function mt_getpost($params) { // ($postid, $user, $pass) $xpostid = $params->getParam(0); $xuser = $params->getParam(1); $xpass = $params->getParam(2); $post_ID = $xpostid->scalarval(); $username = $xuser->scalarval(); $password = $xpass->scalarval(); // Check login if (user_pass_ok(addslashes($username), $password)) { $postdata = get_postdata($post_ID); if ($postdata['Date'] != '') { // why were we converting to GMT here? spec doesn't call for that. //$post_date = mysql2date('U', $postdata['Date']); //$post_date = gmdate('Ymd', $post_date).'T'.gmdate('H:i:s', $post_date); $post_date = strtotime($postdata['Date']); $post_date = date('Ymd', $post_date) . 'T' . date('H:i:s', $post_date); $catids = wp_get_post_cats('1', $post_ID); logIO('O', 'Category No:' . count($catids)); foreach ($catids as $catid) { $catname = get_cat_name($catid); logIO('O', 'Category:' . $catname); $catnameenc = new xmlrpcval(mb_conv($catname, 'UTF-8', $GLOBALS['blog_charset'])); $catlist[] = $catnameenc; } $post = get_extended($postdata['Content']); $allow_comments = 'open' == $postdata['comment_status'] ? 1 : 0; $allow_pings = 'open' == $postdata['ping_status'] ? 1 : 0; $resp = array('link' => new xmlrpcval(post_permalink($post_ID)), 'title' => new xmlrpcval(mb_conv($postdata['Title'], 'UTF-8', $GLOBALS['blog_charset'])), 'description' => new xmlrpcval(mb_conv($post['main'], 'UTF-8', $GLOBALS['blog_charset'])), 'dateCreated' => new xmlrpcval($post_date, 'dateTime.iso8601'), 'userid' => new xmlrpcval($postdata['Author_ID']), 'postid' => new xmlrpcval($postdata['ID']), 'content' => new xmlrpcval(mb_conv($postdata['Content'], 'UTF-8', $GLOBALS['blog_charset'])), 'permalink' => new xmlrpcval(post_permalink($post_ID)), 'categories' => new xmlrpcval($catlist, 'array'), 'mt_keywords' => new xmlrpcval("{$catids[0]}"), 'mt_excerpt' => new xmlrpcval(mb_conv($postdata['Excerpt'], 'UTF-8', $GLOBALS['blog_charset'])), 'mt_allow_comments' => new xmlrpcval($allow_comments, 'int'), 'mt_allow_pings' => new xmlrpcval($allow_pings, 'int'), 'mt_convert_breaks' => new xmlrpcval('true'), 'mt_text_more' => new xmlrpcval(mb_conv($post['extended'], 'UTF-8', $GLOBALS['blog_charset']))); $resp = new xmlrpcval($resp, 'struct'); return new xmlrpcresp($resp); } else { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 3, "No such post #{$post_ID}"); } } else { return new xmlrpcresp(0, $GLOBALS['xmlrpcerruser'] + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
function mt_getpost($params) { // ($postid, $user, $pass) global $xmlrpcerruser; $xpostid = $params->getParam(0); $xuser = $params->getParam(1); $xpass = $params->getParam(2); $post_ID = $xpostid->scalarval(); $username = $xuser->scalarval(); $password = $xpass->scalarval(); // Check login if (user_pass_ok($username, $password)) { $postdata = get_postdata($post_ID); if ($postdata["Date"] != "") { // why were we converting to GMT here? spec doesn't call for that. //$post_date = mysql2date("U", $postdata["Date"]); //$post_date = gmdate("Ymd", $post_date)."T".gmdate("H:i:s", $post_date); $post_date = strtotime($postdata['Date']); $post_date = date("Ymd", $post_date) . "T" . date("H:i:s", $post_date); $catids = wp_get_post_cats('1', $post_ID); logIO("O", "CateGory No:" . count($catids)); foreach ($catids as $catid) { $catname = get_cat_name($catid); logIO("O", "CateGory:" . $catname); $catnameenc = new xmlrpcval(mb_conv($catname, "UTF-8", "auto")); $catlist[] = $catnameenc; } $post = get_extended($postdata['Content']); $allow_comments = 'open' == $postdata['comment_status'] ? 1 : 0; $allow_pings = 'open' == $postdata['ping_status'] ? 1 : 0; $resp = array('link' => new xmlrpcval(post_permalink($post_ID)), 'title' => new xmlrpcval(mb_conv($postdata["Title"], "UTF-8", "auto")), 'description' => new xmlrpcval(mb_conv($post['main'], "UTF-8", "auto")), 'dateCreated' => new xmlrpcval($post_date, 'dateTime.iso8601'), 'userid' => new xmlrpcval($postdata["Author_ID"]), 'postid' => new xmlrpcval($postdata["ID"]), 'content' => new xmlrpcval(mb_conv($postdata["Content"], "UTF-8", "auto")), 'permalink' => new xmlrpcval(post_permalink($post_ID)), 'categories' => new xmlrpcval($catlist, 'array'), 'mt_keywords' => new xmlrpcval("{$catids[0]}"), 'mt_excerpt' => new xmlrpcval(mb_conv($postdata['Excerpt'], "UTF-8", "auto")), 'mt_allow_comments' => new xmlrpcval($allow_comments, 'int'), 'mt_allow_pings' => new xmlrpcval($allow_pings, 'int'), 'mt_convert_breaks' => new xmlrpcval('true'), 'mt_text_more' => new xmlrpcval(mb_conv($post['extended'], "UTF-8", "auto"))); $resp = new xmlrpcval($resp, 'struct'); return new xmlrpcresp($resp); } else { return new xmlrpcresp(0, $xmlrpcerruser + 3, "No such post #{$post_ID}"); } } else { return new xmlrpcresp(0, $xmlrpcerruser + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
