEST['body'] = html2bbcode($txt);
+		}
+	} else {
+		$_REQUEST['body'] = requestdata('status');
+	}
+
+	$_REQUEST['title'] = requestdata('title');
+
+	$parent = requestdata('in_reply_to_status_id');
+
+	// Twidere sends "-1" if it is no reply ...
+	if ($parent == -1) {
+		$parent = "";
+	}
+
+	if (ctype_digit($parent)) {
+		$_REQUEST['parent'] = $parent;
+	} else {
+		$_REQUEST['parent_uri'] = $parent;
+	}
+
+	if (requestdata('lat') && requestdata('long')) {
+		$_REQUEST['coord'] = sprintf("%s %s", requestdata('lat'), requestdata('long'));
+	}
+	$_REQUEST['profile_uid'] = api_user();
+
+	if ($parent) {
+		$_REQUEST['type'] = 'net-comment';
+	} else {
+		// Check for throttling (maximum posts per day, week and month)
+		$throttle_day = Config::get('system', 'throttle_limit_day');
+		if ($throttle_day > 0) {
+			$datefrom = date("Y-m-d H:i:s", time() - 24*60*60);
+
+			$r = q(
+				"SELECT COUNT(*) AS `posts_day` FROM `item` WHERE `uid`=%d AND `wall`
+				AND `created` > '%s' AND `id` = `parent`",
+				intval(api_user()),
+				dbesc($datefrom)
+			);
+
+			if (DBM::is_result($r)) {
+				$posts_day = $r[0]["posts_day"];
+			} else {
+				$posts_day = 0;
+			}
+
+			if ($posts_day > $throttle_day) {
+				logger('Daily posting limit reached for user '.api_user(), LOGGER_DEBUG);
+				// die(api_error($type, sprintf(t("Daily posting limit of %d posts reached. The post was rejected."), $throttle_day)));
+				throw new TooManyRequestsException(sprintf(t("Daily posting limit of %d posts reached. The post was rejected."), $throttle_day));
+			}
+		}
+
+		$throttle_week = Config::get('system', 'throttle_limit_week');
+		if ($throttle_week > 0) {
+			$datefrom = date("Y-m-d H:i:s", time() - 24*60*60*7);
+
+			$r = q(
+				"SELECT COUNT(*) AS `posts_week` FROM `item` WHERE `uid`=%d AND `wall`
+				AND `created` > '%s' AND `id` = `parent`",
+				intval(api_user()),
+				dbesc($datefrom)
+			);
+
+			if (DBM::is_result($r)) {
+				$posts_week = $r[0]["posts_week"];
+			} else {
+				$posts_week = 0;
+			}
+
+			if ($posts_week > $throttle_week) {
+				logger('Weekly posting limit reached for user '.api_user(), LOGGER_DEBUG);
+				// die(api_error($type, sprintf(t("Weekly posting limit of %d posts reached. The post was rejected."), $throttle_week)));
+				throw new TooManyRequestsException(sprintf(t("Weekly posting limit of %d posts reached. The post was rejected."), $throttle_week));
+			}
+		}
+
+		$throttle_month = Config::get('system', 'throttle_limit_month');
+		if ($throttle_month > 0) {
+			$datefrom = date("Y-m-d H:i:s", time() - 24*60*60*30);
+
+			$r = q(
+				"SELECT COUNT(*) AS `posts_month` FROM `item` WHERE `uid`=%d AND `wall`
+				AND `created` > '%s' AND `id` = `parent`",
+				intval(api_user()),
+				dbesc($datefrom)
+			);
+
+			if (DBM::is_result($r)) {
+				$posts_month = $r[0]["posts_month"];
+			} else {
+				$posts_month = 0;
+			}
+
+			if ($posts_month > $throttle_month) {
+				logger('Monthly posting limit reached for user '.api_user(), LOGGER_DEBUG);
+				// die(api_error($type, sprintf(t("Monthly posting limit of %d posts reached. The post was rejected."), $throttle_month)));
+				throw new TooManyRequestsException(sprintf(t("Monthly posting limit of %d posts reached. The post was rejected."), $throttle_month));
+			}
+		}
+
+		$_REQUEST['type'] = 'wall';
+	}
+
+	if (x($_FILES, 'media')) {
+		// upload the image if we have one
+		$_REQUEST['hush'] = 'yeah'; //tell wall_upload function to return img info instead of echo
+		$media = wall_upload_post($a);
+		if (strlen($media) > 0) {
+			$_REQUEST['body'] .= "\n\n" . $media;
+		}
+	}
+
+	// To-Do: Multiple IDs
+	if (requestdata('media_ids')) {
+		$r = q(
+			"SELECT `resource-id`, `scale`, `nickname`, `type` FROM `photo` INNER JOIN `user` ON `user`.`uid` = `photo`.`uid` WHERE `resource-id` IN (SELECT `resource-id` FROM `photo` WHERE `id` = %d) AND `scale` > 0 AND `photo`.`uid` = %d ORDER BY `photo`.`width` DESC LIMIT 1",
+			intval(requestdata('media_ids')),
+			api_user()
+		);
+		if (DBM::is_result($r)) {
+			$phototypes = Photo::supportedTypes();
+			$ext = $phototypes[$r[0]['type']];
+			$_REQUEST['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $r[0]['nickname'] . '/image/' . $r[0]['resource-id'] . ']';
+			$_REQUEST['body'] .= '[img]' . System::baseUrl() . '/photo/' . $r[0]['resource-id'] . '-' . $r[0]['scale'] . '.' . $ext . '[/img][/url]';
+		}
+	}
+
+	// set this so that the item_post() function is quiet and doesn't redirect or emit json
+
+	$_REQUEST['api_source'] = true;
+
+	if (!x($_REQUEST, "source")) {
+		$_REQUEST["source"] = api_source();
+	}
+
+	// call out normal post function
+	item_post($a);
+
+	// this should output the last post (the one we just posted).
+	return api_status_show($type);
+}
+
+/// @TODO move to top of file or somwhere better
+api_register_func('api/statuses/update', 'api_statuses_update', true, API_METHOD_POST);
+api_register_func('api/statuses/update_with_media', 'api_statuses_update', true, API_METHOD_POST);
+
+function api_media_upload($type)
+{
+	$a = get_app();
+
+	if (api_user() === false) {
+		logger('no user');
+		throw new ForbiddenException();
+	}
+
+	$user_info = api_get_user($a);
+
+	if (!x($_FILES, 'media')) {
+		// Output error
+		throw new BadRequestException("No media.");
+	}
+
+	$media = wall_upload_post($a, false);
+	if (!$media) {
+		// Output error
+		throw new InternalServerErrorException();
+	}
+
+	$returndata = array();
+	$returndata["media_id"] = $media["id"];
+	$returndata["media_id_string"] = (string)$media["id"];
+	$returndata["size"] = $media["size"];
+	$returndata["image"] = array("w" => $media["width"],
+					"h" => $media["height"],
+					"image_type" => $media["type"]);
+
+	logger("Media uploaded: " . print_r($returndata, true), LOGGER_DEBUG);
+
+	return array("media" => $returndata);
+}
+
+/// @TODO move to top of file or somwhere better
+api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST);
+
+function api_status_show($type)
+{
+	$a = get_app();
+
+	$user_info = api_get_user($a);
+
+	logger('api_status_show: user_info: '.print_r($user_info, true), LOGGER_DEBUG);
+
+	if ($type == "raw") {
+		$privacy_sql = "AND `item`.`allow_cid`='' AND `item`.`allow_gid`='' AND `item`.`deny_cid`='' AND `item`.`deny_gid`=''";
+	} else {
+		$privacy_sql = "";
+	}
+
+	// get last public wall message
+	$lastwall = q(
+		"SELECT `item`.*
+			FROM `item`
+			WHERE `item`.`contact-id` = %d AND `item`.`uid` = %d
+				AND ((`item`.`author-link` IN ('%s', '%s')) OR (`item`.`owner-link` IN ('%s', '%s')))
+				AND `item`.`type` != 'activity' $privacy_sql
+			ORDER BY `item`.`id` DESC
+			LIMIT 1",
+		intval($user_info['cid']),
+		intval(api_user()),
+		dbesc($user_info['url']),
+		dbesc(normalise_link($user_info['url'])),
+		dbesc($user_info['url']),
+		dbesc(normalise_link($user_info['url']))
+	);
+
+	if (DBM::is_result($lastwall)) {
+		$lastwall = $lastwall[0];
+
+		$in_reply_to = api_in_reply_to($lastwall);
+
+		$converted = api_convert_item($lastwall);
+
+		if ($type == "xml") {
+			$geo = "georss:point";
+		} else {
+			$geo = "geo";
+		}
+
+		$status_info = array(
+			'created_at' => api_date($lastwall['created']),
+			'id' => intval($lastwall['id']),
+			'id_str' => (string) $lastwall['id'],
+			'text' => $converted["text"],
+			'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'),
+			'truncated' => false,
+			'in_reply_to_status_id' => $in_reply_to['status_id'],
+			'in_reply_to_status_id_str' => $in_reply_to['status_id_str'],
+			'in_reply_to_user_id' => $in_reply_to['user_id'],
+			'in_reply_to_user_id_str' => $in_reply_to['user_id_str'],
+			'in_reply_to_screen_name' => $in_reply_to['screen_name'],
+			'user' => $user_info,
+			$geo => null,
+			'coordinates' => "",
+			'place' => "",
+			'contributors' => "",
+			'is_quote_status' => false,
+			'retweet_count' => 0,
+			'favorite_count' => 0,
+			'favorited' => $lastwall['starred'] ? true : false,
+			'retweeted' => false,
+			'possibly_sensitive' => false,
+			'lang' => "",
+			'statusnet_html'		=> $converted["html"],
+			'statusnet_conversation_id'	=> $lastwall['parent'],
 		);
 
-		return $ret;
-
-	}
-
-	/**
-	 * @brief return api-formatted array for item's author and owner
-	 *
-	 * @param App $a
-	 * @param array $item : item from db
-	 * @return array(array:author, array:owner)
-	 */
-	function api_item_get_user(App $a, $item) {
-
-		$status_user = api_get_user($a, $item["author-link"]);
-
-		$status_user["protected"] = (($item["allow_cid"] != "") ||
-						($item["allow_gid"] != "") ||
-						($item["deny_cid"] != "") ||
-						($item["deny_gid"] != "") ||
-						$item["private"]);
-
-		if ($item['thr-parent'] == $item['uri']) {
-			$owner_user = api_get_user($a, $item["owner-link"]);
-		} else {
-			$owner_user = $status_user;
+		if (count($converted["attachments"]) > 0) {
+			$status_info["attachments"] = $converted["attachments"];
 		}
 
-		return (array($status_user, $owner_user));
-	}
-
-	/**
-	 * @brief walks recursively through an array with the possibility to change value and key
-	 *
-	 * @param array $array The array to walk through
-	 * @param string $callback The callback function
-	 *
-	 * @return array the transformed array
-	 */
-	function api_walk_recursive(array &$array, callable $callback) {
-
-		$new_array = array();
-
-		foreach ($array as $k => $v) {
-			if (is_array($v)) {
-				if ($callback($v, $k)) {
-					$new_array[$k] = api_walk_recursive($v, $callback);
-				}
-			} else {
-				if ($callback($v, $k)) {
-					$new_array[$k] = $v;
-				}
-			}
-		}
-		$array = $new_array;
-
-		return $array;
-	}
-
-	/**
-	 * @brief Callback function to transform the array in an array that can be transformed in a XML file
-	 *
-	 * @param variant $item Array item value
-	 * @param string $key Array key
-	 *
-	 * @return boolean Should the array item be deleted?
-	 */
-	function api_reformat_xml(&$item, &$key) {
-		if (is_bool($item)) {
-			$item = ($item ? "true" : "false");
+		if (count($converted["entities"]) > 0) {
+			$status_info["entities"] = $converted["entities"];
 		}
 
-		if (substr($key, 0, 10) == "statusnet_") {
-			$key = "statusnet:".substr($key, 10);
-		} elseif (substr($key, 0, 10) == "friendica_") {
-			$key = "friendica:".substr($key, 10);
-		}
-		/// @TODO old-lost code?
-		//else
-		//	$key = "default:".$key;
-
-		return true;
-	}
-
-	/**
-	 * @brief Creates the XML from a JSON style array
-	 *
-	 * @param array $data JSON style array
-	 * @param string $root_element Name of the root element
-	 *
-	 * @return string The XML data
-	 */
-	function api_create_xml($data, $root_element) {
-		$childname = key($data);
-		$data2 = array_pop($data);
-		$key = key($data2);
-
-		$namespaces = array("" => "http://api.twitter.com",
-					"statusnet" => "http://status.net/schema/api/1/",
-					"friendica" => "http://friendi.ca/schema/api/1/",
-					"georss" => "http://www.georss.org/georss");
-
-		/// @todo Auto detection of needed namespaces
-		if (in_array($root_element, array("ok", "hash", "config", "version", "ids", "notes", "photos"))) {
-			$namespaces = array();
-		}
-
-		if (is_array($data2)) {
-			api_walk_recursive($data2, "api_reformat_xml");
-		}
-
-		if ($key == "0") {
-			$data4 = array();
-			$i = 1;
-
-			foreach ($data2 AS $item) {
-				$data4[$i++.":".$childname] = $item;
-			}
-
-			$data2 = $data4;
-		}
-
-		$data3 = array($root_element => $data2);
-
-		$ret = xml::from_array($data3, $xml, false, $namespaces);
-		return $ret;
-	}
-
-	/**
-	 * @brief Formats the data according to the data type
-	 *
-	 * @param string $root_element Name of the root element
-	 * @param string $type Return type (atom, rss, xml, json)
-	 * @param array $data JSON style array
-	 *
-	 * @return (string|object) XML data or JSON data
-	 */
-	function api_format_data($root_element, $type, $data) {
-
-		$a = get_app();
-
-		switch ($type) {
-			case "atom":
-			case "rss":
-			case "xml":
-				$ret = api_create_xml($data, $root_element);
-				break;
-			case "json":
-				$ret = $data;
-				break;
-		}
-
-		return $ret;
-	}
-
-	/**
-	 ** TWITTER API
-	 */
-
-	/**
-	 * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful;
-	 * returns a 401 status code and an error message if not.
-	 * http://developer.twitter.com/doc/get/account/verify_credentials
-	 */
-	function api_account_verify_credentials($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		unset($_REQUEST["user_id"]);
-		unset($_GET["user_id"]);
-
-		unset($_REQUEST["screen_name"]);
-		unset($_GET["screen_name"]);
-
-		$skip_status = (x($_REQUEST, 'skip_status')?$_REQUEST['skip_status'] : false);
-
-		$user_info = api_get_user($a);
-
-		// "verified" isn't used here in the standard
-		unset($user_info["verified"]);
-
-		// - Adding last status
-		if (!$skip_status) {
-			$user_info["status"] = api_status_show("raw");
-			if (!count($user_info["status"])) {
-				unset($user_info["status"]);
-			} else {
-				unset($user_info["status"]["user"]);
-			}
+		if (($lastwall['item_network'] != "") && ($status["source"] == 'web')) {
+			$status_info["source"] = network_to_name($lastwall['item_network'], $user_info['url']);
+		} elseif (($lastwall['item_network'] != "") && (network_to_name($lastwall['item_network'], $user_info['url']) != $status_info["source"])) {
+			$status_info["source"] = trim($status_info["source"].' ('.network_to_name($lastwall['item_network'], $user_info['url']).')');
 		}
 
 		// "uid" and "self" are only needed for some internal stuff, so remove it from here
-		unset($user_info["uid"]);
-		unset($user_info["self"]);
-
-		return api_format_data("user", $type, array('user' => $user_info));
-
+		unset($status_info["user"]["uid"]);
+		unset($status_info["user"]["self"]);
 	}
 
-	/// @TODO move to top of file or somwhere better
-	api_register_func('api/account/verify_credentials','api_account_verify_credentials', true);
+	logger('status_info: '.print_r($status_info, true), LOGGER_DEBUG);
 
-	/**
-	 * get data from $_POST or $_GET
-	 */
-	function requestdata($k) {
-		if (x($_POST, $k)) {
-			return $_POST[$k];
-		}
-		if (x($_GET, $k)) {
-			return $_GET[$k];
-		}
-		return null;
+	if ($type == "raw") {
+		return $status_info;
 	}
 
-/*Waitman Gobble Mod*/
-	function api_statuses_mediap($type) {
+	return api_format_data("statuses", $type, array('status' => $status_info));
+}
 
-		$a = get_app();
+/**
+ * Returns extended information of a given user, specified by ID or screen name as per the required id parameter.
+ * The author's most recent status will be returned inline.
+ * http://developer.twitter.com/doc/get/users/show
+ */
+function api_users_show($type)
+{
+	$a = get_app();
 
-		if (api_user() === false) {
-			logger('api_statuses_update: no user');
-			throw new ForbiddenException();
+	$user_info = api_get_user($a);
+	$lastwall = q(
+		"SELECT `item`.*
+			FROM `item`
+			INNER JOIN `contact` ON `contact`.`id`=`item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
+			WHERE `item`.`uid` = %d AND `verb` = '%s' AND `item`.`contact-id` = %d
+				AND ((`item`.`author-link` IN ('%s', '%s')) OR (`item`.`owner-link` IN ('%s', '%s')))
+				AND `type`!='activity'
+				AND `item`.`allow_cid`='' AND `item`.`allow_gid`='' AND `item`.`deny_cid`='' AND `item`.`deny_gid`=''
+			ORDER BY `id` DESC
+			LIMIT 1",
+		intval(api_user()),
+		dbesc(ACTIVITY_POST),
+		intval($user_info['cid']),
+		dbesc($user_info['url']),
+		dbesc(normalise_link($user_info['url'])),
+		dbesc($user_info['url']),
+		dbesc(normalise_link($user_info['url']))
+	);
+
+	if (DBM::is_result($lastwall)) {
+		$lastwall = $lastwall[0];
+
+		$in_reply_to = api_in_reply_to($lastwall);
+
+		$converted = api_convert_item($lastwall);
+
+		if ($type == "xml") {
+			$geo = "georss:point";
+		} else {
+			$geo = "geo";
 		}
-		$user_info = api_get_user($a);
 
+		$user_info['status'] = array(
+			'text' => $converted["text"],
+			'truncated' => false,
+			'created_at' => api_date($lastwall['created']),
+			'in_reply_to_status_id' => $in_reply_to['status_id'],
+			'in_reply_to_status_id_str' => $in_reply_to['status_id_str'],
+			'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'),
+			'id' => intval($lastwall['contact-id']),
+			'id_str' => (string) $lastwall['contact-id'],
+			'in_reply_to_user_id' => $in_reply_to['user_id'],
+			'in_reply_to_user_id_str' => $in_reply_to['user_id_str'],
+			'in_reply_to_screen_name' => $in_reply_to['screen_name'],
+			$geo => null,
+			'favorited' => $lastwall['starred'] ? true : false,
+			'statusnet_html' => $converted["html"],
+			'statusnet_conversation_id'	=> $lastwall['parent'],
+		);
+
+		if (count($converted["attachments"]) > 0) {
+			$user_info["status"]["attachments"] = $converted["attachments"];
+		}
+
+		if (count($converted["entities"]) > 0) {
+			$user_info["status"]["entities"] = $converted["entities"];
+		}
+
+		if (($lastwall['item_network'] != "") && ($user_info["status"]["source"] == 'web')) {
+			$user_info["status"]["source"] = network_to_name($lastwall['item_network'], $user_info['url']);
+		}
+
+		if (($lastwall['item_network'] != "") && (network_to_name($lastwall['item_network'], $user_info['url']) != $user_info["status"]["source"])) {
+			$user_info["status"]["source"] = trim($user_info["status"]["source"] . ' (' . network_to_name($lastwall['item_network'], $user_info['url']) . ')');
+		}
+	}
+
+	// "uid" and "self" are only needed for some internal stuff, so remove it from here
+	unset($user_info["uid"]);
+	unset($user_info["self"]);
+
+	return api_format_data("user", $type, array('user' => $user_info));
+}
+
+/// @TODO move to top of file or somewhere better
+api_register_func('api/users/show', 'api_users_show');
+api_register_func('api/externalprofile/show', 'api_users_show');
+
+function api_users_search($type)
+{
+	$a = get_app();
+
+	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
+
+	$userlist = array();
+
+	if (x($_GET, 'q')) {
+		$r = q("SELECT id FROM `contact` WHERE `uid` = 0 AND `name` = '%s'", dbesc($_GET["q"]));
+
+		if (!DBM::is_result($r)) {
+			$r = q("SELECT `id` FROM `contact` WHERE `uid` = 0 AND `nick` = '%s'", dbesc($_GET["q"]));
+		}
+
+		if (DBM::is_result($r)) {
+			$k = 0;
+			foreach ($r as $user) {
+				$user_info = api_get_user($a, $user["id"], "json");
+
+				if ($type == "xml") {
+					$userlist[$k++.":user"] = $user_info;
+				} else {
+					$userlist[] = $user_info;
+				}
+			}
+			$userlist = array("users" => $userlist);
+		} else {
+			throw new BadRequestException("User not found.");
+		}
+	} else {
+		throw new BadRequestException("User not found.");
+	}
+	return api_format_data("users", $type, $userlist);
+}
+
+/// @TODO move to top of file or somewhere better
+api_register_func('api/users/search', 'api_users_search');
+
+/**
+ *
+ * http://developer.twitter.com/doc/get/statuses/home_timeline
+ *
+ * TODO: Optional parameters
+ * TODO: Add reply info
+ */
+function api_statuses_home_timeline($type)
+{
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	unset($_REQUEST["user_id"]);
+	unset($_GET["user_id"]);
+
+	unset($_REQUEST["screen_name"]);
+	unset($_GET["screen_name"]);
+
+	$user_info = api_get_user($a);
+	// get last newtork messages
+
+	// params
+	$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
+	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
+	if ($page < 0) {
+		$page = 0;
+	}
+	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
+	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
+	//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
+	$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
+	$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
+
+	$start = $page * $count;
+
+	$sql_extra = '';
+	if ($max_id > 0) {
+		$sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
+	}
+	if ($exclude_replies > 0) {
+		$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
+	}
+	if ($conversation_id > 0) {
+		$sql_extra .= ' AND `item`.`parent` = ' . intval($conversation_id);
+	}
+
+	$r = q(
+		"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
+		`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+		`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+		`contact`.`id` AS `cid`
+		FROM `item`
+		STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
+			AND (NOT `contact`.`blocked` OR `contact`.`pending`)
+		WHERE `item`.`uid` = %d AND `verb` = '%s'
+		AND `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
+		$sql_extra
+		AND `item`.`id`>%d
+		ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
+		intval(api_user()),
+		dbesc(ACTIVITY_POST),
+		intval($since_id),
+		intval($start),
+		intval($count)
+	);
+
+	$ret = api_format_items($r, $user_info, false, $type);
+
+	// Set all posts from the query above to seen
+	$idarray = array();
+	foreach ($r as $item) {
+		$idarray[] = intval($item["id"]);
+	}
+
+	$idlist = implode(",", $idarray);
+
+	if ($idlist != "") {
+		$unseen = q("SELECT `id` FROM `item` WHERE `unseen` AND `id` IN (%s)", $idlist);
+
+		if ($unseen) {
+			$r = q("UPDATE `item` SET `unseen` = 0 WHERE `unseen` AND `id` IN (%s)", $idlist);
+		}
+	}
+
+	$data = array('status' => $ret);
+	switch ($type) {
+		case "atom":
+		case "rss":
+			$data = api_rss_extra($a, $data, $user_info);
+			break;
+	}
+
+	return api_format_data("statuses", $type, $data);
+}
+
+/// @TODO move to top of file or somewhere better
+api_register_func('api/statuses/home_timeline', 'api_statuses_home_timeline', true);
+api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', true);
+
+function api_statuses_public_timeline($type)
+{
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	$user_info = api_get_user($a);
+	// get last newtork messages
+
+	// params
+	$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
+	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
+	if ($page < 0) {
+		$page = 0;
+	}
+	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
+	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
+	//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
+	$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
+	$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
+
+	$start = $page * $count;
+
+	if ($max_id > 0) {
+		$sql_extra = 'AND `item`.`id` <= ' . intval($max_id);
+	}
+	if ($exclude_replies > 0) {
+		$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
+	}
+	if ($conversation_id > 0) {
+		$sql_extra .= ' AND `item`.`parent` = ' . intval($conversation_id);
+	}
+
+	$r = q(
+		"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
+		`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+		`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
+		`contact`.`id` AS `cid`,
+		`user`.`nickname`, `user`.`hidewall`
+		FROM `item`
+		STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
+			AND (NOT `contact`.`blocked` OR `contact`.`pending`)
+		STRAIGHT_JOIN `user` ON `user`.`uid` = `item`.`uid`
+			AND NOT `user`.`hidewall`
+		WHERE `verb` = '%s' AND `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
+		AND `item`.`allow_cid` = ''  AND `item`.`allow_gid` = ''
+		AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = ''
+		AND NOT `item`.`private` AND `item`.`wall`
+		$sql_extra
+		AND `item`.`id`>%d
+		ORDER BY `item`.`id` DESC LIMIT %d, %d ",
+		dbesc(ACTIVITY_POST),
+		intval($since_id),
+		intval($start),
+		intval($count)
+	);
+
+	$ret = api_format_items($r, $user_info, false, $type);
+
+	$data = array('status' => $ret);
+	switch ($type) {
+		case "atom":
+		case "rss":
+			$data = api_rss_extra($a, $data, $user_info);
+			break;
+	}
+
+	return api_format_data("statuses", $type, $data);
+}
+
+/// @TODO move to top of file or somewhere better
+api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline', true);
+
+/**
+ * @TODO nothing to say?
+ */
+function api_statuses_show($type)
+{
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	$user_info = api_get_user($a);
+
+	// params
+	$id = intval($a->argv[3]);
+
+	if ($id == 0) {
+		$id = intval($_REQUEST["id"]);
+	}
+
+	// Hotot workaround
+	if ($id == 0) {
+		$id = intval($a->argv[4]);
+	}
+
+	logger('API: api_statuses_show: ' . $id);
+
+	$conversation = (x($_REQUEST, 'conversation') ? 1 : 0);
+
+	$sql_extra = '';
+	if ($conversation) {
+		$sql_extra .= " AND `item`.`parent` = %d ORDER BY `id` ASC ";
+	} else {
+		$sql_extra .= " AND `item`.`id` = %d";
+	}
+
+	$r = q(
+		"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
+		`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+		`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+		`contact`.`id` AS `cid`
+		FROM `item`
+		INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
+			AND (NOT `contact`.`blocked` OR `contact`.`pending`)
+		WHERE `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
+		AND `item`.`uid` = %d AND `item`.`verb` = '%s'
+		$sql_extra",
+		intval(api_user()),
+		dbesc(ACTIVITY_POST),
+		intval($id)
+	);
+
+	/// @TODO How about copying this to above methods which don't check $r ?
+	if (!DBM::is_result($r)) {
+		throw new BadRequestException("There is no status with this id.");
+	}
+
+	$ret = api_format_items($r, $user_info, false, $type);
+
+	if ($conversation) {
+		$data = array('status' => $ret);
+		return api_format_data("statuses", $type, $data);
+	} else {
+		$data = array('status' => $ret[0]);
+		return api_format_data("status", $type, $data);
+	}
+}
+
+/// @TODO move to top of file or somewhere better
+api_register_func('api/statuses/show', 'api_statuses_show', true);
+
+/**
+ * @TODO nothing to say?
+ */
+function api_conversation_show($type)
+{
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	$user_info = api_get_user($a);
+
+	// params
+	$id = intval($a->argv[3]);
+	$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
+	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
+	if ($page < 0) {
+		$page = 0;
+	}
+	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
+	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
+
+	$start = $page*$count;
+
+	if ($id == 0) {
+		$id = intval($_REQUEST["id"]);
+	}
+
+	// Hotot workaround
+	if ($id == 0) {
+		$id = intval($a->argv[4]);
+	}
+
+	logger('API: api_conversation_show: '.$id);
+
+	$r = q("SELECT `parent` FROM `item` WHERE `id` = %d", intval($id));
+	if (DBM::is_result($r)) {
+		$id = $r[0]["parent"];
+	}
+
+	$sql_extra = '';
+
+	if ($max_id > 0) {
+		$sql_extra = ' AND `item`.`id` <= ' . intval($max_id);
+	}
+
+	// Not sure why this query was so complicated. We should keep it here for a while,
+	// just to make sure that we really don't need it.
+	//	FROM `item` INNER JOIN (SELECT `uri`,`parent` FROM `item` WHERE `id` = %d) AS `temp1`
+	//	ON (`item`.`thr-parent` = `temp1`.`uri` AND `item`.`parent` = `temp1`.`parent`)
+
+	$r = q(
+		"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
+		`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+		`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+		`contact`.`id` AS `cid`
+		FROM `item`
+		STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
+			AND (NOT `contact`.`blocked` OR `contact`.`pending`)
+		WHERE `item`.`parent` = %d AND `item`.`visible`
+		AND NOT `item`.`moderated` AND NOT `item`.`deleted`
+		AND `item`.`uid` = %d AND `item`.`verb` = '%s'
+		AND `item`.`id`>%d $sql_extra
+		ORDER BY `item`.`id` DESC LIMIT %d ,%d",
+		intval($id), intval(api_user()),
+		dbesc(ACTIVITY_POST),
+		intval($since_id),
+		intval($start), intval($count)
+	);
+
+	if (!DBM::is_result($r)) {
+		throw new BadRequestException("There is no status with this id.");
+	}
+
+	$ret = api_format_items($r, $user_info, false, $type);
+
+	$data = array('status' => $ret);
+	return api_format_data("statuses", $type, $data);
+}
+
+/// @TODO move to top of file or somewhere better
+api_register_func('api/conversation/show', 'api_conversation_show', true);
+api_register_func('api/statusnet/conversation', 'api_conversation_show', true);
+
+/**
+ * @TODO nothing to say?
+ */
+function api_statuses_repeat($type)
+{
+	global $called_api;
+
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	$user_info = api_get_user($a);
+
+	// params
+	$id = intval($a->argv[3]);
+
+	if ($id == 0) {
+		$id = intval($_REQUEST["id"]);
+	}
+
+	// Hotot workaround
+	if ($id == 0) {
+		$id = intval($a->argv[4]);
+	}
+
+	logger('API: api_statuses_repeat: '.$id);
+
+	$r = q(
+		"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`, `contact`.`nick` as `reply_author`,
+		`contact`.`name`, `contact`.`photo` as `reply_photo`, `contact`.`url` as `reply_url`, `contact`.`rel`,
+		`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+		`contact`.`id` AS `cid`
+		FROM `item`
+		INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
+			AND (NOT `contact`.`blocked` OR `contact`.`pending`)
+		WHERE `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
+		AND NOT `item`.`private` AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
+		AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
+		$sql_extra
+		AND `item`.`id`=%d",
+		intval($id)
+	);
+
+	/// @TODO other style than above functions!
+	if (DBM::is_result($r) && $r[0]['body'] != "") {
+		if (strpos($r[0]['body'], "[/share]") !== false) {
+			$pos = strpos($r[0]['body'], "[share");
+			$post = substr($r[0]['body'], $pos);
+		} else {
+			$post = share_header($r[0]['author-name'], $r[0]['author-link'], $r[0]['author-avatar'], $r[0]['guid'], $r[0]['created'], $r[0]['plink']);
+
+			$post .= $r[0]['body'];
+			$post .= "[/share]";
+		}
+		$_REQUEST['body'] = $post;
+		$_REQUEST['profile_uid'] = api_user();
 		$_REQUEST['type'] = 'wall';
-		$_REQUEST['profile_uid'] = api_user();
-		$_REQUEST['api_source'] = true;
-		$txt = requestdata('status');
-		/// @TODO old-lost code?
-		//$txt = urldecode(requestdata('status'));
-
-		if ((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
-
-			$txt = html2bb_video($txt);
-			$config = HTMLPurifier_Config::createDefault();
-			$config->set('Cache.DefinitionImpl', null);
-			$purifier = new HTMLPurifier($config);
-			$txt = $purifier->purify($txt);
-		}
-		$txt = html2bbcode($txt);
-
-		$a->argv[1]=$user_info['screen_name']; //should be set to username?
-
-		// tell wall_upload function to return img info instead of echo
-		$_REQUEST['hush'] = 'yeah';
-		$bebop = wall_upload_post($a);
-
-		// now that we have the img url in bbcode we can add it to the status and insert the wall item.
-		$_REQUEST['body'] = $txt . "\n\n" . $bebop;
-		item_post($a);
-
-		// this should output the last post (the one we just posted).
-		return api_status_show($type);
-	}
-
-	/// @TODO move this to top of file or somewhere better!
-	api_register_func('api/statuses/mediap','api_statuses_mediap', true, API_METHOD_POST);
-
-	function api_statuses_update($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			logger('api_statuses_update: no user');
-			throw new ForbiddenException();
-		}
-
-		$user_info = api_get_user($a);
-
-		// convert $_POST array items to the form we use for web posts.
-
-		// logger('api_post: ' . print_r($_POST,true));
-
-		if (requestdata('htmlstatus')) {
-			$txt = requestdata('htmlstatus');
-			if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) {
-				$txt = html2bb_video($txt);
-
-				$config = HTMLPurifier_Config::createDefault();
-				$config->set('Cache.DefinitionImpl', null);
-
-				$purifier = new HTMLPurifier($config);
-				$txt = $purifier->purify($txt);
-
-				$_REQUEST['body'] = html2bbcode($txt);
-			}
-
-		} else {
-			$_REQUEST['body'] = requestdata('status');
-		}
-
-		$_REQUEST['title'] = requestdata('title');
-
-		$parent = requestdata('in_reply_to_status_id');
-
-		// Twidere sends "-1" if it is no reply ...
-		if ($parent == -1) {
-			$parent = "";
-		}
-
-		if (ctype_digit($parent)) {
-			$_REQUEST['parent'] = $parent;
-		} else {
-			$_REQUEST['parent_uri'] = $parent;
-		}
-
-		if (requestdata('lat') && requestdata('long')) {
-			$_REQUEST['coord'] = sprintf("%s %s", requestdata('lat'), requestdata('long'));
-		}
-		$_REQUEST['profile_uid'] = api_user();
-
-		if ($parent) {
-			$_REQUEST['type'] = 'net-comment';
-		} else {
-			// Check for throttling (maximum posts per day, week and month)
-			$throttle_day = Config::get('system','throttle_limit_day');
-			if ($throttle_day > 0) {
-				$datefrom = date("Y-m-d H:i:s", time() - 24*60*60);
-
-				$r = q("SELECT COUNT(*) AS `posts_day` FROM `item` WHERE `uid`=%d AND `wall`
-					AND `created` > '%s' AND `id` = `parent`",
-					intval(api_user()), dbesc($datefrom));
-
-				if (DBM::is_result($r)) {
-					$posts_day = $r[0]["posts_day"];
-				} else {
-					$posts_day = 0;
-				}
-
-				if ($posts_day > $throttle_day) {
-					logger('Daily posting limit reached for user '.api_user(), LOGGER_DEBUG);
-					// die(api_error($type, sprintf(t("Daily posting limit of %d posts reached. The post was rejected."), $throttle_day)));
-					throw new TooManyRequestsException(sprintf(t("Daily posting limit of %d posts reached. The post was rejected."), $throttle_day));
-				}
-			}
-
-			$throttle_week = Config::get('system','throttle_limit_week');
-			if ($throttle_week > 0) {
-				$datefrom = date("Y-m-d H:i:s", time() - 24*60*60*7);
-
-				$r = q("SELECT COUNT(*) AS `posts_week` FROM `item` WHERE `uid`=%d AND `wall`
-					AND `created` > '%s' AND `id` = `parent`",
-					intval(api_user()), dbesc($datefrom));
-
-				if (DBM::is_result($r)) {
-					$posts_week = $r[0]["posts_week"];
-				} else {
-					$posts_week = 0;
-				}
-
-				if ($posts_week > $throttle_week) {
-					logger('Weekly posting limit reached for user '.api_user(), LOGGER_DEBUG);
-					// die(api_error($type, sprintf(t("Weekly posting limit of %d posts reached. The post was rejected."), $throttle_week)));
-					throw new TooManyRequestsException(sprintf(t("Weekly posting limit of %d posts reached. The post was rejected."), $throttle_week));
-				}
-			}
-
-			$throttle_month = Config::get('system','throttle_limit_month');
-			if ($throttle_month > 0) {
-				$datefrom = date("Y-m-d H:i:s", time() - 24*60*60*30);
-
-				$r = q("SELECT COUNT(*) AS `posts_month` FROM `item` WHERE `uid`=%d AND `wall`
-					AND `created` > '%s' AND `id` = `parent`",
-					intval(api_user()), dbesc($datefrom));
-
-				if (DBM::is_result($r)) {
-					$posts_month = $r[0]["posts_month"];
-				} else {
-					$posts_month = 0;
-				}
-
-				if ($posts_month > $throttle_month) {
-					logger('Monthly posting limit reached for user '.api_user(), LOGGER_DEBUG);
-					// die(api_error($type, sprintf(t("Monthly posting limit of %d posts reached. The post was rejected."), $throttle_month)));
-					throw new TooManyRequestsException(sprintf(t("Monthly posting limit of %d posts reached. The post was rejected."), $throttle_month));
-				}
-			}
-
-			$_REQUEST['type'] = 'wall';
-		}
-
-		if (x($_FILES, 'media')) {
-			// upload the image if we have one
-			$_REQUEST['hush'] = 'yeah'; //tell wall_upload function to return img info instead of echo
-			$media = wall_upload_post($a);
-			if (strlen($media) > 0) {
-				$_REQUEST['body'] .= "\n\n" . $media;
-			}
-		}
-
-		// To-Do: Multiple IDs
-		if (requestdata('media_ids')) {
-			$r = q("SELECT `resource-id`, `scale`, `nickname`, `type` FROM `photo` INNER JOIN `user` ON `user`.`uid` = `photo`.`uid` WHERE `resource-id` IN (SELECT `resource-id` FROM `photo` WHERE `id` = %d) AND `scale` > 0 AND `photo`.`uid` = %d ORDER BY `photo`.`width` DESC LIMIT 1",
-				intval(requestdata('media_ids')), api_user());
-			if (DBM::is_result($r)) {
-				$phototypes = Photo::supportedTypes();
-				$ext = $phototypes[$r[0]['type']];
-				$_REQUEST['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $r[0]['nickname'] . '/image/' . $r[0]['resource-id'] . ']';
-				$_REQUEST['body'] .= '[img]' . System::baseUrl() . '/photo/' . $r[0]['resource-id'] . '-' . $r[0]['scale'] . '.' . $ext . '[/img][/url]';
-			}
-		}
-
-		// set this so that the item_post() function is quiet and doesn't redirect or emit json
-
 		$_REQUEST['api_source'] = true;
 
 		if (!x($_REQUEST, "source")) {
 			$_REQUEST["source"] = api_source();
 		}
 
-		// call out normal post function
 		item_post($a);
-
-		// this should output the last post (the one we just posted).
-		return api_status_show($type);
+	} else {
+		throw new ForbiddenException();
 	}
 
-	/// @TODO move to top of file or somwhere better
-	api_register_func('api/statuses/update','api_statuses_update', true, API_METHOD_POST);
-	api_register_func('api/statuses/update_with_media','api_statuses_update', true, API_METHOD_POST);
+	// this should output the last post (the one we just posted).
+	$called_api = null;
+	return api_status_show($type);
+}
 
-	function api_media_upload($type) {
+/// @TODO move to top of file or somewhere better
+api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHOD_POST);
 
-		$a = get_app();
+/**
+ * @TODO nothing to say?
+ */
+function api_statuses_destroy($type)
+{
+	$a = get_app();
 
-		if (api_user() === false) {
-			logger('no user');
-			throw new ForbiddenException();
-		}
-
-		$user_info = api_get_user($a);
-
-		if (!x($_FILES, 'media')) {
-			// Output error
-			throw new BadRequestException("No media.");
-		}
-
-		$media = wall_upload_post($a, false);
-		if (!$media) {
-			// Output error
-			throw new InternalServerErrorException();
-		}
-
-		$returndata = array();
-		$returndata["media_id"] = $media["id"];
-		$returndata["media_id_string"] = (string)$media["id"];
-		$returndata["size"] = $media["size"];
-		$returndata["image"] = array("w" => $media["width"],
-						"h" => $media["height"],
-						"image_type" => $media["type"]);
-
-		logger("Media uploaded: " . print_r($returndata, true), LOGGER_DEBUG);
-
-		return array("media" => $returndata);
+	if (api_user() === false) {
+		throw new ForbiddenException();
 	}
 
-	/// @TODO move to top of file or somwhere better
-	api_register_func('api/media/upload','api_media_upload', true, API_METHOD_POST);
+	$user_info = api_get_user($a);
 
