Ejemplo n.º 1
0
function api_expose_user($function_name, $callback = null)
{
    static $index = ' ';
    if (is_bool($function_name)) {
        return $index;
    }
    if (is_callable($callback)) {
        $index .= ' ' . $function_name;
        return api_bind_user($function_name, $callback);
    } else {
        $index .= ' ' . $function_name;
    }
}
Ejemplo n.º 2
0
 public function api($api_function = false, $params = false)
 {
     if (isset($_REQUEST['api_key']) and user_id() == 0) {
         api_login($_REQUEST['api_key']);
     }
     if (!defined('MW_API_CALL')) {
         define('MW_API_CALL', true);
     }
     $set_constants = true;
     $mod_class_api = false;
     $mod_class_api_called = false;
     $mod_class_api_class_exist = false;
     $caller_commander = false;
     if ($api_function == false) {
         $api_function_full = $this->app->url_manager->string();
         $api_function_full = $this->app->format->replace_once('api_html', '', $api_function_full);
         $api_function_full = $this->app->format->replace_once('api/api', 'api', $api_function_full);
         $api_function_full = $this->app->format->replace_once('api', '', $api_function_full);
         $api_function_full = trim($api_function_full, '/');
         //$api_function_full = substr($api_function_full, 4);
     } else {
         $api_function_full = $api_function;
     }
     if (isset($api_function_full) and $api_function_full != '') {
         if (ltrim($api_function_full, '/') == 'module') {
             $set_constants = false;
         }
     }
     if ($set_constants == true) {
         $this->app->content_manager->define_constants();
     }
     if (defined('TEMPLATE_DIR')) {
         $load_template_functions = TEMPLATE_DIR . 'functions.php';
         if (is_file($load_template_functions)) {
             include_once $load_template_functions;
         }
     }
     //$api_function_full = str_ireplace('api/', '', $api_function_full);
     $api_function_full = str_replace('..', '', $api_function_full);
     $api_function_full = str_replace('\\', '/', $api_function_full);
     $api_function_full = str_replace('//', '/', $api_function_full);
     $api_function_full = $this->app->database_manager->escape_string($api_function_full);
     if (is_string($api_function_full)) {
         $mod_api_class = explode('/', $api_function_full);
     } else {
         $mod_api_class = $api_function_full;
     }
     $try_class_func = array_pop($mod_api_class);
     // $try_class_func2 = array_pop($mod_api_class);
     $mod_api_class_copy = $mod_api_class;
     $try_class_func2 = array_pop($mod_api_class_copy);
     $mod_api_class2 = implode(DS, $mod_api_class_copy);
     $mod_api_class = implode(DS, $mod_api_class);
     $mod_api_class_clean = ltrim($mod_api_class, '/');
     $mod_api_class_clean = ltrim($mod_api_class_clean, '\\');
     $mod_api_class_clean_uc1 = ucfirst($mod_api_class_clean);
     $mod_api_class1 = normalize_path(modules_path() . $mod_api_class, false) . '.php';
     $mod_api_class_native = normalize_path(mw_includes_path() . $mod_api_class, false) . '.php';
     $mod_api_class_native_system = normalize_path(dirname(MW_PATH) . DS . $mod_api_class, false) . '.php';
     $mod_api_class_native_global_ns = normalize_path(mw_includes_path() . 'classes' . DS . $mod_api_class2, false) . '.php';
     $mod_api_class1_uc1 = normalize_path(modules_path() . $mod_api_class_clean_uc1, false) . '.php';
     $mod_api_class_native_uc1 = normalize_path(mw_includes_path() . $mod_api_class_clean_uc1, false) . '.php';
     $mod_api_class_native_global_ns_uc1 = normalize_path(mw_includes_path() . 'classes' . DS . $mod_api_class_clean_uc1, false) . '.php';
     $mod_api_class2 = normalize_path(modules_path() . DS . $mod_api_class_clean . DS . $mod_api_class_clean, false) . '.php';
     $mod_api_class2_uc1 = normalize_path(modules_path() . DS . $mod_api_class_clean . DS . $mod_api_class_clean, false) . '.php';
     $try_class = '\\' . str_replace('/', '\\', $mod_api_class);
     if (class_exists($try_class, false)) {
         $caller_commander = 'class_is_already_here';
         $mod_class_api_class_exist = true;
     } else {
         if (is_file($mod_api_class1)) {
             $mod_class_api = true;
             include_once $mod_api_class1;
         } elseif (is_file($mod_api_class_native_system)) {
             $mod_class_api = true;
             include_once $mod_api_class_native_system;
         } elseif (is_file($mod_api_class1_uc1)) {
