// CMS methods.
// cms.routename_pathsegment1_pathsegment2_...
$methodsegments = explode("_", $api_m);
$api_script = str_replace('cms.', '', array_shift($methodsegments));
$_REQUEST['r'] = implode('/', $methodsegments);
define('VB_API_CMS', true);
}
// API Version
$api_version = intval($_REQUEST['api_v']);
if (!$api_version) {
$api_version = VB_API_VERSION;
}
if ($api_version < VB_API_VERSION_MIN) {
print_apierror('api_version_too_low', 'This server accepts API version ' . VB_API_VERSION_MIN . ' at least. The requested API version is too low.');
} elseif ($api_version > VB_API_VERSION) {
print_apierror('api_version_too_high', 'This server accepts API version ' . VB_API_VERSION . ' at most. The requested API version is too high.');
}
// Client ID
$api_c = intval($_REQUEST['api_c']);
// Access token
$api_s = trim($_REQUEST['api_s']);
// Request Signature Verification Prepare (Verified in init.php)
$api_sig = trim($_REQUEST['api_sig']);
unset($_GET['']);
// See VBM-835
$VB_API_PARAMS_TO_VERIFY = $_GET;
unset($VB_API_PARAMS_TO_VERIFY['api_c'], $VB_API_PARAMS_TO_VERIFY['api_v'], $VB_API_PARAMS_TO_VERIFY['api_s'], $VB_API_PARAMS_TO_VERIFY['api_sig'], $VB_API_PARAMS_TO_VERIFY['debug'], $VB_API_PARAMS_TO_VERIFY['showall'], $VB_API_PARAMS_TO_VERIFY['do'], $VB_API_PARAMS_TO_VERIFY['r'], $VB_API_PARAMS_TO_VERIFY['vbseourl']);
ksort($VB_API_PARAMS_TO_VERIFY);
$VB_API_REQUESTS = array('api_m' => $api_m, 'api_version' => $api_version, 'api_c' => $api_c, 'api_s' => $api_s, 'api_sig' => $api_sig);
if (!$api_script) {
header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
// $_REQUEST data as function named params
$methodsegments = explode(".", $api_m);
try {
$apiobj = vB_Api::instanceInternal(strtolower($methodsegments[0]));
$data = $apiobj->callNamed($methodsegments[1], array_merge($_REQUEST, $_FILES));
if (!empty($data)) {
if ($api_version < VB5_API_VERSION_START) {
vB_Api::map_vb5_output_to_vb4($old_api_m, $data);
}
print_apioutput($data);
}
} catch (Exception $e) {
if ($e instanceof vB_Exception_Api) {
print_apierror($e->get_errors(), $e->getMessage());
} else {
print_apierror($e->getMessage());
}
}
function print_apierror($errors, $debugstr = '')
{
if (!is_array($errors)) {
$errors = array($errors);
}
$data = array();
if ($api_version < VB5_API_VERSION_START) {
vB_Api::map_vb5_errors_to_vb4(VB4_MAPI_METHOD, $errors);
$data = $errors;
print_apioutput($data);
return;
} else {
$data = array('errors' => $errors);
$post_copy = $_POST;
foreach ($hide as $param) {
if ($post_copy[$param]) {
$post_copy[$param] = '*****';
}
}
$db->query_write("\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "apilog (apiclientid, method, paramget, parampost, ipaddress, dateline)\n\t\t\t\tVALUES (\n\t\t\t\t\t{$VB_API_REQUESTS['api_c']},\n\t\t\t\t\t'" . $db->escape_string($VB_API_REQUESTS['api_m']) . "',\n\t\t\t\t\t'" . $db->escape_string(serialize($_GET)) . "',\n\t\t\t\t\t'" . ($vbulletin->options['apilogpostparam'] ? $db->escape_string(serialize($post_copy)) : '') . "',\n\t\t\t\t\t'" . $db->escape_string(IPADDRESS) . "',\n\t\t\t\t\t'" . TIMENOW . "'\n\t\t\t\t)\n\t\t\t");
unset($hide, $post_copy);
}
// TODO: Disable human verification in this release. enabled it when release API to public
$vbulletin->options['hvcheck'] = 0;
$vbulletin->options['vbforum_url'] = '';
$vbulletin->options['vbcms_url'] = '';
$vbulletin->options['vbblog_url'] = '';
} elseif ($VB_API_REQUESTS['api_m'] != 'api_init' and !($vbulletin->debug and $vbulletin->GPC['debug'])) {
print_apierror('missing_api_signature', 'Missing API Signature');
}
}
// #############################################################################
// Setup session
if (!empty($db->explain)) {
$db->timer_start('Session Handling');
}
$vbulletin->input->clean_array_gpc('r', array('s' => TYPE_NOHTML, 'styleid' => TYPE_INT, 'langid' => TYPE_INT));
// conditional used in templates to hide things from search engines.
$show['search_engine'] = ($vbulletin->superglobal_size['_COOKIE'] == 0 and preg_match("#(google|bingbot|yahoo! slurp|facebookexternalhit)#si", $_SERVER['HTTP_USER_AGENT']));
// handle session input
if (!VB_API) {
$sessionhash = !empty($vbulletin->GPC['s']) ? $vbulletin->GPC['s'] : $vbulletin->GPC[COOKIE_PREFIX . 'sessionhash'];
// override cookie
} else {