-	function api_status_show($type) {
-
-		$a = get_app();
-
-		$user_info = api_get_user($a);
-
-		logger('api_status_show: user_info: '.print_r($user_info, true), LOGGER_DEBUG);
-
-		if ($type == "raw") {
-			$privacy_sql = "AND `item`.`allow_cid`='' AND `item`.`allow_gid`='' AND `item`.`deny_cid`='' AND `item`.`deny_gid`=''";
-		} else {
-			$privacy_sql = "";
-		}
-
-		// get last public wall message
-		$lastwall = q("SELECT `item`.*
-				FROM `item`
-				WHERE `item`.`contact-id` = %d AND `item`.`uid` = %d
-					AND ((`item`.`author-link` IN ('%s', '%s')) OR (`item`.`owner-link` IN ('%s', '%s')))
-					AND `item`.`type` != 'activity' $privacy_sql
-				ORDER BY `item`.`id` DESC
-				LIMIT 1",
-				intval($user_info['cid']),
-				intval(api_user()),
-				dbesc($user_info['url']),
-				dbesc(normalise_link($user_info['url'])),
-				dbesc($user_info['url']),
-				dbesc(normalise_link($user_info['url']))
-		);
-
-		if (DBM::is_result($lastwall)) {
-			$lastwall = $lastwall[0];
-
-			$in_reply_to = api_in_reply_to($lastwall);
-
-			$converted = api_convert_item($lastwall);
-
-			if ($type == "xml") {
-				$geo = "georss:point";
-			} else {
-				$geo = "geo";
-			}
-
-			$status_info = array(
-				'created_at' => api_date($lastwall['created']),
-				'id' => intval($lastwall['id']),
-				'id_str' => (string) $lastwall['id'],
-				'text' => $converted["text"],
-				'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'),
-				'truncated' => false,
-				'in_reply_to_status_id' => $in_reply_to['status_id'],
-				'in_reply_to_status_id_str' => $in_reply_to['status_id_str'],
-				'in_reply_to_user_id' => $in_reply_to['user_id'],
-				'in_reply_to_user_id_str' => $in_reply_to['user_id_str'],
-				'in_reply_to_screen_name' => $in_reply_to['screen_name'],
-				'user' => $user_info,
-				$geo => NULL,
-				'coordinates' => "",
-				'place' => "",
-				'contributors' => "",
-				'is_quote_status' => false,
-				'retweet_count' => 0,
-				'favorite_count' => 0,
-				'favorited' => $lastwall['starred'] ? true : false,
-				'retweeted' => false,
-				'possibly_sensitive' => false,
-				'lang' => "",
-				'statusnet_html'		=> $converted["html"],
-				'statusnet_conversation_id'	=> $lastwall['parent'],
-			);
-
-			if (count($converted["attachments"]) > 0) {
-				$status_info["attachments"] = $converted["attachments"];
-			}
-
-			if (count($converted["entities"]) > 0) {
-				$status_info["entities"] = $converted["entities"];
-			}
-
-			if (($lastwall['item_network'] != "") && ($status["source"] == 'web')) {
-				$status_info["source"] = network_to_name($lastwall['item_network'], $user_info['url']);
-			} elseif (($lastwall['item_network'] != "") && (network_to_name($lastwall['item_network'], $user_info['url']) != $status_info["source"])) {
-				$status_info["source"] = trim($status_info["source"].' ('.network_to_name($lastwall['item_network'], $user_info['url']).')');
-			}
-
-			// "uid" and "self" are only needed for some internal stuff, so remove it from here
-			unset($status_info["user"]["uid"]);
-			unset($status_info["user"]["self"]);
-		}
-
-		logger('status_info: '.print_r($status_info, true), LOGGER_DEBUG);
-
-		if ($type == "raw") {
-			return $status_info;
-		}
-
-		return api_format_data("statuses", $type, array('status' => $status_info));
+	// params
+	$id = intval($a->argv[3]);
 
+	if ($id == 0) {
+		$id = intval($_REQUEST["id"]);
 	}
 
-	/**
-	 * Returns extended information of a given user, specified by ID or screen name as per the required id parameter.
-	 * The author's most recent status will be returned inline.
-	 * http://developer.twitter.com/doc/get/users/show
-	 */
-	function api_users_show($type) {
-
-		$a = get_app();
-
-		$user_info = api_get_user($a);
-		$lastwall = q("SELECT `item`.*
-				FROM `item`
-				INNER JOIN `contact` ON `contact`.`id`=`item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
-				WHERE `item`.`uid` = %d AND `verb` = '%s' AND `item`.`contact-id` = %d
-					AND ((`item`.`author-link` IN ('%s', '%s')) OR (`item`.`owner-link` IN ('%s', '%s')))
-					AND `type`!='activity'
-					AND `item`.`allow_cid`='' AND `item`.`allow_gid`='' AND `item`.`deny_cid`='' AND `item`.`deny_gid`=''
-				ORDER BY `id` DESC
-				LIMIT 1",
-				intval(api_user()),
-				dbesc(ACTIVITY_POST),
-				intval($user_info['cid']),
-				dbesc($user_info['url']),
-				dbesc(normalise_link($user_info['url'])),
-				dbesc($user_info['url']),
-				dbesc(normalise_link($user_info['url']))
-		);
-
-		if (DBM::is_result($lastwall)) {
-			$lastwall = $lastwall[0];
-
-			$in_reply_to = api_in_reply_to($lastwall);
-
-			$converted = api_convert_item($lastwall);
-
-			if ($type == "xml") {
-				$geo = "georss:point";
-			} else {
-				$geo = "geo";
-			}
-
-			$user_info['status'] = array(
-				'text' => $converted["text"],
-				'truncated' => false,
-				'created_at' => api_date($lastwall['created']),
-				'in_reply_to_status_id' => $in_reply_to['status_id'],
-				'in_reply_to_status_id_str' => $in_reply_to['status_id_str'],
-				'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'),
-				'id' => intval($lastwall['contact-id']),
-				'id_str' => (string) $lastwall['contact-id'],
-				'in_reply_to_user_id' => $in_reply_to['user_id'],
-				'in_reply_to_user_id_str' => $in_reply_to['user_id_str'],
-				'in_reply_to_screen_name' => $in_reply_to['screen_name'],
-				$geo => NULL,
-				'favorited' => $lastwall['starred'] ? true : false,
-				'statusnet_html' => $converted["html"],
-				'statusnet_conversation_id'	=> $lastwall['parent'],
-			);
-
-			if (count($converted["attachments"]) > 0) {
-				$user_info["status"]["attachments"] = $converted["attachments"];
-			}
-
-			if (count($converted["entities"]) > 0) {
-				$user_info["status"]["entities"] = $converted["entities"];
-			}
-
-			if (($lastwall['item_network'] != "") && ($user_info["status"]["source"] == 'web')) {
-				$user_info["status"]["source"] = network_to_name($lastwall['item_network'], $user_info['url']);
-			}
-
-			if (($lastwall['item_network'] != "") && (network_to_name($lastwall['item_network'], $user_info['url']) != $user_info["status"]["source"])) {
-				$user_info["status"]["source"] = trim($user_info["status"]["source"] . ' (' . network_to_name($lastwall['item_network'], $user_info['url']) . ')');
-			}
-
-		}
-
-		// "uid" and "self" are only needed for some internal stuff, so remove it from here
-		unset($user_info["uid"]);
-		unset($user_info["self"]);
-
-		return api_format_data("user", $type, array('user' => $user_info));
-
+	// Hotot workaround
+	if ($id == 0) {
+		$id = intval($a->argv[4]);
 	}
 
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/users/show','api_users_show');
-	api_register_func('api/externalprofile/show','api_users_show');
+	logger('API: api_statuses_destroy: '.$id);
 
-	function api_users_search($type) {
+	$ret = api_statuses_show($type);
 
-		$a = get_app();
+	drop_item($id, false);
 
-		$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
+	return $ret;
+}
 
-		$userlist = array();
+/// @TODO move to top of file or somewhere better
+api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METHOD_DELETE);
 
-		if (x($_GET, 'q')) {
-			$r = q("SELECT id FROM `contact` WHERE `uid` = 0 AND `name` = '%s'", dbesc($_GET["q"]));
+/**
+ * @TODO Nothing more than an URL to say?
+ * http://developer.twitter.com/doc/get/statuses/mentions
+ */
+function api_statuses_mentions($type)
+{
+	$a = get_app();
 
-			if (!DBM::is_result($r)) {
-				$r = q("SELECT `id` FROM `contact` WHERE `uid` = 0 AND `nick` = '%s'", dbesc($_GET["q"]));
-			}
-
-			if (DBM::is_result($r)) {
-				$k = 0;
-				foreach ($r AS $user) {
-					$user_info = api_get_user($a, $user["id"], "json");
-
-					if ($type == "xml") {
-						$userlist[$k++.":user"] = $user_info;
-					} else {
-						$userlist[] = $user_info;
-					}
-				}
-				$userlist = array("users" => $userlist);
-			} else {
-				throw new BadRequestException("User not found.");
-			}
-		} else {
-			throw new BadRequestException("User not found.");
-		}
-		return api_format_data("users", $type, $userlist);
+	if (api_user() === false) {
+		throw new ForbiddenException();
 	}
 
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/users/search','api_users_search');
+	unset($_REQUEST["user_id"]);
+	unset($_GET["user_id"]);
 
-	/**
-	 *
-	 * http://developer.twitter.com/doc/get/statuses/home_timeline
-	 *
-	 * TODO: Optional parameters
-	 * TODO: Add reply info
-	 */
-	function api_statuses_home_timeline($type) {
+	unset($_REQUEST["screen_name"]);
+	unset($_GET["screen_name"]);
 
-		$a = get_app();
+	$user_info = api_get_user($a);
+	// get last newtork messages
 
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
 
-		unset($_REQUEST["user_id"]);
-		unset($_GET["user_id"]);
+	// params
+	$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
+	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
+	if ($page < 0) {
+		$page = 0;
+	}
+	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
+	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
+	//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
 
-		unset($_REQUEST["screen_name"]);
-		unset($_GET["screen_name"]);
+	$start = $page * $count;
 
-		$user_info = api_get_user($a);
-		// get last newtork messages
+	// Ugly code - should be changed
+	$myurl = System::baseUrl() . '/profile/'. $a->user['nickname'];
+	$myurl = substr($myurl, strpos($myurl, '://') + 3);
+	//$myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
+	$myurl = str_replace('www.', '', $myurl);
+	$diasp_url = str_replace('/profile/', '/u/', $myurl);
+
+	if ($max_id > 0) {
+		$sql_extra = ' AND `item`.`id` <= ' . intval($max_id);
+	}
+
+	$r = q(
+		"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
+		`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+		`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+		`contact`.`id` AS `cid`
+		FROM `item` FORCE INDEX (`uid_id`)
+		STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
+			AND (NOT `contact`.`blocked` OR `contact`.`pending`)
+		WHERE `item`.`uid` = %d AND `verb` = '%s'
+		AND NOT (`item`.`author-link` IN ('https://%s', 'http://%s'))
+		AND `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
+		AND `item`.`parent` IN (SELECT `iid` FROM `thread` WHERE `uid` = %d AND `mention` AND !`ignored`)
+		$sql_extra
+		AND `item`.`id`>%d
+		ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
+		intval(api_user()),
+		dbesc(ACTIVITY_POST),
+		dbesc(protect_sprintf($myurl)),
+		dbesc(protect_sprintf($myurl)),
+		intval(api_user()),
+		intval($since_id),
+		intval($start),
+		intval($count)
+	);
+
+	$ret = api_format_items($r, $user_info, false, $type);
+
+	$data = array('status' => $ret);
+	switch ($type) {
+		case "atom":
+		case "rss":
+			$data = api_rss_extra($a, $data, $user_info);
+			break;
+	}
+
+	return api_format_data("statuses", $type, $data);
+}
+
+/// @TODO move to top of file or somewhere better
+api_register_func('api/statuses/mentions', 'api_statuses_mentions', true);
+api_register_func('api/statuses/replies', 'api_statuses_mentions', true);
+
+function api_statuses_user_timeline($type)
+{
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	$user_info = api_get_user($a);
+	// get last network messages
+
+	logger(
+		"api_statuses_user_timeline: api_user: ". api_user() .
+			"\nuser_info: ".print_r($user_info, true) .
+			"\n_REQUEST:  ".print_r($_REQUEST, true),
+		LOGGER_DEBUG
+	);
+
+	// params
+	$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
+	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
+	if ($page < 0) {
+		$page = 0;
+	}
+	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
+	//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
+	$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
+	$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
+
+	$start = $page * $count;
+
+	$sql_extra = '';
+	if ($user_info['self'] == 1) {
+		$sql_extra .= " AND `item`.`wall` = 1 ";
+	}
+
+	if ($exclude_replies > 0) {
+		$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
+	}
+	if ($conversation_id > 0) {
+		$sql_extra .= ' AND `item`.`parent` = ' . intval($conversation_id);
+	}
+
+	$r = q(
+		"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
+		`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
+		`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+		`contact`.`id` AS `cid`
+		FROM `item` FORCE INDEX (`uid_contactid_id`)
+		STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
+			AND (NOT `contact`.`blocked` OR `contact`.`pending`)
+		WHERE `item`.`uid` = %d AND `verb` = '%s'
+		AND `item`.`contact-id` = %d
+		AND `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
+		$sql_extra
+		AND `item`.`id`>%d
+		ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
+		intval(api_user()),
+		dbesc(ACTIVITY_POST),
+		intval($user_info['cid']),
+		intval($since_id),
+		intval($start),
+		intval($count)
+	);
+
+	$ret = api_format_items($r, $user_info, true, $type);
+
+	$data = array('status' => $ret);
+	switch ($type) {
+		case "atom":
+		case "rss":
+			$data = api_rss_extra($a, $data, $user_info);
+			break;
+	}
+
+	return api_format_data("statuses", $type, $data);
+}
+
+/// @TODO move to top of file or somwhere better
+api_register_func('api/statuses/user_timeline','api_statuses_user_timeline', true);
+
+/**
+ * Star/unstar an item
+ * param: id : id of the item
+ *
+ * api v1 : https://web.archive.org/web/20131019055350/https://dev.twitter.com/docs/api/1/post/favorites/create/%3Aid
+ */
+function api_favorites_create_destroy($type)
+{
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	// for versioned api.
+	/// @TODO We need a better global soluton
+	$action_argv_id = 2;
+	if ($a->argv[1] == "1.1") {
+		$action_argv_id = 3;
+	}
+
+	if ($a->argc <= $action_argv_id) {
+		throw new BadRequestException("Invalid request.");
+	}
+	$action = str_replace("." . $type, "", $a->argv[$action_argv_id]);
+	if ($a->argc == $action_argv_id + 2) {
+		$itemid = intval($a->argv[$action_argv_id + 1]);
+	} else {
+		///  @TODO use x() to check if _REQUEST contains 'id'
+		$itemid = intval($_REQUEST['id']);
+	}
+
+	$item = q("SELECT * FROM `item` WHERE `id`=%d AND `uid`=%d LIMIT 1", $itemid, api_user());
+
+	if (!DBM::is_result($item) || count($item) == 0) {
+		throw new BadRequestException("Invalid item.");
+	}
+
+	switch ($action) {
+		case "create":
+			$item[0]['starred'] = 1;
+			break;
+		case "destroy":
+			$item[0]['starred'] = 0;
+			break;
+		default:
+			throw new BadRequestException("Invalid action ".$action);
+	}
+
+	$r = q("UPDATE item SET starred=%d WHERE id=%d AND uid=%d",	$item[0]['starred'], $itemid, api_user());
+
+	q("UPDATE thread SET starred=%d WHERE iid=%d AND uid=%d", $item[0]['starred'], $itemid, api_user());
+
+	if ($r === false) {
+		throw new InternalServerErrorException("DB error");
+	}
+
+
+	$user_info = api_get_user($a);
+	$rets = api_format_items($item, $user_info, false, $type);
+	$ret = $rets[0];
+
+	$data = array('status' => $ret);
+	switch ($type) {
+		case "atom":
+		case "rss":
+			$data = api_rss_extra($a, $data, $user_info);
+	}
+
+	return api_format_data("status", $type, $data);
+}
+
+/// @TODO move to top of file or somwhere better
+api_register_func('api/favorites/create', 'api_favorites_create_destroy', true, API_METHOD_POST);
+api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true, API_METHOD_DELETE);
+
+function api_favorites($type)
+{
+	global $called_api;
+
+	$a = get_app();
+
+	if (api_user() === false) {
+		throw new ForbiddenException();
+	}
+
+	$called_api = array();
+
+	$user_info = api_get_user($a);
+
+	// in friendica starred item are private
+	// return favorites only for self
+	logger('api_favorites: self:' . $user_info['self']);
+
+	if ($user_info['self'] == 0) {
+		$ret = array();
+	} else {
+		$sql_extra = "";
 
 		// params
-		$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
-		$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
-		if ($page < 0) {
-			$page = 0;
-		}
 		$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
 		$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-		//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
-		$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
-		$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
-
-		$start = $page * $count;
-
-		$sql_extra = '';
-		if ($max_id > 0) {
-			$sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
-		}
-		if ($exclude_replies > 0) {
-			$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
-		}
-		if ($conversation_id > 0) {
-			$sql_extra .= ' AND `item`.`parent` = ' . intval($conversation_id);
-		}
-
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
-			`contact`.`id` AS `cid`
-			FROM `item`
-			STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
-				AND (NOT `contact`.`blocked` OR `contact`.`pending`)
-			WHERE `item`.`uid` = %d AND `verb` = '%s'
-			AND `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
-			$sql_extra
-			AND `item`.`id`>%d
-			ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
-			intval(api_user()),
-			dbesc(ACTIVITY_POST),
-			intval($since_id),
-			intval($start),	intval($count)
-		);
-
-		$ret = api_format_items($r, $user_info, false, $type);
-
-		// Set all posts from the query above to seen
-		$idarray = array();
-		foreach ($r AS $item) {
-			$idarray[] = intval($item["id"]);
-		}
-
-		$idlist = implode(",", $idarray);
-
-		if ($idlist != "") {
-			$unseen = q("SELECT `id` FROM `item` WHERE `unseen` AND `id` IN (%s)", $idlist);
-
-			if ($unseen) {
-				$r = q("UPDATE `item` SET `unseen` = 0 WHERE `unseen` AND `id` IN (%s)", $idlist);
-			}
-		}
-
-		$data = array('status' => $ret);
-		switch ($type) {
-			case "atom":
-			case "rss":
-				$data = api_rss_extra($a, $data, $user_info);
-				break;
-		}
-
-		return api_format_data("statuses", $type, $data);
-	}
-
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/statuses/home_timeline','api_statuses_home_timeline', true);
-	api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true);
-
-	function api_statuses_public_timeline($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		$user_info = api_get_user($a);
-		// get last newtork messages
-
-		// params
-		$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
-		$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
-		if ($page < 0) {
-			$page = 0;
-		}
-		$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-		$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-		//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
-		$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
-		$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
-
-		$start = $page * $count;
-
-		if ($max_id > 0) {
-			$sql_extra = 'AND `item`.`id` <= ' . intval($max_id);
-		}
-		if ($exclude_replies > 0) {
-			$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
-		}
-		if ($conversation_id > 0) {
-			$sql_extra .= ' AND `item`.`parent` = ' . intval($conversation_id);
-		}
-
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
-			`contact`.`id` AS `cid`,
-			`user`.`nickname`, `user`.`hidewall`
-			FROM `item`
-			STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
-				AND (NOT `contact`.`blocked` OR `contact`.`pending`)
-			STRAIGHT_JOIN `user` ON `user`.`uid` = `item`.`uid`
-				AND NOT `user`.`hidewall`
-			WHERE `verb` = '%s' AND `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`
-			AND `item`.`allow_cid` = ''  AND `item`.`allow_gid` = ''
-			AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = ''
-			AND NOT `item`.`private` AND `item`.`wall`
-			$sql_extra
-			AND `item`.`id`>%d
-			ORDER BY `item`.`id` DESC LIMIT %d, %d ",
-			dbesc(ACTIVITY_POST),
-			intval($since_id),
-			intval($start),
-			intval($count));
-
-		$ret = api_format_items($r, $user_info, false, $type);
-
-		$data = array('status' => $ret);
-		switch ($type) {
-			case "atom":
-			case "rss":
-				$data = api_rss_extra($a, $data, $user_info);
-				break;
-		}
-
-		return api_format_data("statuses", $type, $data);
-	}
-
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/statuses/public_timeline','api_statuses_public_timeline', true);
-
-	/**
-	 * @TODO nothing to say?
-	 */
-	function api_statuses_show($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		$user_info = api_get_user($a);
-
-		// params
-		$id = intval($a->argv[3]);
-
-		if ($id == 0) {
-			$id = intval($_REQUEST["id"]);
-		}
-
-		// Hotot workaround
-		if ($id == 0) {
-			$id = intval($a->argv[4]);
-		}
-
-		logger('API: api_statuses_show: ' . $id);
-
-		$conversation = (x($_REQUEST, 'conversation') ? 1 : 0);
-
-		$sql_extra = '';
-		if ($conversation) {
-			$sql_extra .= " AND `item`.`parent` = %d ORDER BY `id` ASC ";
-		} else {
-			$sql_extra .= " AND `item`.`id` = %d";
-		}
-
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
-			`contact`.`id` AS `cid`
-			FROM `item`
-			INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
-				AND (NOT `contact`.`blocked` OR `contact`.`pending`)
-			WHERE `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
-			AND `item`.`uid` = %d AND `item`.`verb` = '%s'
-			$sql_extra",
-			intval(api_user()),
-			dbesc(ACTIVITY_POST),
-			intval($id)
-		);
-
-		/// @TODO How about copying this to above methods which don't check $r ?
-		if (!DBM::is_result($r)) {
-			throw new BadRequestException("There is no status with this id.");
-		}
-
-		$ret = api_format_items($r,$user_info, false, $type);
-
-		if ($conversation) {
-			$data = array('status' => $ret);
-			return api_format_data("statuses", $type, $data);
-		} else {
-			$data = array('status' => $ret[0]);
-			return api_format_data("status", $type, $data);
-		}
-	}
-
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/statuses/show','api_statuses_show', true);
-
-	/**
-	 * @TODO nothing to say?
-	 */
-	function api_conversation_show($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		$user_info = api_get_user($a);
-
-		// params
-		$id = intval($a->argv[3]);
-		$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
-		$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
-		if ($page < 0) {
-			$page = 0;
-		}
-		$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-		$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-
-		$start = $page*$count;
-
-		if ($id == 0) {
-			$id = intval($_REQUEST["id"]);
-		}
-
-		// Hotot workaround
-		if ($id == 0) {
-			$id = intval($a->argv[4]);
-		}
-
-		logger('API: api_conversation_show: '.$id);
-
-		$r = q("SELECT `parent` FROM `item` WHERE `id` = %d", intval($id));
-		if (DBM::is_result($r)) {
-			$id = $r[0]["parent"];
-		}
-
-		$sql_extra = '';
-
-		if ($max_id > 0) {
-			$sql_extra = ' AND `item`.`id` <= ' . intval($max_id);
-		}
-
-		// Not sure why this query was so complicated. We should keep it here for a while,
-		// just to make sure that we really don't need it.
-		//	FROM `item` INNER JOIN (SELECT `uri`,`parent` FROM `item` WHERE `id` = %d) AS `temp1`
-		//	ON (`item`.`thr-parent` = `temp1`.`uri` AND `item`.`parent` = `temp1`.`parent`)
-
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
-			`contact`.`id` AS `cid`
-			FROM `item`
-			STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
-				AND (NOT `contact`.`blocked` OR `contact`.`pending`)
-			WHERE `item`.`parent` = %d AND `item`.`visible`
-			AND NOT `item`.`moderated` AND NOT `item`.`deleted`
-			AND `item`.`uid` = %d AND `item`.`verb` = '%s'
-			AND `item`.`id`>%d $sql_extra
-			ORDER BY `item`.`id` DESC LIMIT %d ,%d",
-			intval($id), intval(api_user()),
-			dbesc(ACTIVITY_POST),
-			intval($since_id),
-			intval($start), intval($count)
-		);
-
-		if (!DBM::is_result($r)) {
-			throw new BadRequestException("There is no status with this id.");
-		}
-
-		$ret = api_format_items($r, $user_info, false, $type);
-
-		$data = array('status' => $ret);
-		return api_format_data("statuses", $type, $data);
-	}
-
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/conversation/show','api_conversation_show', true);
-	api_register_func('api/statusnet/conversation','api_conversation_show', true);
-
-	/**
-	 * @TODO nothing to say?
-	 */
-	function api_statuses_repeat($type) {
-		global $called_api;
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		$user_info = api_get_user($a);
-
-		// params
-		$id = intval($a->argv[3]);
-
-		if ($id == 0) {
-			$id = intval($_REQUEST["id"]);
-		}
-
-		// Hotot workaround
-		if ($id == 0) {
-			$id = intval($a->argv[4]);
-		}
-
-		logger('API: api_statuses_repeat: '.$id);
-
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`, `contact`.`nick` as `reply_author`,
-			`contact`.`name`, `contact`.`photo` as `reply_photo`, `contact`.`url` as `reply_url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
-			`contact`.`id` AS `cid`
-			FROM `item`
-			INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
-				AND (NOT `contact`.`blocked` OR `contact`.`pending`)
-			WHERE `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
-			AND NOT `item`.`private` AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
-			AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
-			$sql_extra
-			AND `item`.`id`=%d",
-			intval($id)
-		);
-
-		/// @TODO other style than above functions!
-		if (DBM::is_result($r) && $r[0]['body'] != "") {
-			if (strpos($r[0]['body'], "[/share]") !== false) {
-				$pos = strpos($r[0]['body'], "[share");
-				$post = substr($r[0]['body'], $pos);
-			} else {
-				$post = share_header($r[0]['author-name'], $r[0]['author-link'], $r[0]['author-avatar'], $r[0]['guid'], $r[0]['created'], $r[0]['plink']);
-
-				$post .= $r[0]['body'];
-				$post .= "[/share]";
-			}
-			$_REQUEST['body'] = $post;
-			$_REQUEST['profile_uid'] = api_user();
-			$_REQUEST['type'] = 'wall';
-			$_REQUEST['api_source'] = true;
-
-			if (!x($_REQUEST, "source")) {
-				$_REQUEST["source"] = api_source();
-			}
-
-			item_post($a);
-		} else {
-			throw new ForbiddenException();
-		}
-
-		// this should output the last post (the one we just posted).
-		$called_api = null;
-		return api_status_show($type);
-	}
-
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/statuses/retweet','api_statuses_repeat', true, API_METHOD_POST);
-
-	/**
-	 * @TODO nothing to say?
-	 */
-	function api_statuses_destroy($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		$user_info = api_get_user($a);
-
-		// params
-		$id = intval($a->argv[3]);
-
-		if ($id == 0) {
-			$id = intval($_REQUEST["id"]);
-		}
-
-		// Hotot workaround
-		if ($id == 0) {
-			$id = intval($a->argv[4]);
-		}
-
-		logger('API: api_statuses_destroy: '.$id);
-
-		$ret = api_statuses_show($type);
-
-		drop_item($id, false);
-
-		return $ret;
-	}
-
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/statuses/destroy','api_statuses_destroy', true, API_METHOD_DELETE);
-
-	/**
-	 * @TODO Nothing more than an URL to say?
-	 * http://developer.twitter.com/doc/get/statuses/mentions
-	 */
-	function api_statuses_mentions($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		unset($_REQUEST["user_id"]);
-		unset($_GET["user_id"]);
-
-		unset($_REQUEST["screen_name"]);
-		unset($_GET["screen_name"]);
-
-		$user_info = api_get_user($a);
-		// get last newtork messages
-
-
-		// params
-		$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
-		$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
-		if ($page < 0) {
-			$page = 0;
-		}
-		$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-		$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-		//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
-
-		$start = $page * $count;
-
-		// Ugly code - should be changed
-		$myurl = System::baseUrl() . '/profile/'. $a->user['nickname'];
-		$myurl = substr($myurl,strpos($myurl, '://') + 3);
-		//$myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
-		$myurl = str_replace('www.', '', $myurl);
-		$diasp_url = str_replace('/profile/', '/u/', $myurl);
-
-		if ($max_id > 0) {
-			$sql_extra = ' AND `item`.`id` <= ' . intval($max_id);
-		}
-
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
-			`contact`.`id` AS `cid`
-			FROM `item` FORCE INDEX (`uid_id`)
-			STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
-				AND (NOT `contact`.`blocked` OR `contact`.`pending`)
-			WHERE `item`.`uid` = %d AND `verb` = '%s'
-			AND NOT (`item`.`author-link` IN ('https://%s', 'http://%s'))
-			AND `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
-			AND `item`.`parent` IN (SELECT `iid` FROM `thread` WHERE `uid` = %d AND `mention` AND !`ignored`)
-			$sql_extra
-			AND `item`.`id`>%d
-			ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
-			intval(api_user()),
-			dbesc(ACTIVITY_POST),
-			dbesc(protect_sprintf($myurl)),
-			dbesc(protect_sprintf($myurl)),
-			intval(api_user()),
-			intval($since_id),
-			intval($start),	intval($count)
-		);
-
-		$ret = api_format_items($r, $user_info, false, $type);
-
-		$data = array('status' => $ret);
-		switch ($type) {
-			case "atom":
-			case "rss":
-				$data = api_rss_extra($a, $data, $user_info);
-				break;
-		}
-
-		return api_format_data("statuses", $type, $data);
-	}
-
-	/// @TODO move to top of file or somewhere better
-	api_register_func('api/statuses/mentions','api_statuses_mentions', true);
-	api_register_func('api/statuses/replies','api_statuses_mentions', true);
-
-	function api_statuses_user_timeline($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		$user_info = api_get_user($a);
-		// get last network messages
-
-		logger("api_statuses_user_timeline: api_user: ". api_user() .
-			   "\nuser_info: ".print_r($user_info, true) .
-			   "\n_REQUEST:  ".print_r($_REQUEST, true),
-			   LOGGER_DEBUG);
-
-		// params
-		$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
-		$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
-		if ($page < 0) {
-			$page = 0;
-		}
-		$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-		//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
-		$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
-		$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
-
-		$start = $page * $count;
-
-		$sql_extra = '';
-		if ($user_info['self'] == 1) {
-			$sql_extra .= " AND `item`.`wall` = 1 ";
-		}
-
-		if ($exclude_replies > 0) {
-			$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
-		}
-		if ($conversation_id > 0) {
-			$sql_extra .= ' AND `item`.`parent` = ' . intval($conversation_id);
-		}
-
-		$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
-			`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-			`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
-			`contact`.`id` AS `cid`
-			FROM `item` FORCE INDEX (`uid_contactid_id`)
-			STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
-				AND (NOT `contact`.`blocked` OR `contact`.`pending`)
-			WHERE `item`.`uid` = %d AND `verb` = '%s'
-			AND `item`.`contact-id` = %d
-			AND `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
-			$sql_extra
-			AND `item`.`id`>%d
-			ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
-			intval(api_user()),
-			dbesc(ACTIVITY_POST),
-			intval($user_info['cid']),
-			intval($since_id),
-			intval($start),	intval($count)
-		);
-
-		$ret = api_format_items($r, $user_info, true, $type);
-
-		$data = array('status' => $ret);
-		switch ($type) {
-			case "atom":
-			case "rss":
-				$data = api_rss_extra($a, $data, $user_info);
-				break;
-		}
-
-		return api_format_data("statuses", $type, $data);
-	}
-
-	/// @TODO move to top of file or somwhere better
-	api_register_func('api/statuses/user_timeline','api_statuses_user_timeline', true);
-
-	/**
-	 * Star/unstar an item
-	 * param: id : id of the item
-	 *
-	 * api v1 : https://web.archive.org/web/20131019055350/https://dev.twitter.com/docs/api/1/post/favorites/create/%3Aid
-	 */
-	function api_favorites_create_destroy($type) {
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		// for versioned api.
-		/// @TODO We need a better global soluton
-		$action_argv_id = 2;
-		if ($a->argv[1] == "1.1") {
-			$action_argv_id = 3;
-		}
-
-		if ($a->argc <= $action_argv_id) {
-			throw new BadRequestException("Invalid request.");
-		}
-		$action = str_replace("." . $type, "", $a->argv[$action_argv_id]);
-		if ($a->argc == $action_argv_id + 2) {
-			$itemid = intval($a->argv[$action_argv_id + 1]);
-		} else {
-			///  @TODO use x() to check if _REQUEST contains 'id'
-			$itemid = intval($_REQUEST['id']);
-		}
-
-		$item = q("SELECT * FROM `item` WHERE `id`=%d AND `uid`=%d LIMIT 1",
-				$itemid, api_user());
-
-		if (!DBM::is_result($item) || count($item) == 0) {
-			throw new BadRequestException("Invalid item.");
-		}
-
-		switch ($action) {
-			case "create":
-				$item[0]['starred'] = 1;
-				break;
-			case "destroy":
-				$item[0]['starred'] = 0;
-				break;
-			default:
-				throw new BadRequestException("Invalid action ".$action);
-		}
-
-		$r = q("UPDATE item SET starred=%d WHERE id=%d AND uid=%d",
-				$item[0]['starred'], $itemid, api_user());
-
-		q("UPDATE thread SET starred=%d WHERE iid=%d AND uid=%d",
-			$item[0]['starred'], $itemid, api_user());
-
-		if ($r === false) {
-			throw new InternalServerErrorException("DB error");
-		}
-
-
-		$user_info = api_get_user($a);
-		$rets = api_format_items($item, $user_info, false, $type);
-		$ret = $rets[0];
-
-		$data = array('status' => $ret);
-		switch ($type) {
-			case "atom":
-			case "rss":
-				$data = api_rss_extra($a, $data, $user_info);
-		}
-
-		return api_format_data("status", $type, $data);
-	}
-
-	/// @TODO move to top of file or somwhere better
-	api_register_func('api/favorites/create', 'api_favorites_create_destroy', true, API_METHOD_POST);
-	api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true, API_METHOD_DELETE);
-
-	function api_favorites($type) {
-		global $called_api;
-
-		$a = get_app();
-
-		if (api_user() === false) {
-			throw new ForbiddenException();
-		}
-
-		$called_api = array();
-
-		$user_info = api_get_user($a);
-
-		// in friendica starred item are private
-		// return favorites only for self
-		logger('api_favorites: self:' . $user_info['self']);
-
-		if ($user_info['self'] == 0) {
-			$ret = array();
-		} else {
-			$sql_extra = "";
-
-			// params
-			$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-			$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-			$count = (x($_GET, 'count') ? $_GET['count'] : 20);
-			$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
-			if ($page < 0) {
-				$page = 0;
-			}
-
-			$start = $page*$count;
-
-			if ($max_id > 0) {
-				$sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
-			}
-
-			$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
-				`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
-				`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
-				`contact`.`id` AS `cid`
-				FROM `item`, `contact`
-				WHERE `item`.`uid` = %d
-				AND `item`.`visible` = 1 AND `item`.`moderated` = 0 AND `item`.`deleted` = 0
-				AND `item`.`starred` = 1
-				AND `contact`.`id` = `item`.`contact-id`
-				AND (NOT `contact`.`blocked` OR `contact`.`pending`)
-				$sql_extra
-				AND `item`.`id`>%d
-				ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
-				intval(api_user()),
-				intval($since_id),
-				intval($start),	intval($count)
-			);
-
-			$ret = api_format_items($r,$user_info, false, $type);
-
-		}
-
-		$data = array('status' => $ret);
-		switch ($type) {
-			case "atom":
-			case "rss":
-				$data = api_rss_extra($a, $data, $user_info);
-		}
-
-		return api_format_data("statuses", $type, $data);
-	}
-
-	/// @TODO move to top of file or somwhere better
-	api_register_func('api/favorites','api_favorites', true);
-
-	function api_format_messages($item, $recipient, $sender) {
-		// standard meta information
-		$ret=Array(
-				'id'                    => $item['id'],
-				'sender_id'             => $sender['id'] ,
-				'text'                  => "",
-				'recipient_id'          => $recipient['id'],
-				'created_at'            => api_date($item['created']),
-				'sender_screen_name'    => $sender['screen_name'],
-				'recipient_screen_name' => $recipient['screen_name'],
-				'sender'                => $sender,
-				'recipient'             => $recipient,
-				'title'                 => "",
-				'friendica_seen'        => $item['seen'],
-				'friendica_parent_uri'  => $item['parent-uri'],
-		);
-
-		// "uid" and "self" are only needed for some internal stuff, so remove it from here
-		unset($ret["sender"]["uid"]);
-		unset($ret["sender"]["self"]);
-		unset($ret["recipient"]["uid"]);
-		unset($ret["recipient"]["self"]);
-
-		//don't send title to regular StatusNET requests to avoid confusing these apps
-		if (x($_GET, 'getText')) {
-			$ret['title'] = $item['title'];
-			if ($_GET['getText'] == 'html') {
-				$ret['text'] = bbcode($item['body'], false, false);
-			} elseif ($_GET['getText'] == 'plain') {
-				//$ret['text'] = html2plain(bbcode($item['body'], false, false, true), 0);
-				$ret['text'] = trim(html2plain(bbcode(api_clean_plain_items($item['body']), false, false, 2, true), 0));
-			}
-		} else {
-			$ret['text'] = $item['title'] . "\n" . html2plain(bbcode(api_clean_plain_items($item['body']), false, false, 2, true), 0);
-		}
-		if (x($_GET, 'getUserObjects') && $_GET['getUserObjects'] == 'false') {
-			unset($ret['sender']);
-			unset($ret['recipient']);
-		}
-
-		return $ret;
-	}
-
-	function api_convert_item($item) {
-		$body = $item['body'];
-		$attachments = api_get_attachments($body);
-
-		// Workaround for ostatus messages where the title is identically to the body
-		$html = bbcode(api_clean_plain_items($body), false, false, 2, true);
-		$statusbody = trim(html2plain($html, 0));
-
-		// handle data: images
-		$statusbody = api_format_items_embeded_images($item,$statusbody);
-
-		$statustitle = trim($item['title']);
-
-		if (($statustitle != '') && (strpos($statusbody, $statustitle) !== false)) {
-			$statustext = trim($statusbody);
-		} else {
-			$statustext = trim($statustitle."\n\n".$statusbody);
-		}
-
-		if (($item["network"] == NETWORK_FEED) && (strlen($statustext)> 1000)) {
-			$statustext = substr($statustext, 0, 1000)."... \n".$item["plink"];
-		}
-
-		$statushtml = trim(bbcode($body, false, false));
-
-		// Workaround for clients with limited HTML parser functionality
-		$search = array("
", "
", "
", - "

", "

", "

", "

", - "

", "

", "

", "

", - "
", "
", "
", "
"); - $replace = array("
", "
", "

", - "

", "


", "

", "


", - "

", "


", "

", "


", - "
", "

", "
", "

"); - $statushtml = str_replace($search, $replace, $statushtml); - - if ($item['title'] != "") { - $statushtml = "

" . bbcode($item['title']) . "


" . $statushtml; - } - - do { - $oldtext = $statushtml; - $statushtml = str_replace("

", "
", $statushtml); - } while ($oldtext != $statushtml); - - if (substr($statushtml, 0, 4) == '
') { - $statushtml = substr($statushtml, 4); - } - - if (substr($statushtml, 0, -4) == '
') { - $statushtml = substr($statushtml, -4); - } - - // feeds without body should contain the link - if (($item['network'] == NETWORK_FEED) && (strlen($item['body']) == 0)) { - $statushtml .= bbcode($item['plink']); - } - - $entities = api_get_entitities($statustext, $body); - - return array( - "text" => $statustext, - "html" => $statushtml, - "attachments" => $attachments, - "entities" => $entities - ); - } - - function api_get_attachments(&$body) { - - $text = $body; - $text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $text); - - $URLSearchString = "^\[\]"; - $ret = preg_match_all("/\[img\]([$URLSearchString]*)\[\/img\]/ism", $text, $images); - - if (!$ret) { - return false; - } - - $attachments = array(); - - foreach ($images[1] AS $image) { - $imagedata = get_photo_info($image); - - if ($imagedata) { - $attachments[] = array("url" => $image, "mimetype" => $imagedata["mime"], "size" => $imagedata["size"]); - } - } - - if (strstr($_SERVER['HTTP_USER_AGENT'], "AndStatus")) { - foreach ($images[0] AS $orig) { - $body = str_replace($orig, "", $body); - } - } - - return $attachments; - } - - function api_get_entitities(&$text, $bbcode) { - /* - To-Do: - * Links at the first character of the post - */ - - $a = get_app(); - - $include_entities = strtolower(x($_REQUEST, 'include_entities') ? $_REQUEST['include_entities'] : "false"); - - if ($include_entities != "true") { - - preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); - - foreach ($images[1] AS $image) { - $replace = proxy_url($image); - $text = str_replace($image, $replace, $text); - } - return array(); - } - - $bbcode = bb_CleanPictureLinks($bbcode); - - // Change pure links in text to bbcode uris - $bbcode = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1[url=$2]$2[/url]', $bbcode); - - $entities = array(); - $entities["hashtags"] = array(); - $entities["symbols"] = array(); - $entities["urls"] = array(); - $entities["user_mentions"] = array(); - - $URLSearchString = "^\[\]"; - - $bbcode = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",'#$2',$bbcode); - - $bbcode = preg_replace("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism",'[url=$1]$2[/url]',$bbcode); - //$bbcode = preg_replace("/\[url\](.*?)\[\/url\]/ism",'[url=$1]$1[/url]',$bbcode); - $bbcode = preg_replace("/\[video\](.*?)\[\/video\]/ism",'[url=$1]$1[/url]',$bbcode); - - $bbcode = preg_replace("/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", - '[url=https://www.youtube.com/watch?v=$1]https://www.youtube.com/watch?v=$1[/url]', $bbcode); - $bbcode = preg_replace("/\[youtube\](.*?)\[\/youtube\]/ism",'[url=$1]$1[/url]',$bbcode); - - $bbcode = preg_replace("/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", - '[url=https://vimeo.com/$1]https://vimeo.com/$1[/url]', $bbcode); - $bbcode = preg_replace("/\[vimeo\](.*?)\[\/vimeo\]/ism",'[url=$1]$1[/url]',$bbcode); - - $bbcode = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $bbcode); - - //preg_match_all("/\[url\]([$URLSearchString]*)\[\/url\]/ism", $bbcode, $urls1); - preg_match_all("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", $bbcode, $urls); - - $ordered_urls = array(); - foreach ($urls[1] AS $id => $url) { - //$start = strpos($text, $url, $offset); - $start = iconv_strpos($text, $url, 0, "UTF-8"); - if (!($start === false)) { - $ordered_urls[$start] = array("url" => $url, "title" => $urls[2][$id]); - } - } - - ksort($ordered_urls); - - $offset = 0; - //foreach ($urls[1] AS $id=>$url) { - foreach ($ordered_urls AS $url) { - if ((substr($url["title"], 0, 7) != "http://") && (substr($url["title"], 0, 8) != "https://") && - !strpos($url["title"], "http://") && !strpos($url["title"], "https://")) - $display_url = $url["title"]; - else { - $display_url = str_replace(array("http://www.", "https://www."), array("", ""), $url["url"]); - $display_url = str_replace(array("http://", "https://"), array("", ""), $display_url); - - if (strlen($display_url) > 26) - $display_url = substr($display_url, 0, 25)."…"; - } - - //$start = strpos($text, $url, $offset); - $start = iconv_strpos($text, $url["url"], $offset, "UTF-8"); - if (!($start === false)) { - $entities["urls"][] = array("url" => $url["url"], - "expanded_url" => $url["url"], - "display_url" => $display_url, - "indices" => array($start, $start+strlen($url["url"]))); - $offset = $start + 1; - } - } - - preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); - $ordered_images = array(); - foreach ($images[1] AS $image) { - //$start = strpos($text, $url, $offset); - $start = iconv_strpos($text, $image, 0, "UTF-8"); - if (!($start === false)) - $ordered_images[$start] = $image; - } - //$entities["media"] = array(); - $offset = 0; - - foreach ($ordered_images AS $url) { - $display_url = str_replace(array("http://www.", "https://www."), array("", ""), $url); - $display_url = str_replace(array("http://", "https://"), array("", ""), $display_url); - - if (strlen($display_url) > 26) - $display_url = substr($display_url, 0, 25)."…"; - - $start = iconv_strpos($text, $url, $offset, "UTF-8"); - if (!($start === false)) { - $image = get_photo_info($url); - if ($image) { - // If image cache is activated, then use the following sizes: - // thumb (150), small (340), medium (600) and large (1024) - if (!Config::get("system", "proxy_disabled")) { - $media_url = proxy_url($url); - - $sizes = array(); - $scale = scale_image($image[0], $image[1], 150); - $sizes["thumb"] = array("w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"); - - if (($image[0] > 150) || ($image[1] > 150)) { - $scale = scale_image($image[0], $image[1], 340); - $sizes["small"] = array("w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"); - } - - $scale = scale_image($image[0], $image[1], 600); - $sizes["medium"] = array("w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"); - - if (($image[0] > 600) || ($image[1] > 600)) { - $scale = scale_image($image[0], $image[1], 1024); - $sizes["large"] = array("w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"); - } - } else { - $media_url = $url; - $sizes["medium"] = array("w" => $image[0], "h" => $image[1], "resize" => "fit"); - } - - $entities["media"][] = array( - "id" => $start+1, - "id_str" => (string)$start+1, - "indices" => array($start, $start+strlen($url)), - "media_url" => normalise_link($media_url), - "media_url_https" => $media_url, - "url" => $url, - "display_url" => $display_url, - "expanded_url" => $url, - "type" => "photo", - "sizes" => $sizes); - } - $offset = $start + 1; - } - } - - return $entities; - } - function api_format_items_embeded_images(&$item, $text) { - $text = preg_replace_callback( - "|data:image/([^;]+)[^=]+=*|m", - function($match) use ($item) { - return System::baseUrl()."/display/".$item['guid']; - }, - $text); - return $text; - } - - - /** - * @brief return name as array - * - * @param string $txt - * @return array - * name => 'name' - * 'url => 'url' - */ - function api_contactlink_to_array($txt) { - $match = array(); - $r = preg_match_all('|([^<]*)|', $txt, $match); - if ($r && count($match)==3) { - $res = array( - 'name' => $match[2], - 'url' => $match[1] - ); - } else { - $res = array( - 'name' => $text, - 'url' => "" - ); - } - return $res; - } - - - /** - * @brief return likes, dislikes and attend status for item - * - * @param array $item - * @return array - * likes => int count - * dislikes => int count - */ - function api_format_items_activities(&$item, $type = "json") { - - $a = get_app(); - - $activities = array( - 'like' => array(), - 'dislike' => array(), - 'attendyes' => array(), - 'attendno' => array(), - 'attendmaybe' => array(), - ); - - $items = q('SELECT * FROM item - WHERE uid=%d AND `thr-parent`="%s" AND visible AND NOT deleted', - intval($item['uid']), - dbesc($item['uri'])); - - foreach ($items as $i) { - // not used as result should be structured like other user data - //builtin_activity_puller($i, $activities); - - // get user data and add it to the array of the activity - $user = api_get_user($a, $i['author-link']); - switch ($i['verb']) { - case ACTIVITY_LIKE: - $activities['like'][] = $user; - break; - case ACTIVITY_DISLIKE: - $activities['dislike'][] = $user; - break; - case ACTIVITY_ATTEND: - $activities['attendyes'][] = $user; - break; - case ACTIVITY_ATTENDNO: - $activities['attendno'][] = $user; - break; - case ACTIVITY_ATTENDMAYBE: - $activities['attendmaybe'][] = $user; - break; - default: - break; - } - } - - if ($type == "xml") { - $xml_activities = array(); - foreach ($activities as $k => $v) { - // change xml element from "like" to "friendica:like" - $xml_activities["friendica:".$k] = $v; - // add user data into xml output - $k_user = 0; - foreach ($v as $user) - $xml_activities["friendica:".$k][$k_user++.":user"] = $user; - } - $activities = $xml_activities; - } - - return $activities; - - } - - - /** - * @brief return data from profiles - * - * @param array $profile array containing data from db table 'profile' - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return array - */ - function api_format_items_profiles(&$profile = null, $type = "json") { - if ($profile != null) { - $profile = array('profile_id' => $profile['id'], - 'profile_name' => $profile['profile-name'], - 'is_default' => $profile['is-default'] ? true : false, - 'hide_friends'=> $profile['hide-friends'] ? true : false, - 'profile_photo' => $profile['photo'], - 'profile_thumb' => $profile['thumb'], - 'publish' => $profile['publish'] ? true : false, - 'net_publish' => $profile['net-publish'] ? true : false, - 'description' => $profile['pdesc'], - 'date_of_birth' => $profile['dob'], - 'address' => $profile['address'], - 'city' => $profile['locality'], - 'region' => $profile['region'], - 'postal_code' => $profile['postal-code'], - 'country' => $profile['country-name'], - 'hometown' => $profile['hometown'], - 'gender' => $profile['gender'], - 'marital' => $profile['marital'], - 'marital_with' => $profile['with'], - 'marital_since' => $profile['howlong'], - 'sexual' => $profile['sexual'], - 'politic' => $profile['politic'], - 'religion' => $profile['religion'], - 'public_keywords' => $profile['pub_keywords'], - 'private_keywords' => $profile['prv_keywords'], - 'likes' => bbcode(api_clean_plain_items($profile['likes']), false, false, 2, false), - 'dislikes' => bbcode(api_clean_plain_items($profile['dislikes']), false, false, 2, false), - 'about' => bbcode(api_clean_plain_items($profile['about']), false, false, 2, false), - 'music' => bbcode(api_clean_plain_items($profile['music']), false, false, 2, false), - 'book' => bbcode(api_clean_plain_items($profile['book']), false, false, 2, false), - 'tv' => bbcode(api_clean_plain_items($profile['tv']), false, false, 2, false), - 'film' => bbcode(api_clean_plain_items($profile['film']), false, false, 2, false), - 'interest' => bbcode(api_clean_plain_items($profile['interest']), false, false, 2, false), - 'romance' => bbcode(api_clean_plain_items($profile['romance']), false, false, 2, false), - 'work' => bbcode(api_clean_plain_items($profile['work']), false, false, 2, false), - 'education' => bbcode(api_clean_plain_items($profile['education']), false, false, 2, false), - 'social_networks' => bbcode(api_clean_plain_items($profile['contact']), false, false, 2, false), - 'homepage' => $profile['homepage'], - 'users' => null); - return $profile; - } - } - - /** - * @brief format items to be returned by api - * - * @param array $r array of items - * @param array $user_info - * @param bool $filter_user filter items by $user_info - */ - function api_format_items($r,$user_info, $filter_user = false, $type = "json") { - - $a = get_app(); - - $ret = array(); - - foreach ($r as $item) { - - localize_item($item); - list($status_user, $owner_user) = api_item_get_user($a, $item); - - // Look if the posts are matching if they should be filtered by user id - if ($filter_user && ($status_user["id"] != $user_info["id"])) { - continue; - } - - $in_reply_to = api_in_reply_to($item); - - $converted = api_convert_item($item); - - if ($type == "xml") { - $geo = "georss:point"; - } else { - $geo = "geo"; - } - - $status = array( - 'text' => $converted["text"], - 'truncated' => False, - 'created_at'=> api_date($item['created']), - 'in_reply_to_status_id' => $in_reply_to['status_id'], - 'in_reply_to_status_id_str' => $in_reply_to['status_id_str'], - 'source' => (($item['app']) ? $item['app'] : 'web'), - 'id' => intval($item['id']), - 'id_str' => (string) intval($item['id']), - 'in_reply_to_user_id' => $in_reply_to['user_id'], - 'in_reply_to_user_id_str' => $in_reply_to['user_id_str'], - 'in_reply_to_screen_name' => $in_reply_to['screen_name'], - $geo => NULL, - 'favorited' => $item['starred'] ? true : false, - 'user' => $status_user , - 'friendica_owner' => $owner_user, - //'entities' => NULL, - 'statusnet_html' => $converted["html"], - 'statusnet_conversation_id' => $item['parent'], - 'friendica_activities' => api_format_items_activities($item, $type), - ); - - if (count($converted["attachments"]) > 0) { - $status["attachments"] = $converted["attachments"]; - } - - if (count($converted["entities"]) > 0) { - $status["entities"] = $converted["entities"]; - } - - if (($item['item_network'] != "") && ($status["source"] == 'web')) { - $status["source"] = network_to_name($item['item_network'], $user_info['url']); - } elseif (($item['item_network'] != "") && (network_to_name($item['item_network'], $user_info['url']) != $status["source"])) { - $status["source"] = trim($status["source"].' ('.network_to_name($item['item_network'], $user_info['url']).')'); - } - - - // Retweets are only valid for top postings - // It doesn't work reliable with the link if its a feed - //$IsRetweet = ($item['owner-link'] != $item['author-link']); - //if ($IsRetweet) - // $IsRetweet = (($item['owner-name'] != $item['author-name']) || ($item['owner-avatar'] != $item['author-avatar'])); - - - if ($item["id"] == $item["parent"]) { - $retweeted_item = api_share_as_retweet($item); - if ($retweeted_item !== false) { - $retweeted_status = $status; - try { - $retweeted_status["user"] = api_get_user($a, $retweeted_item["author-link"]); - } catch( BadRequestException $e ) { - // user not found. should be found? - /// @todo check if the user should be always found - $retweeted_status["user"] = array(); - } - - $rt_converted = api_convert_item($retweeted_item); - - $retweeted_status['text'] = $rt_converted["text"]; - $retweeted_status['statusnet_html'] = $rt_converted["html"]; - $retweeted_status['friendica_activities'] = api_format_items_activities($retweeted_item, $type); - $retweeted_status['created_at'] = api_date($retweeted_item['created']); - $status['retweeted_status'] = $retweeted_status; - } - } - - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($status["user"]["uid"]); - unset($status["user"]["self"]); - - if ($item["coord"] != "") { - $coords = explode(' ',$item["coord"]); - if (count($coords) == 2) { - if ($type == "json") - $status["geo"] = array('type' => 'Point', - 'coordinates' => array((float) $coords[0], - (float) $coords[1])); - else // Not sure if this is the official format - if someone founds a documentation we can check - $status["georss:point"] = $item["coord"]; - } - } - $ret[] = $status; - }; - return $ret; - } - - function api_account_rate_limit_status($type) { - - if ($type == "xml") { - $hash = array( - 'remaining-hits' => '150', - '@attributes' => array("type" => "integer"), - 'hourly-limit' => '150', - '@attributes2' => array("type" => "integer"), - 'reset-time' => datetime_convert('UTC', 'UTC','now + 1 hour',ATOM_TIME), - '@attributes3' => array("type" => "datetime"), - 'reset_time_in_seconds' => strtotime('now + 1 hour'), - '@attributes4' => array("type" => "integer"), - ); - } else { - $hash = array( - 'reset_time_in_seconds' => strtotime('now + 1 hour'), - 'remaining_hits' => '150', - 'hourly_limit' => '150', - 'reset_time' => api_date(datetime_convert('UTC', 'UTC','now + 1 hour',ATOM_TIME)), - ); - } - - return api_format_data('hash', $type, array('hash' => $hash)); - } - - /// @TODO move to top of file or somwhere better - api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true); - - function api_help_test($type) { - if ($type == 'xml') { - $ok = "true"; - } else { - $ok = "ok"; - } - - return api_format_data('ok', $type, array("ok" => $ok)); - } - - /// @TODO move to top of file or somwhere better - api_register_func('api/help/test','api_help_test', false); - - function api_lists($type) { - $ret = array(); - /// @TODO $ret is not filled here? - return api_format_data('lists', $type, array("lists_list" => $ret)); - } - - /// @TODO move to top of file or somwhere better - api_register_func('api/lists','api_lists',true); - - function api_lists_list($type) { - $ret = array(); - /// @TODO $ret is not filled here? - return api_format_data('lists', $type, array("lists_list" => $ret)); - } - - /// @TODO move to top of file or somwhere better - api_register_func('api/lists/list','api_lists_list',true); - - /** - * https://dev.twitter.com/docs/api/1/get/statuses/friends - * This function is deprecated by Twitter - * returns: json, xml - */ - function api_statuses_f($type, $qtype) { - - $a = get_app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - $user_info = api_get_user($a); - - if (x($_GET, 'cursor') && $_GET['cursor']=='undefined') { - /* this is to stop Hotot to load friends multiple times - * I'm not sure if I'm missing return something or - * is a bug in hotot. Workaround, meantime - */ - - /*$ret=Array(); - return array('$users' => $ret);*/ - return false; - } - - if ($qtype == 'friends') { - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); - } - if ($qtype == 'followers') { - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); - } - - // friends and followers only for self - if ($user_info['self'] == 0) { - $sql_extra = " AND false "; - } - - $r = q("SELECT `nurl` FROM `contact` WHERE `uid` = %d AND NOT `self` AND (NOT `blocked` OR `pending`) $sql_extra ORDER BY `nick`", - intval(api_user()) - ); - - $ret = array(); - foreach ($r as $cid) { - $user = api_get_user($a, $cid['nurl']); - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($user["uid"]); - unset($user["self"]); - - if ($user) { - $ret[] = $user; - } - } - - return array('user' => $ret); - - } - - function api_statuses_friends($type) { - $data = api_statuses_f($type, "friends"); - if ($data === false) { - return false; - } - return api_format_data("users", $type, $data); - } - - function api_statuses_followers($type) { - $data = api_statuses_f($type, "followers"); - if ($data === false) { - return false; - } - return api_format_data("users", $type, $data); - } - - /// @TODO move to top of file or somewhere better - api_register_func('api/statuses/friends','api_statuses_friends',true); - api_register_func('api/statuses/followers','api_statuses_followers',true); - - function api_statusnet_config($type) { - - $a = get_app(); - - $name = $a->config['sitename']; - $server = $a->get_hostname(); - $logo = System::baseUrl() . '/images/friendica-64.png'; - $email = $a->config['admin_email']; - $closed = (($a->config['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false'); - $private = ((Config::get('system', 'block_public')) ? 'true' : 'false'); - $textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000); - if ($a->config['api_import_size']) { - $texlimit = string($a->config['api_import_size']); - } - $ssl = ((Config::get('system', 'have_ssl')) ? 'true' : 'false'); - $sslserver = (($ssl === 'true') ? str_replace('http:','https:',System::baseUrl()) : ''); - - $config = array( - 'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '', - 'logo' => $logo, 'fancy' => true, 'language' => 'en', 'email' => $email, 'broughtby' => '', - 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => false, - 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, - 'shorturllength' => '30', - 'friendica' => array( - 'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM, - 'FRIENDICA_VERSION' => FRIENDICA_VERSION, - 'DFRN_PROTOCOL_VERSION' => DFRN_PROTOCOL_VERSION, - 'DB_UPDATE_VERSION' => DB_UPDATE_VERSION - ) - ), - ); - - return api_format_data('config', $type, array('config' => $config)); - - } - - /// @TODO move to top of file or somewhere better - api_register_func('api/gnusocial/config','api_statusnet_config', false); - api_register_func('api/statusnet/config','api_statusnet_config', false); - - function api_statusnet_version($type) { - // liar - $fake_statusnet_version = "0.9.7"; - - return api_format_data('version', $type, array('version' => $fake_statusnet_version)); - } - - /// @TODO move to top of file or somewhere better - api_register_func('api/gnusocial/version','api_statusnet_version', false); - api_register_func('api/statusnet/version','api_statusnet_version', false); - - /** - * @todo use api_format_data() to return data - */ - function api_ff_ids($type,$qtype) { - - $a = get_app(); - - if (! api_user()) { - throw new ForbiddenException(); - } - - $user_info = api_get_user($a); - - if ($qtype == 'friends') { - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); - } - if ($qtype == 'followers') { - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); - } - - if (!$user_info["self"]) { - $sql_extra = " AND false "; - } - - $stringify_ids = (x($_REQUEST, 'stringify_ids') ? $_REQUEST['stringify_ids'] : false); - - $r = q("SELECT `pcontact`.`id` FROM `contact` - INNER JOIN `contact` AS `pcontact` ON `contact`.`nurl` = `pcontact`.`nurl` AND `pcontact`.`uid` = 0 - WHERE `contact`.`uid` = %s AND NOT `contact`.`self`", - intval(api_user()) - ); - - if (!DBM::is_result($r)) { - return; - } - - $ids = array(); - foreach ($r as $rr) { - if ($stringify_ids) { - $ids[] = $rr['id']; - } else { - $ids[] = intval($rr['id']); - } - } - - return api_format_data("ids", $type, array('id' => $ids)); - } - - function api_friends_ids($type) { - return api_ff_ids($type,'friends'); - } - - function api_followers_ids($type) { - return api_ff_ids($type,'followers'); - } - - /// @TODO move to top of file or somewhere better - api_register_func('api/friends/ids','api_friends_ids',true); - api_register_func('api/followers/ids','api_followers_ids',true); - - function api_direct_messages_new($type) { - - $a = get_app(); - - if (api_user() === false) throw new ForbiddenException(); - - if (!x($_POST, "text") || (!x($_POST,"screen_name") && !x($_POST,"user_id"))) return; - - $sender = api_get_user($a); - - if ($_POST['screen_name']) { - $r = q("SELECT `id`, `nurl`, `network` FROM `contact` WHERE `uid`=%d AND `nick`='%s'", - intval(api_user()), - dbesc($_POST['screen_name'])); - - // Selecting the id by priority, friendica first - api_best_nickname($r); - - $recipient = api_get_user($a, $r[0]['nurl']); - } else { - $recipient = api_get_user($a, $_POST['user_id']); - } - - $replyto = ''; - $sub = ''; - if (x($_REQUEST, 'replyto')) { - $r = q('SELECT `parent-uri`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d', - intval(api_user()), - intval($_REQUEST['replyto'])); - $replyto = $r[0]['parent-uri']; - $sub = $r[0]['title']; - } else { - if (x($_REQUEST, 'title')) { - $sub = $_REQUEST['title']; - } else { - $sub = ((strlen($_POST['text'])>10) ? substr($_POST['text'],0,10)."...":$_POST['text']); - } - } - - $id = send_message($recipient['cid'], $_POST['text'], $sub, $replyto); - - if ($id > -1) { - $r = q("SELECT * FROM `mail` WHERE id=%d", intval($id)); - $ret = api_format_messages($r[0], $recipient, $sender); - } else { - $ret = array("error"=>$id); - } - - $data = array('direct_message'=>$ret); - - switch ($type) { - case "atom": - case "rss": - $data = api_rss_extra($a, $data, $user_info); - } - - return api_format_data("direct-messages", $type, $data); - - } - - /// @TODO move to top of file or somewhere better - api_register_func('api/direct_messages/new','api_direct_messages_new',true, API_METHOD_POST); - - /** - * @brief delete a direct_message from mail table through api - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_direct_messages_destroy($type) { - $a = get_app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - // params - $user_info = api_get_user($a); - //required - $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); - // optional - $parenturi = (x($_REQUEST, 'friendica_parenturi') ? $_REQUEST['friendica_parenturi'] : ""); - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); - /// @todo optional parameter 'include_entities' from Twitter API not yet implemented - - $uid = $user_info['uid']; - // error if no id or parenturi specified (for clients posting parent-uri as well) - if ($verbose == "true" && ($id == 0 || $parenturi == "")) { - $answer = array('result' => 'error', 'message' => 'message id or parenturi not specified'); - return api_format_data("direct_messages_delete", $type, array('$result' => $answer)); - } - - // BadRequestException if no id specified (for clients using Twitter API) - if ($id == 0) { - throw new BadRequestException('Message id not specified'); - } - - // add parent-uri to sql command if specified by calling app - $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . dbesc($parenturi) . "'" : ""); - - // get data of the specified message id - $r = q("SELECT `id` FROM `mail` WHERE `uid` = %d AND `id` = %d" . $sql_extra, - intval($uid), - intval($id)); - - // error message if specified id is not in database - if (!DBM::is_result($r)) { - if ($verbose == "true") { - $answer = array('result' => 'error', 'message' => 'message id not in database'); - return api_format_data("direct_messages_delete", $type, array('$result' => $answer)); - } - /// @todo BadRequestException ok for Twitter API clients? - throw new BadRequestException('message id not in database'); - } - - // delete message - $result = q("DELETE FROM `mail` WHERE `uid` = %d AND `id` = %d" . $sql_extra, - intval($uid), - intval($id)); - - if ($verbose == "true") { - if ($result) { - // return success - $answer = array('result' => 'ok', 'message' => 'message deleted'); - return api_format_data("direct_message_delete", $type, array('$result' => $answer)); - } else { - $answer = array('result' => 'error', 'message' => 'unknown error'); - return api_format_data("direct_messages_delete", $type, array('$result' => $answer)); - } - } - /// @todo return JSON data like Twitter API not yet implemented - - } - - /// @TODO move to top of file or somewhere better - api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', true, API_METHOD_DELETE); - - function api_direct_messages_box($type, $box, $verbose) { - - $a = get_app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - // params $count = (x($_GET, 'count') ? $_GET['count'] : 20); $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0); if ($page < 0) { $page = 0; } - $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); - $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); - - $user_id = (x($_REQUEST, 'user_id') ? $_REQUEST['user_id'] : ""); - $screen_name = (x($_REQUEST, 'screen_name') ? $_REQUEST['screen_name'] : ""); - - // caller user info - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); - - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); - - $user_info = api_get_user($a); - $profile_url = $user_info["url"]; - - // pagination - $start = $page * $count; - - // filters - if ($box=="sentbox") { - $sql_extra = "`mail`.`from-url`='" . dbesc( $profile_url ) . "'"; - } elseif ($box == "conversation") { - $sql_extra = "`mail`.`parent-uri`='" . dbesc( $_GET["uri"] ) . "'"; - } elseif ($box == "all") { - $sql_extra = "true"; - } elseif ($box == "inbox") { - $sql_extra = "`mail`.`from-url`!='" . dbesc( $profile_url ) . "'"; - } + $start = $page*$count; if ($max_id > 0) { - $sql_extra .= ' AND `mail`.`id` <= ' . intval($max_id); + $sql_extra .= ' AND `item`.`id` <= ' . intval($max_id); } - if ($user_id != "") { - $sql_extra .= ' AND `mail`.`contact-id` = ' . intval($user_id); - } elseif ($screen_name !="") { - $sql_extra .= " AND `contact`.`nick` = '" . dbesc($screen_name). "'"; - } - - $r = q("SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND $sql_extra AND `mail`.`id` > %d ORDER BY `mail`.`id` DESC LIMIT %d,%d", - intval(api_user()), - intval($since_id), - intval($start), intval($count) + $r = q( + "SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`, + `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, + `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, + `contact`.`id` AS `cid` + FROM `item`, `contact` + WHERE `item`.`uid` = %d + AND `item`.`visible` = 1 AND `item`.`moderated` = 0 AND `item`.`deleted` = 0 + AND `item`.`starred` = 1 + AND `contact`.`id` = `item`.`contact-id` + AND (NOT `contact`.`blocked` OR `contact`.`pending`) + $sql_extra + AND `item`.`id`>%d + ORDER BY `item`.`id` DESC LIMIT %d ,%d ", + intval(api_user()), + intval($since_id), + intval($start), + intval($count) ); - if ($verbose == "true" && !DBM::is_result($r)) { - $answer = array('result' => 'error', 'message' => 'no mails available'); - return api_format_data("direct_messages_all", $type, array('$result' => $answer)); - } - - $ret = array(); - foreach ($r as $item) { - if ($box == "inbox" || $item['from-url'] != $profile_url) { - $recipient = $user_info; - $sender = api_get_user($a,normalise_link($item['contact-url'])); - } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user($a,normalise_link($item['contact-url'])); - $sender = $user_info; - } - - $ret[] = api_format_messages($item, $recipient, $sender); - } - - - $data = array('direct_message' => $ret); - switch ($type) { - case "atom": - case "rss": - $data = api_rss_extra($a, $data, $user_info); - } - - return api_format_data("direct-messages", $type, $data); + $ret = api_format_items($r, $user_info, false, $type); } - function api_direct_messages_sentbox($type) { - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); - return api_direct_messages_box($type, "sentbox", $verbose); + $data = array('status' => $ret); + switch ($type) { + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); } - function api_direct_messages_inbox($type) { - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); - return api_direct_messages_box($type, "inbox", $verbose); + return api_format_data("statuses", $type, $data); +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/favorites', 'api_favorites', true); + +function api_format_messages($item, $recipient, $sender) +{ + // standard meta information + $ret = array( + 'id' => $item['id'], + 'sender_id' => $sender['id'] , + 'text' => "", + 'recipient_id' => $recipient['id'], + 'created_at' => api_date($item['created']), + 'sender_screen_name' => $sender['screen_name'], + 'recipient_screen_name' => $recipient['screen_name'], + 'sender' => $sender, + 'recipient' => $recipient, + 'title' => "", + 'friendica_seen' => $item['seen'], + 'friendica_parent_uri' => $item['parent-uri'], + ); + + // "uid" and "self" are only needed for some internal stuff, so remove it from here + unset($ret["sender"]["uid"]); + unset($ret["sender"]["self"]); + unset($ret["recipient"]["uid"]); + unset($ret["recipient"]["self"]); + + //don't send title to regular StatusNET requests to avoid confusing these apps + if (x($_GET, 'getText')) { + $ret['title'] = $item['title']; + if ($_GET['getText'] == 'html') { + $ret['text'] = bbcode($item['body'], false, false); + } elseif ($_GET['getText'] == 'plain') { + //$ret['text'] = html2plain(bbcode($item['body'], false, false, true), 0); + $ret['text'] = trim(html2plain(bbcode(api_clean_plain_items($item['body']), false, false, 2, true), 0)); + } + } else { + $ret['text'] = $item['title'] . "\n" . html2plain(bbcode(api_clean_plain_items($item['body']), false, false, 2, true), 0); + } + if (x($_GET, 'getUserObjects') && $_GET['getUserObjects'] == 'false') { + unset($ret['sender']); + unset($ret['recipient']); } - function api_direct_messages_all($type) { - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); - return api_direct_messages_box($type, "all", $verbose); + return $ret; +} + +function api_convert_item($item) +{ + $body = $item['body']; + $attachments = api_get_attachments($body); + + // Workaround for ostatus messages where the title is identically to the body + $html = bbcode(api_clean_plain_items($body), false, false, 2, true); + $statusbody = trim(html2plain($html, 0)); + + // handle data: images + $statusbody = api_format_items_embeded_images($item, $statusbody); + + $statustitle = trim($item['title']); + + if (($statustitle != '') && (strpos($statusbody, $statustitle) !== false)) { + $statustext = trim($statusbody); + } else { + $statustext = trim($statustitle."\n\n".$statusbody); } - function api_direct_messages_conversation($type) { - $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); - return api_direct_messages_box($type, "conversation", $verbose); + if (($item["network"] == NETWORK_FEED) && (strlen($statustext)> 1000)) { + $statustext = substr($statustext, 0, 1000)."... \n".$item["plink"]; } - /// @TODO move to top of file or somewhere better - api_register_func('api/direct_messages/conversation','api_direct_messages_conversation',true); - api_register_func('api/direct_messages/all','api_direct_messages_all',true); - api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true); - api_register_func('api/direct_messages','api_direct_messages_inbox',true); + $statushtml = trim(bbcode($body, false, false)); - function api_oauth_request_token($type) { - try { - $oauth = new FKOAuth1(); - $r = $oauth->fetch_request_token(OAuthRequest::from_request()); - } catch (Exception $e) { - echo "error=" . OAuthUtil::urlencode_rfc3986($e->getMessage()); - killme(); - } - echo $r; - killme(); + // Workaround for clients with limited HTML parser functionality + $search = array("
", "
", "
", + "

", "

", "

", "

", + "

", "

", "

", "

", + "
", "
", "
", "
"); + $replace = array("
", "
", "

", + "

", "


", "

", "


", + "

", "


", "

", "


", + "
", "

", "
", "

"); + $statushtml = str_replace($search, $replace, $statushtml); + + if ($item['title'] != "") { + $statushtml = "

" . bbcode($item['title']) . "


" . $statushtml; } - function api_oauth_access_token($type) { - try { - $oauth = new FKOAuth1(); - $r = $oauth->fetch_access_token(OAuthRequest::from_request()); - } catch (Exception $e) { - echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme(); - } - echo $r; - killme(); + do { + $oldtext = $statushtml; + $statushtml = str_replace("