             $mod_class_api = true;
             include_once $mod_api_class1_uc1;
         } elseif (is_file($mod_api_class_native_global_ns_uc1)) {
             $try_class = str_replace('/', '\\', $mod_api_class2);
             $mod_class_api = true;
             include_once $mod_api_class_native_global_ns_uc1;
         } elseif (is_file($mod_api_class_native_global_ns)) {
             $try_class = str_replace('/', '\\', $mod_api_class2);
             $mod_class_api = true;
             include_once $mod_api_class_native_global_ns;
         } elseif (is_file($mod_api_class_native_uc1)) {
             $mod_class_api = true;
             include_once $mod_api_class_native_uc1;
         } elseif (is_file($mod_api_class_native)) {
             $mod_class_api = true;
             include_once $mod_api_class_native;
         } elseif (is_file($mod_api_class2)) {
             $mod_class_api = true;
             include_once $mod_api_class2;
         } elseif (is_file($mod_api_class2_uc1)) {
             $mod_class_api = true;
             include_once $mod_api_class2_uc1;
         }
     }
     $api_exposed = '';
     // user functions
     $api_exposed .= 'user_login user_logout social_login_process';
     // content functions
     $api_exposed .= 'set_language ';
     $api_exposed .= api_expose(true);
     if (is_logged()) {
         $api_exposed .= api_expose_user(true);
     }
     if (is_admin()) {
         $api_exposed .= api_expose_admin(true);
     }
     $api_exposed = explode(' ', $api_exposed);
     $api_exposed = array_unique($api_exposed);
     $api_exposed = array_trim($api_exposed);
     $hooks = api_bind(true);
     if (is_logged()) {
         $hooks_admin = api_bind_user(true);
         if (is_array($hooks_admin)) {
             $hooks = array_merge($hooks, $hooks_admin);
         }
     }
     if (is_admin()) {
         $hooks_admin = api_bind_admin(true);
         if (is_array($hooks_admin)) {
             $hooks = array_merge($hooks, $hooks_admin);
         }
     }
     if ($api_function == false) {
         $api_function = $this->app->url_manager->segment(1);
     }
     if (!defined('MW_API_RAW')) {
         if ($mod_class_api != false) {
             $url_segs = $this->app->url_manager->segment(-1);
         }
     } else {
         if (is_array($api_function)) {
             $url_segs = $api_function;
         } else {
             $url_segs = explode('/', $api_function);
         }
     }
     if (!defined('MW_API_FUNCTION_CALL')) {
         define('MW_API_FUNCTION_CALL', $api_function);
     }
     switch ($caller_commander) {
         case 'class_is_already_here':
             if ($params != false) {
                 $data = $params;
             } elseif (!$_POST and !$_REQUEST) {
                 $data = $this->app->url_manager->params(true);
                 if (empty($data)) {
                     $data = $this->app->url_manager->segment(2);
                 }
             } else {
                 //$data = $_REQUEST;
                 $data = array_merge($_GET, $_POST);
             }
             static $loaded_classes = array();
             //$try_class_n = src_
             if (isset($loaded_classes[$try_class]) == false) {
                 $res = new $try_class($data);
                 $loaded_classes[$try_class] = $res;
             } else {
                 $res = $loaded_classes[$try_class];
                 //
             }
             if (method_exists($res, $try_class_func) or method_exists($res, $try_class_func2)) {
                 if (method_exists($res, $try_class_func2)) {
                     $try_class_func = $try_class_func2;
                 }
                 $res = $res->{$try_class_func}($data);
                 if (defined('MW_API_RAW')) {
                     $mod_class_api_called = true;
                 }
                 return $this->_api_responce($res);
             }
             break;
         default:
             $res = false;
             if (isset($hooks[$api_function_full])) {
                 $data = array_merge($_GET, $_POST);
                 $call = $hooks[$api_function_full];
                 if (!empty($call)) {
                     foreach ($call as $call_item) {
                         $res = call_user_func($call_item, $data);
                     }
                 }
                 if ($res != false) {
                     return $this->_api_responce($res);
                 }
             }
