function flickr_faves_add_fave(&$viewer, &$photo, $date_faved = 0)
{
if (!$date_faved) {
$date_faved = time();
}
$cluster_id = $viewer['cluster_id'];
$fave = array('user_id' => $viewer['id'], 'photo_id' => $photo['id'], 'owner_id' => $photo['user_id'], 'date_faved' => $date_faved);
$insert = array();
foreach ($fave as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert_users($cluster_id, 'FlickrFaves', $insert);
if (!$rsp['ok'] && $rsp['error_code'] != 1062) {
return $rsp;
}
# now update the photo owner side of things
$owner = users_get_by_id($photo['user_id']);
$cluster_id = $owner['cluster_id'];
$fave = array('user_id' => $owner['id'], 'photo_id' => $photo['id'], 'viewer_id' => $viewer['id']);
$insert = array();
foreach ($fave as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert_users($cluster_id, 'FlickrFavesUsers', $insert);
if (!$rsp['ok'] && $rsp['error_code'] != 1062) {
return $rsp;
}
# TO DO: index/update the photo in solr and insert $viewer['id']
# into the faved_by column (20111123/straup)
return okay();
}
function api_dots_dotsForUser()
{
// these keys not important
$skipKeys = array("details", "details_json", "index_on", "details_listview", "type_of_co");
$u = request_str('user');
$owner = users_get_by_id($u);
$output = array();
if ($owner) {
$dots = dots_get_dots_for_user($owner);
// please say there is a better way
if ($dots) {
foreach ($dots as &$row) {
$a = array();
foreach ($row as $k => $v) {
if (!in_array($k, $skipKeys)) {
$a[$k] = $v;
}
}
$output[] = $a;
}
}
}
if (count($output)) {
api_output_ok($output);
} else {
api_output_error();
}
}
function login_check_login()
{
if (!$GLOBALS['cfg']['enable_feature_signin']) {
return 0;
}
if ($GLOBALS['cfg']['user']['id']) {
return 1;
}
$auth_cookie = login_get_cookie($GLOBALS['cfg']['auth_cookie_name']);
if (!$auth_cookie) {
return 0;
}
$auth_cookie = crypto_decrypt($auth_cookie, $GLOBALS['cfg']['crypto_cookie_secret']);
list($user_id, $password) = explode(':', $auth_cookie, 2);
if (!$user_id) {
return 0;
}
$user = users_get_by_id($user_id);
if (!$user) {
return 0;
}
if ($user['deleted']) {
return 0;
}
if ($user['password'] !== $password) {
return 0;
}
$GLOBALS['cfg']['user'] = $user;
return 1;
}
function _get_nsid($flickr_user, $more = array())
{
# TO DO: put this all in a function somewhere and
# call/queue it when a user signs up...
# As db_main:Users
$user = users_get_by_id($flickr_user['user_id']);
if (!$user) {
return;
}
$method = 'flickr.people.getInfo';
$args = array('user_id' => $flickr_user['nsid']);
$ret = flickr_api_call($method, $args);
if (!$ret['ok']) {
dumper($args);
dumper($ret);
return;
}
$rsp = $ret['rsp']['person'];
$path_alias = $rsp['path_alias'];
$username = $rsp['username']['_content'];
echo "[{$user['id']}] path alias: {$path_alias} screen name: {$username}\n";
if ($path_alias != $flickr_user['path_alias']) {
$update = array('path_alias' => $path_alias);
$rsp = flickr_users_update_user($flickr_user, $update);
echo "[{$user['id']}] update path alias: {$rsp['ok']}\n";
# just let this fail silently if there's a duplicate
flickr_users_path_aliases_create($user, $path_alias);
}
if ($username != $user['username']) {
$update = array('username' => $username);
$rsp = users_update_user($user, $update);
echo "[{$user['id']}] update username: {$rsp['ok']}\n";
}
}
function export_cache_root_for_sheet(&$sheet)
{
$user = users_get_by_id($sheet['user_id']);
$user_root = export_cache_root_for_user($user);
$sheet_root = _export_cache_explode_id($sheet['id']);