", "
", $statushtml); + } while ($oldtext != $statushtml); + + if (substr($statushtml, 0, 4) == '
') { + $statushtml = substr($statushtml, 4); } - /// @TODO move to top of file or somewhere better - api_register_func('api/oauth/request_token', 'api_oauth_request_token', false); - api_register_func('api/oauth/access_token', 'api_oauth_access_token', false); - - - /** - * @brief delete a complete photoalbum with all containing photos from database through api - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_fr_photoalbum_delete($type) { - if (api_user() === false) { - throw new ForbiddenException(); - } - // input params - $album = (x($_REQUEST,'album') ? $_REQUEST['album'] : ""); - - // we do not allow calls without album string - if ($album == "") { - throw new BadRequestException("no albumname specified"); - } - // check if album is existing - $r = q("SELECT DISTINCT `resource-id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", - intval(api_user()), - dbesc($album)); - if (!DBM::is_result($r)) - throw new BadRequestException("album not available"); - - // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore - // to the user and the contacts of the users (drop_items() performs the federation of the deletion to other networks - foreach ($r as $rr) { - $photo_item = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", - intval(local_user()), - dbesc($rr['resource-id']) - ); - - if (!DBM::is_result($photo_item)) { - throw new InternalServerErrorException("problem with deleting items occured"); - } - drop_item($photo_item[0]['id'],false); - } - - // now let's delete all photos from the album - $result = q("DELETE FROM `photo` WHERE `uid` = %d AND `album` = '%s'", - intval(api_user()), - dbesc($album)); - - // return success of deletion or error message - if ($result) { - $answer = array('result' => 'deleted', 'message' => 'album `' . $album . '` with all containing photos has been deleted.'); - return api_format_data("photoalbum_delete", $type, array('$result' => $answer)); - } else { - throw new InternalServerErrorException("unknown error - deleting from database failed"); - } - + if (substr($statushtml, 0, -4) == '
') { + $statushtml = substr($statushtml, -4); } - /** - * @brief update the name of the album for all photos of an album - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_fr_photoalbum_update($type) { - if (api_user() === false) { - throw new ForbiddenException(); - } - // input params - $album = (x($_REQUEST,'album') ? $_REQUEST['album'] : ""); - $album_new = (x($_REQUEST,'album_new') ? $_REQUEST['album_new'] : ""); + // feeds without body should contain the link + if (($item['network'] == NETWORK_FEED) && (strlen($item['body']) == 0)) { + $statushtml .= bbcode($item['plink']); + } - // we do not allow calls without album string - if ($album == "") { - throw new BadRequestException("no albumname specified"); - } - if ($album_new == "") { - throw new BadRequestException("no new albumname specified"); - } - // check if album is existing - $r = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", - intval(api_user()), - dbesc($album)); - if (!DBM::is_result($r)) { - throw new BadRequestException("album not available"); - } - // now let's update all photos to the albumname - $result = q("UPDATE `photo` SET `album` = '%s' WHERE `uid` = %d AND `album` = '%s'", - dbesc($album_new), - intval(api_user()), - dbesc($album)); + $entities = api_get_entitities($statustext, $body); - // return success of updating or error message - if ($result) { - $answer = array('result' => 'updated', 'message' => 'album `' . $album . '` with all containing photos has been renamed to `' . $album_new . '`.'); - return api_format_data("photoalbum_update", $type, array('$result' => $answer)); - } else { - throw new InternalServerErrorException("unknown error - updating in database failed"); + return array( + "text" => $statustext, + "html" => $statushtml, + "attachments" => $attachments, + "entities" => $entities + ); +} + +function api_get_attachments(&$body) +{ + $text = $body; + $text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $text); + + $URLSearchString = "^\[\]"; + $ret = preg_match_all("/\[img\]([$URLSearchString]*)\[\/img\]/ism", $text, $images); + + if (!$ret) { + return false; + } + + $attachments = array(); + + foreach ($images[1] as $image) { + $imagedata = get_photo_info($image); + + if ($imagedata) { + $attachments[] = array("url" => $image, "mimetype" => $imagedata["mime"], "size" => $imagedata["size"]); } } - - /** - * @brief list all photos of the authenticated user - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_fr_photos_list($type) { - if (api_user() === false) { - throw new ForbiddenException(); + if (strstr($_SERVER['HTTP_USER_AGENT'], "AndStatus")) { + foreach ($images[0] as $orig) { + $body = str_replace($orig, "", $body); } - $r = q("SELECT `resource-id`, MAX(scale) AS `scale`, `album`, `filename`, `type`, MAX(`created`) AS `created`, - MAX(`edited`) AS `edited`, MAX(`desc`) AS `desc` FROM `photo` - WHERE `uid` = %d AND `album` != 'Contact Photos' GROUP BY `resource-id`", - intval(local_user()) - ); - $typetoext = array( - 'image/jpeg' => 'jpg', - 'image/png' => 'png', - 'image/gif' => 'gif' - ); - $data = array('photo'=>array()); - if (DBM::is_result($r)) { - foreach ($r as $rr) { - $photo = array(); - $photo['id'] = $rr['resource-id']; - $photo['album'] = $rr['album']; - $photo['filename'] = $rr['filename']; - $photo['type'] = $rr['type']; - $thumb = System::baseUrl() . "/photo/" . $rr['resource-id'] . "-" . $rr['scale'] . "." . $typetoext[$rr['type']]; - $photo['created'] = $rr['created']; - $photo['edited'] = $rr['edited']; - $photo['desc'] = $rr['desc']; + } - if ($type == "xml") { - $data['photo'][] = array("@attributes" => $photo, "1" => $thumb); + return $attachments; +} + +function api_get_entitities(&$text, $bbcode) +{ + /* + To-Do: + * Links at the first character of the post + */ + + $a = get_app(); + + $include_entities = strtolower(x($_REQUEST, 'include_entities') ? $_REQUEST['include_entities'] : "false"); + + if ($include_entities != "true") { + preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); + + foreach ($images[1] as $image) { + $replace = proxy_url($image); + $text = str_replace($image, $replace, $text); + } + return array(); + } + + $bbcode = bb_CleanPictureLinks($bbcode); + + // Change pure links in text to bbcode uris + $bbcode = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1[url=$2]$2[/url]', $bbcode); + + $entities = array(); + $entities["hashtags"] = array(); + $entities["symbols"] = array(); + $entities["urls"] = array(); + $entities["user_mentions"] = array(); + + $URLSearchString = "^\[\]"; + + $bbcode = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '#$2', $bbcode); + + $bbcode = preg_replace("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism", '[url=$1]$2[/url]', $bbcode); + //$bbcode = preg_replace("/\[url\](.*?)\[\/url\]/ism",'[url=$1]$1[/url]',$bbcode); + $bbcode = preg_replace("/\[video\](.*?)\[\/video\]/ism", '[url=$1]$1[/url]', $bbcode); + + $bbcode = preg_replace( + "/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", + '[url=https://www.youtube.com/watch?v=$1]https://www.youtube.com/watch?v=$1[/url]', + $bbcode + ); + $bbcode = preg_replace("/\[youtube\](.*?)\[\/youtube\]/ism", '[url=$1]$1[/url]', $bbcode); + + $bbcode = preg_replace( + "/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", + '[url=https://vimeo.com/$1]https://vimeo.com/$1[/url]', + $bbcode + ); + $bbcode = preg_replace("/\[vimeo\](.*?)\[\/vimeo\]/ism", '[url=$1]$1[/url]', $bbcode); + + $bbcode = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $bbcode); + + //preg_match_all("/\[url\]([$URLSearchString]*)\[\/url\]/ism", $bbcode, $urls1); + preg_match_all("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", $bbcode, $urls); + + $ordered_urls = array(); + foreach ($urls[1] as $id => $url) { + //$start = strpos($text, $url, $offset); + $start = iconv_strpos($text, $url, 0, "UTF-8"); + if (!($start === false)) { + $ordered_urls[$start] = array("url" => $url, "title" => $urls[2][$id]); + } + } + + ksort($ordered_urls); + + $offset = 0; + //foreach ($urls[1] AS $id=>$url) { + foreach ($ordered_urls as $url) { + if ((substr($url["title"], 0, 7) != "http://") && (substr($url["title"], 0, 8) != "https://") + && !strpos($url["title"], "http://") && !strpos($url["title"], "https://") + ) + $display_url = $url["title"]; + else { + $display_url = str_replace(array("http://www.", "https://www."), array("", ""), $url["url"]); + $display_url = str_replace(array("http://", "https://"), array("", ""), $display_url); + + if (strlen($display_url) > 26) + $display_url = substr($display_url, 0, 25)."…"; + } + + //$start = strpos($text, $url, $offset); + $start = iconv_strpos($text, $url["url"], $offset, "UTF-8"); + if (!($start === false)) { + $entities["urls"][] = array("url" => $url["url"], + "expanded_url" => $url["url"], + "display_url" => $display_url, + "indices" => array($start, $start+strlen($url["url"]))); + $offset = $start + 1; + } + } + + preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); + $ordered_images = array(); + foreach ($images[1] as $image) { + //$start = strpos($text, $url, $offset); + $start = iconv_strpos($text, $image, 0, "UTF-8"); + if (!($start === false)) + $ordered_images[$start] = $image; + } + //$entities["media"] = array(); + $offset = 0; + + foreach ($ordered_images as $url) { + $display_url = str_replace(array("http://www.", "https://www."), array("", ""), $url); + $display_url = str_replace(array("http://", "https://"), array("", ""), $display_url); + + if (strlen($display_url) > 26) + $display_url = substr($display_url, 0, 25)."…"; + + $start = iconv_strpos($text, $url, $offset, "UTF-8"); + if (!($start === false)) { + $image = get_photo_info($url); + if ($image) { + // If image cache is activated, then use the following sizes: + // thumb (150), small (340), medium (600) and large (1024) + if (!Config::get("system", "proxy_disabled")) { + $media_url = proxy_url($url); + + $sizes = array(); + $scale = scale_image($image[0], $image[1], 150); + $sizes["thumb"] = array("w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"); + + if (($image[0] > 150) || ($image[1] > 150)) { + $scale = scale_image($image[0], $image[1], 340); + $sizes["small"] = array("w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"); + } + + $scale = scale_image($image[0], $image[1], 600); + $sizes["medium"] = array("w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"); + + if (($image[0] > 600) || ($image[1] > 600)) { + $scale = scale_image($image[0], $image[1], 1024); + $sizes["large"] = array("w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"); + } } else { - $photo['thumb'] = $thumb; - $data['photo'][] = $photo; + $media_url = $url; + $sizes["medium"] = array("w" => $image[0], "h" => $image[1], "resize" => "fit"); } + + $entities["media"][] = array( + "id" => $start+1, + "id_str" => (string)$start+1, + "indices" => array($start, $start+strlen($url)), + "media_url" => normalise_link($media_url), + "media_url_https" => $media_url, + "url" => $url, + "display_url" => $display_url, + "expanded_url" => $url, + "type" => "photo", + "sizes" => $sizes); } + $offset = $start + 1; } - return api_format_data("photos", $type, $data); } - /** - * @brief upload a new photo or change an existing photo - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_fr_photo_create_update($type) { - if (api_user() === false) { - throw new ForbiddenException(); + return $entities; +} +function api_format_items_embeded_images(&$item, $text) +{ + $text = preg_replace_callback( + "|data:image/([^;]+)[^=]+=*|m", + function ($match) use ($item) { + return System::baseUrl()."/display/".$item['guid']; + }, + $text + ); + return $text; +} + + +/** + * @brief return name as array + * + * @param string $txt text + * @return array + * name => 'name' + * 'url => 'url' + */ +function api_contactlink_to_array($txt) +{ + $match = array(); + $r = preg_match_all('|([^<]*)|', $txt, $match); + if ($r && count($match)==3) { + $res = array( + 'name' => $match[2], + 'url' => $match[1] + ); + } else { + $res = array( + 'name' => $text, + 'url' => "" + ); + } + return $res; +} + + +/** + * @brief return likes, dislikes and attend status for item + * + * @param array $item array + * @return array + * likes => int count + * dislikes => int count + */ +function api_format_items_activities(&$item, $type = "json") +{ + $a = get_app(); + + $activities = array( + 'like' => array(), + 'dislike' => array(), + 'attendyes' => array(), + 'attendno' => array(), + 'attendmaybe' => array(), + ); + + $items = q( + 'SELECT * FROM item + WHERE uid=%d AND `thr-parent`="%s" AND visible AND NOT deleted', + intval($item['uid']), + dbesc($item['uri']) + ); + + foreach ($items as $i) { + // not used as result should be structured like other user data + //builtin_activity_puller($i, $activities); + + // get user data and add it to the array of the activity + $user = api_get_user($a, $i['author-link']); + switch ($i['verb']) { + case ACTIVITY_LIKE: + $activities['like'][] = $user; + break; + case ACTIVITY_DISLIKE: + $activities['dislike'][] = $user; + break; + case ACTIVITY_ATTEND: + $activities['attendyes'][] = $user; + break; + case ACTIVITY_ATTENDNO: + $activities['attendno'][] = $user; + break; + case ACTIVITY_ATTENDMAYBE: + $activities['attendmaybe'][] = $user; + break; + default: + break; } - // input params - $photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null); - $desc = (x($_REQUEST, 'desc') ? $_REQUEST['desc'] : (array_key_exists('desc', $_REQUEST) ? "" : null)); // extra check necessary to distinguish between 'not provided' and 'empty string' - $album = (x($_REQUEST,'album') ? $_REQUEST['album'] : null); - $album_new = (x($_REQUEST,'album_new') ? $_REQUEST['album_new'] : null); - $allow_cid = (x($_REQUEST, 'allow_cid') ? $_REQUEST['allow_cid'] : (array_key_exists('allow_cid', $_REQUEST) ? " " : null)); - $deny_cid = (x($_REQUEST, 'deny_cid') ? $_REQUEST['deny_cid'] : (array_key_exists('deny_cid', $_REQUEST) ? " " : null)); - $allow_gid = (x($_REQUEST, 'allow_gid') ? $_REQUEST['allow_gid'] : (array_key_exists('allow_gid', $_REQUEST) ? " " : null)); - $deny_gid = (x($_REQUEST, 'deny_gid') ? $_REQUEST['deny_gid'] : (array_key_exists('deny_gid', $_REQUEST) ? " " : null)); - $visibility = (x($_REQUEST, 'visibility') ? (($_REQUEST['visibility'] == "true" || $_REQUEST['visibility'] == 1) ? true : false) : false); + } - // do several checks on input parameters - // we do not allow calls without album string - if ($album == null) { - throw new BadRequestException("no albumname specified"); + if ($type == "xml") { + $xml_activities = array(); + foreach ($activities as $k => $v) { + // change xml element from "like" to "friendica:like" + $xml_activities["friendica:".$k] = $v; + // add user data into xml output + $k_user = 0; + foreach ($v as $user) + $xml_activities["friendica:".$k][$k_user++.":user"] = $user; } - // if photo_id == null --> we are uploading a new photo - if ($photo_id == null) { - $mode = "create"; + $activities = $xml_activities; + } - // error if no media posted in create-mode - if (!x($_FILES,'media')) { - // Output error - throw new BadRequestException("no media data submitted"); - } + return $activities; +} - // album_new will be ignored in create-mode - $album_new = ""; + +/** + * @brief return data from profiles + * + * @param array $profile array containing data from db table 'profile' + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return array + */ +function api_format_items_profiles(&$profile = null, $type = "json") +{ + if ($profile != null) { + $profile = array('profile_id' => $profile['id'], + 'profile_name' => $profile['profile-name'], + 'is_default' => $profile['is-default'] ? true : false, + 'hide_friends'=> $profile['hide-friends'] ? true : false, + 'profile_photo' => $profile['photo'], + 'profile_thumb' => $profile['thumb'], + 'publish' => $profile['publish'] ? true : false, + 'net_publish' => $profile['net-publish'] ? true : false, + 'description' => $profile['pdesc'], + 'date_of_birth' => $profile['dob'], + 'address' => $profile['address'], + 'city' => $profile['locality'], + 'region' => $profile['region'], + 'postal_code' => $profile['postal-code'], + 'country' => $profile['country-name'], + 'hometown' => $profile['hometown'], + 'gender' => $profile['gender'], + 'marital' => $profile['marital'], + 'marital_with' => $profile['with'], + 'marital_since' => $profile['howlong'], + 'sexual' => $profile['sexual'], + 'politic' => $profile['politic'], + 'religion' => $profile['religion'], + 'public_keywords' => $profile['pub_keywords'], + 'private_keywords' => $profile['prv_keywords'], + 'likes' => bbcode(api_clean_plain_items($profile['likes']), false, false, 2, false), + 'dislikes' => bbcode(api_clean_plain_items($profile['dislikes']), false, false, 2, false), + 'about' => bbcode(api_clean_plain_items($profile['about']), false, false, 2, false), + 'music' => bbcode(api_clean_plain_items($profile['music']), false, false, 2, false), + 'book' => bbcode(api_clean_plain_items($profile['book']), false, false, 2, false), + 'tv' => bbcode(api_clean_plain_items($profile['tv']), false, false, 2, false), + 'film' => bbcode(api_clean_plain_items($profile['film']), false, false, 2, false), + 'interest' => bbcode(api_clean_plain_items($profile['interest']), false, false, 2, false), + 'romance' => bbcode(api_clean_plain_items($profile['romance']), false, false, 2, false), + 'work' => bbcode(api_clean_plain_items($profile['work']), false, false, 2, false), + 'education' => bbcode(api_clean_plain_items($profile['education']), false, false, 2, false), + 'social_networks' => bbcode(api_clean_plain_items($profile['contact']), false, false, 2, false), + 'homepage' => $profile['homepage'], + 'users' => null); + return $profile; + } +} + +/** + * @brief format items to be returned by api + * + * @param array $r array of items + * @param array $user_info + * @param bool $filter_user filter items by $user_info + */ +function api_format_items($r, $user_info, $filter_user = false, $type = "json") +{ + $a = get_app(); + + $ret = array(); + + foreach ($r as $item) { + localize_item($item); + list($status_user, $owner_user) = api_item_get_user($a, $item); + + // Look if the posts are matching if they should be filtered by user id + if ($filter_user && ($status_user["id"] != $user_info["id"])) { + continue; + } + + $in_reply_to = api_in_reply_to($item); + + $converted = api_convert_item($item); + + if ($type == "xml") { + $geo = "georss:point"; } else { - $mode = "update"; - - // check if photo is existing in database - $r = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'", - intval(api_user()), - dbesc($photo_id), - dbesc($album)); - if (!DBM::is_result($r)) { - throw new BadRequestException("photo not available"); - } + $geo = "geo"; } - // checks on acl strings provided by clients - $acl_input_error = false; - $acl_input_error |= check_acl_input($allow_cid); - $acl_input_error |= check_acl_input($deny_cid); - $acl_input_error |= check_acl_input($allow_gid); - $acl_input_error |= check_acl_input($deny_gid); - if ($acl_input_error) { - throw new BadRequestException("acl data invalid"); - } - // now let's upload the new media in create-mode - if ($mode == "create") { - $media = $_FILES['media']; - $data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, $visibility); + $status = array( + 'text' => $converted["text"], + 'truncated' => false, + 'created_at'=> api_date($item['created']), + 'in_reply_to_status_id' => $in_reply_to['status_id'], + 'in_reply_to_status_id_str' => $in_reply_to['status_id_str'], + 'source' => (($item['app']) ? $item['app'] : 'web'), + 'id' => intval($item['id']), + 'id_str' => (string) intval($item['id']), + 'in_reply_to_user_id' => $in_reply_to['user_id'], + 'in_reply_to_user_id_str' => $in_reply_to['user_id_str'], + 'in_reply_to_screen_name' => $in_reply_to['screen_name'], + $geo => null, + 'favorited' => $item['starred'] ? true : false, + 'user' => $status_user , + 'friendica_owner' => $owner_user, + //'entities' => NULL, + 'statusnet_html' => $converted["html"], + 'statusnet_conversation_id' => $item['parent'], + 'friendica_activities' => api_format_items_activities($item, $type), + ); - // return success of updating or error message - if (!is_null($data)) { - return api_format_data("photo_create", $type, $data); - } else { - throw new InternalServerErrorException("unknown error - uploading photo failed, see Friendica log for more information"); - } + if (count($converted["attachments"]) > 0) { + $status["attachments"] = $converted["attachments"]; } - // now let's do the changes in update-mode - if ($mode == "update") { - $sql_extra = ""; + if (count($converted["entities"]) > 0) { + $status["entities"] = $converted["entities"]; + } - if (!is_null($desc)) { - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`desc` = '$desc'"; - } + if (($item['item_network'] != "") && ($status["source"] == 'web')) { + $status["source"] = network_to_name($item['item_network'], $user_info['url']); + } elseif (($item['item_network'] != "") && (network_to_name($item['item_network'], $user_info['url']) != $status["source"])) { + $status["source"] = trim($status["source"].' ('.network_to_name($item['item_network'], $user_info['url']).')'); + } - if (!is_null($album_new)) { - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`album` = '$album_new'"; - } - if (!is_null($allow_cid)) { - $allow_cid = trim($allow_cid); - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_cid` = '$allow_cid'"; - } + // Retweets are only valid for top postings + // It doesn't work reliable with the link if its a feed + //$IsRetweet = ($item['owner-link'] != $item['author-link']); + //if ($IsRetweet) + // $IsRetweet = (($item['owner-name'] != $item['author-name']) || ($item['owner-avatar'] != $item['author-avatar'])); - if (!is_null($deny_cid)) { - $deny_cid = trim($deny_cid); - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_cid` = '$deny_cid'"; - } - if (!is_null($allow_gid)) { - $allow_gid = trim($allow_gid); - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_gid` = '$allow_gid'"; - } - - if (!is_null($deny_gid)) { - $deny_gid = trim($deny_gid); - $sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_gid` = '$deny_gid'"; - } - - $result = false; - if ($sql_extra != "") { - $nothingtodo = false; - $result = q("UPDATE `photo` SET %s, `edited`='%s' WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'", - $sql_extra, - datetime_convert(), // update edited timestamp - intval(api_user()), - dbesc($photo_id), - dbesc($album)); - } else { - $nothingtodo = true; - } - - if (x($_FILES,'media')) { - $nothingtodo = false; - $media = $_FILES['media']; - $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, 0, $visibility, $photo_id); - if (!is_null($data)) { - return api_format_data("photo_update", $type, $data); + if ($item["id"] == $item["parent"]) { + $retweeted_item = api_share_as_retweet($item); + if ($retweeted_item !== false) { + $retweeted_status = $status; + try { + $retweeted_status["user"] = api_get_user($a, $retweeted_item["author-link"]); + } catch (BadRequestException $e) { + // user not found. should be found? + /// @todo check if the user should be always found + $retweeted_status["user"] = array(); } - } - // return success of updating or error message - if ($result) { - $answer = array('result' => 'updated', 'message' => 'Image id `' . $photo_id . '` has been updated.'); - return api_format_data("photo_update", $type, array('$result' => $answer)); - } else { - if ($nothingtodo) { - $answer = array('result' => 'cancelled', 'message' => 'Nothing to update for image id `' . $photo_id . '`.'); - return api_format_data("photo_update", $type, array('$result' => $answer)); - } - throw new InternalServerErrorException("unknown error - update photo entry in database failed"); + $rt_converted = api_convert_item($retweeted_item); + + $retweeted_status['text'] = $rt_converted["text"]; + $retweeted_status['statusnet_html'] = $rt_converted["html"]; + $retweeted_status['friendica_activities'] = api_format_items_activities($retweeted_item, $type); + $retweeted_status['created_at'] = api_date($retweeted_item['created']); + $status['retweeted_status'] = $retweeted_status; } } - throw new InternalServerErrorException("unknown error - this error on uploading or updating a photo should never happen"); - } + // "uid" and "self" are only needed for some internal stuff, so remove it from here + unset($status["user"]["uid"]); + unset($status["user"]["self"]); - /** - * @brief delete a single photo from the database through api - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_fr_photo_delete($type) { - if (api_user() === false) { - throw new ForbiddenException(); + if ($item["coord"] != "") { + $coords = explode(' ', $item["coord"]); + if (count($coords) == 2) { + if ($type == "json") + $status["geo"] = array('type' => 'Point', + 'coordinates' => array((float) $coords[0], + (float) $coords[1])); + else // Not sure if this is the official format - if someone founds a documentation we can check + $status["georss:point"] = $item["coord"]; + } } - // input params - $photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null); + $ret[] = $status; + }; + return $ret; +} - // do several checks on input parameters - // we do not allow calls without photo id - if ($photo_id == null) { - throw new BadRequestException("no photo_id specified"); - } - // check if photo is existing in database - $r = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", - intval(api_user()), - dbesc($photo_id) +function api_account_rate_limit_status($type) +{ + if ($type == "xml") { + $hash = array( + 'remaining-hits' => '150', + '@attributes' => array("type" => "integer"), + 'hourly-limit' => '150', + '@attributes2' => array("type" => "integer"), + 'reset-time' => datetime_convert('UTC', 'UTC', 'now + 1 hour', ATOM_TIME), + '@attributes3' => array("type" => "datetime"), + 'reset_time_in_seconds' => strtotime('now + 1 hour'), + '@attributes4' => array("type" => "integer"), ); - if (!DBM::is_result($r)) { - throw new BadRequestException("photo not available"); + } else { + $hash = array( + 'reset_time_in_seconds' => strtotime('now + 1 hour'), + 'remaining_hits' => '150', + 'hourly_limit' => '150', + 'reset_time' => api_date(datetime_convert('UTC', 'UTC', 'now + 1 hour', ATOM_TIME)), + ); + } + + return api_format_data('hash', $type, array('hash' => $hash)); +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/account/rate_limit_status', 'api_account_rate_limit_status', true); + +function api_help_test($type) +{ + if ($type == 'xml') { + $ok = "true"; + } else { + $ok = "ok"; + } + + return api_format_data('ok', $type, array("ok" => $ok)); +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/help/test', 'api_help_test', false); + +function api_lists($type) +{ + $ret = array(); + /// @TODO $ret is not filled here? + return api_format_data('lists', $type, array("lists_list" => $ret)); +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/lists', 'api_lists', true); + +function api_lists_list($type) +{ + $ret = array(); + /// @TODO $ret is not filled here? + return api_format_data('lists', $type, array("lists_list" => $ret)); +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/lists/list', 'api_lists_list', true); + +/** + * https://dev.twitter.com/docs/api/1/get/statuses/friends + * This function is deprecated by Twitter + * returns: json, xml + */ +function api_statuses_f($type, $qtype) +{ + $a = get_app(); + + if (api_user() === false) { + throw new ForbiddenException(); + } + + $user_info = api_get_user($a); + + if (x($_GET, 'cursor') && $_GET['cursor']=='undefined') { + /* this is to stop Hotot to load friends multiple times + * I'm not sure if I'm missing return something or + * is a bug in hotot. Workaround, meantime + */ + + /*$ret=Array(); + return array('$users' => $ret);*/ + return false; + } + + if ($qtype == 'friends') { + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + } + if ($qtype == 'followers') { + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + } + + // friends and followers only for self + if ($user_info['self'] == 0) { + $sql_extra = " AND false "; + } + + $r = q( + "SELECT `nurl` FROM `contact` WHERE `uid` = %d AND NOT `self` AND (NOT `blocked` OR `pending`) $sql_extra ORDER BY `nick`", + intval(api_user()) + ); + + $ret = array(); + foreach ($r as $cid) { + $user = api_get_user($a, $cid['nurl']); + // "uid" and "self" are only needed for some internal stuff, so remove it from here + unset($user["uid"]); + unset($user["self"]); + + if ($user) { + $ret[] = $user; } - // now we can perform on the deletion of the photo - $result = q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", - intval(api_user()), - dbesc($photo_id)); + } - // return success of deletion or error message - if ($result) { - // retrieve the id of the parent element (the photo element) - $photo_item = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", - intval(local_user()), - dbesc($photo_id) - ); + return array('user' => $ret); - if (!DBM::is_result($photo_item)) { - throw new InternalServerErrorException("problem with deleting items occured"); - } - // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore - // to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion) - drop_item($photo_item[0]['id'], false); +} - $answer = array('result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.'); - return api_format_data("photo_delete", $type, array('$result' => $answer)); +function api_statuses_friends($type) +{ + $data = api_statuses_f($type, "friends"); + if ($data === false) { + return false; + } + return api_format_data("users", $type, $data); +} + +function api_statuses_followers($type) +{ + $data = api_statuses_f($type, "followers"); + if ($data === false) { + return false; + } + return api_format_data("users", $type, $data); +} + +/// @TODO move to top of file or somewhere better +api_register_func('api/statuses/friends', 'api_statuses_friends', true); +api_register_func('api/statuses/followers', 'api_statuses_followers', true); + +function api_statusnet_config($type) +{ + $a = get_app(); + + $name = $a->config['sitename']; + $server = $a->get_hostname(); + $logo = System::baseUrl() . '/images/friendica-64.png'; + $email = $a->config['admin_email']; + $closed = (($a->config['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false'); + $private = ((Config::get('system', 'block_public')) ? 'true' : 'false'); + $textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000); + if ($a->config['api_import_size']) { + $texlimit = string($a->config['api_import_size']); + } + $ssl = ((Config::get('system', 'have_ssl')) ? 'true' : 'false'); + $sslserver = (($ssl === 'true') ? str_replace('http:', 'https:', System::baseUrl()) : ''); + + $config = array( + 'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '', + 'logo' => $logo, 'fancy' => true, 'language' => 'en', 'email' => $email, 'broughtby' => '', + 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => false, + 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, + 'shorturllength' => '30', + 'friendica' => array( + 'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM, + 'FRIENDICA_VERSION' => FRIENDICA_VERSION, + 'DFRN_PROTOCOL_VERSION' => DFRN_PROTOCOL_VERSION, + 'DB_UPDATE_VERSION' => DB_UPDATE_VERSION + ) + ), + ); + + return api_format_data('config', $type, array('config' => $config)); +} + +/// @TODO move to top of file or somewhere better +api_register_func('api/gnusocial/config', 'api_statusnet_config', false); +api_register_func('api/statusnet/config', 'api_statusnet_config', false); + +function api_statusnet_version($type) +{ + // liar + $fake_statusnet_version = "0.9.7"; + + return api_format_data('version', $type, array('version' => $fake_statusnet_version)); +} + +/// @TODO move to top of file or somewhere better +api_register_func('api/gnusocial/version', 'api_statusnet_version', false); +api_register_func('api/statusnet/version', 'api_statusnet_version', false); + +/** + * @todo use api_format_data() to return data + */ +function api_ff_ids($type,$qtype) +{ + $a = get_app(); + + if (! api_user()) { + throw new ForbiddenException(); + } + + $user_info = api_get_user($a); + + if ($qtype == 'friends') { + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND)); + } + if ($qtype == 'followers') { + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND)); + } + + if (!$user_info["self"]) { + $sql_extra = " AND false "; + } + + $stringify_ids = (x($_REQUEST, 'stringify_ids') ? $_REQUEST['stringify_ids'] : false); + + $r = q( + "SELECT `pcontact`.`id` FROM `contact` + INNER JOIN `contact` AS `pcontact` ON `contact`.`nurl` = `pcontact`.`nurl` AND `pcontact`.`uid` = 0 + WHERE `contact`.`uid` = %s AND NOT `contact`.`self`", + intval(api_user()) + ); + + if (!DBM::is_result($r)) { + return; + } + + $ids = array(); + foreach ($r as $rr) { + if ($stringify_ids) { + $ids[] = $rr['id']; } else { - throw new InternalServerErrorException("unknown error on deleting photo from database table"); + $ids[] = intval($rr['id']); } } + return api_format_data("ids", $type, array('id' => $ids)); +} - /** - * @brief returns the details of a specified photo id, if scale is given, returns the photo data in base 64 - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_fr_photo_detail($type) { - if (api_user() === false) { - throw new ForbiddenException(); +function api_friends_ids($type) +{ + return api_ff_ids($type, 'friends'); +} + +function api_followers_ids($type) +{ + return api_ff_ids($type, 'followers'); +} + +/// @TODO move to top of file or somewhere better +api_register_func('api/friends/ids', 'api_friends_ids', true); +api_register_func('api/followers/ids', 'api_followers_ids', true); + +function api_direct_messages_new($type) +{ + + $a = get_app(); + + if (api_user() === false) throw new ForbiddenException(); + + if (!x($_POST, "text") || (!x($_POST, "screen_name") && !x($_POST, "user_id"))) return; + + $sender = api_get_user($a); + + if ($_POST['screen_name']) { + $r = q( + "SELECT `id`, `nurl`, `network` FROM `contact` WHERE `uid`=%d AND `nick`='%s'", + intval(api_user()), + dbesc($_POST['screen_name']) + ); + + // Selecting the id by priority, friendica first + api_best_nickname($r); + + $recipient = api_get_user($a, $r[0]['nurl']); + } else { + $recipient = api_get_user($a, $_POST['user_id']); + } + + $replyto = ''; + $sub = ''; + if (x($_REQUEST, 'replyto')) { + $r = q( + 'SELECT `parent-uri`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d', + intval(api_user()), + intval($_REQUEST['replyto']) + ); + $replyto = $r[0]['parent-uri']; + $sub = $r[0]['title']; + } else { + if (x($_REQUEST, 'title')) { + $sub = $_REQUEST['title']; + } else { + $sub = ((strlen($_POST['text'])>10) ? substr($_POST['text'], 0, 10)."...":$_POST['text']); } - if (!x($_REQUEST, 'photo_id')) { - throw new BadRequestException("No photo id."); + } + + $id = send_message($recipient['cid'], $_POST['text'], $sub, $replyto); + + if ($id > -1) { + $r = q("SELECT * FROM `mail` WHERE id=%d", intval($id)); + $ret = api_format_messages($r[0], $recipient, $sender); + } else { + $ret = array("error"=>$id); + } + + $data = array('direct_message'=>$ret); + + switch ($type) { + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } + + return api_format_data("direct-messages", $type, $data); + +} + +/// @TODO move to top of file or somewhere better +api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, API_METHOD_POST); + +/** + * @brief delete a direct_message from mail table through api + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_direct_messages_destroy($type) +{ + $a = get_app(); + + if (api_user() === false) { + throw new ForbiddenException(); + } + + // params + $user_info = api_get_user($a); + //required + $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); + // optional + $parenturi = (x($_REQUEST, 'friendica_parenturi') ? $_REQUEST['friendica_parenturi'] : ""); + $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + /// @todo optional parameter 'include_entities' from Twitter API not yet implemented + + $uid = $user_info['uid']; + // error if no id or parenturi specified (for clients posting parent-uri as well) + if ($verbose == "true" && ($id == 0 || $parenturi == "")) { + $answer = array('result' => 'error', 'message' => 'message id or parenturi not specified'); + return api_format_data("direct_messages_delete", $type, array('$result' => $answer)); + } + + // BadRequestException if no id specified (for clients using Twitter API) + if ($id == 0) { + throw new BadRequestException('Message id not specified'); + } + + // add parent-uri to sql command if specified by calling app + $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . dbesc($parenturi) . "'" : ""); + + // get data of the specified message id + $r = q( + "SELECT `id` FROM `mail` WHERE `uid` = %d AND `id` = %d" . $sql_extra, + intval($uid), + intval($id) + ); + + // error message if specified id is not in database + if (!DBM::is_result($r)) { + if ($verbose == "true") { + $answer = array('result' => 'error', 'message' => 'message id not in database'); + return api_format_data("direct_messages_delete", $type, array('$result' => $answer)); + } + /// @todo BadRequestException ok for Twitter API clients? + throw new BadRequestException('message id not in database'); + } + + // delete message + $result = q( + "DELETE FROM `mail` WHERE `uid` = %d AND `id` = %d" . $sql_extra, + intval($uid), + intval($id) + ); + + if ($verbose == "true") { + if ($result) { + // return success + $answer = array('result' => 'ok', 'message' => 'message deleted'); + return api_format_data("direct_message_delete", $type, array('$result' => $answer)); + } else { + $answer = array('result' => 'error', 'message' => 'unknown error'); + return api_format_data("direct_messages_delete", $type, array('$result' => $answer)); + } + } + /// @todo return JSON data like Twitter API not yet implemented + +} + +/// @TODO move to top of file or somewhere better +api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', true, API_METHOD_DELETE); + +function api_direct_messages_box($type, $box, $verbose) +{ + $a = get_app(); + + if (api_user() === false) { + throw new ForbiddenException(); + } + + // params + $count = (x($_GET, 'count') ? $_GET['count'] : 20); + $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0); + if ($page < 0) { + $page = 0; + } + + $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0); + $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0); + + $user_id = (x($_REQUEST, 'user_id') ? $_REQUEST['user_id'] : ""); + $screen_name = (x($_REQUEST, 'screen_name') ? $_REQUEST['screen_name'] : ""); + + // caller user info + unset($_REQUEST["user_id"]); + unset($_GET["user_id"]); + + unset($_REQUEST["screen_name"]); + unset($_GET["screen_name"]); + + $user_info = api_get_user($a); + $profile_url = $user_info["url"]; + + // pagination + $start = $page * $count; + + // filters + if ($box=="sentbox") { + $sql_extra = "`mail`.`from-url`='" . dbesc($profile_url) . "'"; + } elseif ($box == "conversation") { + $sql_extra = "`mail`.`parent-uri`='" . dbesc($_GET["uri"]) . "'"; + } elseif ($box == "all") { + $sql_extra = "true"; + } elseif ($box == "inbox") { + $sql_extra = "`mail`.`from-url`!='" . dbesc($profile_url) . "'"; + } + + if ($max_id > 0) { + $sql_extra .= ' AND `mail`.`id` <= ' . intval($max_id); + } + + if ($user_id != "") { + $sql_extra .= ' AND `mail`.`contact-id` = ' . intval($user_id); + } elseif ($screen_name !="") { + $sql_extra .= " AND `contact`.`nick` = '" . dbesc($screen_name). "'"; + } + + $r = q( + "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND $sql_extra AND `mail`.`id` > %d ORDER BY `mail`.`id` DESC LIMIT %d,%d", + intval(api_user()), + intval($since_id), + intval($start), + intval($count) + ); + if ($verbose == "true" && !DBM::is_result($r)) { + $answer = array('result' => 'error', 'message' => 'no mails available'); + return api_format_data("direct_messages_all", $type, array('$result' => $answer)); + } + + $ret = array(); + foreach ($r as $item) { + if ($box == "inbox" || $item['from-url'] != $profile_url) { + $recipient = $user_info; + $sender = api_get_user($a, normalise_link($item['contact-url'])); + } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { + $recipient = api_get_user($a, normalise_link($item['contact-url'])); + $sender = $user_info; } - $scale = (x($_REQUEST, 'scale') ? intval($_REQUEST['scale']) : false); - $photo_id = $_REQUEST['photo_id']; - - // prepare json/xml output with data from database for the requested photo - $data = prepare_photo_data($type, $scale, $photo_id); - - return api_format_data("photo_detail", $type, $data); + $ret[] = api_format_messages($item, $recipient, $sender); } - /** - * @brief updates the profile image for the user (either a specified profile or the default profile) - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_account_update_profile_image($type) { - if (api_user() === false) { - throw new ForbiddenException(); - } - // input params - $profileid = (x($_REQUEST, 'profile_id') ? $_REQUEST['profile_id'] : 0); + $data = array('direct_message' => $ret); + switch ($type) { + case "atom": + case "rss": + $data = api_rss_extra($a, $data, $user_info); + } - // error if image data is missing - if (!x($_FILES, 'image')) { + return api_format_data("direct-messages", $type, $data); +} + +function api_direct_messages_sentbox($type) +{ + $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + return api_direct_messages_box($type, "sentbox", $verbose); +} + +function api_direct_messages_inbox($type) +{ + $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + return api_direct_messages_box($type, "inbox", $verbose); +} + +function api_direct_messages_all($type) +{ + $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + return api_direct_messages_box($type, "all", $verbose); +} + +function api_direct_messages_conversation($type) +{ + $verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false"); + return api_direct_messages_box($type, "conversation", $verbose); +} + +/// @TODO move to top of file or somewhere better +api_register_func('api/direct_messages/conversation', 'api_direct_messages_conversation', true); +api_register_func('api/direct_messages/all', 'api_direct_messages_all', true); +api_register_func('api/direct_messages/sent', 'api_direct_messages_sentbox', true); +api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); + +function api_oauth_request_token($type) +{ + try { + $oauth = new FKOAuth1(); + $r = $oauth->fetch_request_token(OAuthRequest::from_request()); + } catch (Exception $e) { + echo "error=" . OAuthUtil::urlencode_rfc3986($e->getMessage()); + killme(); + } + echo $r; + killme(); +} + +function api_oauth_access_token($type) +{ + try { + $oauth = new FKOAuth1(); + $r = $oauth->fetch_access_token(OAuthRequest::from_request()); + } catch (Exception $e) { + echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); + killme(); + } + echo $r; + killme(); +} + +/// @TODO move to top of file or somewhere better +api_register_func('api/oauth/request_token', 'api_oauth_request_token', false); +api_register_func('api/oauth/access_token', 'api_oauth_access_token', false); + + +/** + * @brief delete a complete photoalbum with all containing photos from database through api + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_fr_photoalbum_delete($type) +{ + if (api_user() === false) { + throw new ForbiddenException(); + } + // input params + $album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : ""); + + // we do not allow calls without album string + if ($album == "") { + throw new BadRequestException("no albumname specified"); + } + // check if album is existing + $r = q( + "SELECT DISTINCT `resource-id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", + intval(api_user()), + dbesc($album) + ); + if (!DBM::is_result($r)) + throw new BadRequestException("album not available"); + + // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore + // to the user and the contacts of the users (drop_items() performs the federation of the deletion to other networks + foreach ($r as $rr) { + $photo_item = q( + "SELECT `id` FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", + intval(local_user()), + dbesc($rr['resource-id']) + ); + + if (!DBM::is_result($photo_item)) { + throw new InternalServerErrorException("problem with deleting items occured"); + } + drop_item($photo_item[0]['id'], false); + } + + // now let's delete all photos from the album + $result = q( + "DELETE FROM `photo` WHERE `uid` = %d AND `album` = '%s'", + intval(api_user()), + dbesc($album) + ); + + // return success of deletion or error message + if ($result) { + $answer = array('result' => 'deleted', 'message' => 'album `' . $album . '` with all containing photos has been deleted.'); + return api_format_data("photoalbum_delete", $type, array('$result' => $answer)); + } else { + throw new InternalServerErrorException("unknown error - deleting from database failed"); + } +} + +/** + * @brief update the name of the album for all photos of an album + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_fr_photoalbum_update($type) +{ + if (api_user() === false) { + throw new ForbiddenException(); + } + // input params + $album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : ""); + $album_new = (x($_REQUEST, 'album_new') ? $_REQUEST['album_new'] : ""); + + // we do not allow calls without album string + if ($album == "") { + throw new BadRequestException("no albumname specified"); + } + if ($album_new == "") { + throw new BadRequestException("no new albumname specified"); + } + // check if album is existing + $r = q( + "SELECT `id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", + intval(api_user()), + dbesc($album) + ); + if (!DBM::is_result($r)) { + throw new BadRequestException("album not available"); + } + // now let's update all photos to the albumname + $result = q( + "UPDATE `photo` SET `album` = '%s' WHERE `uid` = %d AND `album` = '%s'", + dbesc($album_new), + intval(api_user()), + dbesc($album) + ); + + // return success of updating or error message + if ($result) { + $answer = array('result' => 'updated', 'message' => 'album `' . $album . '` with all containing photos has been renamed to `' . $album_new . '`.'); + return api_format_data("photoalbum_update", $type, array('$result' => $answer)); + } else { + throw new InternalServerErrorException("unknown error - updating in database failed"); + } +} + + +/** + * @brief list all photos of the authenticated user + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_fr_photos_list($type) +{ + if (api_user() === false) { + throw new ForbiddenException(); + } + $r = q( + "SELECT `resource-id`, MAX(scale) AS `scale`, `album`, `filename`, `type`, MAX(`created`) AS `created`, + MAX(`edited`) AS `edited`, MAX(`desc`) AS `desc` FROM `photo` + WHERE `uid` = %d AND `album` != 'Contact Photos' GROUP BY `resource-id`", + intval(local_user()) + ); + $typetoext = array( + 'image/jpeg' => 'jpg', + 'image/png' => 'png', + 'image/gif' => 'gif' + ); + $data = array('photo'=>array()); + if (DBM::is_result($r)) { + foreach ($r as $rr) { + $photo = array(); + $photo['id'] = $rr['resource-id']; + $photo['album'] = $rr['album']; + $photo['filename'] = $rr['filename']; + $photo['type'] = $rr['type']; + $thumb = System::baseUrl() . "/photo/" . $rr['resource-id'] . "-" . $rr['scale'] . "." . $typetoext[$rr['type']]; + $photo['created'] = $rr['created']; + $photo['edited'] = $rr['edited']; + $photo['desc'] = $rr['desc']; + + if ($type == "xml") { + $data['photo'][] = array("@attributes" => $photo, "1" => $thumb); + } else { + $photo['thumb'] = $thumb; + $data['photo'][] = $photo; + } + } + } + return api_format_data("photos", $type, $data); +} + +/** + * @brief upload a new photo or change an existing photo + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_fr_photo_create_update($type) +{ + if (api_user() === false) { + throw new ForbiddenException(); + } + // input params + $photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null); + $desc = (x($_REQUEST, 'desc') ? $_REQUEST['desc'] : (array_key_exists('desc', $_REQUEST) ? "" : null)); // extra check necessary to distinguish between 'not provided' and 'empty string' + $album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : null); + $album_new = (x($_REQUEST, 'album_new') ? $_REQUEST['album_new'] : null); + $allow_cid = (x($_REQUEST, 'allow_cid') ? $_REQUEST['allow_cid'] : (array_key_exists('allow_cid', $_REQUEST) ? " " : null)); + $deny_cid = (x($_REQUEST, 'deny_cid') ? $_REQUEST['deny_cid'] : (array_key_exists('deny_cid', $_REQUEST) ? " " : null)); + $allow_gid = (x($_REQUEST, 'allow_gid') ? $_REQUEST['allow_gid'] : (array_key_exists('allow_gid', $_REQUEST) ? " " : null)); + $deny_gid = (x($_REQUEST, 'deny_gid') ? $_REQUEST['deny_gid'] : (array_key_exists('deny_gid', $_REQUEST) ? " " : null)); + $visibility = (x($_REQUEST, 'visibility') ? (($_REQUEST['visibility'] == "true" || $_REQUEST['visibility'] == 1) ? true : false) : false); + + // do several checks on input parameters + // we do not allow calls without album string + if ($album == null) { + throw new BadRequestException("no albumname specified"); + } + // if photo_id == null --> we are uploading a new photo + if ($photo_id == null) { + $mode = "create"; + + // error if no media posted in create-mode + if (!x($_FILES, 'media')) { + // Output error throw new BadRequestException("no media data submitted"); } - // check if specified profile id is valid - if ($profileid != 0) { - $r = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `id` = %d", - intval(api_user()), - intval($profileid)); - // error message if specified profile id is not in database - if (!DBM::is_result($r)) { - throw new BadRequestException("profile_id not available"); - } - $is_default_profile = $r['profile']; + // album_new will be ignored in create-mode + $album_new = ""; + } else { + $mode = "update"; + + // check if photo is existing in database + $r = q( + "SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'", + intval(api_user()), + dbesc($photo_id), + dbesc($album) + ); + if (!DBM::is_result($r)) { + throw new BadRequestException("photo not available"); + } + } + + // checks on acl strings provided by clients + $acl_input_error = false; + $acl_input_error |= check_acl_input($allow_cid); + $acl_input_error |= check_acl_input($deny_cid); + $acl_input_error |= check_acl_input($allow_gid); + $acl_input_error |= check_acl_input($deny_gid); + if ($acl_input_error) { + throw new BadRequestException("acl data invalid"); + } + // now let's upload the new media in create-mode + if ($mode == "create") { + $media = $_FILES['media']; + $data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, $visibility); + + // return success of updating or error message + if (!is_null($data)) { + return api_format_data("photo_create", $type, $data); } else { - $is_default_profile = 1; + throw new InternalServerErrorException("unknown error - uploading photo failed, see Friendica log for more information"); + } + } + + // now let's do the changes in update-mode + if ($mode == "update") { + $sql_extra = ""; + + if (!is_null($desc)) { + $sql_extra .= (($sql_extra != "") ? " ," : "") . "`desc` = '$desc'"; } - // get mediadata from image or media (Twitter call api/account/update_profile_image provides image) - $media = null; - if (x($_FILES, 'image')) { - $media = $_FILES['image']; - } elseif (x($_FILES, 'media')) { + if (!is_null($album_new)) { + $sql_extra .= (($sql_extra != "") ? " ," : "") . "`album` = '$album_new'"; + } + + if (!is_null($allow_cid)) { + $allow_cid = trim($allow_cid); + $sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_cid` = '$allow_cid'"; + } + + if (!is_null($deny_cid)) { + $deny_cid = trim($deny_cid); + $sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_cid` = '$deny_cid'"; + } + + if (!is_null($allow_gid)) { + $allow_gid = trim($allow_gid); + $sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_gid` = '$allow_gid'"; + } + + if (!is_null($deny_gid)) { + $deny_gid = trim($deny_gid); + $sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_gid` = '$deny_gid'"; + } + + $result = false; + if ($sql_extra != "") { + $nothingtodo = false; + $result = q( + "UPDATE `photo` SET %s, `edited`='%s' WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'", + $sql_extra, + datetime_convert(), // update edited timestamp + intval(api_user()), + dbesc($photo_id), + dbesc($album) + ); + } else { + $nothingtodo = true; + } + + if (x($_FILES, 'media')) { + $nothingtodo = false; $media = $_FILES['media']; + $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, 0, $visibility, $photo_id); + if (!is_null($data)) { + return api_format_data("photo_update", $type, $data); + } } - // save new profile image - $data = save_media_to_database("profileimage", $media, $type, t('Profile Photos'), "", "", "", "", "", $is_default_profile); - // get filetype + // return success of updating or error message + if ($result) { + $answer = array('result' => 'updated', 'message' => 'Image id `' . $photo_id . '` has been updated.'); + return api_format_data("photo_update", $type, array('$result' => $answer)); + } else { + if ($nothingtodo) { + $answer = array('result' => 'cancelled', 'message' => 'Nothing to update for image id `' . $photo_id . '`.'); + return api_format_data("photo_update", $type, array('$result' => $answer)); + } + throw new InternalServerErrorException("unknown error - update photo entry in database failed"); + } + } + throw new InternalServerErrorException("unknown error - this error on uploading or updating a photo should never happen"); +} + + +/** + * @brief delete a single photo from the database through api + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_fr_photo_delete($type) +{ + if (api_user() === false) { + throw new ForbiddenException(); + } + // input params + $photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null); + + // do several checks on input parameters + // we do not allow calls without photo id + if ($photo_id == null) { + throw new BadRequestException("no photo_id specified"); + } + // check if photo is existing in database + $r = q( + "SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", + intval(api_user()), + dbesc($photo_id) + ); + if (!DBM::is_result($r)) { + throw new BadRequestException("photo not available"); + } + // now we can perform on the deletion of the photo + $result = q( + "DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", + intval(api_user()), + dbesc($photo_id) + ); + + // return success of deletion or error message + if ($result) { + // retrieve the id of the parent element (the photo element) + $photo_item = q( + "SELECT `id` FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", + intval(local_user()), + dbesc($photo_id) + ); + + if (!DBM::is_result($photo_item)) { + throw new InternalServerErrorException("problem with deleting items occured"); + } + // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore + // to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion) + drop_item($photo_item[0]['id'], false); + + $answer = array('result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.'); + return api_format_data("photo_delete", $type, array('$result' => $answer)); + } else { + throw new InternalServerErrorException("unknown error on deleting photo from database table"); + } +} + + +/** + * @brief returns the details of a specified photo id, if scale is given, returns the photo data in base 64 + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_fr_photo_detail($type) +{ + if (api_user() === false) { + throw new ForbiddenException(); + } + if (!x($_REQUEST, 'photo_id')) { + throw new BadRequestException("No photo id."); + } + + $scale = (x($_REQUEST, 'scale') ? intval($_REQUEST['scale']) : false); + $photo_id = $_REQUEST['photo_id']; + + // prepare json/xml output with data from database for the requested photo + $data = prepare_photo_data($type, $scale, $photo_id); + + return api_format_data("photo_detail", $type, $data); +} + + +/** + * @brief updates the profile image for the user (either a specified profile or the default profile) + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_account_update_profile_image($type) +{ + if (api_user() === false) { + throw new ForbiddenException(); + } + // input params + $profileid = (x($_REQUEST, 'profile_id') ? $_REQUEST['profile_id'] : 0); + + // error if image data is missing + if (!x($_FILES, 'image')) { + throw new BadRequestException("no media data submitted"); + } + + // check if specified profile id is valid + if ($profileid != 0) { + $r = q( + "SELECT `id` FROM `profile` WHERE `uid` = %d AND `id` = %d", + intval(api_user()), + intval($profileid) + ); + // error message if specified profile id is not in database + if (!DBM::is_result($r)) { + throw new BadRequestException("profile_id not available"); + } + $is_default_profile = $r['profile']; + } else { + $is_default_profile = 1; + } + + // get mediadata from image or media (Twitter call api/account/update_profile_image provides image) + $media = null; + if (x($_FILES, 'image')) { + $media = $_FILES['image']; + } elseif (x($_FILES, 'media')) { + $media = $_FILES['media']; + } + // save new profile image + $data = save_media_to_database("profileimage", $media, $type, t('Profile Photos'), "", "", "", "", "", $is_default_profile); + + // get filetype + if (is_array($media['type'])) { + $filetype = $media['type'][0]; + } else { + $filetype = $media['type']; + } + if ($filetype == "image/jpeg") { + $fileext = "jpg"; + } elseif ($filetype == "image/png") { + $fileext = "png"; + } + // change specified profile or all profiles to the new resource-id + if ($is_default_profile) { + $r = q( + "UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d", + dbesc($data['photo']['id']), + intval(local_user()) + ); + + $r = q( + "UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `self` AND `uid` = %d", + dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext), + dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext), + dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-6.' . $fileext), + intval(local_user()) + ); + } else { + $r = q( + "UPDATE `profile` SET `photo` = '%s', `thumb` = '%s' WHERE `id` = %d AND `uid` = %d", + dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $filetype), + dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $filetype), + intval($_REQUEST['profile']), + intval(local_user()) + ); + } + + // we'll set the updated profile-photo timestamp even if it isn't the default profile, + // so that browsers will do a cache update unconditionally + + $r = q( + "UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d", + dbesc(datetime_convert()), + intval(local_user()) + ); + + // Update global directory in background + //$user = api_get_user(get_app()); + $url = System::baseUrl() . '/profile/' . get_app()->user['nickname']; + if ($url && strlen(Config::get('system', 'directory'))) { + Worker::add(PRIORITY_LOW, "directory", $url); + } + + Worker::add(PRIORITY_LOW, 'profile_update', api_user()); + + // output for client + if ($data) { + return api_account_verify_credentials($type); + } else { + // SaveMediaToDatabase failed for some reason + throw new InternalServerErrorException("image upload failed"); + } +} + +// place api-register for photoalbum calls before 'api/friendica/photo', otherwise this function is never reached +api_register_func('api/friendica/photoalbum/delete', 'api_fr_photoalbum_delete', true, API_METHOD_DELETE); +api_register_func('api/friendica/photoalbum/update', 'api_fr_photoalbum_update', true, API_METHOD_POST); +api_register_func('api/friendica/photos/list', 'api_fr_photos_list', true); +api_register_func('api/friendica/photo/create', 'api_fr_photo_create_update', true, API_METHOD_POST); +api_register_func('api/friendica/photo/update', 'api_fr_photo_create_update', true, API_METHOD_POST); +api_register_func('api/friendica/photo/delete', 'api_fr_photo_delete', true, API_METHOD_DELETE); +api_register_func('api/friendica/photo', 'api_fr_photo_detail', true); +api_register_func('api/account/update_profile_image', 'api_account_update_profile_image', true, API_METHOD_POST); + + +function check_acl_input($acl_string) +{ + if ($acl_string == null || $acl_string == " ") { + return false; + } + $contact_not_found = false; + + // split into array of cid's + preg_match_all("/<[A-Za-z0-9]+>/", $acl_string, $array); + + // check for each cid if it is available on server + $cid_array = $array[0]; + foreach ($cid_array as $cid) { + $cid = str_replace("<", "", $cid); + $cid = str_replace(">", "", $cid); + $contact = q( + "SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d", + intval($cid), + intval(api_user()) + ); + $contact_not_found |= !DBM::is_result($contact); + } + return $contact_not_found; +} + +function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $profile = 0, $visibility = false, $photo_id = null) +{ + $visitor = 0; + $src = ""; + $filetype = ""; + $filename = ""; + $filesize = 0; + + if (is_array($media)) { + if (is_array($media['tmp_name'])) { + $src = $media['tmp_name'][0]; + } else { + $src = $media['tmp_name']; + } + if (is_array($media['name'])) { + $filename = basename($media['name'][0]); + } else { + $filename = basename($media['name']); + } + if (is_array($media['size'])) { + $filesize = intval($media['size'][0]); + } else { + $filesize = intval($media['size']); + } if (is_array($media['type'])) { $filetype = $media['type'][0]; } else { $filetype = $media['type']; } - if ($filetype == "image/jpeg") { - $fileext = "jpg"; - } elseif ($filetype == "image/png") { - $fileext = "png"; - } - // change specified profile or all profiles to the new resource-id - if ($is_default_profile) { - $r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d", - dbesc($data['photo']['id']), - intval(local_user()) - ); - - $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `self` AND `uid` = %d", - dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext), - dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext), - dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-6.' . $fileext), - intval(local_user()) - ); - } else { - $r = q("UPDATE `profile` SET `photo` = '%s', `thumb` = '%s' WHERE `id` = %d AND `uid` = %d", - dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $filetype), - dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $filetype), - intval($_REQUEST['profile']), - intval(local_user()) - ); - } - - // we'll set the updated profile-photo timestamp even if it isn't the default profile, - // so that browsers will do a cache update unconditionally - - $r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d", - dbesc(datetime_convert()), - intval(local_user()) - ); - - // Update global directory in background - //$user = api_get_user(get_app()); - $url = System::baseUrl() . '/profile/' . get_app()->user['nickname']; - if ($url && strlen(Config::get('system', 'directory'))) { - Worker::add(PRIORITY_LOW, "directory", $url); - } - - Worker::add(PRIORITY_LOW, 'profile_update', api_user()); - - // output for client - if ($data) { - return api_account_verify_credentials($type); - } else { - // SaveMediaToDatabase failed for some reason - throw new InternalServerErrorException("image upload failed"); - } } - // place api-register for photoalbum calls before 'api/friendica/photo', otherwise this function is never reached - api_register_func('api/friendica/photoalbum/delete', 'api_fr_photoalbum_delete', true, API_METHOD_DELETE); - api_register_func('api/friendica/photoalbum/update', 'api_fr_photoalbum_update', true, API_METHOD_POST); - api_register_func('api/friendica/photos/list', 'api_fr_photos_list', true); - api_register_func('api/friendica/photo/create', 'api_fr_photo_create_update', true, API_METHOD_POST); - api_register_func('api/friendica/photo/update', 'api_fr_photo_create_update', true, API_METHOD_POST); - api_register_func('api/friendica/photo/delete', 'api_fr_photo_delete', true, API_METHOD_DELETE); - api_register_func('api/friendica/photo', 'api_fr_photo_detail', true); - api_register_func('api/account/update_profile_image', 'api_account_update_profile_image', true, API_METHOD_POST); + if ($filetype == "") { + $filetype=guess_image_type($filename); + } + $imagedata = getimagesize($src); + if ($imagedata) { + $filetype = $imagedata['mime']; + } + logger( + "File upload src: " . $src . " - filename: " . $filename . + " - size: " . $filesize . " - type: " . $filetype, LOGGER_DEBUG + ); - - function check_acl_input($acl_string) { - if ($acl_string == null || $acl_string == " ") { - return false; - } - $contact_not_found = false; - - // split into array of cid's - preg_match_all("/<[A-Za-z0-9]+>/", $acl_string, $array); - - // check for each cid if it is available on server - $cid_array = $array[0]; - foreach ($cid_array as $cid) { - $cid = str_replace("<", "", $cid); - $cid = str_replace(">", "", $cid); - $contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d", - intval($cid), - intval(api_user())); - $contact_not_found |= !DBM::is_result($contact); - } - return $contact_not_found; + // check if there was a php upload error + if ($filesize == 0 && $media['error'] == 1) { + throw new InternalServerErrorException("image size exceeds PHP config settings, file was rejected by server"); + } + // check against max upload size within Friendica instance + $maximagesize = Config::get('system', 'maximagesize'); + if (($maximagesize) && ($filesize > $maximagesize)) { + $formattedBytes = formatBytes($maximagesize); + throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)"); } - function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $profile = 0, $visibility = false, $photo_id = null) { - $visitor = 0; - $src = ""; - $filetype = ""; - $filename = ""; - $filesize = 0; + // create Photo instance with the data of the image + $imagedata = @file_get_contents($src); + $ph = new Photo($imagedata, $filetype); + if (! $ph->is_valid()) { + throw new InternalServerErrorException("unable to process image data"); + } - if (is_array($media)) { - if (is_array($media['tmp_name'])) { - $src = $media['tmp_name'][0]; - } else { - $src = $media['tmp_name']; - } - if (is_array($media['name'])) { - $filename = basename($media['name'][0]); - } else { - $filename = basename($media['name']); - } - if (is_array($media['size'])) { - $filesize = intval($media['size'][0]); - } else { - $filesize = intval($media['size']); - } - if (is_array($media['type'])) { - $filetype = $media['type'][0]; - } else { - $filetype = $media['type']; - } + // check orientation of image + $ph->orient($src); + @unlink($src); + + // check max length of images on server + $max_length = Config::get('system', 'max_image_length'); + if (! $max_length) { + $max_length = MAX_IMAGE_LENGTH; + } + if ($max_length > 0) { + $ph->scaleImage($max_length); + logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG); + } + $width = $ph->getWidth(); + $height = $ph->getHeight(); + + // create a new resource-id if not already provided + $hash = ($photo_id == null) ? photo_new_resource() : $photo_id; + + if ($mediatype == "photo") { + // upload normal image (scales 0, 1, 2) + logger("photo upload: starting new photo upload", LOGGER_DEBUG); + + $r =$ph->store(local_user(), $visitor, $hash, $filename, $album, 0, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (! $r) { + logger("photo upload: image upload with scale 0 (original size) failed"); } - - if ($filetype == "") { - $filetype=guess_image_type($filename); - } - $imagedata = getimagesize($src); - if ($imagedata) { - $filetype = $imagedata['mime']; - } - logger("File upload src: " . $src . " - filename: " . $filename . - " - size: " . $filesize . " - type: " . $filetype, LOGGER_DEBUG); - - // check if there was a php upload error - if ($filesize == 0 && $media['error'] == 1) { - throw new InternalServerErrorException("image size exceeds PHP config settings, file was rejected by server"); - } - // check against max upload size within Friendica instance - $maximagesize = Config::get('system', 'maximagesize'); - if (($maximagesize) && ($filesize > $maximagesize)) { - $formattedBytes = formatBytes($maximagesize); - throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)"); - } - - // create Photo instance with the data of the image - $imagedata = @file_get_contents($src); - $ph = new Photo($imagedata, $filetype); - if (! $ph->is_valid()) { - throw new InternalServerErrorException("unable to process image data"); - } - - // check orientation of image - $ph->orient($src); - @unlink($src); - - // check max length of images on server - $max_length = Config::get('system', 'max_image_length'); - if (! $max_length) { - $max_length = MAX_IMAGE_LENGTH; - } - if ($max_length > 0) { - $ph->scaleImage($max_length); - logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG); - } - $width = $ph->getWidth(); - $height = $ph->getHeight(); - - // create a new resource-id if not already provided - $hash = ($photo_id == null) ? photo_new_resource() : $photo_id; - - if ($mediatype == "photo") { - // upload normal image (scales 0, 1, 2) - logger("photo upload: starting new photo upload", LOGGER_DEBUG); - - $r =$ph->store(local_user(), $visitor, $hash, $filename, $album, 0, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if ($width > 640 || $height > 640) { + $ph->scaleImage(640); + $r = $ph->store(local_user(), $visitor, $hash, $filename, $album, 1, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (! $r) { - logger("photo upload: image upload with scale 0 (original size) failed"); + logger("photo upload: image upload with scale 1 (640x640) failed"); } - if($width > 640 || $height > 640) { - $ph->scaleImage(640); - $r = $ph->store(local_user(),$visitor, $hash, $filename, $album, 1, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: image upload with scale 1 (640x640) failed"); - } - } - - if ($width > 320 || $height > 320) { - $ph->scaleImage(320); - $r = $ph->store(local_user(), $visitor, $hash, $filename, $album, 2, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: image upload with scale 2 (320x320) failed"); - } - } - logger("photo upload: new photo upload ended", LOGGER_DEBUG); - } elseif ($mediatype == "profileimage") { - // upload profile image (scales 4, 5, 6) - logger("photo upload: starting new profile image upload", LOGGER_DEBUG); - - if ($width > 175 || $height > 175) { - $ph->scaleImage(175); - $r = $ph->store(local_user(),$visitor, $hash, $filename, $album, 4, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: profile image upload with scale 4 (175x175) failed"); - } - } - - if ($width > 80 || $height > 80) { - $ph->scaleImage(80); - $r = $ph->store(local_user(),$visitor, $hash, $filename, $album, 5, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: profile image upload with scale 5 (80x80) failed"); - } - } - - if ($width > 48 || $height > 48) { - $ph->scaleImage(48); - $r = $ph->store(local_user(), $visitor, $hash, $filename, $album, 6, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (! $r) { - logger("photo upload: profile image upload with scale 6 (48x48) failed"); - } - } - $ph->__destruct(); - logger("photo upload: new profile image upload ended", LOGGER_DEBUG); } - if ($r) { - // create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo - if ($photo_id == null && $mediatype == "photo") { - post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility); + if ($width > 320 || $height > 320) { + $ph->scaleImage(320); + $r = $ph->store(local_user(), $visitor, $hash, $filename, $album, 2, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (! $r) { + logger("photo upload: image upload with scale 2 (320x320) failed"); } - // on success return image data in json/xml format (like /api/friendica/photo does when no scale is given) - return prepare_photo_data($type, false, $hash); - } else { - throw new InternalServerErrorException("image upload failed"); } + logger("photo upload: new photo upload ended", LOGGER_DEBUG); + } elseif ($mediatype == "profileimage") { + // upload profile image (scales 4, 5, 6) + logger("photo upload: starting new profile image upload", LOGGER_DEBUG); + + if ($width > 175 || $height > 175) { + $ph->scaleImage(175); + $r = $ph->store(local_user(), $visitor, $hash, $filename, $album, 4, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (! $r) { + logger("photo upload: profile image upload with scale 4 (175x175) failed"); + } + } + + if ($width > 80 || $height > 80) { + $ph->scaleImage(80); + $r = $ph->store(local_user(), $visitor, $hash, $filename, $album, 5, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (! $r) { + logger("photo upload: profile image upload with scale 5 (80x80) failed"); + } + } + + if ($width > 48 || $height > 48) { + $ph->scaleImage(48); + $r = $ph->store(local_user(), $visitor, $hash, $filename, $album, 6, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (! $r) { + logger("photo upload: profile image upload with scale 6 (48x48) failed"); + } + } + $ph->__destruct(); + logger("photo upload: new profile image upload ended", LOGGER_DEBUG); } - function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility = false) { - // get data about the api authenticated user - $uri = item_new_uri(get_app()->get_hostname(), intval(api_user())); - $owner_record = q("SELECT * FROM `contact` WHERE `uid`= %d AND `self` LIMIT 1", intval(api_user())); - - $arr = array(); - $arr['guid'] = get_guid(32); - $arr['uid'] = intval(api_user()); - $arr['uri'] = $uri; - $arr['parent-uri'] = $uri; - $arr['type'] = 'photo'; - $arr['wall'] = 1; - $arr['resource-id'] = $hash; - $arr['contact-id'] = $owner_record[0]['id']; - $arr['owner-name'] = $owner_record[0]['name']; - $arr['owner-link'] = $owner_record[0]['url']; - $arr['owner-avatar'] = $owner_record[0]['thumb']; - $arr['author-name'] = $owner_record[0]['name']; - $arr['author-link'] = $owner_record[0]['url']; - $arr['author-avatar'] = $owner_record[0]['thumb']; - $arr['title'] = ""; - $arr['allow_cid'] = $allow_cid; - $arr['allow_gid'] = $allow_gid; - $arr['deny_cid'] = $deny_cid; - $arr['deny_gid'] = $deny_gid; - $arr['last-child'] = 1; - $arr['visible'] = $visibility; - $arr['origin'] = 1; - - $typetoext = array( - 'image/jpeg' => 'jpg', - 'image/png' => 'png', - 'image/gif' => 'gif' - ); - - // adds link to the thumbnail scale photo - $arr['body'] = '[url=' . System::baseUrl() . '/photos/' . $owner_record[0]['nick'] . '/image/' . $hash . ']' - . '[img]' . System::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]' - . '[/url]'; - - // do the magic for storing the item in the database and trigger the federation to other contacts - item_store($arr); + if ($r) { + // create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo + if ($photo_id == null && $mediatype == "photo") { + post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility); + } + // on success return image data in json/xml format (like /api/friendica/photo does when no scale is given) + return prepare_photo_data($type, false, $hash); + } else { + throw new InternalServerErrorException("image upload failed"); } +} - function prepare_photo_data($type, $scale, $photo_id) { - $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); - $data_sql = ($scale === false ? "" : "data, "); +function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility = false) +{ + // get data about the api authenticated user + $uri = item_new_uri(get_app()->get_hostname(), intval(api_user())); + $owner_record = q("SELECT * FROM `contact` WHERE `uid`= %d AND `self` LIMIT 1", intval(api_user())); - // added allow_cid, allow_gid, deny_cid, deny_gid to output as string like stored in database - // clients needs to convert this in their way for further processing - $r = q("SELECT %s `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, - `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`, - MIN(`scale`) AS `minscale`, MAX(`scale`) AS `maxscale` - FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' %s GROUP BY `resource-id`", - $data_sql, - intval(local_user()), - dbesc($photo_id), - $scale_sql - ); + $arr = array(); + $arr['guid'] = get_guid(32); + $arr['uid'] = intval(api_user()); + $arr['uri'] = $uri; + $arr['parent-uri'] = $uri; + $arr['type'] = 'photo'; + $arr['wall'] = 1; + $arr['resource-id'] = $hash; + $arr['contact-id'] = $owner_record[0]['id']; + $arr['owner-name'] = $owner_record[0]['name']; + $arr['owner-link'] = $owner_record[0]['url']; + $arr['owner-avatar'] = $owner_record[0]['thumb']; + $arr['author-name'] = $owner_record[0]['name']; + $arr['author-link'] = $owner_record[0]['url']; + $arr['author-avatar'] = $owner_record[0]['thumb']; + $arr['title'] = ""; + $arr['allow_cid'] = $allow_cid; + $arr['allow_gid'] = $allow_gid; + $arr['deny_cid'] = $deny_cid; + $arr['deny_gid'] = $deny_gid; + $arr['last-child'] = 1; + $arr['visible'] = $visibility; + $arr['origin'] = 1; - $typetoext = array( + $typetoext = array( 'image/jpeg' => 'jpg', 'image/png' => 'png', 'image/gif' => 'gif' - ); + ); - // prepare output data for photo - if (DBM::is_result($r)) { - $data = array('photo' => $r[0]); - $data['photo']['id'] = $data['photo']['resource-id']; - if ($scale !== false) { - $data['photo']['data'] = base64_encode($data['photo']['data']); - } else { - unset($data['photo']['datasize']); //needed only with scale param - } - if ($type == "xml") { - $data['photo']['links'] = array(); - for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { - $data['photo']['links'][$k . ":link"]["@attributes"] = array("type" => $data['photo']['type'], - "scale" => $k, - "href" => System::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]); - } - } else { - $data['photo']['link'] = array(); - // when we have profile images we could have only scales from 4 to 6, but index of array always needs to start with 0 - $i = 0; - for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { - $data['photo']['link'][$i] = System::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]; - $i++; - } - } - unset($data['photo']['resource-id']); - unset($data['photo']['minscale']); - unset($data['photo']['maxscale']); + // adds link to the thumbnail scale photo + $arr['body'] = '[url=' . System::baseUrl() . '/photos/' . $owner_record[0]['nick'] . '/image/' . $hash . ']' + . '[img]' . System::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]' + . '[/url]'; + // do the magic for storing the item in the database and trigger the federation to other contacts + item_store($arr); +} + +function prepare_photo_data($type, $scale, $photo_id) +{ + $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); + $data_sql = ($scale === false ? "" : "data, "); + + // added allow_cid, allow_gid, deny_cid, deny_gid to output as string like stored in database + // clients needs to convert this in their way for further processing + $r = q( + "SELECT %s `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, + `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`, + MIN(`scale`) AS `minscale`, MAX(`scale`) AS `maxscale` + FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' %s GROUP BY `resource-id`", + $data_sql, + intval(local_user()), + dbesc($photo_id), + $scale_sql + ); + + $typetoext = array( + 'image/jpeg' => 'jpg', + 'image/png' => 'png', + 'image/gif' => 'gif' + ); + + // prepare output data for photo + if (DBM::is_result($r)) { + $data = array('photo' => $r[0]); + $data['photo']['id'] = $data['photo']['resource-id']; + if ($scale !== false) { + $data['photo']['data'] = base64_encode($data['photo']['data']); } else { - throw new NotFoundException(); + unset($data['photo']['datasize']); //needed only with scale param } - - // retrieve item element for getting activities (like, dislike etc.) related to photo - $item = q("SELECT * FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", - intval(local_user()), - dbesc($photo_id) - ); - $data['photo']['friendica_activities'] = api_format_items_activities($item[0], $type); - - // retrieve comments on photo - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, - `contact`.`id` AS `cid` - FROM `item` - STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid` - AND (NOT `contact`.`blocked` OR `contact`.`pending`) - WHERE `item`.`parent` = %d AND `item`.`visible` - AND NOT `item`.`moderated` AND NOT `item`.`deleted` - AND `item`.`uid` = %d AND (`item`.`verb`='%s' OR `type`='photo')", - intval($item[0]['parent']), - intval(api_user()), - dbesc(ACTIVITY_POST) - ); - - // prepare output of comments - $commentData = api_format_items($r, api_get_user(get_app()), false, $type); - $comments = array(); if ($type == "xml") { - $k = 0; - foreach ($commentData as $comment) { - $comments[$k++ . ":comment"] = $comment; + $data['photo']['links'] = array(); + for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { + $data['photo']['links'][$k . ":link"]["@attributes"] = array("type" => $data['photo']['type'], + "scale" => $k, + "href" => System::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]); } } else { - foreach ($commentData as $comment) { - $comments[] = $comment; + $data['photo']['link'] = array(); + // when we have profile images we could have only scales from 4 to 6, but index of array always needs to start with 0 + $i = 0; + for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { + $data['photo']['link'][$i] = System::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]; + $i++; } } - $data['photo']['friendica_comments'] = $comments; - - // include info if rights on photo and rights on item are mismatching - $rights_mismatch = $data['photo']['allow_cid'] != $item[0]['allow_cid'] || - $data['photo']['deny_cid'] != $item[0]['deny_cid'] || - $data['photo']['allow_gid'] != $item[0]['allow_gid'] || - $data['photo']['deny_cid'] != $item[0]['deny_cid']; - $data['photo']['rights_mismatch'] = $rights_mismatch; - - return $data; + unset($data['photo']['resource-id']); + unset($data['photo']['minscale']); + unset($data['photo']['maxscale']); + } else { + throw new NotFoundException(); } + // retrieve item element for getting activities (like, dislike etc.) related to photo + $item = q( + "SELECT * FROM `item` WHERE `uid` = %d AND `resource-id` = '%s' AND `type` = 'photo'", + intval(local_user()), + dbesc($photo_id) + ); + $data['photo']['friendica_activities'] = api_format_items_activities($item[0], $type); - /** - * similar as /mod/redir.php - * redirect to 'url' after dfrn auth - * - * why this when there is mod/redir.php already? - * This use api_user() and api_login() - * - * params - * c_url: url of remote contact to auth to - * url: string, url to redirect after auth - */ - function api_friendica_remoteauth() { - $url = ((x($_GET, 'url')) ? $_GET['url'] : ''); - $c_url = ((x($_GET, 'c_url')) ? $_GET['c_url'] : ''); + // retrieve comments on photo + $r = q( + "SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`, + `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, + `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, + `contact`.`id` AS `cid` + FROM `item` + STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid` + AND (NOT `contact`.`blocked` OR `contact`.`pending`) + WHERE `item`.`parent` = %d AND `item`.`visible` + AND NOT `item`.`moderated` AND NOT `item`.`deleted` + AND `item`.`uid` = %d AND (`item`.`verb`='%s' OR `type`='photo')", + intval($item[0]['parent']), + intval(api_user()), + dbesc(ACTIVITY_POST) + ); - if ($url === '' || $c_url === '') { - throw new BadRequestException("Wrong parameters."); + // prepare output of comments + $commentData = api_format_items($r, api_get_user(get_app()), false, $type); + $comments = array(); + if ($type == "xml") { + $k = 0; + foreach ($commentData as $comment) { + $comments[$k++ . ":comment"] = $comment; } - - $c_url = normalise_link($c_url); - - // traditional DFRN - - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `nurl` = '%s' LIMIT 1", - dbesc($c_url), - intval(api_user()) - ); - - if ((! DBM::is_result($r)) || ($r[0]['network'] !== NETWORK_DFRN)) { - throw new BadRequestException("Unknown contact"); + } else { + foreach ($commentData as $comment) { + $comments[] = $comment; } - - $cid = $r[0]['id']; - - $dfrn_id = $orig_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']); - - if ($r[0]['duplex'] && $r[0]['issued-id']) { - $orig_id = $r[0]['issued-id']; - $dfrn_id = '1:' . $orig_id; - } - if ($r[0]['duplex'] && $r[0]['dfrn-id']) { - $orig_id = $r[0]['dfrn-id']; - $dfrn_id = '0:' . $orig_id; - } - - $sec = random_string(); - - q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`) - VALUES( %d, %s, '%s', '%s', %d )", - intval(api_user()), - intval($cid), - dbesc($dfrn_id), - dbesc($sec), - intval(time() + 45) - ); - - logger($r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); - $dest = (($url) ? '&destination_url=' . $url : ''); - goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id - . '&dfrn_version=' . DFRN_PROTOCOL_VERSION - . '&type=profile&sec=' . $sec . $dest . $quiet ); } - api_register_func('api/friendica/remoteauth', 'api_friendica_remoteauth', true); + $data['photo']['friendica_comments'] = $comments; - /** - * @brief Return the item shared, if the item contains only the [share] tag - * - * @param array $item Sharer item - * @return array Shared item or false if not a reshare - */ - function api_share_as_retweet(&$item) { - $body = trim($item["body"]); + // include info if rights on photo and rights on item are mismatching + $rights_mismatch = $data['photo']['allow_cid'] != $item[0]['allow_cid'] || + $data['photo']['deny_cid'] != $item[0]['deny_cid'] || + $data['photo']['allow_gid'] != $item[0]['allow_gid'] || + $data['photo']['deny_cid'] != $item[0]['deny_cid']; + $data['photo']['rights_mismatch'] = $rights_mismatch; - if (Diaspora::is_reshare($body, false)===false) { - return false; - } - - /// @TODO "$1" should maybe mean '$1' ? - $attributes = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism", "$1", $body); - /* - * Skip if there is no shared message in there - * we already checked this in diaspora::is_reshare() - * but better one more than one less... - */ - if ($body == $attributes) { - return false; - } + return $data; +} - // build the fake reshared item - $reshared_item = $item; - - $author = ""; - preg_match("/author='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { - $author = html_entity_decode($matches[1], ENT_QUOTES, 'UTF-8'); - } - - preg_match('/author="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { - $author = $matches[1]; - } - - $profile = ""; - preg_match("/profile='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { - $profile = $matches[1]; - } - - preg_match('/profile="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { - $profile = $matches[1]; - } - - $avatar = ""; - preg_match("/avatar='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { - $avatar = $matches[1]; - } - - preg_match('/avatar="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { - $avatar = $matches[1]; - } - - $link = ""; - preg_match("/link='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") { - $link = $matches[1]; - } - - preg_match('/link="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { - $link = $matches[1]; - } - - $posted = ""; - preg_match("/posted='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $posted = $matches[1]; - - preg_match('/posted="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") { - $posted = $matches[1]; - } - - $shared_body = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","$2",$body); - - if (($shared_body == "") || ($profile == "") || ($author == "") || ($avatar == "") || ($posted == "")) { - return false; - } - - $reshared_item["body"] = $shared_body; - $reshared_item["author-name"] = $author; - $reshared_item["author-link"] = $profile; - $reshared_item["author-avatar"] = $avatar; - $reshared_item["plink"] = $link; - $reshared_item["created"] = $posted; - $reshared_item["edited"] = $posted; - - return $reshared_item; +/** + * Similar as /mod/redir.php + * redirect to 'url' after dfrn auth + * + * Why this when there is mod/redir.php already? + * This use api_user() and api_login() + * + * params + * c_url: url of remote contact to auth to + * url: string, url to redirect after auth + */ +function api_friendica_remoteauth() +{ + $url = ((x($_GET, 'url')) ? $_GET['url'] : ''); + $c_url = ((x($_GET, 'c_url')) ? $_GET['c_url'] : ''); + if ($url === '' || $c_url === '') { + throw new BadRequestException("Wrong parameters."); } - function api_get_nick($profile) { - /* To-Do: - - remove trailing junk from profile url - - pump.io check has to check the website + $c_url = normalise_link($c_url); + + // traditional DFRN + + $r = q( + "SELECT * FROM `contact` WHERE `id` = %d AND `nurl` = '%s' LIMIT 1", + dbesc($c_url), + intval(api_user()) + ); + + if ((! DBM::is_result($r)) || ($r[0]['network'] !== NETWORK_DFRN)) { + throw new BadRequestException("Unknown contact"); + } + + $cid = $r[0]['id']; + + $dfrn_id = $orig_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']); + + if ($r[0]['duplex'] && $r[0]['issued-id']) { + $orig_id = $r[0]['issued-id']; + $dfrn_id = '1:' . $orig_id; + } + if ($r[0]['duplex'] && $r[0]['dfrn-id']) { + $orig_id = $r[0]['dfrn-id']; + $dfrn_id = '0:' . $orig_id; + } + + $sec = random_string(); + + q( + "INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`) + VALUES( %d, %s, '%s', '%s', %d )", + intval(api_user()), + intval($cid), + dbesc($dfrn_id), + dbesc($sec), + intval(time() + 45) + ); + + logger($r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); + $dest = (($url) ? '&destination_url=' . $url : ''); + goaway( + $r[0]['poll'] . '?dfrn_id=' . $dfrn_id + . '&dfrn_version=' . DFRN_PROTOCOL_VERSION + . '&type=profile&sec=' . $sec . $dest . $quiet + ); +} +api_register_func('api/friendica/remoteauth', 'api_friendica_remoteauth', true); + +/** + * @brief Return the item shared, if the item contains only the [share] tag + * + * @param array $item Sharer item + * @return array Shared item or false if not a reshare + */ +function api_share_as_retweet(&$item) +{ + $body = trim($item["body"]); + + if (Diaspora::is_reshare($body, false)===false) { + return false; + } + + /// @TODO "$1" should maybe mean '$1' ? + $attributes = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism", "$1", $body); + /* + * Skip if there is no shared message in there + * we already checked this in diaspora::is_reshare() + * but better one more than one less... */ + if ($body == $attributes) { + return false; + } - $nick = ""; - $r = q("SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'", - dbesc(normalise_link($profile))); + // build the fake reshared item + $reshared_item = $item; + + $author = ""; + preg_match("/author='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") { + $author = html_entity_decode($matches[1], ENT_QUOTES, 'UTF-8'); + } + + preg_match('/author="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") { + $author = $matches[1]; + } + + $profile = ""; + preg_match("/profile='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") { + $profile = $matches[1]; + } + + preg_match('/profile="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") { + $profile = $matches[1]; + } + + $avatar = ""; + preg_match("/avatar='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") { + $avatar = $matches[1]; + } + + preg_match('/avatar="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") { + $avatar = $matches[1]; + } + + $link = ""; + preg_match("/link='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") { + $link = $matches[1]; + } + + preg_match('/link="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") { + $link = $matches[1]; + } + + $posted = ""; + preg_match("/posted='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $posted = $matches[1]; + + preg_match('/posted="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") { + $posted = $matches[1]; + } + + $shared_body = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism", "$2", $body); + + if (($shared_body == "") || ($profile == "") || ($author == "") || ($avatar == "") || ($posted == "")) { + return false; + } + + $reshared_item["body"] = $shared_body; + $reshared_item["author-name"] = $author; + $reshared_item["author-link"] = $profile; + $reshared_item["author-avatar"] = $avatar; + $reshared_item["plink"] = $link; + $reshared_item["created"] = $posted; + $reshared_item["edited"] = $posted; + + return $reshared_item; + +} + +function api_get_nick($profile) +{ + /* To-Do: + - remove trailing junk from profile url + - pump.io check has to check the website + */ + + $nick = ""; + + $r = q( + "SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'", + dbesc(normalise_link($profile)) + ); + + if (DBM::is_result($r)) { + $nick = $r[0]["nick"]; + } + + if (!$nick == "") { + $r = q( + "SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'", + dbesc(normalise_link($profile)) + ); if (DBM::is_result($r)) { $nick = $r[0]["nick"]; } + } - if (!$nick == "") { - $r = q("SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'", - dbesc(normalise_link($profile))); - - if (DBM::is_result($r)) { - $nick = $r[0]["nick"]; - } + if (!$nick == "") { + $friendica = preg_replace("=https?://(.*)/profile/(.*)=ism", "$2", $profile); + if ($friendica != $profile) { + $nick = $friendica; } + } - if (!$nick == "") { - $friendica = preg_replace("=https?://(.*)/profile/(.*)=ism", "$2", $profile); - if ($friendica != $profile) { - $nick = $friendica; - } + if (!$nick == "") { + $diaspora = preg_replace("=https?://(.*)/u/(.*)=ism", "$2", $profile); + if ($diaspora != $profile) { + $nick = $diaspora; } + } - if (!$nick == "") { - $diaspora = preg_replace("=https?://(.*)/u/(.*)=ism", "$2", $profile); - if ($diaspora != $profile) { - $nick = $diaspora; - } - } - - if (!$nick == "") { - $twitter = preg_replace("=https?://twitter.com/(.*)=ism", "$1", $profile); - if ($twitter != $profile) { - $nick = $twitter; - } + if (!$nick == "") { + $twitter = preg_replace("=https?://twitter.com/(.*)=ism", "$1", $profile); + if ($twitter != $profile) { + $nick = $twitter; } + } - if (!$nick == "") { - $StatusnetHost = preg_replace("=https?://(.*)/user/(.*)=ism", "$1", $profile); - if ($StatusnetHost != $profile) { - $StatusnetUser = preg_replace("=https?://(.*)/user/(.*)=ism", "$2", $profile); - if ($StatusnetUser != $profile) { - $UserData = fetch_url("http://".$StatusnetHost."/api/users/show.json?user_id=".$StatusnetUser); - $user = json_decode($UserData); - if ($user) { - $nick = $user->screen_name; - } + if (!$nick == "") { + $StatusnetHost = preg_replace("=https?://(.*)/user/(.*)=ism", "$1", $profile); + if ($StatusnetHost != $profile) { + $StatusnetUser = preg_replace("=https?://(.*)/user/(.*)=ism", "$2", $profile); + if ($StatusnetUser != $profile) { + $UserData = fetch_url("http://".$StatusnetHost."/api/users/show.json?user_id=".$StatusnetUser); + $user = json_decode($UserData); + if ($user) { + $nick = $user->screen_name; } } } - - // To-Do: look at the page if its really a pumpio site - //if (!$nick == "") { - // $pumpio = preg_replace("=https?://(.*)/(.*)/=ism", "$2", $profile."/"); - // if ($pumpio != $profile) - // $nick = $pumpio; - //
