/**
* Exports list of persons.
*
*
* @access public
* @param array $persons Stud.IP-user_ids for export
*/
function export_persons($persons)
{
global $xml_names_person, $xml_groupnames_person, $object_counter, $o_mode, $ex_person_details;
if (!is_array($persons) or count($persons) == 0) {
return;
}
$query = "SELECT *\n FROM auth_user_md5\n LEFT JOIN user_info USING (user_id)\n WHERE user_id IN (?)";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($persons));
while ($row = $statement->fetch(PDO::FETCH_ASSOC)) {
$object_counter += 1;
$data_object = xml_open_tag($xml_groupnames_person['object'], $row['username']);
if ($ex_person_details) {
$data_object .= xml_tag('id', $row['user_id']);
}
while (list($key, $val) = each($xml_names_person)) {
if ($val == '') {
$val = $key;
}
if ($row[$key] != '') {
$data_object .= xml_tag($val, $row[$key]);
}
}
// freie Datenfelder ausgeben
$data_object .= export_datafields($row['user_id'], $xml_groupnames_person['childgroup1'], $xml_groupnames_person['childobject1'], 'user');
$data_object .= xml_close_tag($xml_groupnames_person['object']);
reset($xml_names_person);
output_data($data_object, $o_mode);
$data_object = '';
}
}
/**
* @param string $name
* @param array $attrs
* @param array $children
* @return string
*/
function xml_tag($name, $attrs = array(), $children = array())
{
$xml = "<{$name} ";
foreach ($attrs as $k => $v) {
$xv = str_replace(''', ''', htmlspecialchars($v, ENT_QUOTES));
$xml .= "{$k}=\"{$xv}\" ";
}
if (count($children) > 0) {
$xml .= ">\n";
foreach ($children as $child) {
$xml .= xml_tag($child);
}
$xml .= "</{$name}>\n";
} else {
$xml .= "/>\n";
}
return $xml;
}
/**
* find_posts()
* Find all posts that match the search criteria. Posts will be ordered by id descending.
*
* Parameters:
* - md5: md5 hash to search for (comma delimited)
* - id: id to search for (comma delimited)
* - tags: what tags to search for
* - limit: limit
* - page: page number
* - after_id: limit results to posts added after this id
*
* @return string
* @throws SCoreException
*/
private function api_find_posts()
{
$results = array();
$this->authenticate_user();
$start = 0;
if (isset($_GET['md5'])) {
$md5list = explode(",", $_GET['md5']);
foreach ($md5list as $md5) {
$results[] = Image::by_hash($md5);
}
$count = count($results);
} elseif (isset($_GET['id'])) {
$idlist = explode(",", $_GET['id']);
foreach ($idlist as $id) {
$results[] = Image::by_id($id);
}
$count = count($results);
} else {
$limit = isset($_GET['limit']) ? int_escape($_GET['limit']) : 100;
// Calculate start offset.
if (isset($_GET['page'])) {
// Danbooru API uses 'page' >= 1
$start = (int_escape($_GET['page']) - 1) * $limit;
} else {
if (isset($_GET['pid'])) {
// Gelbooru API uses 'pid' >= 0
$start = int_escape($_GET['pid']) * $limit;
} else {
$start = 0;
}
}
$tags = isset($_GET['tags']) ? Tag::explode($_GET['tags']) : array();
$count = Image::count_images($tags);
$results = Image::find_images(max($start, 0), min($limit, 100), $tags);
}
// Now we have the array $results filled with Image objects
// Let's display them
$xml = "<posts count=\"{$count}\" offset=\"{$start}\">\n";
foreach ($results as $img) {
// Sanity check to see if $img is really an image object
// If it isn't (e.g. someone requested an invalid md5 or id), break out of the this
if (!is_object($img)) {
continue;
}
$taglist = $img->get_tag_list();
$owner = $img->get_owner();
$previewsize = get_thumbnail_size($img->width, $img->height);
$xml .= xml_tag("post", array("id" => $img->id, "md5" => $img->hash, "file_name" => $img->filename, "file_url" => $img->get_image_link(), "height" => $img->height, "width" => $img->width, "preview_url" => $img->get_thumb_link(), "preview_height" => $previewsize[1], "preview_width" => $previewsize[0], "rating" => "u", "date" => $img->posted, "is_warehoused" => false, "tags" => $taglist, "source" => $img->source, "score" => 0, "author" => $owner->name));
}
$xml .= "</posts>";
return $xml;
}
private function api_danbooru(PageRequestEvent $event)
{
global $page;
global $config;
global $database;
global $user;
$page->set_mode("data");
$page->set_type("application/xml");
//debug
//$page->set_type("text/plain");
$results = array();
$danboorup_kludge = 1;
// danboorup for firefox makes broken links out of location: /path
/*
add_post()
Adds a post to the database.
Parameters
* login: login
* password: password
* file: file as a multipart form
* source: source url
* title: title **IGNORED**
* tags: list of tags as a string, delimited by whitespace
* md5: MD5 hash of upload in hexadecimal format
* rating: rating of the post. can be explicit, questionable, or safe. **IGNORED**
Notes
* The only necessary parameter is tags and either file or source.
* If you want to sign your post, you need a way to authenticate your account, either by supplying login and password, or by supplying a cookie.
* If an account is not supplied or if it doesnt authenticate, he post will be added anonymously.
* If the md5 parameter is supplied and does not match the hash of whats on the server, the post is rejected.
Response
The response depends on the method used:
Post
* X-Danbooru-Location set to the URL for newly uploaded post.
Get
* Redirected to the newly uploaded post.
*/
if ($event->get_arg(1) == 'add_post' || $event->get_arg(1) == 'post' && $event->get_arg(2) == 'create.xml') {
// No XML data is returned from this function
$page->set_type("text/plain");
// Check first if a login was supplied, if it wasn't check if the user is logged in via cookie
// If all that fails, it's an anonymous upload
$this->authenticate_user();
// Now we check if a file was uploaded or a url was provided to transload
// Much of this code is borrowed from /ext/upload
if ($user->can("create_image")) {
if (isset($_FILES['file'])) {
// A file was POST'd in
$file = $_FILES['file']['tmp_name'];
$filename = $_FILES['file']['name'];
// If both a file is posted and a source provided, I'm assuming source is the source of the file
if (isset($_REQUEST['source']) && !empty($_REQUEST['source'])) {
$source = $_REQUEST['source'];
} else {
$source = null;
}
} elseif (isset($_FILES['post'])) {
$file = $_FILES['post']['tmp_name']['file'];
$filename = $_FILES['post']['name']['file'];
if (isset($_REQUEST['post']['source']) && !empty($_REQUEST['post']['source'])) {
$source = $_REQUEST['post']['source'];
} else {
$source = null;
}
} elseif (isset($_REQUEST['source']) || isset($_REQUEST['post']['source'])) {
// A url was provided
$url = isset($_REQUEST['source']) ? $_REQUEST['source'] : $_REQUEST['post']['source'];
$source = $url;
$tmp_filename = tempnam("/tmp", "shimmie_transload");
// Are we using fopen wrappers or curl?
if ($config->get_string("transload_engine") == "fopen") {
$fp = fopen($url, "r");
if (!$fp) {
$page->add_http_header("HTTP/1.0 409 Conflict");
$page->add_http_header("X-Danbooru-Errors: fopen read error");
}
$data = "";
$length = 0;
while (!feof($fp) && $length <= $config->get_int('upload_size')) {
$data .= fread($fp, 8192);
$length = strlen($data);
}
fclose($fp);
$fp = fopen($tmp_filename, "w");
fwrite($fp, $data);
fclose($fp);
}
if ($config->get_string("transload_engine") == "curl") {
$ch = curl_init($url);
$fp = fopen($tmp_filename, "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
fclose($fp);
}
$file = $tmp_filename;
$filename = basename($url);
} else {
// Nothing was specified at all
$page->add_http_header("HTTP/1.0 409 Conflict");
$page->add_http_header("X-Danbooru-Errors: no input files");
return;
}
// Get tags out of url
$posttags = Tag::explode(isset($_REQUEST['tags']) ? $_REQUEST['tags'] : $_REQUEST['post']['tags']);
$hash = md5_file($file);
// Was an md5 supplied? Does it match the file hash?