$parts = array($user_root, $sheet_root);
return implode(DIRECTORY_SEPARATOR, $parts);
}
function set_path_alias($flickr_user, $more = array())
{
if ($flickr_user['path_alias'] == '') {
return;
}
$user = users_get_by_id($flickr_user['user_id']);
flickr_users_path_aliases_create($user, $flickr_user['path_alias']);
}
function flickr_backups_users()
{
$sql = "SELECT DISTINCT(user_id) FROM FlickrBackups";
$rsp = db_fetch($sql);
$users = array();
foreach ($rsp['rows'] as $row) {
$users[] = users_get_by_id($row['user_id']);
}
return $users;
}
function flickr_contacts_get_contact($user_id, $contact_id)
{
$user = users_get_by_id($user_id);
$cluster_id = $user['cluster_id'];
$enc_user = AddSlashes($user_id);
$enc_contact = AddSlashes($contact_id);
$sql = "SELECT * FROM FlickrContacts WHERE user_id='{$enc_user}' AND contact_id='{$enc_contact}'";
$rsp = db_fetch_users($cluster_id, $sql);
return db_single($rsp);
}
function api_auth_oauth2_has_auth(&$method, $key_row = null)
{
$access_token = api_auth_oauth2_get_access_token($method);
if (!$access_token) {
return array('ok' => 0, 'error' => 'Required access token missing', 'error_code' => 400);
}
$token_row = api_oauth2_access_tokens_get_by_token($access_token);
if (!$token_row) {
return array('ok' => 0, 'error' => 'Invalid access token', 'error_code' => 400);
}
if ($token_row['disabled']) {
return array('ok' => 0, 'error' => 'Access token is disabled', 'error_code' => 502);
}
if ($token_row['expires'] && $token_row['expires'] < time()) {
return array('ok' => 0, 'error' => 'Access token has expired', 'error_code' => 400);
}
# I find it singularly annoying that we have to do this here
# but OAuth gets what [redacted] wants. See also: notes in
# lib_api.php around ln 65 (20121026/straup)
$key_row = api_keys_get_by_id($token_row['api_key_id']);
$rsp = api_keys_utils_is_valid_key($key_row);
if (!$rsp['ok']) {
return $rsp;
}
if (isset($method['requires_perms'])) {
if ($token_row['perms'] < $method['requires_perms']) {
$perms_map = api_oauth2_access_tokens_permissions_map();
$required = $perms_map[$method['requires_perms']];
return array('ok' => 0, 'error' => "Insufficient permissions, method requires a token with '{$required}' permissions", 'error_code' => 403);
}
}
# Ensure user-iness - this may seem like a no-brainer until you think
# about how the site itself uses the API in the absence of a logged-in
# user (20130508/straup)
$ensure_user = 1;
$user = null;
if (!$token_row['user_id'] && $key_row && features_is_enabled("api_oauth2_tokens_null_users")) {
$key_role_id = $key_row['role_id'];
$roles_map = api_keys_roles_map('string keys');
$valid_roles = $GLOBALS['cfg']['api_oauth2_tokens_null_users_allowed_roles'];
$valid_roles_ids = array();
foreach ($valid_roles as $role) {
$valid_roles_ids[] = $roles_map[$role];
}
$ensure_user = $key_role_id && in_array($key_role_id, $valid_roles_ids) ? 0 : 1;
}
if ($ensure_user) {
$user = users_get_by_id($token_row['user_id']);
if (!$user || $user['deleted']) {
return array('ok' => 0, 'error' => 'Not a valid user', 'error_code' => 400);
}
}
#
return array('ok' => 1, 'access_token' => $token_row, 'api_key' => $key_row, 'user' => $user);
}
function foursquare_urls_checkin(&$checkin)
{
# see the way I named foursquare checkin IDs 'checkin_id'
# yeah, that was awesome... (20120219/straup)
if (!$checkin['checkin_id']) {
return;
}
$user = users_get_by_id($checkin['user_id']);
$fsq_user = foursquare_users_get_by_user_id($user['id']);