- - //} - - if ($nick != "") { - return $nick; - } - - return false; } - function api_in_reply_to($item) { - $in_reply_to = array(); + // To-Do: look at the page if its really a pumpio site + //if (!$nick == "") { + // $pumpio = preg_replace("=https?://(.*)/(.*)/=ism", "$2", $profile."/"); + // if ($pumpio != $profile) + // $nick = $pumpio; + //
- $in_reply_to['status_id'] = NULL; - $in_reply_to['user_id'] = NULL; - $in_reply_to['status_id_str'] = NULL; - $in_reply_to['user_id_str'] = NULL; - $in_reply_to['screen_name'] = NULL; + //} - if (($item['thr-parent'] != $item['uri']) && (intval($item['parent']) != intval($item['id']))) { - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `uri` = '%s' LIMIT 1", - intval($item['uid']), - dbesc($item['thr-parent'])); - - if (DBM::is_result($r)) { - $in_reply_to['status_id'] = intval($r[0]['id']); - } else { - $in_reply_to['status_id'] = intval($item['parent']); - } - - $in_reply_to['status_id_str'] = (string) intval($in_reply_to['status_id']); - - $r = q("SELECT `contact`.`nick`, `contact`.`name`, `contact`.`id`, `contact`.`url` FROM item - STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`author-id` - WHERE `item`.`id` = %d LIMIT 1", - intval($in_reply_to['status_id']) - ); - - if (DBM::is_result($r)) { - if ($r[0]['nick'] == "") { - $r[0]['nick'] = api_get_nick($r[0]["url"]); - } - - $in_reply_to['screen_name'] = (($r[0]['nick']) ? $r[0]['nick'] : $r[0]['name']); - $in_reply_to['user_id'] = intval($r[0]['id']); - $in_reply_to['user_id_str'] = (string) intval($r[0]['id']); - } - - // There seems to be situation, where both fields are identical: - // https://github.com/friendica/friendica/issues/1010 - // This is a bugfix for that. - if (intval($in_reply_to['status_id']) == intval($item['id'])) { - logger('this message should never appear: id: '.$item['id'].' similar to reply-to: '.$in_reply_to['status_id'], LOGGER_DEBUG); - $in_reply_to['status_id'] = NULL; - $in_reply_to['user_id'] = NULL; - $in_reply_to['status_id_str'] = NULL; - $in_reply_to['user_id_str'] = NULL; - $in_reply_to['screen_name'] = NULL; - } - } - - return $in_reply_to; + if ($nick != "") { + return $nick; } - function api_clean_plain_items($Text) { - $include_entities = strtolower(x($_REQUEST, 'include_entities') ? $_REQUEST['include_entities'] : "false"); - - $Text = bb_CleanPictureLinks($Text); - $URLSearchString = "^\[\]"; - - $Text = preg_replace("/([!#@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",'$1$3',$Text); - - if ($include_entities == "true") { - $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",'[url=$1]$1[/url]',$Text); - } - - // Simplify "attachment" element - $Text = api_clean_attachments($Text); - - return($Text); - } - - /** - * @brief Removes most sharing information for API text export - * - * @param string $body The original body - * - * @return string Cleaned body - */ - function api_clean_attachments($body) { - $data = get_attachment_data($body); - - if (!$data) - return $body; - - $body = ""; - - if (isset($data["text"])) - $body = $data["text"]; - - if (($body == "") && (isset($data["title"]))) - $body = $data["title"]; - - if (isset($data["url"])) - $body .= "\n".$data["url"]; - - $body .= $data["after"]; - - return $body; - } - - function api_best_nickname(&$contacts) { - $best_contact = array(); - - if (count($contact) == 0) - return; - - foreach ($contacts AS $contact) - if ($contact["network"] == "") { - $contact["network"] = "dfrn"; - $best_contact = array($contact); - } - - if (sizeof($best_contact) == 0) - foreach ($contacts AS $contact) - if ($contact["network"] == "dfrn") - $best_contact = array($contact); - - if (sizeof($best_contact) == 0) - foreach ($contacts AS $contact) - if ($contact["network"] == "dspr") - $best_contact = array($contact); - - if (sizeof($best_contact) == 0) - foreach ($contacts AS $contact) - if ($contact["network"] == "stat") - $best_contact = array($contact); - - if (sizeof($best_contact) == 0) - foreach ($contacts AS $contact) - if ($contact["network"] == "pump") - $best_contact = array($contact); - - if (sizeof($best_contact) == 0) - foreach ($contacts AS $contact) - if ($contact["network"] == "twit") - $best_contact = array($contact); - - if (sizeof($best_contact) == 1) - $contacts = $best_contact; - else - $contacts = array($contacts[0]); - } - - // return all or a specified group of the user with the containing contacts - function api_friendica_group_show($type) { - - $a = get_app(); - - if (api_user() === false) throw new ForbiddenException(); - - // params - $user_info = api_get_user($a); - $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); - $uid = $user_info['uid']; - - // get data of the specified group id or all groups if not specified - if ($gid != 0) { - $r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d AND `id` = %d", - intval($uid), - intval($gid)); - // error message if specified gid is not in database - if (!DBM::is_result($r)) - throw new BadRequestException("gid not available"); - } - else - $r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d", - intval($uid)); - - // loop through all groups and retrieve all members for adding data in the user array - foreach ($r as $rr) { - $members = group_get_members($rr['id']); - $users = array(); - - if ($type == "xml") { - $user_element = "users"; - $k = 0; - foreach ($members as $member) { - $user = api_get_user($a, $member['nurl']); - $users[$k++.":user"] = $user; - } - } else { - $user_element = "user"; - foreach ($members as $member) { - $user = api_get_user($a, $member['nurl']); - $users[] = $user; - } - } - $grps[] = array('name' => $rr['name'], 'gid' => $rr['id'], $user_element => $users); - } - return api_format_data("groups", $type, array('group' => $grps)); - } - api_register_func('api/friendica/group_show', 'api_friendica_group_show', true); - - - // delete the specified group of the user - function api_friendica_group_delete($type) { - - $a = get_app(); - - if (api_user() === false) throw new ForbiddenException(); - - // params - $user_info = api_get_user($a); - $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); - $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); - $uid = $user_info['uid']; - - // error if no gid specified - if ($gid == 0 || $name == "") - throw new BadRequestException('gid or name not specified'); - - // get data of the specified group id - $r = q("SELECT * FROM `group` WHERE `uid` = %d AND `id` = %d", - intval($uid), - intval($gid)); - // error message if specified gid is not in database - if (!DBM::is_result($r)) - throw new BadRequestException('gid not available'); - - // get data of the specified group id and group name - $rname = q("SELECT * FROM `group` WHERE `uid` = %d AND `id` = %d AND `name` = '%s'", - intval($uid), - intval($gid), - dbesc($name)); - // error message if specified gid is not in database - if (!DBM::is_result($rname)) - throw new BadRequestException('wrong group name'); - - // delete group - $ret = group_rmv($uid, $name); - if ($ret) { - // return success - $success = array('success' => $ret, 'gid' => $gid, 'name' => $name, 'status' => 'deleted', 'wrong users' => array()); - return api_format_data("group_delete", $type, array('result' => $success)); - } - else - throw new BadRequestException('other API error'); - } - api_register_func('api/friendica/group_delete', 'api_friendica_group_delete', true, API_METHOD_DELETE); - - - // create the specified group with the posted array of contacts - function api_friendica_group_create($type) { - - $a = get_app(); - - if (api_user() === false) throw new ForbiddenException(); - - // params - $user_info = api_get_user($a); - $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); - $uid = $user_info['uid']; - $json = json_decode($_POST['json'], true); - $users = $json['user']; - - // error if no name specified - if ($name == "") - throw new BadRequestException('group name not specified'); - - // get data of the specified group name - $rname = q("SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' AND `deleted` = 0", - intval($uid), - dbesc($name)); - // error message if specified group name already exists - if (DBM::is_result($rname)) - throw new BadRequestException('group name already exists'); - - // check if specified group name is a deleted group - $rname = q("SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' AND `deleted` = 1", - intval($uid), - dbesc($name)); - // error message if specified group name already exists - if (DBM::is_result($rname)) - $reactivate_group = true; - - // create group - $ret = group_add($uid, $name); - if ($ret) - $gid = group_byname($uid, $name); - else - throw new BadRequestException('other API error'); - - // add members - $erroraddinguser = false; - $errorusers = array(); - foreach ($users as $user) { - $cid = $user['cid']; - // check if user really exists as contact - $contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d", - intval($cid), - intval($uid)); - if (count($contact)) - $result = group_add_member($uid, $name, $cid, $gid); - else { - $erroraddinguser = true; - $errorusers[] = $cid; - } - } - - // return success message incl. missing users in array - $status = ($erroraddinguser ? "missing user" : ($reactivate_group ? "reactivated" : "ok")); - $success = array('success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers); - return api_format_data("group_create", $type, array('result' => $success)); - } - api_register_func('api/friendica/group_create', 'api_friendica_group_create', true, API_METHOD_POST); - - - // update the specified group with the posted array of contacts - function api_friendica_group_update($type) { - - $a = get_app(); - - if (api_user() === false) throw new ForbiddenException(); - - // params - $user_info = api_get_user($a); - $uid = $user_info['uid']; - $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); - $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); - $json = json_decode($_POST['json'], true); - $users = $json['user']; - - // error if no name specified - if ($name == "") - throw new BadRequestException('group name not specified'); - - // error if no gid specified - if ($gid == "") - throw new BadRequestException('gid not specified'); - - // remove members - $members = group_get_members($gid); - foreach ($members as $member) { - $cid = $member['id']; - foreach ($users as $user) { - $found = ($user['cid'] == $cid ? true : false); - } - if (!$found) { - $ret = group_rmv_member($uid, $name, $cid); - } - } - - // add members - $erroraddinguser = false; - $errorusers = array(); - foreach ($users as $user) { - $cid = $user['cid']; - // check if user really exists as contact - $contact = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d", - intval($cid), - intval($uid)); - if (count($contact)) - $result = group_add_member($uid, $name, $cid, $gid); - else { - $erroraddinguser = true; - $errorusers[] = $cid; - } - } - - // return success message incl. missing users in array - $status = ($erroraddinguser ? "missing user" : "ok"); - $success = array('success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers); - return api_format_data("group_update", $type, array('result' => $success)); - } - - api_register_func('api/friendica/group_update', 'api_friendica_group_update', true, API_METHOD_POST); - - function api_friendica_activity($type) { - - $a = get_app(); - - if (api_user() === false) throw new ForbiddenException(); - $verb = strtolower($a->argv[3]); - $verb = preg_replace("|\..*$|", "", $verb); - - $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); - - $res = do_like($id, $verb); - - if ($res) { - if ($type == "xml") - $ok = "true"; - else - $ok = "ok"; - return api_format_data('ok', $type, array('ok' => $ok)); + return false; +} + +function api_in_reply_to($item) +{ + $in_reply_to = array(); + + $in_reply_to['status_id'] = null; + $in_reply_to['user_id'] = null; + $in_reply_to['status_id_str'] = null; + $in_reply_to['user_id_str'] = null; + $in_reply_to['screen_name'] = null; + + if (($item['thr-parent'] != $item['uri']) && (intval($item['parent']) != intval($item['id']))) { + $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `uri` = '%s' LIMIT 1", + intval($item['uid']), + dbesc($item['thr-parent'])); + + if (DBM::is_result($r)) { + $in_reply_to['status_id'] = intval($r[0]['id']); } else { - throw new BadRequestException('Error adding activity'); + $in_reply_to['status_id'] = intval($item['parent']); } - } + $in_reply_to['status_id_str'] = (string) intval($in_reply_to['status_id']); - /// @TODO move to top of file or somwhere better - api_register_func('api/friendica/activity/like', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/dislike', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/attendyes', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/attendno', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/attendmaybe', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/unlike', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/undislike', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/unattendyes', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/unattendno', 'api_friendica_activity', true, API_METHOD_POST); - api_register_func('api/friendica/activity/unattendmaybe', 'api_friendica_activity', true, API_METHOD_POST); - - /** - * @brief Returns notifications - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_friendica_notification($type) { - - $a = get_app(); - - if (api_user() === false) throw new ForbiddenException(); - if ($a->argc!==3) throw new BadRequestException("Invalid argument count"); - $nm = new NotificationsManager(); - - $notes = $nm->getAll(array(), "+seen -date", 50); - - if ($type == "xml") { - $xmlnotes = array(); - foreach ($notes AS $note) - $xmlnotes[] = array("@attributes" => $note); - - $notes = $xmlnotes; - } - - return api_format_data("notes", $type, array('note' => $notes)); - } - - /** - * @brief Set notification as seen and returns associated item (if possible) - * - * POST request with 'id' param as notification id - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_friendica_notification_seen($type) { - - $a = get_app(); - - if (api_user() === false) throw new ForbiddenException(); - if ($a->argc!==4) throw new BadRequestException("Invalid argument count"); - - $id = (x($_REQUEST, 'id') ? intval($_REQUEST['id']) : 0); - - $nm = new NotificationsManager(); - $note = $nm->getByID($id); - if (is_null($note)) throw new BadRequestException("Invalid argument"); - - $nm->setSeen($note); - if ($note['otype']=='item') { - // would be really better with an ItemsManager and $im->getByID() :-P - $r = q("SELECT * FROM `item` WHERE `id`=%d AND `uid`=%d", - intval($note['iid']), - intval(local_user()) - ); - if ($r!==false) { - // we found the item, return it to the user - $user_info = api_get_user($a); - $ret = api_format_items($r,$user_info, false, $type); - $data = array('status' => $ret); - return api_format_data("status", $type, $data); - } - // the item can't be found, but we set the note as seen, so we count this as a success - } - return api_format_data('result', $type, array('result' => "success")); - } - - /// @TODO move to top of file or somwhere better - api_register_func('api/friendica/notification/seen', 'api_friendica_notification_seen', true, API_METHOD_POST); - api_register_func('api/friendica/notification', 'api_friendica_notification', true, API_METHOD_GET); - - /** - * @brief update a direct_message to seen state - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string (success result=ok, error result=error with error message) - */ - function api_friendica_direct_messages_setseen($type) { - $a = get_app(); - if (api_user() === false) { - throw new ForbiddenException(); - } - - // params - $user_info = api_get_user($a); - $uid = $user_info['uid']; - $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); - - // return error if id is zero - if ($id == "") { - $answer = array('result' => 'error', 'message' => 'message id not specified'); - return api_format_data("direct_messages_setseen", $type, array('$result' => $answer)); - } - - // get data of the specified message id - $r = q("SELECT `id` FROM `mail` WHERE `id` = %d AND `uid` = %d", - intval($id), - intval($uid)); - - // error message if specified id is not in database - if (!DBM::is_result($r)) { - $answer = array('result' => 'error', 'message' => 'message id not in database'); - return api_format_data("direct_messages_setseen", $type, array('$result' => $answer)); - } - - // update seen indicator - $result = q("UPDATE `mail` SET `seen` = 1 WHERE `id` = %d AND `uid` = %d", - intval($id), - intval($uid)); - - if ($result) { - // return success - $answer = array('result' => 'ok', 'message' => 'message set to seen'); - return api_format_data("direct_message_setseen", $type, array('$result' => $answer)); - } else { - $answer = array('result' => 'error', 'message' => 'unknown error'); - return api_format_data("direct_messages_setseen", $type, array('$result' => $answer)); - } - } - - /// @TODO move to top of file or somwhere better - api_register_func('api/friendica/direct_messages_setseen', 'api_friendica_direct_messages_setseen', true); - - /** - * @brief search for direct_messages containing a searchstring through api - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string (success: success=true if found and search_result contains found messages - * success=false if nothing was found, search_result='nothing found', - * error: result=error with error message) - */ - function api_friendica_direct_messages_search($type) { - $a = get_app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - // params - $user_info = api_get_user($a); - $searchstring = (x($_REQUEST, 'searchstring') ? $_REQUEST['searchstring'] : ""); - $uid = $user_info['uid']; - - // error if no searchstring specified - if ($searchstring == "") { - $answer = array('result' => 'error', 'message' => 'searchstring not specified'); - return api_format_data("direct_messages_search", $type, array('$result' => $answer)); - } - - // get data for the specified searchstring - $r = q("SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND `body` LIKE '%s' ORDER BY `mail`.`id` DESC", - intval($uid), - dbesc('%'.$searchstring.'%') + $r = q("SELECT `contact`.`nick`, `contact`.`name`, `contact`.`id`, `contact`.`url` FROM item + STRAIGHT_JOIN `contact` ON `contact`.`id` = `item`.`author-id` + WHERE `item`.`id` = %d LIMIT 1", + intval($in_reply_to['status_id']) ); - $profile_url = $user_info["url"]; + if (DBM::is_result($r)) { + if ($r[0]['nick'] == "") { + $r[0]['nick'] = api_get_nick($r[0]["url"]); + } - // message if nothing was found + $in_reply_to['screen_name'] = (($r[0]['nick']) ? $r[0]['nick'] : $r[0]['name']); + $in_reply_to['user_id'] = intval($r[0]['id']); + $in_reply_to['user_id_str'] = (string) intval($r[0]['id']); + } + + // There seems to be situation, where both fields are identical: + // https://github.com/friendica/friendica/issues/1010 + // This is a bugfix for that. + if (intval($in_reply_to['status_id']) == intval($item['id'])) { + logger('this message should never appear: id: '.$item['id'].' similar to reply-to: '.$in_reply_to['status_id'], LOGGER_DEBUG); + $in_reply_to['status_id'] = null; + $in_reply_to['user_id'] = null; + $in_reply_to['status_id_str'] = null; + $in_reply_to['user_id_str'] = null; + $in_reply_to['screen_name'] = null; + } + } + + return $in_reply_to; +} + +function api_clean_plain_items($Text) +{ + $include_entities = strtolower(x($_REQUEST, 'include_entities') ? $_REQUEST['include_entities'] : "false"); + + $Text = bb_CleanPictureLinks($Text); + $URLSearchString = "^\[\]"; + + $Text = preg_replace("/([!#@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$1$3', $Text); + + if ($include_entities == "true") { + $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '[url=$1]$1[/url]', $Text); + } + + // Simplify "attachment" element + $Text = api_clean_attachments($Text); + + return($Text); +} + +/** + * @brief Removes most sharing information for API text export + * + * @param string $body The original body + * + * @return string Cleaned body + */ +function api_clean_attachments($body) +{ + $data = get_attachment_data($body); + + if (!$data) + return $body; + + $body = ""; + + if (isset($data["text"])) + $body = $data["text"]; + + if (($body == "") && (isset($data["title"]))) + $body = $data["title"]; + + if (isset($data["url"])) + $body .= "\n".$data["url"]; + + $body .= $data["after"]; + + return $body; +} + +function api_best_nickname(&$contacts) +{ + $best_contact = array(); + + if (count($contact) == 0) + return; + + foreach ($contacts as $contact) + if ($contact["network"] == "") { + $contact["network"] = "dfrn"; + $best_contact = array($contact); + } + + if (sizeof($best_contact) == 0) + foreach ($contacts as $contact) + if ($contact["network"] == "dfrn") + $best_contact = array($contact); + + if (sizeof($best_contact) == 0) + foreach ($contacts as $contact) + if ($contact["network"] == "dspr") + $best_contact = array($contact); + + if (sizeof($best_contact) == 0) + foreach ($contacts as $contact) + if ($contact["network"] == "stat") + $best_contact = array($contact); + + if (sizeof($best_contact) == 0) + foreach ($contacts as $contact) + if ($contact["network"] == "pump") + $best_contact = array($contact); + + if (sizeof($best_contact) == 0) + foreach ($contacts as $contact) + if ($contact["network"] == "twit") + $best_contact = array($contact); + + if (sizeof($best_contact) == 1) { + $contacts = $best_contact; + } else { + $contacts = array($contacts[0]); + } +} + +// return all or a specified group of the user with the containing contacts +function api_friendica_group_show($type) +{ + $a = get_app(); + + if (api_user() === false) throw new ForbiddenException(); + + // params + $user_info = api_get_user($a); + $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); + $uid = $user_info['uid']; + + // get data of the specified group id or all groups if not specified + if ($gid != 0) { + $r = q( + "SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d AND `id` = %d", + intval($uid), + intval($gid) + ); + // error message if specified gid is not in database + if (!DBM::is_result($r)) + throw new BadRequestException("gid not available"); + } else { + $r = q( + "SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d", + intval($uid) + ); + } + + // loop through all groups and retrieve all members for adding data in the user array + foreach ($r as $rr) { + $members = group_get_members($rr['id']); + $users = array(); + + if ($type == "xml") { + $user_element = "users"; + $k = 0; + foreach ($members as $member) { + $user = api_get_user($a, $member['nurl']); + $users[$k++.":user"] = $user; + } + } else { + $user_element = "user"; + foreach ($members as $member) { + $user = api_get_user($a, $member['nurl']); + $users[] = $user; + } + } + $grps[] = array('name' => $rr['name'], 'gid' => $rr['id'], $user_element => $users); + } + return api_format_data("groups", $type, array('group' => $grps)); +} +api_register_func('api/friendica/group_show', 'api_friendica_group_show', true); + + +// delete the specified group of the user +function api_friendica_group_delete($type) +{ + $a = get_app(); + + if (api_user() === false) throw new ForbiddenException(); + + // params + $user_info = api_get_user($a); + $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); + $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); + $uid = $user_info['uid']; + + // error if no gid specified + if ($gid == 0 || $name == "") + throw new BadRequestException('gid or name not specified'); + + // get data of the specified group id + $r = q( + "SELECT * FROM `group` WHERE `uid` = %d AND `id` = %d", + intval($uid), + intval($gid) + ); + // error message if specified gid is not in database + if (!DBM::is_result($r)) + throw new BadRequestException('gid not available'); + + // get data of the specified group id and group name + $rname = q( + "SELECT * FROM `group` WHERE `uid` = %d AND `id` = %d AND `name` = '%s'", + intval($uid), + intval($gid), + dbesc($name) + ); + // error message if specified gid is not in database + if (!DBM::is_result($rname)) + throw new BadRequestException('wrong group name'); + + // delete group + $ret = group_rmv($uid, $name); + if ($ret) { + // return success + $success = array('success' => $ret, 'gid' => $gid, 'name' => $name, 'status' => 'deleted', 'wrong users' => array()); + return api_format_data("group_delete", $type, array('result' => $success)); + } else { + throw new BadRequestException('other API error'); + } +} +api_register_func('api/friendica/group_delete', 'api_friendica_group_delete', true, API_METHOD_DELETE); + + +// create the specified group with the posted array of contacts +function api_friendica_group_create($type) +{ + $a = get_app(); + + if (api_user() === false) throw new ForbiddenException(); + + // params + $user_info = api_get_user($a); + $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); + $uid = $user_info['uid']; + $json = json_decode($_POST['json'], true); + $users = $json['user']; + + // error if no name specified + if ($name == "") + throw new BadRequestException('group name not specified'); + + // get data of the specified group name + $rname = q( + "SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' AND `deleted` = 0", + intval($uid), + dbesc($name) + ); + // error message if specified group name already exists + if (DBM::is_result($rname)) + throw new BadRequestException('group name already exists'); + + // check if specified group name is a deleted group + $rname = q( + "SELECT * FROM `group` WHERE `uid` = %d AND `name` = '%s' AND `deleted` = 1", + intval($uid), + dbesc($name) + ); + // error message if specified group name already exists + if (DBM::is_result($rname)) + $reactivate_group = true; + + // create group + $ret = group_add($uid, $name); + if ($ret) { + $gid = group_byname($uid, $name); + } else { + throw new BadRequestException('other API error'); + } + + // add members + $erroraddinguser = false; + $errorusers = array(); + foreach ($users as $user) { + $cid = $user['cid']; + // check if user really exists as contact + $contact = q( + "SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d", + intval($cid), + intval($uid) + ); + if (count($contact)) + $result = group_add_member($uid, $name, $cid, $gid); + else { + $erroraddinguser = true; + $errorusers[] = $cid; + } + } + + // return success message incl. missing users in array + $status = ($erroraddinguser ? "missing user" : ($reactivate_group ? "reactivated" : "ok")); + $success = array('success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers); + return api_format_data("group_create", $type, array('result' => $success)); +} +api_register_func('api/friendica/group_create', 'api_friendica_group_create', true, API_METHOD_POST); + + +// update the specified group with the posted array of contacts +function api_friendica_group_update($type) +{ + $a = get_app(); + + if (api_user() === false) throw new ForbiddenException(); + + // params + $user_info = api_get_user($a); + $uid = $user_info['uid']; + $gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0); + $name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : ""); + $json = json_decode($_POST['json'], true); + $users = $json['user']; + + // error if no name specified + if ($name == "") + throw new BadRequestException('group name not specified'); + + // error if no gid specified + if ($gid == "") + throw new BadRequestException('gid not specified'); + + // remove members + $members = group_get_members($gid); + foreach ($members as $member) { + $cid = $member['id']; + foreach ($users as $user) { + $found = ($user['cid'] == $cid ? true : false); + } + if (!$found) { + $ret = group_rmv_member($uid, $name, $cid); + } + } + + // add members + $erroraddinguser = false; + $errorusers = array(); + foreach ($users as $user) { + $cid = $user['cid']; + // check if user really exists as contact + $contact = q( + "SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d", + intval($cid), + intval($uid) + ); + + if (count($contact)) { + $result = group_add_member($uid, $name, $cid, $gid); + } else { + $erroraddinguser = true; + $errorusers[] = $cid; + } + } + + // return success message incl. missing users in array + $status = ($erroraddinguser ? "missing user" : "ok"); + $success = array('success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers); + return api_format_data("group_update", $type, array('result' => $success)); +} + +api_register_func('api/friendica/group_update', 'api_friendica_group_update', true, API_METHOD_POST); + +function api_friendica_activity($type) +{ + $a = get_app(); + + if (api_user() === false) throw new ForbiddenException(); + $verb = strtolower($a->argv[3]); + $verb = preg_replace("|\..*$|", "", $verb); + + $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); + + $res = do_like($id, $verb); + + if ($res) { + if ($type == "xml") { + $ok = "true"; + } else { + $ok = "ok"; + } + return api_format_data('ok', $type, array('ok' => $ok)); + } else { + throw new BadRequestException('Error adding activity'); + } +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/friendica/activity/like', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/dislike', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/attendyes', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/attendno', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/attendmaybe', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/unlike', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/undislike', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/unattendyes', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/unattendno', 'api_friendica_activity', true, API_METHOD_POST); +api_register_func('api/friendica/activity/unattendmaybe', 'api_friendica_activity', true, API_METHOD_POST); + +/** + * @brief Returns notifications + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string +*/ +function api_friendica_notification($type) +{ + $a = get_app(); + + if (api_user() === false) throw new ForbiddenException(); + if ($a->argc!==3) throw new BadRequestException("Invalid argument count"); + $nm = new NotificationsManager(); + + $notes = $nm->getAll(array(), "+seen -date", 50); + + if ($type == "xml") { + $xmlnotes = array(); + foreach ($notes as $note) + $xmlnotes[] = array("@attributes" => $note); + + $notes = $xmlnotes; + } + + return api_format_data("notes", $type, array('note' => $notes)); +} + +/** + * @brief Set notification as seen and returns associated item (if possible) + * + * POST request with 'id' param as notification id + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_friendica_notification_seen($type) +{ + $a = get_app(); + + if (api_user() === false) throw new ForbiddenException(); + if ($a->argc!==4) throw new BadRequestException("Invalid argument count"); + + $id = (x($_REQUEST, 'id') ? intval($_REQUEST['id']) : 0); + + $nm = new NotificationsManager(); + $note = $nm->getByID($id); + if (is_null($note)) throw new BadRequestException("Invalid argument"); + + $nm->setSeen($note); + if ($note['otype']=='item') { + // would be really better with an ItemsManager and $im->getByID() :-P + $r = q( + "SELECT * FROM `item` WHERE `id`=%d AND `uid`=%d", + intval($note['iid']), + intval(local_user()) + ); + if ($r!==false) { + // we found the item, return it to the user + $user_info = api_get_user($a); + $ret = api_format_items($r, $user_info, false, $type); + $data = array('status' => $ret); + return api_format_data("status", $type, $data); + } + // the item can't be found, but we set the note as seen, so we count this as a success + } + return api_format_data('result', $type, array('result' => "success")); +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/friendica/notification/seen', 'api_friendica_notification_seen', true, API_METHOD_POST); +api_register_func('api/friendica/notification', 'api_friendica_notification', true, API_METHOD_GET); + +/** + * @brief update a direct_message to seen state + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string (success result=ok, error result=error with error message) + */ +function api_friendica_direct_messages_setseen($type) +{ + $a = get_app(); + if (api_user() === false) { + throw new ForbiddenException(); + } + + // params + $user_info = api_get_user($a); + $uid = $user_info['uid']; + $id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0); + + // return error if id is zero + if ($id == "") { + $answer = array('result' => 'error', 'message' => 'message id not specified'); + return api_format_data("direct_messages_setseen", $type, array('$result' => $answer)); + } + + // get data of the specified message id + $r = q( + "SELECT `id` FROM `mail` WHERE `id` = %d AND `uid` = %d", + intval($id), + intval($uid) + ); + + // error message if specified id is not in database + if (!DBM::is_result($r)) { + $answer = array('result' => 'error', 'message' => 'message id not in database'); + return api_format_data("direct_messages_setseen", $type, array('$result' => $answer)); + } + + // update seen indicator + $result = q( + "UPDATE `mail` SET `seen` = 1 WHERE `id` = %d AND `uid` = %d", + intval($id), + intval($uid) + ); + + if ($result) { + // return success + $answer = array('result' => 'ok', 'message' => 'message set to seen'); + return api_format_data("direct_message_setseen", $type, array('$result' => $answer)); + } else { + $answer = array('result' => 'error', 'message' => 'unknown error'); + return api_format_data("direct_messages_setseen", $type, array('$result' => $answer)); + } +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/friendica/direct_messages_setseen', 'api_friendica_direct_messages_setseen', true); + +/** + * @brief search for direct_messages containing a searchstring through api + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string (success: success=true if found and search_result contains found messages + * success=false if nothing was found, search_result='nothing found', + * error: result=error with error message) + */ +function api_friendica_direct_messages_search($type) +{ + $a = get_app(); + + if (api_user() === false) { + throw new ForbiddenException(); + } + + // params + $user_info = api_get_user($a); + $searchstring = (x($_REQUEST, 'searchstring') ? $_REQUEST['searchstring'] : ""); + $uid = $user_info['uid']; + + // error if no searchstring specified + if ($searchstring == "") { + $answer = array('result' => 'error', 'message' => 'searchstring not specified'); + return api_format_data("direct_messages_search", $type, array('$result' => $answer)); + } + + // get data for the specified searchstring + $r = q( + "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid`=%d AND `body` LIKE '%s' ORDER BY `mail`.`id` DESC", + intval($uid), + dbesc('%'.$searchstring.'%') + ); + + $profile_url = $user_info["url"]; + + // message if nothing was found + if (!DBM::is_result($r)) { + $success = array('success' => false, 'search_results' => 'problem with query'); + } elseif (count($r) == 0) { + $success = array('success' => false, 'search_results' => 'nothing found'); + } else { + $ret = array(); + foreach ($r as $item) { + if ($box == "inbox" || $item['from-url'] != $profile_url) { + $recipient = $user_info; + $sender = api_get_user($a, normalise_link($item['contact-url'])); + } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { + $recipient = api_get_user($a, normalise_link($item['contact-url'])); + $sender = $user_info; + } + + $ret[] = api_format_messages($item, $recipient, $sender); + } + $success = array('success' => true, 'search_results' => $ret); + } + + return api_format_data("direct_message_search", $type, array('$result' => $success)); +} + +/// @TODO move to top of file or somwhere better +api_register_func('api/friendica/direct_messages_search', 'api_friendica_direct_messages_search', true); + +/** + * @brief return data of all the profiles a user has to the client + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string + */ +function api_friendica_profile_show($type) +{ + $a = get_app(); + + if (api_user() === false) { + throw new ForbiddenException(); + } + + // input params + $profileid = (x($_REQUEST, 'profile_id') ? $_REQUEST['profile_id'] : 0); + + // retrieve general information about profiles for user + $multi_profiles = feature_enabled(api_user(), 'multi_profiles'); + $directory = Config::get('system', 'directory'); + + // get data of the specified profile id or all profiles of the user if not specified + if ($profileid != 0) { + $r = q( + "SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d", + intval(api_user()), + intval($profileid) + ); + + // error message if specified gid is not in database if (!DBM::is_result($r)) { - $success = array('success' => false, 'search_results' => 'problem with query'); - } elseif (count($r) == 0) { - $success = array('success' => false, 'search_results' => 'nothing found'); - } else { - $ret = array(); - foreach ($r as $item) { - if ($box == "inbox" || $item['from-url'] != $profile_url) { - $recipient = $user_info; - $sender = api_get_user($a,normalise_link($item['contact-url'])); - } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user($a,normalise_link($item['contact-url'])); - $sender = $user_info; - } - - $ret[] = api_format_messages($item, $recipient, $sender); - } - $success = array('success' => true, 'search_results' => $ret); + throw new BadRequestException("profile_id not available"); } - - return api_format_data("direct_message_search", $type, array('$result' => $success)); + } else { + $r = q( + "SELECT * FROM `profile` WHERE `uid` = %d", + intval(api_user()) + ); } + // loop through all returned profiles and retrieve data and users + $k = 0; + foreach ($r as $rr) { + $profile = api_format_items_profiles($rr, $type); - /// @TODO move to top of file or somwhere better - api_register_func('api/friendica/direct_messages_search', 'api_friendica_direct_messages_search', true); + // select all users from contact table, loop and prepare standard return for user data + $users = array(); + $r = q( + "SELECT `id`, `nurl` FROM `contact` WHERE `uid`= %d AND `profile-id` = %d", + intval(api_user()), + intval($rr['profile_id']) + ); - /** - * @brief return data of all the profiles a user has to the client - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string - */ - function api_friendica_profile_show($type) { - $a = get_app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - // input params - $profileid = (x($_REQUEST, 'profile_id') ? $_REQUEST['profile_id'] : 0); - - // retrieve general information about profiles for user - $multi_profiles = feature_enabled(api_user(),'multi_profiles'); - $directory = Config::get('system', 'directory'); - - // get data of the specified profile id or all profiles of the user if not specified - if ($profileid != 0) { - $r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d", - intval(api_user()), - intval($profileid)); - - // error message if specified gid is not in database - if (!DBM::is_result($r)) { - throw new BadRequestException("profile_id not available"); - } - } else { - $r = q("SELECT * FROM `profile` WHERE `uid` = %d", - intval(api_user())); - } - // loop through all returned profiles and retrieve data and users - $k = 0; foreach ($r as $rr) { - $profile = api_format_items_profiles($rr, $type); - - // select all users from contact table, loop and prepare standard return for user data - $users = array(); - $r = q("SELECT `id`, `nurl` FROM `contact` WHERE `uid`= %d AND `profile-id` = %d", - intval(api_user()), - intval($rr['profile_id'])); - - foreach ($r as $rr) { - $user = api_get_user($a, $rr['nurl']); - ($type == "xml") ? $users[$k++ . ":user"] = $user : $users[] = $user; - } - $profile['users'] = $users; - - // add prepared profile data to array for final return - if ($type == "xml") { - $profiles[$k++ . ":profile"] = $profile; - } else { - $profiles[] = $profile; - } + $user = api_get_user($a, $rr['nurl']); + ($type == "xml") ? $users[$k++ . ":user"] = $user : $users[] = $user; } + $profile['users'] = $users; - // return settings, authenticated user and profiles data - $self = q("SELECT `nurl` FROM `contact` WHERE `uid`= %d AND `self` LIMIT 1", intval(api_user())); - - $result = array('multi_profiles' => $multi_profiles ? true : false, - 'global_dir' => $directory, - 'friendica_owner' => api_get_user($a, $self[0]['nurl']), - 'profiles' => $profiles); - return api_format_data("friendica_profiles", $type, array('$result' => $result)); + // add prepared profile data to array for final return + if ($type == "xml") { + $profiles[$k++ . ":profile"] = $profile; + } else { + $profiles[] = $profile; + } } - api_register_func('api/friendica/profile/show', 'api_friendica_profile_show', true, API_METHOD_GET); + + // return settings, authenticated user and profiles data + $self = q("SELECT `nurl` FROM `contact` WHERE `uid`= %d AND `self` LIMIT 1", intval(api_user())); + + $result = array('multi_profiles' => $multi_profiles ? true : false, + 'global_dir' => $directory, + 'friendica_owner' => api_get_user($a, $self[0]['nurl']), + 'profiles' => $profiles); + return api_format_data("friendica_profiles", $type, array('$result' => $result)); +} +api_register_func('api/friendica/profile/show', 'api_friendica_profile_show', true, API_METHOD_GET); /* @TODO Maybe open to implement? diff --git a/include/html2bbcode.php b/include/html2bbcode.php index 257539b07..763351e80 100644 --- a/include/html2bbcode.php +++ b/include/html2bbcode.php @@ -8,7 +8,7 @@ * https://github.com/annando/Syncom */ -require_once("include/xml.php"); +use Friendica\Util\XML; function node2bbcode(&$doc, $oldnode, $attributes, $startbb, $endbb) { @@ -26,11 +26,12 @@ function node2bbcodesub(&$doc, $oldnode, $attributes, $startbb, $endbb) $list = $xpath->query("//".$oldnode); foreach ($list as $oldNode) { - $attr = array(); - if ($oldNode->attributes->length) - foreach ($oldNode->attributes as $attribute) + if ($oldNode->attributes->length) { + foreach ($oldNode->attributes as $attribute) { $attr[$attribute->name] = $attribute->value; + } + } $replace = true; @@ -39,23 +40,22 @@ function node2bbcodesub(&$doc, $oldnode, $attributes, $startbb, $endbb) $i = 0; foreach ($attributes as $attribute => $value) { - $startbb = str_replace('\x01'.++$i, '$1', $startbb); - if (strpos('*'.$startbb, '$1') > 0) { - if ($replace && (@$attr[$attribute] != '')) { - $startbb = preg_replace($value, $startbb, $attr[$attribute], -1, $count); // If nothing could be changed - if ($count == 0) + if ($count == 0) { $replace = false; - } else + } + } else { $replace = false; + } } else { - if (@$attr[$attribute] != $value) + if (@$attr[$attribute] != $value) { $replace = false; + } } } @@ -86,7 +86,8 @@ function html2bbcode($message, $basepath = '') // Removing code blocks before the whitespace removal processing below $codeblocks = []; - $message = preg_replace_callback('#
(.*)
#iUs', + $message = preg_replace_callback( + '#
(.*)
#iUs', function ($matches) use (&$codeblocks) { $return = '[codeblock-' . count($codeblocks) . ']'; @@ -96,18 +97,21 @@ function html2bbcode($message, $basepath = '') } $codeblocks[] = $prefix . $matches[2] . '[/code]'; return $return; - } - , $message); + }, + $message + ); - $message = str_replace(array( - "
  • ", - "

