function api_expose_user($function_name, $callback = null) { static $index = ' '; if (is_bool($function_name)) { return $index; } if (is_callable($callback)) { $index .= ' ' . $function_name; return api_bind_user($function_name, $callback); } else { $index .= ' ' . $function_name; } }
public function api($api_function = false, $params = false) { if (isset($_REQUEST['api_key']) and user_id() == 0) { api_login($_REQUEST['api_key']); } if (!defined('MW_API_CALL')) { define('MW_API_CALL', true); } $set_constants = true; $mod_class_api = false; $mod_class_api_called = false; $mod_class_api_class_exist = false; $caller_commander = false; if ($api_function == false) { $api_function_full = $this->app->url_manager->string(); $api_function_full = $this->app->format->replace_once('api_html', '', $api_function_full); $api_function_full = $this->app->format->replace_once('api/api', 'api', $api_function_full); $api_function_full = $this->app->format->replace_once('api', '', $api_function_full); $api_function_full = trim($api_function_full, '/'); //$api_function_full = substr($api_function_full, 4); } else { $api_function_full = $api_function; } if (isset($api_function_full) and $api_function_full != '') { if (ltrim($api_function_full, '/') == 'module') { $set_constants = false; } } if ($set_constants == true) { $this->app->content_manager->define_constants(); } if (defined('TEMPLATE_DIR')) { $load_template_functions = TEMPLATE_DIR . 'functions.php'; if (is_file($load_template_functions)) { include_once $load_template_functions; } } //$api_function_full = str_ireplace('api/', '', $api_function_full); $api_function_full = str_replace('..', '', $api_function_full); $api_function_full = str_replace('\\', '/', $api_function_full); $api_function_full = str_replace('//', '/', $api_function_full); $api_function_full = $this->app->database_manager->escape_string($api_function_full); if (is_string($api_function_full)) { $mod_api_class = explode('/', $api_function_full); } else { $mod_api_class = $api_function_full; } $try_class_func = array_pop($mod_api_class); // $try_class_func2 = array_pop($mod_api_class); $mod_api_class_copy = $mod_api_class; $try_class_func2 = array_pop($mod_api_class_copy); $mod_api_class2 = implode(DS, $mod_api_class_copy); $mod_api_class = implode(DS, $mod_api_class); $mod_api_class_clean = ltrim($mod_api_class, '/'); $mod_api_class_clean = ltrim($mod_api_class_clean, '\\'); $mod_api_class_clean_uc1 = ucfirst($mod_api_class_clean); $mod_api_class1 = normalize_path(modules_path() . $mod_api_class, false) . '.php'; $mod_api_class_native = normalize_path(mw_includes_path() . $mod_api_class, false) . '.php'; $mod_api_class_native_system = normalize_path(dirname(MW_PATH) . DS . $mod_api_class, false) . '.php'; $mod_api_class_native_global_ns = normalize_path(mw_includes_path() . 'classes' . DS . $mod_api_class2, false) . '.php'; $mod_api_class1_uc1 = normalize_path(modules_path() . $mod_api_class_clean_uc1, false) . '.php'; $mod_api_class_native_uc1 = normalize_path(mw_includes_path() . $mod_api_class_clean_uc1, false) . '.php'; $mod_api_class_native_global_ns_uc1 = normalize_path(mw_includes_path() . 'classes' . DS . $mod_api_class_clean_uc1, false) . '.php'; $mod_api_class2 = normalize_path(modules_path() . DS . $mod_api_class_clean . DS . $mod_api_class_clean, false) . '.php'; $mod_api_class2_uc1 = normalize_path(modules_path() . DS . $mod_api_class_clean . DS . $mod_api_class_clean, false) . '.php'; $try_class = '\\' . str_replace('/', '\\', $mod_api_class); if (class_exists($try_class, false)) { $caller_commander = 'class_is_already_here'; $mod_class_api_class_exist = true; } else { if (is_file($mod_api_class1)) { $mod_class_api = true; include_once $mod_api_class1; } elseif (is_file($mod_api_class_native_system)) { $mod_class_api = true; include_once $mod_api_class_native_system; } elseif (is_file($mod_api_class1_uc1)) { $mod_class_api = true; include_once $mod_api_class1_uc1; } elseif (is_file($mod_api_class_native_global_ns_uc1)) { $try_class = str_replace('/', '\\', $mod_api_class2); $mod_class_api = true; include_once $mod_api_class_native_global_ns_uc1; } elseif (is_file($mod_api_class_native_global_ns)) { $try_class = str_replace('/', '\\', $mod_api_class2); $mod_class_api = true; include_once $mod_api_class_native_global_ns; } elseif (is_file($mod_api_class_native_uc1)) { $mod_class_api = true; include_once $mod_api_class_native_uc1; } elseif (is_file($mod_api_class_native)) { $mod_class_api = true; include_once $mod_api_class_native; } elseif (is_file($mod_api_class2)) { $mod_class_api = true; include_once $mod_api_class2; } elseif (is_file($mod_api_class2_uc1)) { $mod_class_api = true; include_once $mod_api_class2_uc1; } } $api_exposed = ''; // user functions $api_exposed .= 'user_login user_logout social_login_process'; // content functions $api_exposed .= 'set_language '; $api_exposed .= api_expose(true); if (is_logged()) { $api_exposed .= api_expose_user(true); } if (is_admin()) { $api_exposed .= api_expose_admin(true); } $api_exposed = explode(' ', $api_exposed); $api_exposed = array_unique($api_exposed); $api_exposed = array_trim($api_exposed); $hooks = api_bind(true); if (is_logged()) { $hooks_admin = api_bind_user(true); if (is_array($hooks_admin)) { $hooks = array_merge($hooks, $hooks_admin); } } if (is_admin()) { $hooks_admin = api_bind_admin(true); if (is_array($hooks_admin)) { $hooks = array_merge($hooks, $hooks_admin); } } if ($api_function == false) { $api_function = $this->app->url_manager->segment(1); } if (!defined('MW_API_RAW')) { if ($mod_class_api != false) { $url_segs = $this->app->url_manager->segment(-1); } } else { if (is_array($api_function)) { $url_segs = $api_function; } else { $url_segs = explode('/', $api_function); } } if (!defined('MW_API_FUNCTION_CALL')) { define('MW_API_FUNCTION_CALL', $api_function); } switch ($caller_commander) { case 'class_is_already_here': if ($params != false) { $data = $params; } elseif (!$_POST and !$_REQUEST) { $data = $this->app->url_manager->params(true); if (empty($data)) { $data = $this->app->url_manager->segment(2); } } else { //$data = $_REQUEST; $data = array_merge($_GET, $_POST); } static $loaded_classes = array(); //$try_class_n = src_ if (isset($loaded_classes[$try_class]) == false) { $res = new $try_class($data); $loaded_classes[$try_class] = $res; } else { $res = $loaded_classes[$try_class]; // } if (method_exists($res, $try_class_func) or method_exists($res, $try_class_func2)) { if (method_exists($res, $try_class_func2)) { $try_class_func = $try_class_func2; } $res = $res->{$try_class_func}($data); if (defined('MW_API_RAW')) { $mod_class_api_called = true; } return $this->_api_responce($res); } break; default: $res = false; if (isset($hooks[$api_function_full])) { $data = array_merge($_GET, $_POST); $call = $hooks[$api_function_full]; if (!empty($call)) { foreach ($call as $call_item) { $res = call_user_func($call_item, $data); } } if ($res != false) { return $this->_api_responce($res); } } if ($mod_class_api == true and $mod_api_class != false) { $mod_api_class = str_replace('..', '', $mod_api_class); $try_class = str_replace('/', '\\', $mod_api_class); $try_class_full = str_replace('/', '\\', $api_function_full); $try_class_full2 = str_replace('\\', '/', $api_function_full); $mod_api_class_test = explode('/', $try_class_full2); $try_class_func_test = array_pop($mod_api_class_test); $mod_api_class_test_full = implode('/', $mod_api_class_test); $mod_api_err = false; if (!defined('MW_API_RAW')) { if (!in_array($try_class_full, $api_exposed) and !in_array($try_class_full2, $api_exposed) and !in_array($mod_api_class_test_full, $api_exposed)) { $mod_api_err = true; foreach ($api_exposed as $api_exposed_value) { if ($mod_api_err == true) { if ($api_exposed_value == $try_class_full) { $mod_api_err = false; } elseif (strtolower('\\' . $api_exposed_value) == strtolower($try_class_full)) { $mod_api_err = false; } elseif ($api_exposed_value == $try_class_full2) { $mod_api_err = false; } else { $convert_slashes = str_replace('\\', '/', $try_class_full); if ($convert_slashes == $api_exposed_value) { $mod_api_err = false; } } } } } else { $mod_api_err = false; } } if ($mod_class_api and $mod_api_err == false) { if (!class_exists($try_class, false)) { $remove = $url_segs; $last_seg = array_pop($remove); $last_prev_seg = array_pop($remove); $last_prev_seg2 = array_pop($remove); if (class_exists($last_prev_seg, false)) { $try_class = $last_prev_seg; } elseif (class_exists($last_prev_seg2, false)) { $try_class = $last_prev_seg2; } } if (!class_exists($try_class, false)) { $try_class_mw = ltrim($try_class, '/'); $try_class_mw = ltrim($try_class_mw, '\\'); $try_class = $try_class_mw; } if (class_exists($try_class, false)) { if ($params != false) { $data = $params; } elseif (!