function HookRss2SearchRender_search_actions_add_option($options)
{
global $baseurl_short, $search, $restypes, $archive, $starsearch, $lang, $userpassword, $username, $api_scramble_key, $k;
$c = count($options);
if ($k == '') {
$apikey = make_api_key($username, $userpassword);
$skey = md5($api_scramble_key . $apikey . $search . $archive);
$data_attribute['url'] = sprintf('%splugins/rss2/pages/rssfilter.php?key=%s&search=<?php echo urlencode($search)?>&restypes=%s&archive=%s&starsearch=%s&skey=%s', $baseurl_short, urlencode($apikey), urlencode($restypes), urlencode($archive), urlencode($starsearch), urlencode($skey));
$options[$c]['value'] = 'rss';
$options[$c]['label'] = $lang["rss_feed_for_search_filter"];
$options[$c]['data_attr'] = $data_attribute;
return $options;
}
}
function HookRss2SearchResultsbottomtoolbar()
{
global $baseurl, $search, $restypes, $archive, $starsearch, $lang;
global $userpassword, $username, $api_scramble_key;
$apikey = make_api_key($username, $userpassword);
$skey = md5($api_scramble_key . $apikey . $search . $archive);
global $k;
if ($k != "") {
return false;
}
?>
<div class="InpageNavLeftBlock"><a href="<?php
echo $baseurl;
?>
/plugins/rss2/pages/rssfilter.php?key=<?php
echo urlencode($apikey);
?>
&search=<?php
echo urlencode($search);
?>
&restypes=<?php
echo urlencode($restypes);
?>
&archive=<?php
echo urlencode($archive);
?>
&starsearch=<?php
echo urlencode($starsearch);
?>
&skey=<?php
echo urlencode($skey);
?>
">> <?php
echo $lang["rss_feed_for_search_filter"];
?>
</a></div>
<?php
}
function HookRss2AllSearchbarbeforebottomlinks()
{
global $baseurl, $lang, $userpassword, $username, $api_scramble_key;
$skey = md5($api_scramble_key . make_api_key($username, $userpassword) . "!last50");
?>
<p><a target="_TOP" href="<?php
echo $baseurl;
?>
/plugins/rss2/pages/rssfilter.php?key=<?php
echo make_api_key($username, $userpassword);
?>
&search=!last50&skey=<?php
echo urlencode($skey);
?>
">> <?php
echo $lang["new_content_rss_feed"];
?>
<!--<img src="<?php
echo $baseurl;
?>
/plugins/rss2/static/rss.gif" style="vertical-align:middle;" alt="" /> --></a></p><p></p>
<?php
}
?>
</a></p><h1><?php
echo $lang["apiaccess"];
?>
</h1>
</div>
<?php
if (!$enable_remote_apis || $api_scramble_key == "abcdef123") {
echo $lang["remoteapisnotavailable"];
exit;
}
?>
<?php
$apikey = make_api_key($username, $userpassword);
echo $lang["yourauthkey"];
?>
<p><input type="text" size=80 value="<?php
echo $apikey;
?>
"></p>
<?php
echo $lang["yourhashkey"];
$hashkey = md5($api_scramble_key . $apikey);
?>
<p><input type="text" size=35 value="<?php
echo $hashkey;
$ip = get_ip();
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
} else {
$referer = "";
}
$current_whitelists = sql_query("select u.username,u.fullname,w.* from api_whitelist w join user u on w.userref=u.ref order by u.username");
$allowed_by_domain = false;
foreach ($current_whitelists as $whitelist) {
if ($referer != "" && strpos($referer, $whitelist['ip_domain']) !== false) {
$allowed_by_domain = true;
}
if ($allowed_by_domain || ip_matches($ip, $whitelist['ip_domain'])) {
// IP matches. Log in as specified user
$api_whitelisted_user = sql_query("select * from user where ref='" . $whitelist['userref'] . "'");
$_POST['key'] = $_GET['key'] = make_api_key($api_whitelisted_user[0]['username'], $api_whitelisted_user[0]['password']);
$allowed_apis = explode(",", $whitelist['apis']);
$api_plugin = explode("/", $_SERVER['REQUEST_URI']);
$api_plugin = $api_plugin[count($api_plugin) - 2];
//echo $api_plugin;
if (in_array("all", $allowed_apis)) {
break;
} else {
if (in_array($api_plugin, $allowed_apis)) {
break;
} else {
header("HTTP/1.0 403 Access Denied");
exit("Access denied for {$api_plugin}.");
}
}
}
