 This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass.
 public function action()
     global $mybb, $db;
     $api = APISystem::get_instance();
     if (isset($api->paths[1]) && is_string($api->paths[1])) {
         switch (strtolower($api->paths[1])) {
             case "list":
                 if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
                     return (object) $forums[$api->paths[2]];
                 } else {
                     return (object) $forums;
             case "posts":
                 if (isset($api->paths[2]) && is_string($api->paths[2])) {
                     $posts = array();
                     $tid = $db->escape_string($api->paths[2]);
                     $query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "posts p WHERE p.`tid` = '{$tid}'");
                     while ($post = $db->fetch_array($query)) {
                         $posts[$post["pid"]] = $post;
                     return (object) $posts;
                 } else {
                     // what forum?
             case "permissions":
                 $forumpermissions = forum_permissions();
                 return (object) $forumpermissions;
     throw new BadRequestException("No valid option given in the URL.");
 This is where you output the object you receive, the parameter given is an instance of stdClass.
 public function action($stdClassObject)
     $api = APISystem::get_instance();
     if ($api->standard_method() == APISystem::HTTP_HEADER) {
         $jsonpcallback = $this->_jsonpcallback_from_http_header();
     } elseif ($api->standard_method() == APISystem::URL_PARAMETER) {
         $jsonpcallback = $this->_jsonpcallback_from_url_parameter();
     } else {
         $jsonpcallback = $this->_jsonpcallback_from_both();
     // if no callback function has been defined OR the one provided is invalid, return "callback"
     $jsonpcallback = is_null($jsonpcallback) || !self::_is_valid_jsonpcallback_function($jsonpcallback) ? "callback" : $jsonpcallback;
     header("Content-type: application/javascript");
     echo $jsonpcallback . "(";
     echo json_encode($stdClassObject);
     echo ")";
 This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass.
 public function action()
     global $mybb, $db;
     $api = APISystem::get_instance();
     if (isset($api->paths[1]) && is_string($api->paths[1])) {
         $forums = cache_forums();
         switch (strtolower($api->paths[1])) {
             case "list":
                 if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
                     return (object) $forums[$api->paths[2]];
                 } else {
                     return (object) $forums;
             case "threads":
                 if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]])) {
                     $threads = array();
                     $fid = $db->escape_string($api->paths[2]);
                     $query = $db->write_query("SELECT * FROM " . TABLE_PREFIX . "threads t WHERE t.`fid` = '{$fid}'");
                     while ($thread = $db->fetch_array($query)) {
                         $threads[$thread["tid"]] = $thread;
                     return (object) $threads;
                 } else {
                     // what forum?
             case "permissions":
                 if (isset($api->paths[2]) && is_string($api->paths[2]) && isset($forums[$api->paths[2]]) && $this->is_authenticated()) {
                     return (object) forum_permissions($api->paths[2], $this->get_user()->id, $this->get_user()->usergroup);
                 } else {
                     //what forum?
     throw new BadRequestException("No valid option given in the URL.");
 This is where you perform the action when the API is called, the parameter given is an instance of stdClass, this method should return an instance of stdClass.
 public function action()
     global $mybb, $db, $cache;
     $api = APISystem::get_instance();
     if (isset($api->paths[1]) && is_string($api->paths[1])) {
         switch (strtolower($api->paths[1])) {
             case "list":
                 // Incoming sort field?
                 if ($mybb->input['sort']) {
                     $mybb->input['sort'] = strtolower($mybb->input['sort']);
                 } else {
                     $mybb->input['sort'] = $mybb->settings['default_memberlist_sortby'];
                 switch ($mybb->input['sort']) {
                     case "regdate":
                         $sort_field = "u.regdate";
                     case "lastvisit":
                         $sort_field = "u.lastactive";
                     case "reputation":
                         $sort_field = "u.reputation";
                     case "postnum":
                         $sort_field = "u.postnum";
                     case "referrals":
                         $sort_field = "u.referrals";
                         $sort_field = "u.username";
                         $mybb->input['sort'] = 'username';
                 // Incoming sort order?
                 if ($mybb->input['order']) {
                     $mybb->input['order'] = strtolower($mybb->input['order']);
                 } else {
                     $mybb->input['order'] = strtolower($mybb->settings['default_memberlist_order']);
                 if ($mybb->input['order'] == "ascending" || !$mybb->input['order'] && $mybb->input['sort'] == 'username') {
                     $sort_order = "ASC";
                     $mybb->input['order'] = "ascending";
                 } else {
                     $sort_order = "DESC";
                     $mybb->input['order'] = "descending";
                 // Incoming results per page?