             if ($mod_class_api == true and $mod_api_class != false) {
                 $mod_api_class = str_replace('..', '', $mod_api_class);
                 $try_class = str_replace('/', '\\', $mod_api_class);
                 $try_class_full = str_replace('/', '\\', $api_function_full);
                 $try_class_full2 = str_replace('\\', '/', $api_function_full);
                 $mod_api_class_test = explode('/', $try_class_full2);
                 $try_class_func_test = array_pop($mod_api_class_test);
                 $mod_api_class_test_full = implode('/', $mod_api_class_test);
                 $mod_api_err = false;
                 if (!defined('MW_API_RAW')) {
                     if (!in_array($try_class_full, $api_exposed) and !in_array($try_class_full2, $api_exposed) and !in_array($mod_api_class_test_full, $api_exposed)) {
                         $mod_api_err = true;
                         foreach ($api_exposed as $api_exposed_value) {
                             if ($mod_api_err == true) {
                                 if ($api_exposed_value == $try_class_full) {
                                     $mod_api_err = false;
                                 } elseif (strtolower('\\' . $api_exposed_value) == strtolower($try_class_full)) {
                                     $mod_api_err = false;
                                 } elseif ($api_exposed_value == $try_class_full2) {
                                     $mod_api_err = false;
                                 } else {
                                     $convert_slashes = str_replace('\\', '/', $try_class_full);
                                     if ($convert_slashes == $api_exposed_value) {
                                         $mod_api_err = false;
                                     }
                                 }
                             }
                         }
                     } else {
                         $mod_api_err = false;
                     }
                 }
                 if ($mod_class_api and $mod_api_err == false) {
                     if (!class_exists($try_class, false)) {
                         $remove = $url_segs;
                         $last_seg = array_pop($remove);
                         $last_prev_seg = array_pop($remove);
                         $last_prev_seg2 = array_pop($remove);
                         if (class_exists($last_prev_seg, false)) {
                             $try_class = $last_prev_seg;
                         } elseif (class_exists($last_prev_seg2, false)) {
                             $try_class = $last_prev_seg2;
                         }
                     }
                     if (!class_exists($try_class, false)) {
                         $try_class_mw = ltrim($try_class, '/');
                         $try_class_mw = ltrim($try_class_mw, '\\');
                         $try_class = $try_class_mw;
                     }
                     if (class_exists($try_class, false)) {
                         if ($params != false) {
                             $data = $params;
                         } elseif (!$_POST and !$_REQUEST) {
                             $data = $this->app->url_manager->params(true);
                             if (empty($data)) {
                                 $data = $this->app->url_manager->segment(2);
                             }
                         } else {
                             $data = array_merge($_GET, $_POST);
                         }
                         $res = new $try_class($data);
                         if (method_exists($res, $try_class_func) or method_exists($res, $try_class_func2)) {
                             if (method_exists($res, $try_class_func2)) {
                                 $try_class_func = $try_class_func2;
                             }
                             $res = $res->{$try_class_func}($data);
                             $mod_class_api_called = true;
                             return $this->_api_responce($res);
                         }
                     } else {
                         mw_error('The api class ' . $try_class . '  does not exist');
                     }
                 }
             }
             break;
     }
     if ($api_function) {
     } else {
         $api_function = 'index';
     }
     if ($api_function == 'module' and $mod_class_api_called == false) {
         $this->module();
     } else {
         $err = false;
