/** This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass. */ public function action() { global $mybb, $db; $api = APISystem::get_instance(); if (isset($api->paths[1]) && is_string($api->paths[1])) { switch (strtolower($api->paths[1])) { case "list": if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) { return (object) $forums[$api->paths[2]]; } else { return (object) $forums; } break; case "posts": if (isset($api->paths[2]) && is_string($api->paths[2])) { $posts = array(); $tid = $db->escape_string($api->paths[2]); $query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "posts p WHERE p.`tid` = '{$tid}'"); while ($post = $db->fetch_array($query)) { $posts[$post["pid"]] = $post; } return (object) $posts; } else { // what forum? } break; case "permissions": $forumpermissions = forum_permissions(); return (object) $forumpermissions; default: break; } } throw new BadRequestException("No valid option given in the URL."); }
/** This is where you output the object you receive, the parameter given is an instance of stdClass. */ public function action($stdClassObject) { $api = APISystem::get_instance(); if ($api->standard_method() == APISystem::HTTP_HEADER) { $jsonpcallback = $this->_jsonpcallback_from_http_header(); } elseif ($api->standard_method() == APISystem::URL_PARAMETER) { $jsonpcallback = $this->_jsonpcallback_from_url_parameter(); } else { $jsonpcallback = $this->_jsonpcallback_from_both(); } // if no callback function has been defined OR the one provided is invalid, return "callback" $jsonpcallback = is_null($jsonpcallback) || !self::_is_valid_jsonpcallback_function($jsonpcallback) ? "callback" : $jsonpcallback; header("Content-type: application/javascript"); echo $jsonpcallback . "("; echo json_encode($stdClassObject); echo ")"; }
/** This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass. */ public function action() { global $mybb, $db; $api = APISystem::get_instance(); if (isset($api->paths[1]) && is_string($api->paths[1])) { $forums = cache_forums(); switch (strtolower($api->paths[1])) { case "list": if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) { return (object) $forums[$api->paths[2]]; } else { return (object) $forums; } break; case "threads": if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) { $threads = array(); $fid = $db->escape_string($api->paths[2]); $query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "threads t WHERE t.`fid` = '{$fid}'"); while ($thread = $db->fetch_array($query)) { $threads[$thread["tid"]] = $thread; } return (object) $threads; } else { // what forum? } break; case "permissions": if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]]) && $this->is_authenticated()) { return (object) forum_permissions($api->paths[2], $this->get_user()->id, $this->get_user()->usergroup); } else { //what forum? } default: break; } } throw new BadRequestException("No valid option given in the URL."); }
/** This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass. */ public function action() { global $mybb, $db, $cache; $api = APISystem::get_instance(); if (isset($api->paths[1]) && is_string($api->paths[1])) { switch (strtolower($api->paths[1])) { case "list": // Incoming sort field? if ($mybb->input['sort']) { $mybb->input['sort'] = strtolower($mybb->input['sort']); } else { $mybb->input['sort'] = $mybb->settings['default_memberlist_sortby']; } switch ($mybb->input['sort']) { case "regdate": $sort_field = "u.regdate"; break; case "lastvisit": $sort_field = "u.lastactive"; break; case "reputation": $sort_field = "u.reputation"; break; case "postnum": $sort_field = "u.postnum"; break; case "referrals": $sort_field = "u.referrals"; break; default: $sort_field = "u.username"; $mybb->input['sort'] = 'username'; break; } // Incoming sort order? if ($mybb->input['order']) { $mybb->input['order'] = strtolower($mybb->input['order']); } else { $mybb->input['order'] = strtolower($mybb->settings['default_memberlist_order']); } if ($mybb->input['order'] == "ascending" || !$mybb->input['order'] && $mybb->input['sort'] == 'username') { $sort_order = "ASC"; $mybb->input['order'] = "ascending"; } else { $sort_order = "DESC"; $mybb->input['order'] = "descending"; } // Incoming results per page? $mybb->input['perpage'] = intval($mybb->input['perpage']); if ($mybb->input['perpage'] > 0 && $mybb->input['perpage'] <= 500) { $per_page = $mybb->input['perpage']; } else { if ($mybb->settings['membersperpage']) { $per_page = $mybb->input['perpage'] = intval($mybb->settings['membersperpage']); } else { $per_page = $mybb->input['perpage'] = 20; } } $search_query = '1=1'; // Limiting results to a certain letter if ($mybb->input['letter']) { $letter = chr(ord($mybb->input['letter'])); if ($mybb->input['letter'] == -1) { $search_query .= " AND u.username NOT REGEXP('[a-zA-Z]')"; } else { if (strlen($letter) == 1) { $search_query .= " AND u.username LIKE '" . $db->escape_string_like($letter) . "%'"; } } } // Searching for a matching username $search_username = htmlspecialchars_uni(trim($mybb->input['username'])); if ($search_username != '') { $username_like_query = $db->escape_string_like($search_username); // Name begins with if ($mybb->input['username_match'] == "begins") { $search_query .= " AND u.username LIKE '" . $username_like_query . "%'"; } else { $search_query .= " AND u.username LIKE '%" . $username_like_query . "%'"; } } // Website contains $search_website = htmlspecialchars_uni($mybb->input['website']); if (trim($mybb->input['website'])) { $search_query .= " AND u.website LIKE '%" . $db->escape_string_like($mybb->input['website']) . "%'"; } // AIM Identity if (trim($mybb->input['aim'])) { $search_query .= " AND u.aim LIKE '%" . $db->escape_string_like($mybb->input['aim']) . "%'"; } // ICQ Number if (trim($mybb->input['icq'])) { $search_query .= " AND u.icq LIKE '%" . $db->escape_string_like($mybb->input['icq']) . "%'"; } // MSN/Windows Live Messenger address if (trim($mybb->input['msn'])) { $search_query .= " AND u.msn LIKE '%" . $db->escape_string_like($mybb->input['msn']) . "%'"; } // Yahoo! Messenger address if (trim($mybb->input['yahoo'])) { $search_query .= " AND u.yahoo LIKE '%" . $db->escape_string_like($mybb->input['yahoo']) . "%'"; } $query = $db->simple_select("users u", "COUNT(*) AS users", "{$search_query}"); $num_users = $db->fetch_field($query, "users"); $page = intval($mybb->input['page']); if ($page && $page > 0) { $start = ($page - 1) * $per_page; } else { $start = 0; $page = 1; } $query = $db->query("\n\t\t\t\t\tSELECT u.*, f.*\n\t\t\t\t\tFROM " . TABLE_PREFIX . "users u\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\t\t\t\tWHERE {$search_query}\n\t\t\t\t\tORDER BY {$sort_field} {$sort_order}\n\t\t\t\t\tLIMIT {$start}, {$per_page}\n\t\t\t\t"); $return_array = new stdClass(); $return_array->list = array(); while ($user = $db->fetch_array($query)) { $return_array->list[] = $user; } $return_array->count = $num_users; return $return_array; break; case "group": $usergroups = $cache->read("usergroups"); return array_values($usergroups); break; default: break; } } }
<?php # This file is a part of MyBB RESTful API System plugin - version 0.2 # Released under the MIT Licence by medbenji (TheGarfield) define("IN_MYBB", 1); define('THIS_SCRIPT', 'api.php'); require_once './global.php'; require_once MYBB_ROOT . 'inc/plugins/restfulapi/apisystem.class.php'; $api = APISystem::get_instance(); $lang->load("restfulapi"); if (!$api->is_active()) { // restful api system is either not enabled, not installed or not activated $api->redirect_index($lang->restfulapi_no_permission); } /* building our output class */ $outputer = $api->build_outputer(); // does the API system require HTTPS and the request was made over HTTP ? if ($api->requires_https() && !$api->is_https()) { $api->perform_exception(new BadRequestException($lang->restfulapi_not_https)); } /* Reject invalid API keys, but provide an error answer instead of a redirection, so they can parse the error answer and know they have been rejected. */ if (!$api->is_valid_api_key()) { $api->perform_exception(new UnauthorizedException($lang->restfulapi_invalid_api_key)); } $api_instance = $api->build_api_instance(); if (empty($api_instance)) {
/** Getter not used by the API System */ public function get_user() { return APISystem::get_instance()->get_auth_user_object(); }