# Note the lack of a trailing slash, which is apparently
# important in foursquare land...
return "http://www.foursquare.com/user/{$fsq_user['foursquare_id']}/checkin/{$checkin['checkin_id']}";
}
function flickr_geobookmarks_import_for_nsid($nsid, $more = array())
{
$flickr_user = flickr_users_get_by_nsid($nsid);
$user = users_get_by_id($flickr_user['user_id']);
if (!$user) {
return not_okay("Not a valid user");
}
$flickr_user = flickr_users_get_by_user_id($user['id']);
$method = 'flickr.people.geoBookmarks.getList';
$args = array('auth_token' => $flickr_user['auth_token']);
$rsp = flickr_api_call($method, $args);
if (!$rsp['ok']) {
return $rsp;
}
if (!$rsp['rsp']['bookmarks']['count']) {
return okay();
}
$bookmarks = array();
# mark everything as private for now since none of that stuff
# got turned on before I left, sad face... (20120217/straup)
$geo_perms = flickr_geo_permissions_map("string keys");
$geo_private = $geo_perms['private'];
foreach ($rsp['rsp']['bookmarks']['bookmark'] as $bm) {
$bm['user_id'] = $user['id'];
$bm['name'] = $bm['label'];
$bm['geocontext'] = $bm['context'];
$bm['geoperms'] = $geo_private;
$bm['woeid'] = 0;
unset($bm['label']);
unset($bm['pretty_name']);
unset($bm['context']);
$geo_method = 'flickr.places.findByLatLon';
$geo_args = array('lat' => $bm['latitude'], 'lon' => $bm['longitude'], 'accuracy' => $bm['accuracy']);
$geo_rsp = flickr_api_call($geo_method, $geo_args);
if ($geo_rsp['ok']) {
# I still miss xpath...
$bm['woeid'] = $geo_rsp['rsp']['places']['place'][0]['woeid'];
}
$bookmarks[] = $bm;
}
$rsp = flickr_geobookmarks_purge_for_user($user);
if (!$rsp['ok']) {
return $rsp;
}
$count = 0;
foreach ($bookmarks as $bm) {
$rsp = flickr_geobookmarks_add($bm);
$count += $rsp['ok'];
}
return okay(array('count_imported' => $count));
}
function flickr_geobookmarks_add($bookmark)
{
$user = users_get_by_id($bookmark['user_id']);
$cluster_id = $user['cluster_id'];
$insert = array();
foreach ($bookmark as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert_users($cluster_id, 'FlickrGeoBookmarks', $insert);
if ($rsp['ok']) {
$rsp['bookmark'] = $bookmark;
}
return $rsp;
}
function dots_search_extras_create($data)
{
# unique ID/key is (dot_id, name, value)
$user = users_get_by_id($data['user_id']);
$hash = array();
foreach ($data as $_key => $_value) {
$hash[$key] = AddSlashes($value);
}
$rsp = db_insert('DotsSearchExtras', $hash);
if ($rsp['ok']) {
$rsp['data'] = $data;
dots_search_facets_add($data['name'], $data['value']);
}
return $rsp;
}
function flickr_contacts_import_for_nsid($nsid, $more = array())
{
$flickr_user = flickr_users_get_by_nsid($nsid);
$user = users_get_by_id($flickr_user['user_id']);
if (!$user) {
return array('ok' => 0, 'error' => 'not a valid user');
}
$method = 'flickr.contacts.getList';
$count_contacts = 0;
$args = array('auth_token' => $flickr_user['auth_token'], 'per_page' => 100, 'page' => 1);
$pages = null;
while (!isset($pages) || $pages >= $args['page']) {
$rsp = flickr_api_call($method, $args);
if (!$rsp) {
return array('ok' => 0, 'error' => 'The Flickr API is wigging out...');
}
if (!isset($pages)) {
$pages = $rsp['rsp']['contacts']['pages'];
}
$contacts = $rsp['rsp']['contacts']['contact'];
if (!is_array($contacts)) {
return array('ok' => 0, 'error' => 'The Flickr API did not return any contacts');
}
foreach ($contacts as $contact) {
$contact_nsid = $contact['nsid'];
$contact_username = $contact['username'];
$flickr_contact = flickr_users_get_by_nsid($contact_nsid);
if (!$flickr_contact) {
$password = random_string(32);
$user_contact = users_create_user(array("username" => $contact_username, "email" => "{$contact_username}@donotsend-flickr.com", "password" => $password));