  • ", - ), - array( - "
  • ", - "
  • ", - ), - $message); + $message = str_replace( + array( + "
  • ", + "

  • ", + ), + array( + "
  • ", + "
  • ", + ), + $message + ); // remove namespaces $message = preg_replace('=<(\w+):(.+?)>=', '', $message); @@ -120,17 +124,18 @@ function html2bbcode($message, $basepath = '') @$doc->loadHTML($message); - xml::deleteNode($doc, 'style'); - xml::deleteNode($doc, 'head'); - xml::deleteNode($doc, 'title'); - xml::deleteNode($doc, 'meta'); - xml::deleteNode($doc, 'xml'); - xml::deleteNode($doc, 'removeme'); + XML::deleteNode($doc, 'style'); + XML::deleteNode($doc, 'head'); + XML::deleteNode($doc, 'title'); + XML::deleteNode($doc, 'meta'); + XML::deleteNode($doc, 'xml'); + XML::deleteNode($doc, 'removeme'); $xpath = new DomXPath($doc); $list = $xpath->query("//pre"); - foreach ($list as $node) + foreach ($list as $node) { $node->nodeValue = str_replace("\n", "\r", $node->nodeValue); + } $message = $doc->saveHTML(); $message = str_replace(array("\n<", ">\n", "\r", "\n", "\xC3\x82\xC2\xA0"), array("<", ">", "
    ", " ", ""), $message); @@ -158,7 +163,7 @@ function html2bbcode($message, $basepath = '') node2bbcode($doc, 'font', array('face'=>'/([\w ]+)/'), '[font=$1]', '[/font]'); node2bbcode($doc, 'font', array('size'=>'/(\d+)/'), '[size=$1]', '[/size]'); node2bbcode($doc, 'font', array('color'=>'/(.+)/'), '[color=$1]', '[/color]'); -*/ + */ // Untested //node2bbcode($doc, 'span', array('style'=>'/.*font-size:\s*(.+?)[,;].*font-family:\s*(.+?)[,;].*color:\s*(.+?)[,;].*/'), '[size=$1][font=$2][color=$3]', '[/color][/font][/size]'); //node2bbcode($doc, 'span', array('style'=>'/.*font-size:\s*(\d+)[,;].*/'), '[size=$1]', '[/size]'); @@ -281,45 +286,52 @@ function html2bbcode($message, $basepath = '') do { $oldmessage = $message; - $message = str_replace(array( - "[/size]\n\n", - "\n[hr]", - "[hr]\n", - "\n[list", - "[/list]\n", - "\n[/", - "[list]\n", - "[list=1]\n", - "\n[*]"), - array( - "[/size]\n", - "[hr]", - "[hr]", - "[list", - "[/list]", - "[/", - "[list]", - "[list=1]", - "[*]"), - $message); + $message = str_replace( + array( + "[/size]\n\n", + "\n[hr]", + "[hr]\n", + "\n[list", + "[/list]\n", + "\n[/", + "[list]\n", + "[list=1]\n", + "\n[*]"), + array( + "[/size]\n", + "[hr]", + "[hr]", + "[list", + "[/list]", + "[/", + "[list]", + "[list=1]", + "[*]"), + $message + ); } while ($message != $oldmessage); - $message = str_replace(array('[b][b]', '[/b][/b]', '[i][i]', '[/i][/i]'), - array('[b]', '[/b]', '[i]', '[/i]'), $message); + $message = str_replace( + array('[b][b]', '[/b][/b]', '[i][i]', '[/i][/i]'), + array('[b]', '[/b]', '[i]', '[/i]'), + $message + ); // Handling Yahoo style of mails $message = str_replace('[hr][b]From:[/b]', '[quote][b]From:[/b]', $message); // Restore code blocks - $message = preg_replace_callback('#\[codeblock-([0-9]+)\]#iU', + $message = preg_replace_callback( + '#\[codeblock-([0-9]+)\]#iU', function ($matches) use ($codeblocks) { $return = ''; if (isset($codeblocks[intval($matches[1])])) { $return = $codeblocks[$matches[1]]; } return $return; - } - , $message); + }, + $message + ); $message = trim($message); @@ -333,12 +345,13 @@ function html2bbcode($message, $basepath = '') /** * @brief Sub function to complete incomplete URL * - * @param array $matches Result of preg_replace_callback + * @param array $matches Result of preg_replace_callback * @param string $basepath Basepath that is used to complete the URL * * @return string The expanded URL */ -function addHostnameSub($matches, $basepath) { +function addHostnameSub($matches, $basepath) +{ $base = parse_url($basepath); unset($base['query']); unset($base['fragment']); @@ -355,12 +368,13 @@ function addHostnameSub($matches, $basepath) { /** * @brief Complete incomplete URLs in BBCode * - * @param string $body Body with URLs + * @param string $body Body with URLs * @param string $basepath Basepath that is used to complete the URL * * @return string Body with expanded URLs */ -function addHostname($body, $basepath) { +function addHostname($body, $basepath) +{ $URLSearchString = "^\[\]"; $matches = array("/\[url\=([$URLSearchString]*)\].*?\[\/url\]/ism", @@ -373,11 +387,14 @@ function addHostname($body, $basepath) { "/\[audio\](.*?)\[\/audio\]/ism", ); - foreach ($matches AS $match) { - $body = preg_replace_callback($match, - function ($match) use ($basepath) { - return addHostnameSub($match, $basepath); - }, $body); + foreach ($matches as $match) { + $body = preg_replace_callback( + $match, + function ($match) use ($basepath) { + return addHostnameSub($match, $basepath); + }, + $body + ); } return $body; } diff --git a/include/network.php b/include/network.php index 90aea6e76..e9cfe8603 100644 --- a/include/network.php +++ b/include/network.php @@ -8,8 +8,7 @@ use Friendica\App; use Friendica\Core\System; use Friendica\Core\Config; use Friendica\Network\Probe; - -require_once("include/xml.php"); +use Friendica\Util\XML; /** * @brief Curl wrapper @@ -18,18 +17,18 @@ require_once("include/xml.php"); * Set the cookiejar argument to a string (e.g. "/tmp/friendica-cookies.txt") * to preserve cookies from one request to the next. * - * @param string $url URL to fetch - * @param boolean $binary default false - * TRUE if asked to return binary results (file download) - * @param integer $redirects The recursion counter for internal use - default 0 - * @param integer $timeout Timeout in seconds, default system config value or 60 seconds - * @param string $accept_content supply Accept: header with 'accept_content' as the value - * @param string $cookiejar Path to cookie jar file + * @param string $url URL to fetch + * @param boolean $binary default false + * TRUE if asked to return binary results (file download) + * @param integer $redirects The recursion counter for internal use - default 0 + * @param integer $timeout Timeout in seconds, default system config value or 60 seconds + * @param string $accept_content supply Accept: header with 'accept_content' as the value + * @param string $cookiejar Path to cookie jar file * * @return string The fetched content */ -function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_content=Null, $cookiejar = 0) { - +function fetch_url($url, $binary = false, &$redirects = 0, $timeout = 0, $accept_content = null, $cookiejar = 0) +{ $ret = z_fetch_url( $url, $binary, @@ -37,7 +36,8 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ array('timeout'=>$timeout, 'accept_content'=>$accept_content, 'cookiejar'=>$cookiejar - )); + ) + ); return($ret['body']); } @@ -45,17 +45,17 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ /** * @brief fetches an URL. * - * @param string $url URL to fetch - * @param boolean $binary default false - * TRUE if asked to return binary results (file download) - * @param int $redirects The recursion counter for internal use - default 0 - * @param array $opts (optional parameters) assoziative array with: - * 'accept_content' => supply Accept: header with 'accept_content' as the value - * 'timeout' => int Timeout in seconds, default system config value or 60 seconds - * 'http_auth' => username:password - * 'novalidate' => do not validate SSL certs, default is to validate using our CA list - * 'nobody' => only return the header - * 'cookiejar' => path to cookie jar file + * @param string $url URL to fetch + * @param boolean $binary default false + * TRUE if asked to return binary results (file download) + * @param int $redirects The recursion counter for internal use - default 0 + * @param array $opts (optional parameters) assoziative array with: + * 'accept_content' => supply Accept: header with 'accept_content' as the value + * 'timeout' => int Timeout in seconds, default system config value or 60 seconds + * 'http_auth' => username:password + * 'novalidate' => do not validate SSL certs, default is to validate using our CA list + * 'nobody' => only return the header + * 'cookiejar' => path to cookie jar file * * @return array an assoziative array with: * int 'return_code' => HTTP return code or 0 if timeout or failure @@ -64,7 +64,8 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ * string 'header' => HTTP headers * string 'body' => fetched content */ -function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) { +function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) +{ $ret = array('return_code' => 0, 'success' => false, 'header' => '', 'info' => '', 'body' => ''); $stamp1 = microtime(true); @@ -89,14 +90,16 @@ function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) { curl_setopt($ch, CURLOPT_COOKIEFILE, $opts["cookiejar"]); } -// These settings aren't needed. We're following the location already. -// @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); -// @curl_setopt($ch, CURLOPT_MAXREDIRS, 5); + // These settings aren't needed. We're following the location already. + // @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + // @curl_setopt($ch, CURLOPT_MAXREDIRS, 5); if (x($opts, 'accept_content')) { - curl_setopt($ch, CURLOPT_HTTPHEADER, array( - 'Accept: ' . $opts['accept_content'] - )); + curl_setopt( + $ch, + CURLOPT_HTTPHEADER, + array('Accept: ' . $opts['accept_content']) + ); } @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); @@ -192,7 +195,7 @@ function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) { // allow for HTTP/2.x without fixing code while (preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/', $base)) { - $chunk = substr($base, 0, strpos($base,"\r\n\r\n") + 4); + $chunk = substr($base, 0, strpos($base, "\r\n\r\n") + 4); $header .= $chunk; $base = substr($base, strlen($chunk)); } @@ -216,7 +219,7 @@ function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) { if (preg_match('/(Location:|URI:)(.*?)\n/i', $header, $matches)) { $newurl = trim(array_pop($matches)); } - if (strpos($newurl,'/') === 0) { + if (strpos($newurl, '/') === 0) { $newurl = $old_location_info["scheme"]."://".$old_location_info["host"].$newurl; } @@ -261,15 +264,16 @@ function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) { /** * @brief Send POST request to $url * - * @param string $url URL to post - * @param mixed $params array of POST variables - * @param string $headers HTTP headers + * @param string $url URL to post + * @param mixed $params array of POST variables + * @param string $headers HTTP headers * @param integer $redirects Recursion counter for internal use - default = 0 - * @param integer $timeout The timeout in seconds, default system config value or 60 seconds + * @param integer $timeout The timeout in seconds, default system config value or 60 seconds * * @return string The content */ -function post_url($url, $params, $headers = null, &$redirects = 0, $timeout = 0) { +function post_url($url, $params, $headers = null, &$redirects = 0, $timeout = 0) +{ $stamp1 = microtime(true); if (blocked_url($url)) { @@ -394,8 +398,8 @@ function post_url($url, $params, $headers = null, &$redirects = 0, $timeout = 0) // Outputs a basic dfrn XML status structure to STDOUT, with a variable // of $st and an optional text of $message and terminates the current process. -function xml_status($st, $message = '') { - +function xml_status($st, $message = '') +{ $result = array('status' => $st); if ($message != '') { @@ -410,7 +414,7 @@ function xml_status($st, $message = '') { $xmldata = array("result" => $result); - echo xml::from_array($xmldata, $xml); + echo XML::from_array($xmldata, $xml); killme(); } @@ -427,17 +431,19 @@ function xml_status($st, $message = '') { /** * @brief Send HTTP status header and exit. * - * @param integer $val HTTP status result value - * @param array $description optional message - * 'title' => header title - * 'description' => optional message + * @param integer $val HTTP status result value + * @param array $description optional message + * 'title' => header title + * 'description' => optional message */ -function http_status_exit($val, $description = array()) { +function http_status_exit($val, $description = array()) +{ $err = ''; if ($val >= 400) { $err = 'Error'; - if (!isset($description["title"])) + if (!isset($description["title"])) { $description["title"] = $err." ".$val; + } } if ($val >= 200 && $val < 300) $err = 'OK'; @@ -447,12 +453,15 @@ function http_status_exit($val, $description = array()) { if (isset($description["title"])) { $tpl = get_markup_template('http_status.tpl'); - echo replace_macros($tpl, array('$title' => $description["title"], - '$description' => $description["description"])); + echo replace_macros( + $tpl, + array( + '$title' => $description["title"], + '$description' => $description["description"]) + ); } killme(); - } /** @@ -464,15 +473,17 @@ function http_status_exit($val, $description = array()) { * @param string $url The URL to be validated * @return boolean True if it's a valid URL, fals if something wrong with it */ -function validate_url(&$url) { - if (Config::get('system','disable_url_validation')) +function validate_url(&$url) +{ + if (Config::get('system', 'disable_url_validation')) { return true; + } // no naked subdomains (allow localhost for tests) - if (strpos($url,'.') === false && strpos($url,'/localhost/') === false) + if (strpos($url, '.') === false && strpos($url, '/localhost/') === false) return false; - if (substr($url,0,4) != 'http') + if (substr($url, 0, 4) != 'http') $url = 'http://' . $url; /// @TODO Really supress function outcomes? Why not find them + debug them? @@ -491,14 +502,17 @@ function validate_url(&$url) { * @param string $addr The email address * @return boolean True if it's a valid email address, false if it's not */ -function validate_email($addr) { - - if (Config::get('system','disable_email_validation')) +function validate_email($addr) +{ + if (Config::get('system', 'disable_email_validation')) { return true; + } - if (! strpos($addr,'@')) + if (! strpos($addr, '@')) { return false; - $h = substr($addr,strpos($addr,'@') + 1); + } + + $h = substr($addr, strpos($addr, '@') + 1); if (($h) && (dns_get_record($h, DNS_A + DNS_CNAME + DNS_PTR + DNS_MX) || filter_var($h, FILTER_VALIDATE_IP) )) { return true; @@ -515,8 +529,8 @@ function validate_email($addr) { * @param string $url URL which get tested * @return boolean True if url is allowed otherwise return false */ -function allowed_url($url) { - +function allowed_url($url) +{ $h = @parse_url($url); if (! $h) { @@ -557,9 +571,11 @@ function allowed_url($url) { * Returns true if it is or malformed URL, false if not. * * @param string $url The url to check the domain from + * * @return boolean */ -function blocked_url($url) { +function blocked_url($url) +{ $h = @parse_url($url); if (! $h) { @@ -587,18 +603,18 @@ function blocked_url($url) { * * Compare against our list (wildcards allowed). * - * @param type $email + * @param string $email email address * @return boolean False if not allowed, true if allowed * or if allowed list is not configured */ -function allowed_email($email) { - - $domain = strtolower(substr($email,strpos($email,'@') + 1)); +function allowed_email($email) +{ + $domain = strtolower(substr($email, strpos($email, '@') + 1)); if (! $domain) { return false; } - $str_allowed = Config::get('system','allowed_email'); + $str_allowed = Config::get('system', 'allowed_email'); if (! $str_allowed) { return true; } @@ -606,12 +622,12 @@ function allowed_email($email) { $found = false; $fnmatch = function_exists('fnmatch'); - $allowed = explode(',',$str_allowed); + $allowed = explode(',', $str_allowed); if (count($allowed)) { foreach ($allowed as $a) { $pat = strtolower(trim($a)); - if (($fnmatch && fnmatch($pat,$domain)) || ($pat == $domain)) { + if (($fnmatch && fnmatch($pat, $domain)) || ($pat == $domain)) { $found = true; break; } @@ -620,8 +636,8 @@ function allowed_email($email) { return $found; } -function avatar_img($email) { - +function avatar_img($email) +{ $avatar['size'] = 175; $avatar['email'] = $email; $avatar['url'] = ''; @@ -638,7 +654,8 @@ function avatar_img($email) { } -function parse_xml_string($s, $strict = true) { +function parse_xml_string($s, $strict = true) +{ // the "strict" parameter is deactivated /// @todo Move this function to the xml class @@ -655,10 +672,10 @@ function parse_xml_string($s, $strict = true) { return $x; } -function scale_external_images($srctext, $include_link = true, $scale_replace = false) { - +function scale_external_images($srctext, $include_link = true, $scale_replace = false) +{ // Suppress "view full size" - if (intval(Config::get('system','no_view_full_size'))) { + if (intval(Config::get('system', 'no_view_full_size'))) { $include_link = false; } @@ -668,14 +685,14 @@ function scale_external_images($srctext, $include_link = true, $scale_replace = $s = htmlspecialchars_decode($srctext); $matches = null; - $c = preg_match_all('/\[img.*?\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER); + $c = preg_match_all('/\[img.*?\](.*?)\[\/img\]/ism', $s, $matches, PREG_SET_ORDER); if ($c) { - require_once('include/Photo.php'); + require_once 'include/Photo.php'; foreach ($matches as $mtch) { logger('scale_external_image: ' . $mtch[1]); - $hostname = str_replace('www.','',substr(System::baseUrl(),strpos(System::baseUrl(),'://')+3)); - if (stristr($mtch[1],$hostname)) { + $hostname = str_replace('www.', '', substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3)); + if (stristr($mtch[1], $hostname)) { continue; } @@ -695,7 +712,7 @@ function scale_external_images($srctext, $include_link = true, $scale_replace = } // guess mimetype from headers or filename - $type = guess_image_type($mtch[1],true); + $type = guess_image_type($mtch[1], true); if ($i) { $ph = new Photo($i, $type); @@ -704,15 +721,18 @@ function scale_external_images($srctext, $include_link = true, $scale_replace = $orig_height = $ph->getHeight(); if ($orig_width > 640 || $orig_height > 640) { - $ph->scaleImage(640); $new_width = $ph->getWidth(); $new_height = $ph->getHeight(); logger('scale_external_images: ' . $orig_width . '->' . $new_width . 'w ' . $orig_height . '->' . $new_height . 'h' . ' match: ' . $mtch[0], LOGGER_DEBUG); - $s = str_replace($mtch[0],'[img=' . $new_width . 'x' . $new_height. ']' . $scaled . '[/img]' + $s = str_replace( + $mtch[0], + '[img=' . $new_width . 'x' . $new_height. ']' . $scaled . '[/img]' . "\n" . (($include_link) ? '[url=' . $mtch[1] . ']' . t('view full size') . '[/url]' . "\n" - : ''),$s); + : ''), + $s + ); logger('scale_external_images: new string: ' . $s, LOGGER_DEBUG); } } @@ -721,32 +741,32 @@ function scale_external_images($srctext, $include_link = true, $scale_replace = } // replace the special char encoding - $s = htmlspecialchars($s,ENT_NOQUOTES,'UTF-8'); + $s = htmlspecialchars($s, ENT_NOQUOTES, 'UTF-8'); return $s; } -function fix_contact_ssl_policy(&$contact,$new_policy) { - +function fix_contact_ssl_policy(&$contact, $new_policy) +{ $ssl_changed = false; - if ((intval($new_policy) == SSL_POLICY_SELFSIGN || $new_policy === 'self') && strstr($contact['url'],'https:')) { + if ((intval($new_policy) == SSL_POLICY_SELFSIGN || $new_policy === 'self') && strstr($contact['url'], 'https:')) { $ssl_changed = true; - $contact['url'] = str_replace('https:','http:',$contact['url']); - $contact['request'] = str_replace('https:','http:',$contact['request']); - $contact['notify'] = str_replace('https:','http:',$contact['notify']); - $contact['poll'] = str_replace('https:','http:',$contact['poll']); - $contact['confirm'] = str_replace('https:','http:',$contact['confirm']); - $contact['poco'] = str_replace('https:','http:',$contact['poco']); + $contact['url'] = str_replace('https:', 'http:', $contact['url']); + $contact['request'] = str_replace('https:', 'http:', $contact['request']); + $contact['notify'] = str_replace('https:', 'http:', $contact['notify']); + $contact['poll'] = str_replace('https:', 'http:', $contact['poll']); + $contact['confirm'] = str_replace('https:', 'http:', $contact['confirm']); + $contact['poco'] = str_replace('https:', 'http:', $contact['poco']); } - if ((intval($new_policy) == SSL_POLICY_FULL || $new_policy === 'full') && strstr($contact['url'],'http:')) { + if ((intval($new_policy) == SSL_POLICY_FULL || $new_policy === 'full') && strstr($contact['url'], 'http:')) { $ssl_changed = true; - $contact['url'] = str_replace('http:','https:',$contact['url']); - $contact['request'] = str_replace('http:','https:',$contact['request']); - $contact['notify'] = str_replace('http:','https:',$contact['notify']); - $contact['poll'] = str_replace('http:','https:',$contact['poll']); - $contact['confirm'] = str_replace('http:','https:',$contact['confirm']); - $contact['poco'] = str_replace('http:','https:',$contact['poco']); + $contact['url'] = str_replace('http:', 'https:', $contact['url']); + $contact['request'] = str_replace('http:', 'https:', $contact['request']); + $contact['notify'] = str_replace('http:', 'https:', $contact['notify']); + $contact['poll'] = str_replace('http:', 'https:', $contact['poll']); + $contact['confirm'] = str_replace('http:', 'https:', $contact['confirm']); + $contact['poco'] = str_replace('http:', 'https:', $contact['poco']); } if ($ssl_changed) { @@ -771,13 +791,17 @@ function strip_tracking_query_params($url) parse_str($query, $querydata); if (is_array($querydata)) { - foreach ($querydata AS $param => $value) { - if (in_array($param, array("utm_source", "utm_medium", "utm_term", "utm_content", "utm_campaign", - "wt_mc", "pk_campaign", "pk_kwd", "mc_cid", "mc_eid", - "fb_action_ids", "fb_action_types", "fb_ref", - "awesm", "wtrid", - "woo_campaign", "woo_source", "woo_medium", "woo_content", "woo_term"))) { - + foreach ($querydata as $param => $value) { + if (in_array( + $param, + array( + "utm_source", "utm_medium", "utm_term", "utm_content", "utm_campaign", + "wt_mc", "pk_campaign", "pk_kwd", "mc_cid", "mc_eid", + "fb_action_ids", "fb_action_types", "fb_ref", + "awesm", "wtrid", + "woo_campaign", "woo_source", "woo_medium", "woo_content", "woo_term") + ) + ) { $pair = $param . "=" . urlencode($value); $url = str_replace($pair, "", $url); @@ -812,18 +836,20 @@ function strip_tracking_query_params($url) * * @see ParseUrl::getSiteinfo * - * @param string $url A user-submitted URL - * @param int $depth The current redirection recursion level (internal) - * @param bool $fetchbody Wether to fetch the body or not after the HEAD requests + * @param string $url A user-submitted URL + * @param int $depth The current redirection recursion level (internal) + * @param bool $fetchbody Wether to fetch the body or not after the HEAD requests * @return string A canonical URL */ -function original_url($url, $depth = 1, $fetchbody = false) { +function original_url($url, $depth = 1, $fetchbody = false) +{ $a = get_app(); $url = strip_tracking_query_params($url); - if ($depth > 10) + if ($depth > 10) { return($url); + } $url = trim($url, "'"); @@ -849,24 +875,29 @@ function original_url($url, $depth = 1, $fetchbody = false) { return($url); if ((($curl_info['http_code'] == "301") || ($curl_info['http_code'] == "302")) - && (($curl_info['redirect_url'] != "") || ($curl_info['location'] != ""))) { - if ($curl_info['redirect_url'] != "") + && (($curl_info['redirect_url'] != "") || ($curl_info['location'] != "")) + ) { + if ($curl_info['redirect_url'] != "") { return(original_url($curl_info['redirect_url'], ++$depth, $fetchbody)); - else + } else { return(original_url($curl_info['location'], ++$depth, $fetchbody)); + } } // Check for redirects in the meta elements of the body if there are no redirects in the header. - if (!$fetchbody) + if (!$fetchbody) { return(original_url($url, ++$depth, true)); + } // if the file is too large then exit - if ($curl_info["download_content_length"] > 1000000) + if ($curl_info["download_content_length"] > 1000000) { return($url); + } // if it isn't a HTML file then exit - if (($curl_info["content_type"] != "") && !strstr(strtolower($curl_info["content_type"]),"html")) + if (($curl_info["content_type"] != "") && !strstr(strtolower($curl_info["content_type"]), "html")) { return($url); + } $stamp1 = microtime(true); @@ -883,8 +914,9 @@ function original_url($url, $depth = 1, $fetchbody = false) { $a->save_timestamp($stamp1, "network"); - if (trim($body) == "") + if (trim($body) == "") { return($url); + } // Check for redirect in meta elements $doc = new DOMDocument(); @@ -895,29 +927,34 @@ function original_url($url, $depth = 1, $fetchbody = false) { $list = $xpath->query("//meta[@content]"); foreach ($list as $node) { $attr = array(); - if ($node->attributes->length) - foreach ($node->attributes as $attribute) + if ($node->attributes->length) { + foreach ($node->attributes as $attribute) { $attr[$attribute->name] = $attribute->value; + } + } if (@$attr["http-equiv"] == 'refresh') { $path = $attr["content"]; $pathinfo = explode(";", $path); $content = ""; - foreach ($pathinfo AS $value) - if (substr(strtolower($value), 0, 4) == "url=") + foreach ($pathinfo as $value) { + if (substr(strtolower($value), 0, 4) == "url=") { return(original_url(substr($value, 4), ++$depth)); + } + } } } return($url); } -function short_link($url) { - require_once('library/slinky.php'); +function short_link($url) +{ + require_once 'library/slinky.php'; $slinky = new Slinky($url); - $yourls_url = Config::get('yourls','url1'); + $yourls_url = Config::get('yourls', 'url1'); if ($yourls_url) { - $yourls_username = Config::get('yourls','username1'); + $yourls_username = Config::get('yourls', 'username1'); $yourls_password = Config::get('yourls', 'password1'); $yourls_ssl = Config::get('yourls', 'ssl1'); $yourls = new Slinky_YourLS(); @@ -944,7 +981,8 @@ function short_link($url) { * * @param array $x The input content */ -function json_return_and_die($x) { +function json_return_and_die($x) +{ header("content-type: application/json"); echo json_encode($x); killme(); @@ -957,10 +995,11 @@ function json_return_and_die($x) { * @param string $url2 * @return string The matching part */ -function matching_url($url1, $url2) { - - if (($url1 == "") || ($url2 == "")) +function matching_url($url1, $url2) +{ + if (($url1 == "") || ($url2 == "")) { return ""; + } $url1 = normalise_link($url1); $url2 = normalise_link($url2); @@ -968,22 +1007,27 @@ function matching_url($url1, $url2) { $parts1 = parse_url($url1); $parts2 = parse_url($url2); - if (!isset($parts1["host"]) || !isset($parts2["host"])) + if (!isset($parts1["host"]) || !isset($parts2["host"])) { return ""; + } - if ($parts1["scheme"] != $parts2["scheme"]) + if ($parts1["scheme"] != $parts2["scheme"]) { return ""; + } - if ($parts1["host"] != $parts2["host"]) + if ($parts1["host"] != $parts2["host"]) { return ""; + } - if ($parts1["port"] != $parts2["port"]) + if ($parts1["port"] != $parts2["port"]) { return ""; + } $match = $parts1["scheme"]."://".$parts1["host"]; - if ($parts1["port"]) + if ($parts1["port"]) { $match .= ":".$parts1["port"]; + } $pathparts1 = explode("/", $parts1["path"]); $pathparts2 = explode("/", $parts2["path"]); @@ -994,9 +1038,9 @@ function matching_url($url1, $url2) { $path1 = $pathparts1[$i]; $path2 = $pathparts2[$i]; - if ($path1 == $path2) + if ($path1 == $path2) { $path .= $path1."/"; - + } } while (($path1 == $path2) && ($i++ <= count($pathparts1))); $match .= $path; @@ -1011,7 +1055,8 @@ function matching_url($url1, $url2) { * * @return string The glued URL */ -function unParseUrl($parsed) { +function unParseUrl($parsed) +{ $get = function ($key) use ($parsed) { return isset($parsed[$key]) ? $parsed[$key] : null; }; @@ -1023,10 +1068,9 @@ function unParseUrl($parsed) { $scheme = $get('scheme'); $query = $get('query'); $fragment = $get('fragment'); - $authority = - ($userinfo !== null ? $userinfo."@" : '') . - $get('host') . - ($port ? ":$port" : ''); + $authority = ($userinfo !== null ? $userinfo."@" : '') . + $get('host') . + ($port ? ":$port" : ''); return (strlen($scheme) ? $scheme.":" : '') . (strlen($authority) ? "//".$authority : '') . diff --git a/include/ostatus.php b/include/ostatus.php index 0e8037dae..a58d0102a 100644 --- a/include/ostatus.php +++ b/include/ostatus.php @@ -10,6 +10,7 @@ use Friendica\Core\Config; use Friendica\Database\DBM; use Friendica\Network\Probe; use Friendica\Util\Lock; +use Friendica\Util\XML; require_once 'include/Contact.php'; require_once 'include/threads.php'; @@ -23,7 +24,6 @@ require_once 'include/Photo.php'; require_once 'include/follow.php'; require_once 'include/api.php'; require_once 'mod/proxy.php'; -require_once 'include/xml.php'; /** * @brief This class contain functions for the OStatus protocol @@ -169,24 +169,29 @@ class ostatus $contact['nurl'] = normalise_link($contact['url']); $value = $xpath->evaluate('atom:author/atom:uri/text()', $context)->item(0)->nodeValue; - if ($value != "") + if ($value != "") { $contact["alias"] = $value; + } $value = $xpath->evaluate('atom:author/poco:displayName/text()', $context)->item(0)->nodeValue; - if ($value != "") + if ($value != "") { $contact["name"] = $value; + } $value = $xpath->evaluate('atom:author/poco:preferredUsername/text()', $context)->item(0)->nodeValue; - if ($value != "") + if ($value != "") { $contact["nick"] = $value; + } $value = $xpath->evaluate('atom:author/poco:note/text()', $context)->item(0)->nodeValue; - if ($value != "") + if ($value != "") { $contact["about"] = html2bbcode($value); + } $value = $xpath->evaluate('atom:author/poco:address/poco:formatted/text()', $context)->item(0)->nodeValue; - if ($value != "") + if ($value != "") { $contact["location"] = $value; + } $contact['name-date'] = datetime_convert(); @@ -238,8 +243,9 @@ class ostatus */ public static function salmon_author($xml, $importer) { - if ($xml == "") + if ($xml == "") { return; + } $doc = new DOMDocument(); @$doc->loadXML($xml); @@ -1113,14 +1119,16 @@ class ostatus { $elements = explode(":", $href); - if ((count($elements) <= 2) || ($elements[0] != "tag")) + if ((count($elements) <= 2) || ($elements[0] != "tag")) { return $href; + } $server = explode(",", $elements[1]); $conversation = explode("=", $elements[2]); - if ((count($elements) == 4) && ($elements[2] == "post")) + if ((count($elements) == 4) && ($elements[2] == "post")) { return "http://".$server[0]."/notice/".$elements[3]; + } if ((count($conversation) != 2) || ($conversation[1] =="")) { return $href; @@ -1146,26 +1154,31 @@ class ostatus // Skip if it isn't a pure repeated messages // Does it start with a share? - if (strpos($body, "[share") > 0) + if (strpos($body, "[share") > 0) { return ""; + } // Does it end with a share? - if (strlen($body) > (strrpos($body, "[/share]") + 8)) + if (strlen($body) > (strrpos($body, "[/share]") + 8)) { return ""; + } $attributes = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism", "$1", $body); // Skip if there is no shared message in there - if ($body == $attributes) + if ($body == $attributes) { return false; + } $guid = ""; preg_match("/guid='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") + if ($matches[1] != "") { $guid = $matches[1]; + } preg_match('/guid="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") + if ($matches[1] != "") { $guid = $matches[1]; + } return $guid; } @@ -1232,39 +1245,39 @@ class ostatus $root->setAttribute("xmlns:mastodon", NAMESPACE_MASTODON); $attributes = array("uri" => "https://friendi.ca", "version" => FRIENDICA_VERSION."-".DB_UPDATE_VERSION); - xml::add_element($doc, $root, "generator", FRIENDICA_PLATFORM, $attributes); - xml::add_element($doc, $root, "id", System::baseUrl()."/profile/".$owner["nick"]); - xml::add_element($doc, $root, "title", sprintf("%s timeline", $owner["name"])); - xml::add_element($doc, $root, "subtitle", sprintf("Updates from %s on %s", $owner["name"], $a->config["sitename"])); - xml::add_element($doc, $root, "logo", $owner["photo"]); - xml::add_element($doc, $root, "updated", datetime_convert("UTC", "UTC", "now", ATOM_TIME)); + XML::add_element($doc, $root, "generator", FRIENDICA_PLATFORM, $attributes); + XML::add_element($doc, $root, "id", System::baseUrl()."/profile/".$owner["nick"]); + XML::add_element($doc, $root, "title", sprintf("%s timeline", $owner["name"])); + XML::add_element($doc, $root, "subtitle", sprintf("Updates from %s on %s", $owner["name"], $a->config["sitename"])); + XML::add_element($doc, $root, "logo", $owner["photo"]); + XML::add_element($doc, $root, "updated", datetime_convert("UTC", "UTC", "now", ATOM_TIME)); $author = self::add_author($doc, $owner); $root->appendChild($author); $attributes = array("href" => $owner["url"], "rel" => "alternate", "type" => "text/html"); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); /// @TODO We have to find out what this is /// $attributes = array("href" => System::baseUrl()."/sup", /// "rel" => "http://api.friendfeed.com/2008/03#sup", /// "type" => "application/json"); - /// xml::add_element($doc, $root, "link", "", $attributes); + /// XML::add_element($doc, $root, "link", "", $attributes); self::hublinks($doc, $root, $owner["nick"]); $attributes = array("href" => System::baseUrl()."/salmon/".$owner["nick"], "rel" => "salmon"); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); $attributes = array("href" => System::baseUrl()."/salmon/".$owner["nick"], "rel" => "http://salmon-protocol.org/ns/salmon-replies"); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); $attributes = array("href" => System::baseUrl()."/salmon/".$owner["nick"], "rel" => "http://salmon-protocol.org/ns/salmon-mention"); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); $attributes = array("href" => System::baseUrl()."/api/statuses/user_timeline/".$owner["nick"].".atom", "rel" => "self", "type" => "application/atom+xml"); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); return $root; } @@ -1279,7 +1292,7 @@ class ostatus public static function hublinks($doc, $root, $nick) { $h = System::baseUrl() . '/pubsubhubbub/'.$nick; - xml::add_element($doc, $root, "link", "", array("href" => $h, "rel" => "hub")); + XML::add_element($doc, $root, "link", "", array("href" => $h, "rel" => "hub")); } /** @@ -1301,7 +1314,7 @@ class ostatus "href" => $siteinfo["image"], "type" => $imgdata["mime"], "length" => intval($imgdata["size"])); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); break; case 'video': $attributes = array("rel" => "enclosure", @@ -1309,7 +1322,7 @@ class ostatus "type" => "text/html; charset=UTF-8", "length" => "", "title" => $siteinfo["title"]); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); break; default: break; @@ -1322,7 +1335,7 @@ class ostatus "type" => $imgdata["mime"], "length" => intval($imgdata["size"])); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); } $arr = explode('[/attach],', $item['attach']); @@ -1341,7 +1354,7 @@ class ostatus if (trim($matches[4]) != "") { $attributes["title"] = trim($matches[4]); } - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); } } } @@ -1362,15 +1375,15 @@ class ostatus $profile = $r[0]; } $author = $doc->createElement("author"); - xml::add_element($doc, $author, "id", $owner["url"]); - xml::add_element($doc, $author, "activity:object-type", ACTIVITY_OBJ_PERSON); - xml::add_element($doc, $author, "uri", $owner["url"]); - xml::add_element($doc, $author, "name", $owner["nick"]); - xml::add_element($doc, $author, "email", $owner["addr"]); - xml::add_element($doc, $author, "summary", bbcode($owner["about"], false, false, 7)); + XML::add_element($doc, $author, "id", $owner["url"]); + XML::add_element($doc, $author, "activity:object-type", ACTIVITY_OBJ_PERSON); + XML::add_element($doc, $author, "uri", $owner["url"]); + XML::add_element($doc, $author, "name", $owner["nick"]); + XML::add_element($doc, $author, "email", $owner["addr"]); + XML::add_element($doc, $author, "summary", bbcode($owner["about"], false, false, 7)); $attributes = array("rel" => "alternate", "type" => "text/html", "href" => $owner["url"]); - xml::add_element($doc, $author, "link", "", $attributes); + XML::add_element($doc, $author, "link", "", $attributes); $attributes = array( "rel" => "avatar", @@ -1378,7 +1391,7 @@ class ostatus "media:width" => 175, "media:height" => 175, "href" => $owner["photo"]); - xml::add_element($doc, $author, "link", "", $attributes); + XML::add_element($doc, $author, "link", "", $attributes); if (isset($owner["thumb"])) { $attributes = array( @@ -1387,34 +1400,34 @@ class ostatus "media:width" => 80, "media:height" => 80, "href" => $owner["thumb"]); - xml::add_element($doc, $author, "link", "", $attributes); + XML::add_element($doc, $author, "link", "", $attributes); } - xml::add_element($doc, $author, "poco:preferredUsername", $owner["nick"]); - xml::add_element($doc, $author, "poco:displayName", $owner["name"]); - xml::add_element($doc, $author, "poco:note", bbcode($owner["about"], false, false, 7)); + XML::add_element($doc, $author, "poco:preferredUsername", $owner["nick"]); + XML::add_element($doc, $author, "poco:displayName", $owner["name"]); + XML::add_element($doc, $author, "poco:note", bbcode($owner["about"], false, false, 7)); if (trim($owner["location"]) != "") { $element = $doc->createElement("poco:address"); - xml::add_element($doc, $element, "poco:formatted", $owner["location"]); + XML::add_element($doc, $element, "poco:formatted", $owner["location"]); $author->appendChild($element); } if (trim($profile["homepage"]) != "") { $urls = $doc->createElement("poco:urls"); - xml::add_element($doc, $urls, "poco:type", "homepage"); - xml::add_element($doc, $urls, "poco:value", $profile["homepage"]); - xml::add_element($doc, $urls, "poco:primary", "true"); + XML::add_element($doc, $urls, "poco:type", "homepage"); + XML::add_element($doc, $urls, "poco:value", $profile["homepage"]); + XML::add_element($doc, $urls, "poco:primary", "true"); $author->appendChild($urls); } if (count($profile)) { - xml::add_element($doc, $author, "followers", "", array("url" => System::baseUrl()."/viewcontacts/".$owner["nick"])); - xml::add_element($doc, $author, "statusnet:profile_info", "", array("local_id" => $owner["uid"])); + XML::add_element($doc, $author, "followers", "", array("url" => System::baseUrl()."/viewcontacts/".$owner["nick"])); + XML::add_element($doc, $author, "statusnet:profile_info", "", array("local_id" => $owner["uid"])); } if ($profile["publish"]) { - xml::add_element($doc, $author, "mastodon:scope", "public"); + XML::add_element($doc, $author, "mastodon:scope", "public"); } return $author; } @@ -1434,8 +1447,10 @@ class ostatus */ private static function construct_verb($item) { - if ($item['verb']) + if ($item['verb']) { return $item['verb']; + } + return ACTIVITY_POST; } @@ -1466,11 +1481,13 @@ class ostatus private static function entry($doc, $item, $owner, $toplevel = false) { $repeated_guid = self::get_reshared_guid($item); - if ($repeated_guid != "") + if ($repeated_guid != "") { $xml = self::reshare_entry($doc, $item, $owner, $repeated_guid, $toplevel); + } - if ($xml) + if ($xml) { return $xml; + } if ($item["verb"] == ACTIVITY_LIKE) { return self::like_entry($doc, $item, $owner, $toplevel); @@ -1492,12 +1509,12 @@ class ostatus private static function source_entry($doc, $contact) { $source = $doc->createElement("source"); - xml::add_element($doc, $source, "id", $contact["poll"]); - xml::add_element($doc, $source, "title", $contact["name"]); - xml::add_element($doc, $source, "link", "", array("rel" => "alternate", "type" => "text/html", "href" => $contact["alias"])); - xml::add_element($doc, $source, "link", "", array("rel" => "self", "type" => "application/atom+xml", "href" => $contact["poll"])); - xml::add_element($doc, $source, "icon", $contact["photo"]); - xml::add_element($doc, $source, "updated", datetime_convert("UTC", "UTC", $contact["success_update"]."+00:00", ATOM_TIME)); + XML::add_element($doc, $source, "id", $contact["poll"]); + XML::add_element($doc, $source, "title", $contact["name"]); + XML::add_element($doc, $source, "link", "", array("rel" => "alternate", "type" => "text/html", "href" => $contact["alias"])); + XML::add_element($doc, $source, "link", "", array("rel" => "self", "type" => "application/atom+xml", "href" => $contact["poll"])); + XML::add_element($doc, $source, "icon", $contact["photo"]); + XML::add_element($doc, $source, "updated", datetime_convert("UTC", "UTC", $contact["success_update"]."+00:00", ATOM_TIME)); return $source; } @@ -1510,8 +1527,8 @@ class ostatus * * @return array Contact array */ - private static function contact_entry($url, $owner) { - + private static function contact_entry($url, $owner) + { $r = q( "SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` IN (0, %d) ORDER BY `uid` DESC LIMIT 1", dbesc(normalise_link($url)), @@ -1596,7 +1613,7 @@ class ostatus $as_object = $doc->createElement("activity:object"); - xml::add_element($doc, $as_object, "activity:object-type", NAMESPACE_ACTIVITY_SCHEMA."activity"); + XML::add_element($doc, $as_object, "activity:object-type", NAMESPACE_ACTIVITY_SCHEMA."activity"); self::entry_content($doc, $as_object, $repeated_item, $owner, "", "", false); @@ -1605,7 +1622,7 @@ class ostatus $as_object2 = $doc->createElement("activity:object"); - xml::add_element($doc, $as_object2, "activity:object-type", self::construct_objecttype($repeated_item)); + XML::add_element($doc, $as_object2, "activity:object-type", self::construct_objecttype($repeated_item)); $title = sprintf("New comment by %s", $contact["nick"]); @@ -1656,7 +1673,7 @@ class ostatus ); $parent_item = (($item['thr-parent']) ? $item['thr-parent'] : $item['parent-uri']); - xml::add_element($doc, $as_object, "activity:object-type", self::construct_objecttype($parent[0])); + XML::add_element($doc, $as_object, "activity:object-type", self::construct_objecttype($parent[0])); self::entry_content($doc, $as_object, $parent[0], $owner, "New entry"); @@ -1679,18 +1696,18 @@ class ostatus private static function add_person_object($doc, $owner, $contact) { $object = $doc->createElement("activity:object"); - xml::add_element($doc, $object, "activity:object-type", ACTIVITY_OBJ_PERSON); + XML::add_element($doc, $object, "activity:object-type", ACTIVITY_OBJ_PERSON); if ($contact['network'] == NETWORK_PHANTOM) { - xml::add_element($doc, $object, "id", $contact['url']); + XML::add_element($doc, $object, "id", $contact['url']); return $object; } - xml::add_element($doc, $object, "id", $contact["alias"]); - xml::add_element($doc, $object, "title", $contact["nick"]); + XML::add_element($doc, $object, "id", $contact["alias"]); + XML::add_element($doc, $object, "title", $contact["nick"]); $attributes = array("rel" => "alternate", "type" => "text/html", "href" => $contact["url"]); - xml::add_element($doc, $object, "link", "", $attributes); + XML::add_element($doc, $object, "link", "", $attributes); $attributes = array( "rel" => "avatar", @@ -1698,14 +1715,14 @@ class ostatus "media:width" => 175, "media:height" => 175, "href" => $contact["photo"]); - xml::add_element($doc, $object, "link", "", $attributes); + XML::add_element($doc, $object, "link", "", $attributes); - xml::add_element($doc, $object, "poco:preferredUsername", $contact["nick"]); - xml::add_element($doc, $object, "poco:displayName", $contact["name"]); + XML::add_element($doc, $object, "poco:preferredUsername", $contact["nick"]); + XML::add_element($doc, $object, "poco:displayName", $contact["name"]); if (trim($contact["location"]) != "") { $element = $doc->createElement("poco:address"); - xml::add_element($doc, $element, "poco:formatted", $contact["location"]); + XML::add_element($doc, $element, "poco:formatted", $contact["location"]); $object->appendChild($element); } @@ -1722,8 +1739,8 @@ class ostatus * * @return object Entry element */ - private static function follow_entry($doc, $item, $owner, $toplevel) { - + private static function follow_entry($doc, $item, $owner, $toplevel) + { $item["id"] = $item["parent"] = 0; $item["created"] = $item["edited"] = date("c"); $item["private"] = true; @@ -1795,7 +1812,7 @@ class ostatus $title = self::entry_header($doc, $entry, $owner, $toplevel); - xml::add_element($doc, $entry, "activity:object-type", ACTIVITY_OBJ_NOTE); + XML::add_element($doc, $entry, "activity:object-type", ACTIVITY_OBJ_NOTE); self::entry_content($doc, $entry, $item, $owner, $title); @@ -1857,30 +1874,31 @@ class ostatus $verb = self::construct_verb($item); } - xml::add_element($doc, $entry, "id", $item["uri"]); - xml::add_element($doc, $entry, "title", $title); + XML::add_element($doc, $entry, "id", $item["uri"]); + XML::add_element($doc, $entry, "title", $title); $body = self::format_picture_post($item['body']); - if ($item['title'] != "") + if ($item['title'] != "") { $body = "[b]".