$_POST and !$_REQUEST) { $data = $this->app->url_manager->params(true); if (empty($data)) { $data = $this->app->url_manager->segment(2); } } else { $data = array_merge($_GET, $_POST); } $res = new $try_class($data); if (method_exists($res, $try_class_func) or method_exists($res, $try_class_func2)) { if (method_exists($res, $try_class_func2)) { $try_class_func = $try_class_func2; } $res = $res->{$try_class_func}($data); $mod_class_api_called = true; return $this->_api_responce($res); } } else { mw_error('The api class ' . $try_class . ' does not exist'); } } } break; } if ($api_function) { } else { $api_function = 'index'; } if ($api_function == 'module' and $mod_class_api_called == false) { $this->module(); } else { $err = false; if (!in_array($api_function, $api_exposed)) { $err = true; } if ($err == true) { foreach ($api_exposed as $api_exposed_item) { if ($api_exposed_item == $api_function) { $err = false; } } } if (isset($api_function_full)) { foreach ($api_exposed as $api_exposed_item) { if (is_string($api_exposed_item) and is_string($api_function_full)) { $api_function_full = str_replace('\\', '/', $api_function_full); $api_function_full = ltrim($api_function_full, '/'); if (strtolower($api_exposed_item) == strtolower($api_function_full)) { $err = false; } } } } if ($err == false) { if ($mod_class_api_called == false) { if (!$_POST and !$_REQUEST) { // $data = $this->app->url_manager->segment(2); $data = $this->app->url_manager->params(true); if (empty($data)) { $data = $this->app->url_manager->segment(2); } } else { //$data = $_REQUEST; $data = array_merge($_GET, $_POST); } $api_function_full_2 = explode('/', $api_function_full); unset($api_function_full_2[count($api_function_full_2) - 1]); $api_function_full_2 = implode('/', $api_function_full_2); if (function_exists($api_function)) { $res = $api_function($data); } elseif (class_exists($api_function, false)) { // $segs = $this->app->url_manager->segment(); $mmethod = array_pop($segs); $class = new $api_function($this->app); if (method_exists($class, $mmethod)) { $res = $class->{$mmethod}($data); } } else { $api_function_full_2 = str_replace(array('..', '/'), array('', '\\'), $api_function_full_2); $api_function_full_2 = __NAMESPACE__ . '\\' . $api_function_full_2; if (class_exists($api_function_full_2, false)) { // $segs = $this->app->url_manager->segment(); $mmethod = array_pop($segs); $class = new $api_function_full_2($this->app); if (method_exists($class, $mmethod)) { $res = $class->{$mmethod}($data); } } elseif (isset($api_function_full)) { $api_function_full = str_replace('\\', '/', $api_function_full); $api_function_full1 = explode('/', $api_function_full); $mmethod = array_pop($api_function_full1); $mclass = array_pop($api_function_full1); if (class_exists($mclass, false)) { $class = new $mclass($this->app); if (method_exists($class, $mmethod)) { $res = $class->{$mmethod}($data); } } } } } if (isset($res) and isset($hooks[$api_function]) and is_array($hooks[$api_function]) and !empty($hooks[$api_function])) { foreach ($hooks[$api_function] as $hook_key => $hook_value) { if ($hook_value != false and $hook_value != null) { $hook_value($res); } } } else { //error('The api function ' . $api_function . ' does not exist', __FILE__, __LINE__); } // print $api_function; } else { $api_function = mw()->format->clean_html($api_function); $api_function = mw()->format->clean_xss($api_function); mw_error('The api function ' . $api_function . ' is not defined in the allowed functions list'); } if (isset($res)) { return $this->_api_responce($res); } return; } }