/** * @param \Illuminate\Http\Request $request * @param Closure $next * @return mixed * @throws UnVerifiedException * @author Paulius Navickas <*****@*****.**> */ public function handle($request, Closure $next) { $route = $this->router->getCurrentRoute(); if (!$this->auth->check(false)) { $this->auth->authenticate($route->getAuthenticationProviders()); } if (config('nodes.api.email-verification.active') && !api_user()->verified_at) { throw new UnVerifiedException(); } return $next($request); }
function api_direct_messages_box(&$a, $type, $box) { if (api_user() === false) { return false; } $user_info = api_get_user($a); // params $count = x($_GET, 'count') ? $_GET['count'] : 20; $page = x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0; if ($page < 0) { $page = 0; } $start = $page * $count; $channel = $a->get_channel(); $profile_url = $a->get_baseurl() . '/channel/' . $channel['channel_address']; if ($box == "sentbox") { $sql_extra = "`from_xchan`='" . dbesc($channel['channel_hash']) . "'"; } elseif ($box == "conversation") { $sql_extra = "`parent_mid`='" . dbesc($_GET["uri"]) . "'"; } elseif ($box == "all") { $sql_extra = "true"; } elseif ($box == "inbox") { $sql_extra = "`from_xchan`!='" . dbesc($channel['channel_hash']) . "'"; } $r = q("SELECT * FROM `mail` WHERE channel_id = %d AND {$sql_extra} ORDER BY created DESC LIMIT %d OFFSET %d", intval(api_user()), intval($count), intval($start)); $ret = array(); if ($r) { foreach ($r as $item) { if ($item['from_xchan'] == $channel['channel_hash']) { $sender = $user_info; $recipient = api_get_user($a, null, $item['to_xchan']); } else { $sender = api_get_user($a, null, $item['from_xchan']); $recipient = $user_info; } $ret[] = api_format_message($item, $recipient, $sender); } } $data = array('$messages' => $ret); switch ($type) { case "atom": case "rss": $data = api_rss_extra($a, $data, $user_info); } return api_apply_template("direct_messages", $type, $data); }
/** * similar as /mod/redir.php * redirect to 'url' after dfrn auth * * why this when there is mod/redir.php already? * This use api_user() and api_login() * * params * c_url: url of remote contact to auth to * url: string, url to redirect after auth */ function api_friendica_remoteauth(&$a) { $url = x($_GET, 'url') ? $_GET['url'] : ''; $c_url = x($_GET, 'c_url') ? $_GET['c_url'] : ''; if ($url === '' || $c_url === '') { die(api_error($a, 'json', "Wrong parameters")); } $c_url = normalise_link($c_url); // traditional DFRN $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `nurl` = '%s' LIMIT 1", dbesc($c_url), intval(api_user())); if (!count($r) || $r[0]['network'] !== NETWORK_DFRN) { die(api_error($a, 'json', "Unknown contact")); } $cid = $r[0]['id']; $dfrn_id = $orig_id = $r[0]['issued-id'] ? $r[0]['issued-id'] : $r[0]['dfrn-id']; if ($r[0]['duplex'] && $r[0]['issued-id']) { $orig_id = $r[0]['issued-id']; $dfrn_id = '1:' . $orig_id; } if ($r[0]['duplex'] && $r[0]['dfrn-id']) { $orig_id = $r[0]['dfrn-id']; $dfrn_id = '0:' . $orig_id; } $sec = random_string(); q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)\n\t\t\tVALUES( %d, %s, '%s', '%s', %d )", intval(api_user()), intval($cid), dbesc($dfrn_id), dbesc($sec), intval(time() + 45)); logger($r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); $dest = $url ? '&destination_url=' . $url : ''; goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet); }
function api_direct_messages_box(&$a, $type, $box) { if (api_user() === false) { return false; } $user_info = api_get_user($a); // params $count = x($_GET, 'count') ? $_GET['count'] : 20; $page = x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0; if ($page < 0) { $page = 0; } $start = $page * $count; $profile_url = $a->get_baseurl() . '/profile/' . $a->user['nickname']; if ($box == "sentbox") { $sql_extra = "`from-url`='" . dbesc($profile_url) . "'"; } elseif ($box == "conversation") { $sql_extra = "`parent-uri`='" . dbesc($_GET["uri"]) . "'"; } elseif ($box == "all") { $sql_extra = "true"; } elseif ($box == "inbox") { $sql_extra = "`from-url`!='" . dbesc($profile_url) . "'"; } $r = q("SELECT * FROM `mail` WHERE uid=%d AND {$sql_extra} ORDER BY created DESC LIMIT %d,%d", intval(api_user()), intval($start), intval($count)); $ret = array(); foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; $sender = api_get_user($a, $item['contact-id']); } elseif ($box == "sentbox" || $item['from-url'] != $profile_url) { $recipient = api_get_user($a, $item['contact-id']); $sender = $user_info; } $ret[] = api_format_messages($item, $recipient, $sender); } $data = array('$messages' => $ret); switch ($type) { case "atom": case "rss": $data = api_rss_extra($a, $data, $user_info); } return api_apply_template("direct_messages", $type, $data); }
function api_fr_photo_detail(&$a, $type) { if (api_user() === false) { return false; } if (!$_REQUEST['photo_id']) { return false; } $scale = array_key_exists('scale', $_REQUEST) ? intval($_REQUEST['scale']) : 0; $r = q("select * from photo where uid = %d and `resource-id` = '%s' and scale = %d limit 1", intval(local_user()), dbesc($_REQUEST['photo_id']), intval($scale)); if ($r) { header("Content-type: application/json"); $r[0]['data'] = base64_encode($r[0]['data']); echo json_encode($r[0]); } killme(); }