#
$method = 'flickr.people.getInfo';
$args = array('user_id' => $contact_nsid);
$rsp = flickr_api_call($method, $args);
$path_alias = $rsp['ok'] ? $rsp['rsp']['person']['path_alias'] : '';
#
$flickr_contact = flickr_users_create_user(array('user_id' => $user_contact['id'], 'nsid' => $contact_nsid, 'path_alias' => $path_alias));
}
$rel = flickr_contacts_calculate_relationship($contact);
# echo "{$contact_username} : {$rel} ({$contact['friend']} {$contact['family']})\n";
$insert = array('user_id' => $user['id'], 'contact_id' => $flickr_contact['user_id'], 'rel' => $rel);
$contact = flickr_contacts_add_contact($insert);
$count_contacts++;
}
$args['page'] += 1;
}
return array('ok' => 1, 'count_imported' => $count_contacts);
}
function passwords_validate_password_for_user($password, &$user, $more = array())
{
$defaults = array('ensure_bcrypt' => 1);
$more = array_merge($defaults, $more);
$enc_password = $user['password'];
$is_bcrypt = substr($enc_password, 0, 4) == '$2a$' ? 1 : 0;
$validate_more = array('use_bcrypt' => $is_bcrypt);
$is_ok = passwords_validate_password($password, $enc_password, $validate_more);
if ($is_ok && !$is_bcrypt && $more['ensure_bcrypt'] && $GLOBALS['passwords_canhas_bcrypt']) {
# note the pass-by-ref above
if (users_update_password($user, $password)) {
$user = users_get_by_id($user['id']);
}
}
return $is_ok;
}
function flickr_photos_geo_corrections_create($correction)
{
$user = users_get_by_id($correction['user_id']);
if (!$user['id']) {
return not_okay("Invalid user ID");
}
$cluster_id = $user['cluster_id'];
$correction['created'] = time();
$insert = array();
foreach ($correction as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert_users($cluster_id, 'FlickrPhotosGeoCorrections', $insert);
if ($rsp['ok']) {
$rsp['correction'] = $correction;
}
return $rsp;
}
function privatesquare_checkins_create($checkin)
{
$user = users_get_by_id($checkin['user_id']);
$cluster_id = $user['cluster_id'];
$checkin['id'] = dbtickets_create(64);
if (!isset($checkin['created'])) {
$checkin['created'] = time();
}
$insert = array();
foreach ($checkin as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert_users($cluster_id, 'PrivatesquareCheckins', $insert);
if ($rsp['ok']) {
$rsp['checkin'] = $checkin;
}
return $rsp;
}
function api_auth_oauth2_has_auth(&$method, $key_row = null)
{
$access_token = api_auth_oauth2_get_access_token($method);
if (!$access_token) {
return array('ok' => 0, 'error' => 'Required access token missing', 'error_code' => 400);
}
$token_row = api_oauth2_access_tokens_get_by_token($access_token);
if (!$token_row) {
return array('ok' => 0, 'error' => 'Invalid access token', 'error_code' => 400);
}
if ($token_row['expires'] && $token_row['expires'] < time()) {
return array('ok' => 0, 'error' => 'Access token has expired', 'error_code' => 400);
}
# I find it singularly annoying that we have to do this here
# but OAuth gets what [redacted] wants. See also: notes in
# lib_api.php around ln 65 (20121026/straup)
$key_row = api_keys_get_by_id($token_row['api_key_id']);
$rsp = api_keys_utils_is_valid_key($key_row);
if (!$rsp['ok']) {
return $rsp;
}
if (isset($method['requires_perms'])) {
if ($token_row['perms'] < $method['requires_perms']) {
return array('ok' => 0, 'error' => 'Insufficient permissions', 'error_code' => 403);
}
}
# Ensure user-iness - this may seem like a no-brainer until you think
# about how the site itself uses the API in the absence of a logged-in
# user (20130508/straup)
$ensure_user = 1;
$user = null;
if (features_is_enabled("api_site_keys", "api_site_tokens")) {