                 $mybb->input['perpage'] = intval($mybb->input['perpage']);
                 if ($mybb->input['perpage'] > 0 && $mybb->input['perpage'] <= 500) {
                     $per_page = $mybb->input['perpage'];
                 } else {
                     if ($mybb->settings['membersperpage']) {
                         $per_page = $mybb->input['perpage'] = intval($mybb->settings['membersperpage']);
                     } else {
                         $per_page = $mybb->input['perpage'] = 20;
                 $search_query = '1=1';
                 // Limiting results to a certain letter
                 if ($mybb->input['letter']) {
                     $letter = chr(ord($mybb->input['letter']));
                     if ($mybb->input['letter'] == -1) {
                         $search_query .= " AND u.username NOT REGEXP('[a-zA-Z]')";
                     } else {
                         if (strlen($letter) == 1) {
                             $search_query .= " AND u.username LIKE '" . $db->escape_string_like($letter) . "%'";
                 // Searching for a matching username
                 $search_username = htmlspecialchars_uni(trim($mybb->input['username']));
                 if ($search_username != '') {
                     $username_like_query = $db->escape_string_like($search_username);
                     // Name begins with
                     if ($mybb->input['username_match'] == "begins") {
                         $search_query .= " AND u.username LIKE '" . $username_like_query . "%'";
                     } else {
                         $search_query .= " AND u.username LIKE '%" . $username_like_query . "%'";
                 // Website contains
                 $search_website = htmlspecialchars_uni($mybb->input['website']);
                 if (trim($mybb->input['website'])) {
                     $search_query .= " AND u.website LIKE '%" . $db->escape_string_like($mybb->input['website']) . "%'";
                 // AIM Identity
                 if (trim($mybb->input['aim'])) {
                     $search_query .= " AND u.aim LIKE '%" . $db->escape_string_like($mybb->input['aim']) . "%'";
                 // ICQ Number
                 if (trim($mybb->input['icq'])) {
                     $search_query .= " AND u.icq LIKE '%" . $db->escape_string_like($mybb->input['icq']) . "%'";
                 // MSN/Windows Live Messenger address
                 if (trim($mybb->input['msn'])) {
                     $search_query .= " AND u.msn LIKE '%" . $db->escape_string_like($mybb->input['msn']) . "%'";
                 // Yahoo! Messenger address
                 if (trim($mybb->input['yahoo'])) {
                     $search_query .= " AND u.yahoo LIKE '%" . $db->escape_string_like($mybb->input['yahoo']) . "%'";
                 $query = $db->simple_select("users u", "COUNT(*) AS users", "{$search_query}");
                 $num_users = $db->fetch_field($query, "users");
                 $page = intval($mybb->input['page']);
                 if ($page && $page > 0) {
                     $start = ($page - 1) * $per_page;
                 } else {
                     $start = 0;
                     $page = 1;
                 $query = $db->query("\n\t\t\t\t\tSELECT u.*, f.*\n\t\t\t\t\tFROM " . TABLE_PREFIX . "users u\n\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "userfields f ON (f.ufid=u.uid)\n\t\t\t\t\tWHERE {$search_query}\n\t\t\t\t\tORDER BY {$sort_field} {$sort_order}\n\t\t\t\t\tLIMIT {$start}, {$per_page}\n\t\t\t\t");
                 $return_array = new stdClass();
                 $return_array->list = array();
                 while ($user = $db->fetch_array($query)) {
                     $return_array->list[] = $user;
                 $return_array->count = $num_users;
                 return $return_array;
             case "group":
                 $usergroups = $cache->read("usergroups");
                 return array_values($usergroups);
예제 #5

# This file is a part of MyBB RESTful API System plugin - version 0.2
# Released under the MIT Licence by medbenji (TheGarfield)
define("IN_MYBB", 1);
define('THIS_SCRIPT', 'api.php');
require_once './global.php';
require_once MYBB_ROOT . 'inc/plugins/restfulapi/apisystem.class.php';
$api = APISystem::get_instance();
if (!$api->is_active()) {
    // restful api system is either not enabled, not installed or not activated
building our output class
$outputer = $api->build_outputer();
// does the API system require HTTPS and the request was made over HTTP ?
if ($api->requires_https() && !$api->is_https()) {
    $api->perform_exception(new BadRequestException($lang->restfulapi_not_https));
Reject invalid API keys, but provide an error answer instead of a redirection, so they can parse the error answer and know
they have been rejected.
if (!$api->is_valid_api_key()) {
    $api->perform_exception(new UnauthorizedException($lang->restfulapi_invalid_api_key));
$api_instance = $api->build_api_instance();
if (empty($api_instance)) {
 Getter not used by the API System
 public function get_user()
     return APISystem::get_instance()->get_auth_user_object();