if (isset($_REQUEST['md5'])) {
if (strtolower($_REQUEST['md5']) != $hash) {
$page->add_http_header("HTTP/1.0 409 Conflict");
$page->add_http_header("X-Danbooru-Errors: md5 mismatch");
return;
}
}
// Upload size checking is now performed in the upload extension
// It is also currently broken due to some confusion over file variable ($tmp_filename?)
// Does it exist already?
$existing = Image::by_hash($hash);
if (!is_null($existing)) {
$page->add_http_header("HTTP/1.0 409 Conflict");
$page->add_http_header("X-Danbooru-Errors: duplicate");
$existinglink = make_link("post/view/" . $existing->id);
if ($danboorup_kludge) {
$existinglink = make_http($existinglink);
}
$page->add_http_header("X-Danbooru-Location: {$existinglink}");
return;
// wut!
}
// Fire off an event which should process the new file and add it to the db
$fileinfo = pathinfo($filename);
$metadata = array();
$metadata['filename'] = $fileinfo['basename'];
$metadata['extension'] = $fileinfo['extension'];
$metadata['tags'] = $posttags;
$metadata['source'] = $source;
//log_debug("danbooru_api","========== NEW($filename) =========");
//log_debug("danbooru_api", "upload($filename): fileinfo(".var_export($fileinfo,TRUE)."), metadata(".var_export($metadata,TRUE).")...");
try {
$nevent = new DataUploadEvent($file, $metadata);
//log_debug("danbooru_api", "send_event(".var_export($nevent,TRUE).")");
send_event($nevent);
// If it went ok, grab the id for the newly uploaded image and pass it in the header
$newimg = Image::by_hash($hash);
// FIXME: Unsupported file doesn't throw an error?
$newid = make_link("post/view/" . $newimg->id);
if ($danboorup_kludge) {
$newid = make_http($newid);
}
// Did we POST or GET this call?
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$page->add_http_header("X-Danbooru-Location: {$newid}");
} else {
$page->add_http_header("Location: {$newid}");
}
} catch (UploadException $ex) {
// Did something screw up?
$page->add_http_header("HTTP/1.0 409 Conflict");
$page->add_http_header("X-Danbooru-Errors: exception - " . $ex->getMessage());
return;
}
} else {
$page->add_http_header("HTTP/1.0 409 Conflict");
$page->add_http_header("X-Danbooru-Errors: authentication error");
return;
}
}
/*
find_posts()
Find all posts that match the search criteria. Posts will be ordered by id descending.
Parameters
* md5: md5 hash to search for (comma delimited)
* id: id to search for (comma delimited)
* tags: what tags to search for
* limit: limit
* page: page number
* after_id: limit results to posts added after this id
*/
if ($event->get_arg(1) == 'find_posts' || $event->get_arg(1) == 'post' && $event->get_arg(2) == 'index.xml') {
$this->authenticate_user();
$start = 0;
if (isset($_GET['md5'])) {
$md5list = explode(",", $_GET['md5']);
foreach ($md5list as $md5) {
$results[] = Image::by_hash($md5);
}
$count = count($results);
} elseif (isset($_GET['id'])) {
$idlist = explode(",", $_GET['id']);
foreach ($idlist as $id) {
$results[] = Image::by_id($id);
}
$count = count($results);
} else {
$limit = isset($_GET['limit']) ? int_escape($_GET['limit']) : 100;
// Calculate start offset.
if (isset($_GET['page'])) {
// Danbooru API uses 'page' >= 1
$start = (int_escape($_GET['page']) - 1) * $limit;
} else {
if (isset($_GET['pid'])) {
// Gelbooru API uses 'pid' >= 0
$start = int_escape($_GET['pid']) * $limit;
} else {
$start = 0;
}
}
$tags = isset($_GET['tags']) ? Tag::explode($_GET['tags']) : array();
$count = Image::count_images($tags);
$results = Image::find_images(max($start, 0), min($limit, 100), $tags);
}
// Now we have the array $results filled with Image objects
// Let's display them
$xml = "<posts count=\"{$count}\" offset=\"{$start}\">\n";
foreach ($results as $img) {
// Sanity check to see if $img is really an image object
// If it isn't (e.g. someone requested an invalid md5 or id), break out of the this
if (!is_object($img)) {
continue;
}
$taglist = $img->get_tag_list();
$owner = $img->get_owner();
$previewsize = get_thumbnail_size($img->width, $img->height);
$xml .= xml_tag("post", array("id" => $img->id, "md5" => $img->hash, "file_name" => $img->filename, "file_url" => $img->get_image_link(), "height" => $img->height, "width" => $img->width, "preview_url" => $img->get_thumb_link(), "preview_height" => $previewsize[1], "preview_width" => $previewsize[0], "rating" => "u", "date" => $img->posted, "is_warehoused" => false, "tags" => $taglist, "source" => $img->source, "score" => 0, "author" => $owner->name));
}
$xml .= "</posts>";
$page->set_data($xml);
}
/*
find_tags() Find all tags that match the search criteria.
Parameters
* id: A comma delimited list of tag id numbers.
* name: A comma delimited list of tag names.
* tags: any typical tag query. See Tag#parse_query for details.
* after_id: limit results to tags with an id number after after_id. Useful if you only want to refresh
*/
if ($event->get_arg(1) == 'find_tags') {
if (isset($_GET['id'])) {
$idlist = explode(",", $_GET['id']);
foreach ($idlist as $id) {
$sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE id = ?", array($id));
if (!$sqlresult->EOF) {
$results[] = array($sqlresult->fields['count'], $sqlresult->fields['tag'], $sqlresult->fields['id']);
}
}
} elseif (isset($_GET['name'])) {
$namelist = explode(",", $_GET['name']);
foreach ($namelist as $name) {
$sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE tag = ?", array($name));
if (!$sqlresult->EOF) {
$results[] = array($sqlresult->fields['count'], $sqlresult->fields['tag'], $sqlresult->fields['id']);
}
}
} else {
$start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0;
$sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC", array($start));
while (!$sqlresult->EOF) {
$results[] = array($sqlresult->fields['count'], $sqlresult->fields['tag'], $sqlresult->fields['id']);
$sqlresult->MoveNext();
}
}
// Tag results collected, build XML output
$xml = "<tags>\n";
foreach ($results as $tag) {
$xml .= "<tag type=\"0\" count=\"{$tag['0']}\" name=\"" . $this->xmlspecialchars($tag[1]) . "\" id=\"{$tag['2']}\"/>\n";
}
$xml .= "</tags>";
$page->set_data($xml);
}
// Hackery for danbooruup 0.3.2 providing the wrong view url. This simply redirects to the proper
// Shimmie view page
// Example: danbooruup says the url is http://shimmie/api/danbooru/post/show/123
// This redirects that to http://shimmie/post/view/123
if ($event->get_arg(1) == 'post' && $event->get_arg(2) == 'show') {
$fixedlocation = make_link("post/view/" . $event->get_arg(3));
$page->set_mode("redirect");
$page->set_redirect($fixedlocation);
}
}
if ($o_mode != "direct")
{
if (!(is_dir( $TMP_PATH."/export" )))
{
mkdir($TMP_PATH . "/export");
chmod ($TMP_PATH . "/export", 0777);
}
$xml_file_id = md5(uniqid(rand())) . ".xml";
$xml_file = fopen($TMP_PATH."/export/" . $xml_file_id, "w");
}
if ($o_mode == 'direct'){
header("Content-type: text/xml; charset=utf-8");
if ($export_error_num){
echo '<?xml version="1.0"?>' . chr(10);
echo xml_tag('studip_export_error_msg', strip_tags($export_error));
exit();
}
}
export_range( $range_id );
if ($o_mode != "direct")
{
fclose($xml_file);
}
if (($o_mode == "file") OR ($o_mode == "choose"))
{