# check that API key is a site key
$ensure_user = $token_row['user_id'] ? 1 : 0;
}
if ($ensure_user) {
$user = users_get_by_id($token_row['user_id']);
if (!$user || $user['deleted']) {
return array('ok' => 0, 'error' => 'Not a valid user', 'error_code' => 400);
}
}
#
return array('ok' => 1, 'access_token' => $token_row, 'api_key' => $key_row, 'user' => $user);
}
function _set_latlon($row, $more = array())
{
$user = users_get_by_id($row['user_id']);
$venue_id = $row['venue_id'];
$venue = foursquare_venues_get_by_venue_id($venue_id);
if (!$venue) {
$venue = foursquare_venues_archive_venue($venue_id);
}
if (!$venue) {
echo "can not sort out venue data for '{$venue_id}'\n";
return;
}
$lat = $venue['latitude'];
$lon = $venue['longitude'];
$update = array('latitude' => AddSlashes($lat), 'longitude' => AddSlashes($lon));
$enc_id = $row['id'];
$where = "id='{$enc_id}'";
$cluster_id = $user['cluster_id'];
$rsp = db_update_users($cluster_id, 'PrivatesquareCheckins', $update, $where);
echo "{$venue_id} : {$lat}, {$lon} {$where}: {$rsp['ok']}\n";
}
function flickr_faves_import_for_nsid($nsid, $more = array())
{
$flickr_user = flickr_users_get_by_nsid($nsid);
$user = users_get_by_id($flickr_user['user_id']);
if (!$user) {
return array('ok' => 0, 'error' => 'not a valid user');
}
$method = 'flickr.favorites.getList';
$args = array('user_id' => $flickr_user['nsid'], 'auth_token' => $flickr_user['auth_token'], 'extras' => 'original_format,tags,media,date_upload,date_taken,geo,owner_name', 'per_page' => 100, 'page' => 1);
if (isset($more['min_fave_date'])) {
$args['min_fave_date'] = $more['min_fave_date'];
}
$pages = null;
$count = 0;
while (!isset($pages) || $pages >= $args['page']) {
$rsp = flickr_api_call($method, $args);
if (!$rsp['ok']) {
return $rsp;
}
if (!isset($pages)) {
$pages = $rsp['rsp']['photos']['pages'];
}
$photos = $rsp['rsp']['photos']['photo'];
if (!is_array($photos)) {
return array('ok' => 0, 'error' => 'no photos');
}
foreach ($photos as $photo) {
$ph_rsp = flickr_photos_import_photo($photo);
if (!$ph_rsp['ok']) {
return $ph_rsp;
}
$fave_rsp = flickr_faves_add_fave($user, $ph_rsp['photo'], $photo['date_faved']);
if ($fave_rsp['ok']) {
$count++;
}
}
$args['page'] += 1;
}
return array('ok' => 1, 'count_imported' => $count);
}
function flickr_photos_permissions_can_view_photo(&$photo, $viewer_id = 0, $more = array())
{
if ($viewer_id && $photo['user_id'] == $viewer_id) {
return 1;
}
$perms_map = flickr_photos_permissions_map();
$perms = $perms_map[$photo['perms']];
if (!$viewer_id && $perms == 'public') {
return 1;
}
if ($perms == 'public') {
return 1;
}
if ($contact = flickr_contacts_get_contact($photo['user_id'], $viewer_id)) {
$rel_map = flickr_contacts_relationship_map();
$str_rel = $rel_map[$contact['rel']];
if ($perms == 'friends' || $perms == 'family') {
return $str_rel == $perms ? 1 : 0;
}
if ($perms == 'friends and family') {
return in_array($str_rel, array('friends', 'family')) ? 1 : 0;
}
}
# Note: this is predicated on the assumption that the user
# actually has permissions to view the photo otherwise the
# backup/import code would not have downloaded the photo; the
# problem is not a flickr permissions issue but due to the
# fact that the photo owner is not a registered parallel-flickr
# user and hence their contact list is not present.
# (20120607/straup)
if ($viewer_id && isset($more['allow_if_is_faved'])) {
loadlib("flickr_faves");
$viewer = users_get_by_id($viewer_id);
if (flickr_faves_is_faved_by_user($viewer, $photo['id'])) {
return 1;
}
}
return 0;
}
function passwords_validate_password_for_user($password, &$user)