$item['title']."[/b]\n\n".$body; + } $body = bbcode($body, false, false, 7); - xml::add_element($doc, $entry, "content", $body, array("type" => "html")); + XML::add_element($doc, $entry, "content", $body, array("type" => "html")); - xml::add_element($doc, $entry, "link", "", array("rel" => "alternate", "type" => "text/html", + XML::add_element($doc, $entry, "link", "", array("rel" => "alternate", "type" => "text/html", "href" => System::baseUrl()."/display/".$item["guid"]) ); if ($complete && ($item["id"] > 0)) { - xml::add_element($doc, $entry, "status_net", "", array("notice_id" => $item["id"])); + XML::add_element($doc, $entry, "status_net", "", array("notice_id" => $item["id"])); } - xml::add_element($doc, $entry, "activity:verb", $verb); + XML::add_element($doc, $entry, "activity:verb", $verb); - xml::add_element($doc, $entry, "published", datetime_convert("UTC", "UTC", $item["created"]."+00:00", ATOM_TIME)); - xml::add_element($doc, $entry, "updated", datetime_convert("UTC", "UTC", $item["edited"]."+00:00", ATOM_TIME)); + XML::add_element($doc, $entry, "published", datetime_convert("UTC", "UTC", $item["created"]."+00:00", ATOM_TIME)); + XML::add_element($doc, $entry, "updated", datetime_convert("UTC", "UTC", $item["edited"]."+00:00", ATOM_TIME)); } /** @@ -1918,12 +1936,12 @@ class ostatus $attributes = array( "ref" => $parent_item, "href" => $parent_plink); - xml::add_element($doc, $entry, "thr:in-reply-to", "", $attributes); + XML::add_element($doc, $entry, "thr:in-reply-to", "", $attributes); $attributes = array( "rel" => "related", "href" => $parent_plink); - xml::add_element($doc, $entry, "link", "", $attributes); + XML::add_element($doc, $entry, "link", "", $attributes); } if (intval($item["parent"]) > 0) { @@ -1942,14 +1960,14 @@ class ostatus } } - xml::add_element($doc, $entry, "link", "", array("rel" => "ostatus:conversation", "href" => $conversation_href)); + XML::add_element($doc, $entry, "link", "", array("rel" => "ostatus:conversation", "href" => $conversation_href)); $attributes = array( "href" => $conversation_href, "local_id" => $item["parent"], "ref" => $conversation_uri); - xml::add_element($doc, $entry, "ostatus:conversation", $conversation_uri, $attributes); + XML::add_element($doc, $entry, "ostatus:conversation", $conversation_uri, $attributes); } $tags = item_getfeedtags($item); @@ -1977,14 +1995,14 @@ class ostatus dbesc(normalise_link($mention)) ); if ($r[0]["forum"] || $r[0]["prv"]) { - xml::add_element($doc, $entry, "link", "", + XML::add_element($doc, $entry, "link", "", array( "rel" => "mentioned", "ostatus:object-type" => ACTIVITY_OBJ_GROUP, "href" => $mention) ); } else { - xml::add_element($doc, $entry, "link", "", + XML::add_element($doc, $entry, "link", "", array( "rel" => "mentioned", "ostatus:object-type" => ACTIVITY_OBJ_PERSON, @@ -1994,18 +2012,18 @@ class ostatus } if (!$item["private"]) { - xml::add_element($doc, $entry, "link", "", array("rel" => "ostatus:attention", + XML::add_element($doc, $entry, "link", "", array("rel" => "ostatus:attention", "href" => "http://activityschema.org/collection/public")); - xml::add_element($doc, $entry, "link", "", array("rel" => "mentioned", + XML::add_element($doc, $entry, "link", "", array("rel" => "mentioned", "ostatus:object-type" => "http://activitystrea.ms/schema/1.0/collection", "href" => "http://activityschema.org/collection/public")); - xml::add_element($doc, $entry, "mastodon:scope", "public"); + XML::add_element($doc, $entry, "mastodon:scope", "public"); } if (count($tags)) { foreach ($tags as $t) { if ($t[0] != "@") { - xml::add_element($doc, $entry, "category", "", array("term" => $t[2])); + XML::add_element($doc, $entry, "category", "", array("term" => $t[2])); } } } @@ -2014,8 +2032,9 @@ class ostatus if ($complete && ($item["id"] > 0)) { $app = $item["app"]; - if ($app == "") + if ($app == "") { $app = "web"; + } $attributes = array("local_id" => $item["id"], "source" => $app); @@ -2024,10 +2043,10 @@ class ostatus } if ($item["coord"] != "") { - xml::add_element($doc, $entry, "georss:point", $item["coord"]); + XML::add_element($doc, $entry, "georss:point", $item["coord"]); } - xml::add_element($doc, $entry, "statusnet:notice_info", "", $attributes); + XML::add_element($doc, $entry, "statusnet:notice_info", "", $attributes); } } diff --git a/include/salmon.php b/include/salmon.php index 6675849ce..9a1ef72e5 100644 --- a/include/salmon.php +++ b/include/salmon.php @@ -1,10 +1,14 @@ "http://salmon-protocol.org/ns/magic-env"); - $salmon = xml::from_array($xmldata, $xml, false, $namespaces); + $salmon = XML::from_array($xmldata, $xml, false, $namespaces); // slap them post_url($url, $salmon, array( @@ -123,7 +126,6 @@ function slapper($owner, $url, $slap) { // check for success, e.g. 2xx if ($return_code > 299) { - logger('GNU Social salmon failed. Falling back to compliant mode'); // Now try the compliant mode that normally isn't used for GNU Social @@ -136,7 +138,7 @@ function slapper($owner, $url, $slap) { $namespaces = array("me" => "http://salmon-protocol.org/ns/magic-env"); - $salmon = xml::from_array($xmldata, $xml, false, $namespaces); + $salmon = XML::from_array($xmldata, $xml, false, $namespaces); // slap them post_url($url, $salmon, array( @@ -159,13 +161,13 @@ function slapper($owner, $url, $slap) { $namespaces = array("me" => "http://salmon-protocol.org/ns/magic-env"); - $salmon = xml::from_array($xmldata, $xml, false, $namespaces); + $salmon = XML::from_array($xmldata, $xml, false, $namespaces); // slap them post_url($url, $salmon, array( 'Content-type: application/magic-envelope+xml', - 'Content-length: ' . strlen($salmon) - )); + 'Content-length: ' . strlen($salmon)) + ); $return_code = $a->get_curl_code(); } diff --git a/mod/fetch.php b/mod/fetch.php index 9587afbf0..8685504ff 100644 --- a/mod/fetch.php +++ b/mod/fetch.php @@ -6,11 +6,12 @@ This file is part of the Diaspora protocol. It is used for fetching single publi use Friendica\App; use Friendica\Core\System; use Friendica\Protocol\Diaspora; +use Friendica\Util\XML; -require_once("include/crypto.php"); -require_once("include/xml.php"); +require_once "include/crypto.php"; -function fetch_init(App $a) { +function fetch_init(App $a) +{ if (($a->argc != 3) || (!in_array($a->argv[1], array("post", "status_message", "reshare")))) { header($_SERVER["SERVER_PROTOCOL"].' 404 '.t('Not Found')); @@ -20,13 +21,22 @@ function fetch_init(App $a) { $guid = $a->argv[2]; // Fetch the item - $item = q("SELECT `uid`, `title`, `body`, `guid`, `contact-id`, `private`, `created`, `app`, `location`, `coord` + $item = q( + "SELECT `uid`, `title`, `body`, `guid`, `contact-id`, `private`, `created`, `app`, `location`, `coord` FROM `item` WHERE `wall` AND NOT `private` AND `guid` = '%s' AND `network` IN ('%s', '%s') AND `id` = `parent` LIMIT 1", - dbesc($guid), NETWORK_DFRN, NETWORK_DIASPORA); + dbesc($guid), + NETWORK_DFRN, + NETWORK_DIASPORA + ); if (!$item) { - $r = q("SELECT `author-link` + $r = q( + "SELECT `author-link` FROM `item` WHERE `uid` = 0 AND `guid` = '%s' AND `network` IN ('%s', '%s') AND `id` = `parent` LIMIT 1", - dbesc($guid), NETWORK_DFRN, NETWORK_DIASPORA); + dbesc($guid), + NETWORK_DFRN, + NETWORK_DIASPORA + ); + if ($r) { $parts = parse_url($r[0]["author-link"]); $host = $parts["scheme"]."://".$parts["host"]; @@ -45,9 +55,13 @@ function fetch_init(App $a) { } // Fetch some data from the author (We could combine both queries - but I think this is more readable) - $r = q("SELECT `user`.`prvkey`, `contact`.`addr`, `user`.`nickname`, `contact`.`nick` FROM `user` + $r = q( + "SELECT `user`.`prvkey`, `contact`.`addr`, `user`.`nickname`, `contact`.`nick` FROM `user` INNER JOIN `contact` ON `contact`.`uid` = `user`.`uid` AND `contact`.`self` - WHERE `user`.`uid` = %d", intval($item[0]["uid"])); + WHERE `user`.`uid` = %d", + intval($item[0]["uid"]) + ); + if (!$r) { header($_SERVER["SERVER_PROTOCOL"].' 404 '.t('Not Found')); killme(); diff --git a/mod/ping.php b/mod/ping.php index 8688e8d5c..00ee848dc 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -7,13 +7,13 @@ use Friendica\Core\Cache; use Friendica\Core\System; use Friendica\Core\PConfig; use Friendica\Database\DBM; +use Friendica\Util\XML; require_once 'include/datetime.php'; require_once 'include/bbcode.php'; require_once 'include/ForumManager.php'; require_once 'include/group.php'; require_once 'mod/proxy.php'; -require_once 'include/xml.php'; require_once 'include/enotify.php'; /** @@ -114,7 +114,7 @@ function ping_init(App $a) } } else { header("Content-type: text/xml"); - echo xml::from_array($data, $xml); + echo XML::from_array($data, $xml); } killme(); } @@ -411,7 +411,7 @@ function ping_init(App $a) $data = ping_format_xml_data($data, $sysnotify_count, $notifications, $sysmsgs, $sysmsgs_info, $groups_unseen, $forums_unseen); header("Content-type: text/xml"); - echo xml::from_array(array("result" => $data), $xml); + echo XML::from_array(array("result" => $data), $xml); } killme(); diff --git a/src/Network/Probe.php b/src/Network/Probe.php index 9e2593a12..37ca51d8a 100644 --- a/src/Network/Probe.php +++ b/src/Network/Probe.php @@ -13,10 +13,9 @@ use Friendica\Core\System; use Friendica\Core\Cache; use Friendica\Core\Config; use Friendica\Database\DBM; +use Friendica\Util\XML; use dba; -use xml; - use DomXPath; use DOMDocument; @@ -124,7 +123,7 @@ class Probe { return array(); } - $links = xml::element_to_array($xrd); + $links = XML::element_to_array($xrd); if (!isset($links["xrd"]["link"])) { logger("No xrd data found for ".$host, LOGGER_DEBUG); return array(); @@ -706,7 +705,7 @@ class Probe { return false; } - $xrd_arr = xml::element_to_array($xrd); + $xrd_arr = XML::element_to_array($xrd); if (!isset($xrd_arr["xrd"]["link"])) { logger("No XML webfinger links for ".$url, LOGGER_DEBUG); return false; diff --git a/src/ParseUrl.php b/src/ParseUrl.php index 217ca25d9..047876279 100644 --- a/src/ParseUrl.php +++ b/src/ParseUrl.php @@ -6,10 +6,9 @@ namespace Friendica; use Friendica\Core\Config; +use Friendica\Util\XML; -use xml; use dba; - use DomXPath; use DOMDocument; @@ -204,17 +203,17 @@ class ParseUrl $doc = new DOMDocument(); @$doc->loadHTML($body); - xml::deleteNode($doc, "style"); - xml::deleteNode($doc, "script"); - xml::deleteNode($doc, "option"); - xml::deleteNode($doc, "h1"); - xml::deleteNode($doc, "h2"); - xml::deleteNode($doc, "h3"); - xml::deleteNode($doc, "h4"); - xml::deleteNode($doc, "h5"); - xml::deleteNode($doc, "h6"); - xml::deleteNode($doc, "ol"); - xml::deleteNode($doc, "ul"); + XML::deleteNode($doc, "style"); + XML::deleteNode($doc, "script"); + XML::deleteNode($doc, "option"); + XML::deleteNode($doc, "h1"); + XML::deleteNode($doc, "h2"); + XML::deleteNode($doc, "h3"); + XML::deleteNode($doc, "h4"); + XML::deleteNode($doc, "h5"); + XML::deleteNode($doc, "h6"); + XML::deleteNode($doc, "ol"); + XML::deleteNode($doc, "ul"); $xpath = new DomXPath($doc); diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 611dbc976..080dd9ada 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -13,12 +13,12 @@ use Friendica\Core\Config; use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBM; +use Friendica\Util\XML; use dba; use DOMDocument; use DomXPath; use ostatus; -use xml; require_once "include/Contact.php"; require_once "include/enotify.php"; @@ -402,17 +402,17 @@ class DFRN $mail = $doc->createElement("dfrn:mail"); $sender = $doc->createElement("dfrn:sender"); - xml::add_element($doc, $sender, "dfrn:name", $owner['name']); - xml::add_element($doc, $sender, "dfrn:uri", $owner['url']); - xml::add_element($doc, $sender, "dfrn:avatar", $owner['thumb']); + XML::add_element($doc, $sender, "dfrn:name", $owner['name']); + XML::add_element($doc, $sender, "dfrn:uri", $owner['url']); + XML::add_element($doc, $sender, "dfrn:avatar", $owner['thumb']); $mail->appendChild($sender); - xml::add_element($doc, $mail, "dfrn:id", $item['uri']); - xml::add_element($doc, $mail, "dfrn:in-reply-to", $item['parent-uri']); - xml::add_element($doc, $mail, "dfrn:sentdate", datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , ATOM_TIME)); - xml::add_element($doc, $mail, "dfrn:subject", $item['title']); - xml::add_element($doc, $mail, "dfrn:content", $item['body']); + XML::add_element($doc, $mail, "dfrn:id", $item['uri']); + XML::add_element($doc, $mail, "dfrn:in-reply-to", $item['parent-uri']); + XML::add_element($doc, $mail, "dfrn:sentdate", datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , ATOM_TIME)); + XML::add_element($doc, $mail, "dfrn:subject", $item['title']); + XML::add_element($doc, $mail, "dfrn:content", $item['body']); $root->appendChild($mail); @@ -437,11 +437,11 @@ class DFRN $suggest = $doc->createElement("dfrn:suggest"); - xml::add_element($doc, $suggest, "dfrn:url", $item['url']); - xml::add_element($doc, $suggest, "dfrn:name", $item['name']); - xml::add_element($doc, $suggest, "dfrn:photo", $item['photo']); - xml::add_element($doc, $suggest, "dfrn:request", $item['request']); - xml::add_element($doc, $suggest, "dfrn:note", $item['note']); + XML::add_element($doc, $suggest, "dfrn:url", $item['url']); + XML::add_element($doc, $suggest, "dfrn:name", $item['name']); + XML::add_element($doc, $suggest, "dfrn:photo", $item['photo']); + XML::add_element($doc, $suggest, "dfrn:request", $item['request']); + XML::add_element($doc, $suggest, "dfrn:note", $item['note']); $root->appendChild($suggest); @@ -489,18 +489,18 @@ class DFRN $relocate = $doc->createElement("dfrn:relocate"); - xml::add_element($doc, $relocate, "dfrn:url", $owner['url']); - xml::add_element($doc, $relocate, "dfrn:name", $owner['name']); - xml::add_element($doc, $relocate, "dfrn:addr", $owner['addr']); - xml::add_element($doc, $relocate, "dfrn:avatar", $owner['avatar']); - xml::add_element($doc, $relocate, "dfrn:photo", $photos[4]); - xml::add_element($doc, $relocate, "dfrn:thumb", $photos[5]); - xml::add_element($doc, $relocate, "dfrn:micro", $photos[6]); - xml::add_element($doc, $relocate, "dfrn:request", $owner['request']); - xml::add_element($doc, $relocate, "dfrn:confirm", $owner['confirm']); - xml::add_element($doc, $relocate, "dfrn:notify", $owner['notify']); - xml::add_element($doc, $relocate, "dfrn:poll", $owner['poll']); - xml::add_element($doc, $relocate, "dfrn:sitepubkey", Config::get('system','site_pubkey')); + XML::add_element($doc, $relocate, "dfrn:url", $owner['url']); + XML::add_element($doc, $relocate, "dfrn:name", $owner['name']); + XML::add_element($doc, $relocate, "dfrn:addr", $owner['addr']); + XML::add_element($doc, $relocate, "dfrn:avatar", $owner['avatar']); + XML::add_element($doc, $relocate, "dfrn:photo", $photos[4]); + XML::add_element($doc, $relocate, "dfrn:thumb", $photos[5]); + XML::add_element($doc, $relocate, "dfrn:micro", $photos[6]); + XML::add_element($doc, $relocate, "dfrn:request", $owner['request']); + XML::add_element($doc, $relocate, "dfrn:confirm", $owner['confirm']); + XML::add_element($doc, $relocate, "dfrn:notify", $owner['notify']); + XML::add_element($doc, $relocate, "dfrn:poll", $owner['poll']); + XML::add_element($doc, $relocate, "dfrn:sitepubkey", Config::get('system','site_pubkey')); $root->appendChild($relocate); @@ -539,17 +539,17 @@ class DFRN $root->setAttribute("xmlns:ostatus", NAMESPACE_OSTATUS); $root->setAttribute("xmlns:statusnet", NAMESPACE_STATUSNET); - xml::add_element($doc, $root, "id", System::baseUrl()."/profile/".$owner["nick"]); - xml::add_element($doc, $root, "title", $owner["name"]); + XML::add_element($doc, $root, "id", System::baseUrl()."/profile/".$owner["nick"]); + XML::add_element($doc, $root, "title", $owner["name"]); $attributes = array("uri" => "https://friendi.ca", "version" => FRIENDICA_VERSION."-".DB_UPDATE_VERSION); - xml::add_element($doc, $root, "generator", FRIENDICA_PLATFORM, $attributes); + XML::add_element($doc, $root, "generator", FRIENDICA_PLATFORM, $attributes); $attributes = array("rel" => "license", "href" => "http://creativecommons.org/licenses/by/3.0/"); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); $attributes = array("rel" => "alternate", "type" => "text/html", "href" => $alternatelink); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); if ($public) { @@ -557,26 +557,26 @@ class DFRN ostatus::hublinks($doc, $root, $owner["nick"]); $attributes = array("rel" => "salmon", "href" => System::baseUrl()."/salmon/".$owner["nick"]); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); $attributes = array("rel" => "http://salmon-protocol.org/ns/salmon-replies", "href" => System::baseUrl()."/salmon/".$owner["nick"]); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); $attributes = array("rel" => "http://salmon-protocol.org/ns/salmon-mention", "href" => System::baseUrl()."/salmon/".$owner["nick"]); - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); } // For backward compatibility we keep this element if ($owner['page-flags'] == PAGE_COMMUNITY) { - xml::add_element($doc, $root, "dfrn:community", 1); + XML::add_element($doc, $root, "dfrn:community", 1); } // The former element is replaced by this one - xml::add_element($doc, $root, "dfrn:account_type", $owner["account-type"]); + XML::add_element($doc, $root, "dfrn:account_type", $owner["account-type"]); /// @todo We need a way to transmit the different page flags like "PAGE_PRVGROUP" - xml::add_element($doc, $root, "updated", datetime_convert("UTC", "UTC", "now", ATOM_TIME)); + XML::add_element($doc, $root, "updated", datetime_convert("UTC", "UTC", "now", ATOM_TIME)); $author = self::add_author($doc, $owner, $authorelement, $public); $root->appendChild($author); @@ -620,9 +620,9 @@ class DFRN $attributes = array("dfrn:updated" => $namdate); } - xml::add_element($doc, $author, "name", $owner["name"], $attributes); - xml::add_element($doc, $author, "uri", System::baseUrl().'/profile/'.$owner["nickname"], $attributes); - xml::add_element($doc, $author, "dfrn:handle", $owner["addr"], $attributes); + XML::add_element($doc, $author, "name", $owner["name"], $attributes); + XML::add_element($doc, $author, "uri", System::baseUrl().'/profile/'.$owner["nickname"], $attributes); + XML::add_element($doc, $author, "dfrn:handle", $owner["addr"], $attributes); $attributes = array("rel" => "photo", "type" => "image/jpeg", "media:width" => 175, "media:height" => 175, "href" => $owner['photo']); @@ -631,13 +631,13 @@ class DFRN $attributes["dfrn:updated"] = $picdate; } - xml::add_element($doc, $author, "link", "", $attributes); + XML::add_element($doc, $author, "link", "", $attributes); $attributes["rel"] = "avatar"; - xml::add_element($doc, $author, "link", "", $attributes); + XML::add_element($doc, $author, "link", "", $attributes); if ($hidewall) { - xml::add_element($doc, $author, "dfrn:hide", "true"); + XML::add_element($doc, $author, "dfrn:hide", "true"); } // The following fields will only be generated if the data isn't meant for a public feed @@ -648,7 +648,7 @@ class DFRN $birthday = feed_birthday($owner['uid'], $owner['timezone']); if ($birthday) { - xml::add_element($doc, $author, "dfrn:birthday", $birthday); + XML::add_element($doc, $author, "dfrn:birthday", $birthday); } // Only show contact details when we are allowed to @@ -664,60 +664,60 @@ class DFRN if (DBM::is_result($r)) { $profile = $r[0]; - xml::add_element($doc, $author, "poco:displayName", $profile["name"]); - xml::add_element($doc, $author, "poco:updated", $namdate); + XML::add_element($doc, $author, "poco:displayName", $profile["name"]); + XML::add_element($doc, $author, "poco:updated", $namdate); if (trim($profile["dob"]) > '0001-01-01') { - xml::add_element($doc, $author, "poco:birthday", "0000-".date("m-d", strtotime($profile["dob"]))); + XML::add_element($doc, $author, "poco:birthday", "0000-".date("m-d", strtotime($profile["dob"]))); } - xml::add_element($doc, $author, "poco:note", $profile["about"]); - xml::add_element($doc, $author, "poco:preferredUsername", $profile["nickname"]); + XML::add_element($doc, $author, "poco:note", $profile["about"]); + XML::add_element($doc, $author, "poco:preferredUsername", $profile["nickname"]); $savetz = date_default_timezone_get(); date_default_timezone_set($profile["timezone"]); - xml::add_element($doc, $author, "poco:utcOffset", date("P")); + XML::add_element($doc, $author, "poco:utcOffset", date("P")); date_default_timezone_set($savetz); if (trim($profile["homepage"]) != "") { $urls = $doc->createElement("poco:urls"); - xml::add_element($doc, $urls, "poco:type", "homepage"); - xml::add_element($doc, $urls, "poco:value", $profile["homepage"]); - xml::add_element($doc, $urls, "poco:primary", "true"); + XML::add_element($doc, $urls, "poco:type", "homepage"); + XML::add_element($doc, $urls, "poco:value", $profile["homepage"]); + XML::add_element($doc, $urls, "poco:primary", "true"); $author->appendChild($urls); } if (trim($profile["pub_keywords"]) != "") { $keywords = explode(",", $profile["pub_keywords"]); - foreach ($keywords AS $keyword) { - xml::add_element($doc, $author, "poco:tags", trim($keyword)); + foreach ($keywords as $keyword) { + XML::add_element($doc, $author, "poco:tags", trim($keyword)); } } if (trim($profile["xmpp"]) != "") { $ims = $doc->createElement("poco:ims"); - xml::add_element($doc, $ims, "poco:type", "xmpp"); - xml::add_element($doc, $ims, "poco:value", $profile["xmpp"]); - xml::add_element($doc, $ims, "poco:primary", "true"); + XML::add_element($doc, $ims, "poco:type", "xmpp"); + XML::add_element($doc, $ims, "poco:value", $profile["xmpp"]); + XML::add_element($doc, $ims, "poco:primary", "true"); $author->appendChild($ims); } if (trim($profile["locality"].$profile["region"].$profile["country-name"]) != "") { $element = $doc->createElement("poco:address"); - xml::add_element($doc, $element, "poco:formatted", formatted_location($profile)); + XML::add_element($doc, $element, "poco:formatted", formatted_location($profile)); if (trim($profile["locality"]) != "") { - xml::add_element($doc, $element, "poco:locality", $profile["locality"]); + XML::add_element($doc, $element, "poco:locality", $profile["locality"]); } if (trim($profile["region"]) != "") { - xml::add_element($doc, $element, "poco:region", $profile["region"]); + XML::add_element($doc, $element, "poco:region", $profile["region"]); } if (trim($profile["country-name"]) != "") { - xml::add_element($doc, $element, "poco:country", $profile["country-name"]); + XML::add_element($doc, $element, "poco:country", $profile["country-name"]); } $author->appendChild($element); @@ -744,9 +744,9 @@ class DFRN $contact = get_contact_details_by_url($contact_url, $item["uid"]); $author = $doc->createElement($element); - xml::add_element($doc, $author, "name", $contact["name"]); - xml::add_element($doc, $author, "uri", $contact["url"]); - xml::add_element($doc, $author, "dfrn:handle", $contact["addr"]); + XML::add_element($doc, $author, "name", $contact["name"]); + XML::add_element($doc, $author, "uri", $contact["url"]); + XML::add_element($doc, $author, "dfrn:handle", $contact["addr"]); /// @Todo /// - Check real image type and image size @@ -757,7 +757,7 @@ class DFRN "media:width" => 80, "media:height" => 80, "href" => $contact["photo"]); - xml::add_element($doc, $author, "link", "", $attributes); + XML::add_element($doc, $author, "link", "", $attributes); $attributes = array( "rel" => "avatar", @@ -765,7 +765,7 @@ class DFRN "media:width" => 80, "media:height" => 80, "href" => $contact["photo"]); - xml::add_element($doc, $author, "link", "", $attributes); + XML::add_element($doc, $author, "link", "", $attributes); return $author; } @@ -790,13 +790,13 @@ class DFRN return false; } if ($r->type) { - xml::add_element($doc, $entry, "activity:object-type", $r->type); + XML::add_element($doc, $entry, "activity:object-type", $r->type); } if ($r->id) { - xml::add_element($doc, $entry, "id", $r->id); + XML::add_element($doc, $entry, "id", $r->id); } if ($r->title) { - xml::add_element($doc, $entry, "title", $r->title); + XML::add_element($doc, $entry, "title", $r->title); } if ($r->link) { @@ -812,19 +812,19 @@ class DFRN if (is_object($data)) { foreach ($data->link AS $link) { $attributes = array(); - foreach ($link->attributes() AS $parameter => $value) { + foreach ($link->attributes() as $parameter => $value) { $attributes[$parameter] = $value; } - xml::add_element($doc, $entry, "link", "", $attributes); + XML::add_element($doc, $entry, "link", "", $attributes); } } } else { $attributes = array("rel" => "alternate", "type" => "text/html", "href" => $r->link); - xml::add_element($doc, $entry, "link", "", $attributes); + XML::add_element($doc, $entry, "link", "", $attributes); } } if ($r->content) { - xml::add_element($doc, $entry, "content", bbcode($r->content), array("type" => "html")); + XML::add_element($doc, $entry, "content", bbcode($r->content), array("type" => "html")); } return $entry; @@ -863,7 +863,7 @@ class DFRN $attributes["title"] = trim($matches[4]); } - xml::add_element($doc, $root, "link", "", $attributes); + XML::add_element($doc, $root, "link", "", $attributes); } } } @@ -893,7 +893,7 @@ class DFRN if ($item['deleted']) { $attributes = array("ref" => $item['uri'], "when" => datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00', ATOM_TIME)); - return xml::create_element($doc, "at:deleted-entry", "", $attributes); + return XML::create_element($doc, "at:deleted-entry", "", $attributes); } if (!$single) { @@ -944,7 +944,7 @@ class DFRN $attributes = array("ref" => $parent_item, "type" => "text/html", "href" => $parent[0]['plink'], "dfrn:diaspora_guid" => $parent[0]['guid']); - xml::add_element($doc, $entry, "thr:in-reply-to", "", $attributes); + XML::add_element($doc, $entry, "thr:in-reply-to", "", $attributes); } // Add conversation data. This is used for OStatus @@ -967,23 +967,23 @@ class DFRN "href" => $conversation_href, "ref" => $conversation_uri); - xml::add_element($doc, $entry, "ostatus:conversation", $conversation_uri, $attributes); + XML::add_element($doc, $entry, "ostatus:conversation", $conversation_uri, $attributes); - xml::add_element($doc, $entry, "id", $item["uri"]); - xml::add_element($doc, $entry, "title", $item["title"]); + XML::add_element($doc, $entry, "id", $item["uri"]); + XML::add_element($doc, $entry, "title", $item["title"]); - xml::add_element($doc, $entry, "published", datetime_convert("UTC", "UTC", $item["created"] . "+00:00", ATOM_TIME)); - xml::add_element($doc, $entry, "updated", datetime_convert("UTC", "UTC", $item["edited"] . "+00:00", ATOM_TIME)); + XML::add_element($doc, $entry, "published", datetime_convert("UTC", "UTC", $item["created"] . "+00:00", ATOM_TIME)); + XML::add_element($doc, $entry, "updated", datetime_convert("UTC", "UTC", $item["edited"] . "+00:00", ATOM_TIME)); // "dfrn:env" is used to read the content - xml::add_element($doc, $entry, "dfrn:env", base64url_encode($body, true)); + XML::add_element($doc, $entry, "dfrn:env", base64url_encode($body, true)); // The "content" field is not read by the receiver. We could remove it when the type is "text" // We keep it at the moment, maybe there is some old version that doesn't read "dfrn:env" - xml::add_element($doc, $entry, "content", (($type == 'html') ? $htmlbody : $body), array("type" => $type)); + XML::add_element($doc, $entry, "content", (($type == 'html') ? $htmlbody : $body), array("type" => $type)); // We save this value in "plink". Maybe we should read it from there as well? - xml::add_element( + XML::add_element( $doc, $entry, "link", @@ -995,50 +995,50 @@ class DFRN // "comment-allow" is some old fashioned stuff for old Friendica versions. // It is included in the rewritten code for completeness if ($comment) { - xml::add_element($doc, $entry, "dfrn:comment-allow", intval($item['last-child'])); + XML::add_element($doc, $entry, "dfrn:comment-allow", intval($item['last-child'])); } if ($item['location']) { - xml::add_element($doc, $entry, "dfrn:location", $item['location']); + XML::add_element($doc, $entry, "dfrn:location", $item['location']); } if ($item['coord']) { - xml::add_element($doc, $entry, "georss:point", $item['coord']); + XML::add_element($doc, $entry, "georss:point", $item['coord']); } if (($item['private']) || strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid'])) { - xml::add_element($doc, $entry, "dfrn:private", (($item['private']) ? $item['private'] : 1)); + XML::add_element($doc, $entry, "dfrn:private", (($item['private']) ? $item['private'] : 1)); } if ($item['extid']) { - xml::add_element($doc, $entry, "dfrn:extid", $item['extid']); + XML::add_element($doc, $entry, "dfrn:extid", $item['extid']); } if ($item['bookmark']) { - xml::add_element($doc, $entry, "dfrn:bookmark", "true"); + XML::add_element($doc, $entry, "dfrn:bookmark", "true"); } if ($item['app']) { - xml::add_element($doc, $entry, "statusnet:notice_info", "", array("local_id" => $item['id'], "source" => $item['app'])); + XML::add_element($doc, $entry, "statusnet:notice_info", "", array("local_id" => $item['id'], "source" => $item['app'])); } - xml::add_element($doc, $entry, "dfrn:diaspora_guid", $item["guid"]); + XML::add_element($doc, $entry, "dfrn:diaspora_guid", $item["guid"]); // The signed text contains the content in Markdown, the sender handle and the signatur for the content // It is needed for relayed comments to Diaspora. if ($item['signed_text']) { $sign = base64_encode(json_encode(array('signed_text' => $item['signed_text'],'signature' => $item['signature'],'signer' => $item['signer']))); - xml::add_element($doc, $entry, "dfrn:diaspora_signature", $sign); + XML::add_element($doc, $entry, "dfrn:diaspora_signature", $sign); } - xml::add_element($doc, $entry, "activity:verb", construct_verb($item)); + XML::add_element($doc, $entry, "activity:verb", construct_verb($item)); if ($item['object-type'] != "") { - xml::add_element($doc, $entry, "activity:object-type", $item['object-type']); + XML::add_element($doc, $entry, "activity:object-type", $item['object-type']); } elseif ($item['id'] == $item['parent']) { - xml::add_element($doc, $entry, "activity:object-type", ACTIVITY_OBJ_NOTE); + XML::add_element($doc, $entry, "activity:object-type", ACTIVITY_OBJ_NOTE); } else { - xml::add_element($doc, $entry, "activity:object-type", ACTIVITY_OBJ_COMMENT); + XML::add_element($doc, $entry, "activity:object-type", ACTIVITY_OBJ_COMMENT); } $actobj = self::create_activity($doc, "activity:object", $item['object']); @@ -1056,7 +1056,7 @@ class DFRN if (count($tags)) { foreach ($tags as $t) { if (($type != 'html') || ($t[0] != "@")) { - xml::add_element($doc, $entry, "category", "", array("scheme" => "X-DFRN:".$t[0].":".$t[1], "term" => $t[2])); + XML::add_element($doc, $entry, "category", "", array("scheme" => "X-DFRN:".$t[0].":".$t[1], "term" => $t[2])); } } } @@ -1069,7 +1069,7 @@ class DFRN } } - foreach ($mentioned AS $mention) { + foreach ($mentioned as $mention) { $r = q( "SELECT `forum`, `prv` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s'", intval($owner["uid"]), @@ -1077,7 +1077,7 @@ class DFRN ); if (DBM::is_result($r) && ($r[0]["forum"] || $r[0]["prv"])) { - xml::add_element( + XML::add_element( $doc, $entry, "link", @@ -1087,7 +1087,7 @@ class DFRN "href" => $mention) ); } else { - xml::add_element( + XML::add_element( $doc, $entry, "link", @@ -1705,7 +1705,7 @@ class DFRN $obj_element = $obj_doc->createElementNS(NAMESPACE_ATOM1, $element); $activity_type = $xpath->query("activity:object-type/text()", $activity)->item(0)->nodeValue; - xml::add_element($obj_doc, $obj_element, "type", $activity_type); + XML::add_element($obj_doc, $obj_element, "type", $activity_type); $id = $xpath->query("atom:id", $activity)->item(0); if (is_object($id)) { @@ -1719,7 +1719,7 @@ class DFRN $links = $xpath->query("atom:link", $activity); if (is_object($links)) { - foreach ($links AS $link) { + foreach ($links as $link) { $obj_element->appendChild($obj_doc->importNode($link, true)); } } diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php index ad24f2457..f1fc88dbd 100644 --- a/src/Protocol/Diaspora.php +++ b/src/Protocol/Diaspora.php @@ -17,10 +17,10 @@ use Friendica\Core\PConfig; use Friendica\Core\Worker; use Friendica\Database\DBM; use Friendica\Network\Probe; +use Friendica\Util\XML; use dba; use SimpleXMLElement; -use xml; require_once 'include/items.php'; require_once 'include/bb2diaspora.php'; @@ -672,7 +672,7 @@ class Diaspora if (!in_array($fieldname, array("parent_author_signature", "target_author_signature")) || ($orig_type == "relayable_retraction") ) { - xml::copy($entry, $fields, $fieldname); + XML::copy($entry, $fields, $fieldname); } } @@ -1912,7 +1912,7 @@ class Diaspora "title" => "", "content" => $parent_body)); - return xml::from_array($xmldata, $xml, true); + return XML::from_array($xmldata, $xml, true); } /** @@ -2344,7 +2344,7 @@ class Diaspora "id" => $contact["url"]."/".$contact["name"], "link" => $link)); - return xml::from_array($xmldata, $xml, true); + return XML::from_array($xmldata, $xml, true); } /** @@ -3039,7 +3039,7 @@ class Diaspora $namespaces = array("me" => "http://salmon-protocol.org/ns/magic-env"); - return xml::from_array($xmldata, $xml, false, $namespaces); + return XML::from_array($xmldata, $xml, false, $namespaces); } /** @@ -3172,7 +3172,7 @@ class Diaspora { $data = array($type => $message); - return xml::from_array($data, $xml); + return XML::from_array($data, $xml); } /** diff --git a/include/xml.php b/src/Util/XML.php similarity index 78% rename from include/xml.php rename to src/Util/XML.php index c184b5099..7ecf85acd 100644 --- a/include/xml.php +++ b/src/Util/XML.php @@ -1,31 +1,34 @@ $value) { - foreach ($namespaces AS $nskey => $nsvalue) { + foreach ($namespaces as $nskey => $nsvalue) { $key .= " xmlns".($nskey == "" ? "":":").$nskey.'="'.$nsvalue.'"'; } @@ -50,7 +53,7 @@ class xml { } } - foreach($array as $key => $value) { + foreach ($array as $key => $value) { if (!isset($element) && isset($xml)) { $element = $xml; } @@ -72,7 +75,7 @@ class xml { } elseif (isset($namespaces[""])) { $namespace = $namespaces[""]; } else { - $namespace = NULL; + $namespace = null; } // Remove undefined namespaces from the key @@ -90,7 +93,7 @@ class xml { if ((count($element_parts) > 1) && isset($namespaces[$element_parts[0]])) { $namespace = $namespaces[$element_parts[0]]; } else { - $namespace = NULL; + $namespace = null; } $element->addAttribute($attr_key, $attr_value, $namespace); @@ -102,7 +105,7 @@ class xml { if (!is_array($value)) { $element = $xml->addChild($key, xmlify($value), $namespace); } elseif (is_array($value)) { - $element = $xml->addChild($key, NULL, $namespace); + $element = $xml->addChild($key, null, $namespace); self::from_array($value, $element, $remove_header, $namespaces, false); } } @@ -111,16 +114,17 @@ class xml { /** * @brief Copies an XML object * - * @param object $source The XML source - * @param object $target The XML target + * @param object $source The XML source + * @param object $target The XML target * @param string $elementname Name of the XML element of the target */ - public static function copy(&$source, &$target, $elementname) { - if (count($source->children()) == 0) + public static function copy(&$source, &$target, $elementname) + { + if (count($source->children()) == 0) { $target->addChild($elementname, xmlify($source)); - else { + } else { $child = $target->addChild($elementname); - foreach ($source->children() AS $childfield => $childentry) { + foreach ($source->children() as $childfield => $childentry) { self::copy($childentry, $child, $childfield); } } @@ -129,17 +133,18 @@ class xml { /** * @brief Create an XML element * - * @param object $doc XML root - * @param string $element XML element name - * @param string $value XML value - * @param array $attributes array containing the attributes + * @param object $doc XML root + * @param string $element XML element name + * @param string $value XML value + * @param array $attributes array containing the attributes * * @return object XML element object */ - public static function create_element($doc, $element, $value = "", $attributes = array()) { + public static function create_element($doc, $element, $value = "", $attributes = array()) + { $element = $doc->createElement($element, xmlify($value)); - foreach ($attributes AS $key => $value) { + foreach ($attributes as $key => $value) { $attribute = $doc->createAttribute($key); $attribute->value = xmlify($value); $element->appendChild($attribute); @@ -150,13 +155,14 @@ class xml { /** * @brief Create an XML and append it to the parent object * - * @param object $doc XML root - * @param object $parent parent object - * @param string $element XML element name - * @param string $value XML value - * @param array $attributes array containing the attributes + * @param object $doc XML root + * @param object $parent parent object + * @param string $element XML element name + * @param string $value XML value + * @param array $attributes array containing the attributes */ - public static function add_element($doc, $parent, $element, $value = "", $attributes = array()) { + public static function add_element($doc, $parent, $element, $value = "", $attributes = array()) + { $element = self::create_element($doc, $element, $value, $attributes); $parent->appendChild($element); } @@ -165,14 +171,14 @@ class xml { * @brief Convert an XML document to a normalised, case-corrected array * used by webfinger * - * @param object $xml_element The XML document + * @param object $xml_element The XML document * @param integer $recursion_depth recursion counter for internal use - default 0 - * internal use, recursion counter + * internal use, recursion counter * * @return array | sring The array from the xml element or the string */ - public static function element_to_array($xml_element, &$recursion_depth=0) { - + public static function element_to_array($xml_element, &$recursion_depth=0) + { // If we're getting too deep, bail out if ($recursion_depth > 512) { return(null); @@ -180,7 +186,8 @@ class xml { if (!is_string($xml_element) && !is_array($xml_element) - && (get_class($xml_element) == 'SimpleXMLElement')) { + && (get_class($xml_element) == 'SimpleXMLElement') + ) { $xml_element_copy = $xml_element; $xml_element = get_object_vars($xml_element); } @@ -192,12 +199,11 @@ class xml { } foreach ($xml_element as $key => $value) { - $recursion_depth++; - $result_array[strtolower($key)] = - self::element_to_array($value, $recursion_depth); + $result_array[strtolower($key)] = self::element_to_array($value, $recursion_depth); $recursion_depth--; } + if ($recursion_depth == 0) { $temp_array = $result_array; $result_array = array( @@ -206,7 +212,6 @@ class xml { } return ($result_array); - } else { return (trim(strval($xml_element))); } @@ -215,31 +220,32 @@ class xml { /** * @brief Convert the given XML text to an array in the XML structure. * - * xml::to_array() will convert the given XML text to an array in the XML structure. + * Xml::to_array() will convert the given XML text to an array in the XML structure. * Link: http://www.bin-co.com/php/scripts/xml2array/ * Portions significantly re-written by mike@macgirvin.com for Friendica * (namespaces, lowercase tags, get_attribute default changed, more...) * - * Examples: $array = xml::to_array(file_get_contents('feed.xml')); - * $array = xml::to_array(file_get_contents('feed.xml', true, 1, 'attribute')); + * Examples: $array = Xml::to_array(file_get_contents('feed.xml')); + * $array = Xml::to_array(file_get_contents('feed.xml', true, 1, 'attribute')); * - * @param object $contents The XML text - * @param boolean $namespaces True or false include namespace information - * in the returned array as array elements. + * @param object $contents The XML text + * @param boolean $namespaces True or false include namespace information + * in the returned array as array elements. * @param integer $get_attributes 1 or 0. If this is 1 the function will get the attributes as well as the tag values - - * this results in a different array structure in the return value. - * @param string $priority Can be 'tag' or 'attribute'. This will change the way the resulting - * array sturcture. For 'tag', the tags are given more importance. + * this results in a different array structure in the return value. + * @param string $priority Can be 'tag' or 'attribute'. This will change the way the resulting + * array sturcture. For 'tag', the tags are given more importance. * * @return array The parsed XML in an array form. Use print_r() to see the resulting array structure. */ - public static function to_array($contents, $namespaces = true, $get_attributes = 1, $priority = 'attribute') { + public static function to_array($contents, $namespaces = true, $get_attributes = 1, $priority = 'attribute') + { if (!$contents) { return array(); } if (!function_exists('xml_parser_create')) { - logger('xml::to_array: parser function missing'); + logger('Xml::to_array: parser function missing'); return array(); } @@ -248,13 +254,13 @@ class xml { libxml_clear_errors(); if ($namespaces) { - $parser = @xml_parser_create_ns("UTF-8",':'); + $parser = @xml_parser_create_ns("UTF-8", ':'); } else { $parser = @xml_parser_create(); } if (! $parser) { - logger('xml::to_array: xml_parser_create: no resource'); + logger('Xml::to_array: xml_parser_create: no resource'); return array(); } @@ -266,7 +272,7 @@ class xml { @xml_parser_free($parser); if (! $xml_values) { - logger('xml::to_array: libxml: parse error: ' . $contents, LOGGER_DATA); + logger('Xml::to_array: libxml: parse error: ' . $contents, LOGGER_DATA); foreach (libxml_get_errors() as $err) { logger('libxml: parse: ' . $err->code . " at " . $err->line . ":" . $err->column . " : " . $err->message, LOGGER_DATA); } @@ -305,7 +311,7 @@ class xml { //Set the attributes too. if (isset($attributes) and $get_attributes) { foreach ($attributes as $attr => $val) { - if($priority == 'tag') { + if ($priority == 'tag') { $attributes_data[$attr] = $val; } else { $result['@attributes'][$attr] = $val; // Set all the attributes in a array called 'attr' @@ -331,7 +337,6 @@ class xml { $repeated_tag_index[$tag.'_'.$level] = 1; $current = &$current[$tag]; - } else { // There was another element with the same tag name if (isset($current[$tag][0])) { // If there is a 0th element it is already an array @@ -345,12 +350,10 @@ class xml { $current[$tag]['0_attr'] = $current[$tag.'_attr']; unset($current[$tag.'_attr']); } - } $last_item_index = $repeated_tag_index[$tag.'_'.$level]-1; $current = &$current[$tag][$last_item_index]; } - } elseif ($type == "complete") { // Tags that ends in 1 line '' //See if the key is already taken. if (!isset($current[$tag])) { //New Key @@ -359,7 +362,6 @@ class xml { if ($priority == 'tag' and $attributes_data) { $current[$tag. '_attr'] = $attributes_data; } - } else { // If taken, put all things inside a list(array) if (isset($current[$tag][0]) and is_array($current[$tag])) { // If it is already an array... @@ -370,7 +372,6 @@ class xml { $current[$tag][$repeated_tag_index[$tag.'_'.$level] . '_attr'] = $attributes_data; } $repeated_tag_index[$tag.'_'.$level]++; - } else { // If it is not an array... $current[$tag] = array($current[$tag], $result); //...Make it an array using using the existing value and the new value $repeated_tag_index[$tag.'_'.$level] = 1; @@ -388,7 +389,6 @@ class xml { $repeated_tag_index[$tag.'_'.$level]++; // 0 and 1 indexes are already taken } } - } elseif ($type == 'close') { // End of tag '' $current = &$parent[$level-1]; } @@ -400,10 +400,11 @@ class xml { /** * @brief Delete a node in a XML object * - * @param object $doc XML document + * @param object $doc XML document * @param string $node Node name */ - public static function deleteNode(&$doc, $node) { + public static function deleteNode(&$doc, $node) + { $xpath = new DomXPath($doc); $list = $xpath->query("//".$node); foreach ($list as $child) {