         if (!in_array($api_function, $api_exposed)) {
             $err = true;
         }
         if ($err == true) {
             foreach ($api_exposed as $api_exposed_item) {
                 if ($api_exposed_item == $api_function) {
                     $err = false;
                 }
             }
         }
         if (isset($api_function_full)) {
             foreach ($api_exposed as $api_exposed_item) {
                 if (is_string($api_exposed_item) and is_string($api_function_full)) {
                     $api_function_full = str_replace('\\', '/', $api_function_full);
                     $api_function_full = ltrim($api_function_full, '/');
                     if (strtolower($api_exposed_item) == strtolower($api_function_full)) {
                         $err = false;
                     }
                 }
             }
         }
         if ($err == false) {
             if ($mod_class_api_called == false) {
                 if (!$_POST and !$_REQUEST) {
                     //  $data = $this->app->url_manager->segment(2);
                     $data = $this->app->url_manager->params(true);
                     if (empty($data)) {
                         $data = $this->app->url_manager->segment(2);
                     }
                 } else {
                     //$data = $_REQUEST;
                     $data = array_merge($_GET, $_POST);
                 }
                 $api_function_full_2 = explode('/', $api_function_full);
                 unset($api_function_full_2[count($api_function_full_2) - 1]);
                 $api_function_full_2 = implode('/', $api_function_full_2);
                 if (function_exists($api_function)) {
                     $res = $api_function($data);
                 } elseif (class_exists($api_function, false)) {
                     //
                     $segs = $this->app->url_manager->segment();
                     $mmethod = array_pop($segs);
                     $class = new $api_function($this->app);
                     if (method_exists($class, $mmethod)) {
                         $res = $class->{$mmethod}($data);
                     }
                 } else {
                     $api_function_full_2 = str_replace(array('..', '/'), array('', '\\'), $api_function_full_2);
                     $api_function_full_2 = __NAMESPACE__ . '\\' . $api_function_full_2;
                     if (class_exists($api_function_full_2, false)) {
                         //
                         $segs = $this->app->url_manager->segment();
                         $mmethod = array_pop($segs);
                         $class = new $api_function_full_2($this->app);
                         if (method_exists($class, $mmethod)) {
                             $res = $class->{$mmethod}($data);
                         }
                     } elseif (isset($api_function_full)) {
                         $api_function_full = str_replace('\\', '/', $api_function_full);
                         $api_function_full1 = explode('/', $api_function_full);
                         $mmethod = array_pop($api_function_full1);
                         $mclass = array_pop($api_function_full1);
                         if (class_exists($mclass, false)) {
                             $class = new $mclass($this->app);
                             if (method_exists($class, $mmethod)) {
                                 $res = $class->{$mmethod}($data);
                             }
                         }
                     }
                 }
             }
             if (isset($res) and isset($hooks[$api_function]) and is_array($hooks[$api_function]) and !empty($hooks[$api_function])) {
                 foreach ($hooks[$api_function] as $hook_key => $hook_value) {
                     if ($hook_value != false and $hook_value != null) {
                         $hook_value($res);
                     }
                 }
             } else {
                 //error('The api function ' . $api_function . ' does not exist', __FILE__, __LINE__);
             }
             // print $api_function;
         } else {
             $api_function = mw()->format->clean_html($api_function);
             $api_function = mw()->format->clean_xss($api_function);
             mw_error('The api function ' . $api_function . ' is not defined in the allowed functions list');
         }
         if (isset($res)) {
             return $this->_api_responce($res);
         }
         return;
     }
 }