{
#
# is this is *not* a bcrypt hash, but we allow promotion,
# then verify & promote it.
#
$is_bcrypt = substr($user['password'], 0, 4) == '$2a$';
if ($GLOBALS['cfg']['passwords_use_bcrypt'] && $GLOBALS['cfg']['passwords_allow_promotion'] && !$is_bcrypt) {
$test = hash_hmac("sha256", $password, $GLOBALS['cfg']['crypto_password_secret']);
$is_ok = $test == $user['password'];
if ($is_ok) {
if (users_update_password($user, $password)) {
$user = users_get_by_id($user['id']);
}
}
return $is_ok;
}
#
# simple case
#
return passwords_validate_password($password, $user['password']);
}
function flickr_push_photos_for_subscription(&$sub, $older_than = null)
{
$user = users_get_by_id($sub['user_id']);
$cluster = $user['cluster_id'];
$enc_sub = AddSlashes($sub['id']);
# TO DO: indexes
$sql = "SELECT * FROM FlickrPushPhotos WHERE subscription_id='{$enc_sub}'";
if ($older_than) {
$enc_older = AddSlashes($older_than);
$sql .= " AND created > '{$enc_older}'";
}
$sql .= " ORDER BY created DESC";
$rsp = db_fetch_users($cluster, $sql);
$photos = array();
foreach ($rsp['rows'] as $row) {
$photo = json_decode($row['photo_data'], 'as hash');
$photo['created'] = $row['created'];
$photo['display_url'] = str_replace("_s.jpg", ".jpg", $photo['thumb_url']);
$photos[] = $photo;
}
$rsp['rows'] = $photos;
return $rsp;
}
exit;
}
$code = get_str("code");
if (!$code) {
error_404();
}
$rsp = foursquare_api_get_auth_token($code);
if (!$rsp['ok']) {
$GLOBALS['error']['oauth_access_token'] = 1;
$GLOBALS['smarty']->display("page_auth_callback_foursquare_oauth.txt");
exit;
}
$oauth_token = $rsp['oauth_token'];
$foursquare_user = foursquare_users_get_by_oauth_token($oauth_token);
if ($foursquare_user && ($user_id = $foursquare_user['user_id'])) {
$user = users_get_by_id($user_id);
} else {
if (!$GLOBALS['cfg']['enable_feature_signup']) {
$GLOBALS['smarty']->display("page_signup_disabled.txt");
exit;
} else {
$args = array('oauth_token' => $oauth_token);
$rsp = foursquare_api_call('users/self', $args);
if (!$rsp['ok']) {
$GLOBALS['error']['foursquare_userinfo'] = 1;
$GLOBALS['smarty']->display("page_auth_callback_foursquare_oauth.txt");
exit;
}
$foursquare_id = $rsp['rsp']['user']['id'];
$username = $rsp['rsp']['user']['firstName'];
$email = $rsp['rsp']['user']['contact']['email'];
include "include/init.php";
loadlib("privatesquare_checkins");
loadlib("privatesquare_checkins_utils");
loadlib("privatesquare_export");
loadlib("foursquare_users");
$fsq_id = get_int32("foursquare_id");
if (!$fsq_id) {
error_404();
}
$history_url = "user/{$fsq_id}/history/";
login_ensure_loggedin($history_url);
$fsq_user = foursquare_users_get_by_foursquare_id($fsq_id);
if (!$fsq_user) {
error_404();
}
$owner = users_get_by_id($fsq_user['user_id']);
$is_own = $owner['id'] == $GLOBALS['cfg']['user']['id'] ? 1 : 0;
# for now...
if (!$is_own) {
error_403();
}
$more = array();
if ($page = get_int32("page")) {
$more['page'] = $page;
}
if ($when = get_str("when")) {
$more['when'] = $when;
$history_url .= urlencode($when) . "/";
# TO DO: find some better heuristic for this number
# besides "pull it out of my ass" (20120206/straup)
$more['per_page'] = 100;
<?php
include "include/init.php";
loadlib("flickr_places");
loadlib("flickr_photos_places");
loadlib("flickr_photos_geo");
if (!$GLOBALS['cfg']['enable_feature_solr'] || !$GLOBALS['cfg']['enable_feature_places']) {
error_disabled();
}
$flickr_user = flickr_users_get_by_url();
$owner = users_get_by_id($flickr_user['user_id']);
$is_own = $owner['id'] == $GLOBALS['cfg']['user']['id'] ? 1 : 0;
$GLOBALS['smarty']->assign_by_ref("owner", $owner);
$GLOBALS['smarty']->assign("is_own", $is_own);
#
$woeid = get_int32("woeid");
if (!$woeid) {
error_404();
}
$place = flickr_places_get_by_woeid($woeid);
if (!$place) {
error_404();
}
$placetypes = flickr_places_valid_placetypes();
$hier = array();
# put this in _get_by_woeid? probably...
foreach ($placetypes as $type) {
if (isset($place[$type])) {
$woeid = $place[$type]['woeid'];
$parts = explode(",", $place[$type]['_content']);
$name = trim($parts[0]);
function api_keys_create($user_id, $title, $description, $callback = '')
{
$user = users_get_by_id($user_id);
$id = dbtickets_create(64);
$role_map = api_keys_roles_map('string keys');
$role_id = $role_map['general'];
$key = api_keys_generate_key();
$secret = random_string(64);
$now = time();
$key_row = array('id' => $id, 'user_id' => $user['id'], 'api_key' => $key, 'app_secret' => $secret, 'created' => $now, 'last_modified' => $now, 'app_title' => $title, 'app_description' => $description, 'app_callback' => $callback);
# TO DO: callbacks and other stuff (what?)
$insert = array();
foreach ($key_row as $k => $v) {
$insert[$k] = AddSlashes($v);
}
$rsp = db_insert('ApiKeys', $insert);
if ($rsp['ok']) {
$rsp['key'] = $key_row;
}
return $rsp;
}
function _search_generate_where_parts(&$args)
{
$search_params = array('b' => 'bbox', 'dt' => 'created', 'e' => 'extras', 'gh' => 'geohash', 'll' => 'latitude,latitude', 't' => 'type', 'u' => 'user_id');
$b = sanitize($args['b'], 'str');
# bounding box
$dt = sanitize($args['dt'], 'str');
# datetime
$gh = sanitize($args['gh'], 'str');
# geohash
$ll = sanitize($args['ll'], 'str');
# latitude, longitude
$u = sanitize($args['u'], 'int32');
# userid
$e = sanitize($args['e'], 'str');
# extras
$sortby = '';
# sanitize($args['_s'], 'str'); # sort by
$sortorder = '';
# sanitize($args['_o'], 'str'); # sort order
$where_parts = array();
#
# Geo
#
if ($b) {
list($swlat, $swlon, $nelat, $nelon) = explode(",", $b, 4);
$where = implode(" AND ", array("d.latitude >= " . AddSlashes(floatval($swlat)), "d.longitude >= " . AddSlashes(floatval($swlon)), "d.latitude <= " . AddSlashes(floatval($nelat)), "d.longitude <= " . AddSlashes(floatval($nelon))));
$where_parts['geo'] = array("({$where})");
$where_parts['geo_query'] = 'bbox';
} else {
if ($ll) {
list($lat, $lon) = explode(",", $ll, 2);
list($swlat, $swlon, $nelat, $nelon) = geo_utils_nearby_bbox($lat, $lon, 0.25);
$where = implode(" AND ", array("d.latitude >= " . AddSlashes(floatval($swlat)), "d.longitude >= " . AddSlashes(floatval($swlon)), "d.latitude <= " . AddSlashes(floatval($nelat)), "d.longitude <= " . AddSlashes(floatval($nelon))));
$where_parts['geo'] = array("({$where})");
$where_parts['geo_query'] = 'nearby';
} else {
if ($gh) {
list($lat, $lon) = geo_geohash_decode($gh);
list($swlat, $swlon, $nelat, $nelon) = geo_utils_nearby_bbox($lat, $lon, 0.25);
$where = implode(" AND ", array("d.latitude >= " . AddSlashes(floatval($swlat)), "d.longitude >= " . AddSlashes(floatval($swlon)), "d.latitude <= " . AddSlashes(floatval($nelat)), "d.longitude <= " . AddSlashes(floatval($nelon))));
$where_parts['geo'] = array("({$where})");
$where_parts['geo_query'] = 'geohash';
} else {
}
}
}
#
# Time
#
if ($dt) {
$date_start = null;
$date_end = null;
# "Around" a given date. For example:
# http://dotspotting.example.com/search/?dt=(2010-10)
# This doesn't always work, specifically when passed
# something like '2010-11-19 12'. Punting for now...
if (preg_match("/^\\(((\\d{4})(?:-(\\d{2})(?:-(\\d{2})(?:(?:T|\\s)(\\d{2})(?:\\:(\\d{2})(?:\\:(\\d{2}))?)?)?)?)?)\\)\$/", $dt, $m)) {
list($ignore, $dt, $year, $month, $day, $hour) = $m;
$offset = 0;
if ($hour) {
$offset = 60 * 60;
} elseif ($day) {
$offset = 60 * 60 * 24;
} elseif ($month) {
$offset = 60 * 60 * 24 * 28;
} elseif ($year) {
$offset = 60 * 60 * 24 * 365;
}
if ($ts = strtotime($dt)) {
$date_start = $ts - $offset;
$date_end = $ts + $offset;
}
} else {
$parts = explode("/", $dt, 2);
$date_start = strtotime($parts[0]);
if (count($parts) == 2) {
$date_end = strtotime($parts[1]);
}
}
# ensure ($parts[0] && $date_start) and ($parts[1] && $end_date) here ?
$time_parts = array();
if ($date_start) {
$time_parts[] = "UNIX_TIMESTAMP(d.created) >= " . AddSlashes($date_start);
}
if ($date_end) {
$time_parts[] = "UNIX_TIMESTAMP(d.created) <= " . AddSlashes($date_end);
}
if (count($time_parts)) {
$where_parts['time'] = $time_parts;
}
}
#
# User stuff
#
if ($u) {
$user = users_get_by_id($u);
if ($user && !$user['deleted']) {
$where_parts['user'] = array("d.user_id=" . AddSlashes($user['id']));
$where_parts['user_row'] = $user;
}
}
#
# Extras
#
if ($e && $GLOBALS['cfg']['enable_feature_dots_indexing']) {
$extras = array();
# This (the part with the ";" and the ":") is not the final syntax.
# I'm just working through the other bits first. (20101213/straup)
foreach (explode(";", $e) as $parts) {
list($name, $value) = explode(":", $parts);
$tmp = array();
if ($name) {
$enc_name = AddSlashes($name);
$tmp[] = "e.name='{$enc_name}'";
}
if ($value) {
if (preg_match("/^CONTAINS\\((.+)\\)\$/", $value, $m)) {
$enc_value = AddSlashes($m[1]);
$tmp[] = "e.value LIKE '%{$enc_value}%'";
} else {
$enc_value = AddSlashes($value);
$tmp[] = "e.value='{$enc_value}'";
}
# Something to consider if it's ever possible to feel
# safe and comfortible evulating regular expressions
# from user input... (20101216/straup)
# http://dev.mysql.com/doc/refman/5.1/en/regexp.html
}
if (count($parts)) {
$extras[] = "(" . implode(" AND ", $tmp) . ")";
}
}
if (count($extras)) {
$where_parts['extras'] = $extras;
}
}
#
# Sorting
#
if ($sortby) {
if (in_array($sortby, array_values($search_params))) {
# pass
} else {
if (in_array($sortby, array_keys($search_params))) {
$sortby = $search_params[$sortby];
} else {
$sortby = null;
}
}
if ($sortby) {
$sortorder = strtolower($sortorder) == 'desc' ? 'DESC' : 'ASC';
$where_parts['order'] = array('by' => $sortby, 'sort' => $sortorder);
}
}
return $where_parts;
}
if (post_isset("done") && crumb_check($crumb_key)) {
$ok = 1;
if (!post_isset("sync")) {
$update_error = "missing sync";
$ok = 0;
}
if ($ok) {
$sync = post_int32("sync");
if (!isset($sync_states[$sync])) {
$update_error = "invalid sync";
$ok = 0;
}
}
if ($ok) {
if ($sync != $GLOBALS['cfg']['user']['sync_foursquare']) {
$update = array('sync_foursquare' => $sync);
$ok = users_update_user($GLOBALS['cfg']['user'], $update);
if ($ok) {
$GLOBALS['cfg']['user'] = users_get_by_id($GLOBALS['cfg']['user']['id']);
} else {
$update_error = "db error";
}
}
}
$GLOBALS['smarty']->assign("update", 1);
$GLOBALS['smarty']->assign("update_ok", $ok);
$GLOBALS['smarty']->assign("update_error", $update_error);
}
$GLOBALS['smarty']->assign_by_ref("sync_states", $sync_states);
$GLOBALS['smarty']->display("page_account_foursquare_sync.txt");
exit;
error_404();
}
$crumb_key = "delete_feed";
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
if (post_str("delete") && crumb_check($crumb_key)) {
$feed_rsp = flickr_push_unsubscribe($sub);
$GLOBALS['smarty']->assign("delete_feed", $feed_rsp);
if ($feed_rsp['ok']) {
$sub_rsp = flickr_push_subscriptions_delete($sub);
$GLOBALS['smarty']->assign("delete_sub", $sub_rsp);
if ($sub_rsp['ok']) {
$redir = "{$GLOBALS['cfg']['abs_root_url']}god/push/subscriptions/{$sub['user_id']}/";
header("location: {$redir}");
exit;
}
}
}
$topic_map = flickr_push_topic_map();
$sub['str_topic'] = $topic_map[$sub['topic_id']];
if ($sub['last_update_details']) {
$sub['last_update_details'] = json_decode($sub['last_update_details'], "as hash");
}
$owner = users_get_by_id($sub['user_id']);
$sub['owner'] = $owner;
$photos = flickr_push_photos_for_subscription($sub);
$is_push_backup = flickr_push_subscriptions_is_push_backup($sub);
$GLOBALS['smarty']->assign("is_push_backup", $is_push_backup);
$GLOBALS['smarty']->assign_by_ref("subscription", $sub);
$GLOBALS['smarty']->assign_by_ref("photos", $photos['rows']);
$GLOBALS['smarty']->display("page_god_push_subscription.txt");
exit;