/** * Get current_User for an XML-RPC request - Includes login (password) check. * * @param xmlrpcmsg XML-RPC Message * @param integer idx of login param in XML-RPC Message * @param integer idx of pass param in XML-RPC Message * @return User or NULL */ function &xmlrpcs_login($m, $login_param, $pass_param) { global $xmlrpcs_errcode, $xmlrpcs_errmsg, $xmlrpcerruser; $username = $m->getParam($login_param); $username = $username->scalarval(); $password = $m->getParam($pass_param); $password = $password->scalarval(); /** * @var UserCache */ $UserCache =& get_UserCache(); $current_User =& $UserCache->get_by_login($username); if (empty($current_User) || !$current_User->check_password($password, false)) { // User not found or password doesn't match $xmlrpcs_errcode = $xmlrpcerruser + 1; $xmlrpcs_errmsg = 'Wrong username/password combination: ' . $username . ' / ' . starify($password); $r = NULL; return $r; } // This may be needed globally for status permissions in ItemList2, etc.. $GLOBALS['current_User'] =& $current_User; // Check here ability to use APIs $group = $current_User->get_Group(); if (!$group->check_perm('perm_api', 'always')) { // Permission denied $xmlrpcs_errcode = $xmlrpcerruser + 1; $xmlrpcs_errmsg = 'User has no permission to use this API: ' . $username . ' / ' . starify($password); $r = NULL; return $r; } logIO('Login OK - User: '******' - ' . $current_User->login); return $current_User; }
/** * Get current_User for an XML-RPC request - Includes login (password) check. * * @param xmlrpcmsg XML-RPC Message * @param integer idx of login param in XML-RPC Message * @param integer idx of pass param in XML-RPC Message * @return User or NULL */ function &xmlrpcs_login($m, $login_param, $pass_param) { global $xmlrpcs_errcode, $xmlrpcs_errmsg, $xmlrpcerruser; $username = $m->getParam($login_param); $username = $username->scalarval(); $password = $m->getParam($pass_param); $password = $password->scalarval(); /** * @var UserCache */ $UserCache =& get_Cache('UserCache'); $current_User =& $UserCache->get_by_login($username); if (empty($current_User) || !$current_User->check_password($password, false)) { // User not found or password doesn't match $xmlrpcs_errcode = $xmlrpcerruser + 1; $xmlrpcs_errmsg = 'Wrong username/password combination: ' . $username . ' / ' . starify($password); $r = NULL; return $r; } logIO('Login OK - User: '******' - ' . $current_User->login); // This may be needed globally for status permissions in ItemList2, etc.. $GLOBALS['current_User'] =& $current_User; return $current_User; }
function bloggersettemplate($m) { global $xmlrpcerruser, $tableusers, $blogfilename; error_reporting(0); // there is a bug in phpxmlrpc that makes it say there are errors while the output is actually valid, so let's disable errors for that function dbconnect(); $blogid = 1; // we do not need this yet $template = $m->getParam(4); $template = $template->scalarval(); $templateType = $m->getParam(5); $templateType = $templateType->scalarval(); $username = $m->getParam(2); $username = $username->scalarval(); $password = $m->getParam(3); $password = $password->scalarval(); $userdata = get_userdatabylogin($username); if ($userdata["user_level"] < 3) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, users whose level is less than 3, can not edit the template."); } if (user_pass_ok($username, $password)) { if ($templateType == "main") { if ($blogfilename != "") { $file = $blogfilename; } else { $file = "b2.php"; } } elseif ($templateType == "archiveIndex") { $file = "b2archives.php"; } $f = fopen($file, "w+"); fwrite($f, $template); fclose($file); return new xmlrpcresp(new xmlrpcval("1", "boolean")); } else { return new xmlrpcresp(0, $xmlrpcerruser + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }