KXStudio
/
Website
mirror of https://github.com/KXStudio/Website
1
0
Fork 0
Code Releases 0 Activity
KXStudio Website https://kx.studio/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
166 Commits
2 Branches
173MB
Tree: 0608795530
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0608795530'
${ noResults }
Website/News/includes/xmlrpc.php

538 lines
20KB
Raw Blame History 

  1. <?php

  2.     /**

  3.      * File: XML-RPC

  4.      * Extensible XML-RPC interface for remotely controlling your Chyrp install.

  5.      */

  6. 

  7.     define('XML_RPC', true);

  8.     require_once 'common.php';

  9.     require_once INCLUDES_DIR.'/lib/ixr.php';

  10.     if (!defined('XML_RPC_FEATHER')) define('XML_RPC_FEATHER', 'text');

  11. 

  12.     # Use the Main controller for any Route calls.

  13.     Route::current(MainController::current());

  14. 

  15.     #

  16.     # Class: XMLRPC

  17.     # Provides functionality for using external clients, services, etc. for accessing and adding to Chyrp.

  18.     #

  19.     class XMLRPC extends IXR_Server {

  20.         #

  21.         # Function: __construct

  22.         # Registers the various XMLRPC methods.

  23.         #

  24.         public function __construct() {

  25.             set_error_handler('XMLRPC::error_handler');

  26.             set_exception_handler('XMLRPC::exception_handler');

  27. 

  28.             $methods = array('pingback.ping'             => 'this:pingback_ping',

  29. 

  30.                              # MetaWeblog

  31.                              'metaWeblog.getRecentPosts' => 'this:metaWeblog_getRecentPosts',

  32.                              'metaWeblog.getCategories'  => 'this:metaWeblog_getCategories',

  33.                              'metaWeblog.newMediaObject' => 'this:metaWeblog_newMediaObject',

  34.                              'metaWeblog.newPost'        => 'this:metaWeblog_newPost',

  35.                              'metaWeblog.getPost'        => 'this:metaWeblog_getPost',

  36.                              'metaWeblog.editPost'       => 'this:metaWeblog_editPost',

  37. 

  38.                              # Blogger

  39.                              'blogger.deletePost'        => 'this:blogger_deletePost',

  40.                              'blogger.getUsersBlogs'     => 'this:blogger_getUsersBlogs',

  41.                              'blogger.getUserInfo'       => 'this:blogger_getUserInfo',

  42. 

  43.                              # MovableType

  44.                              'mt.getRecentPostTitles'    => 'this:mt_getRecentPostTitles',

  45.                              'mt.getCategoryList'        => 'this:mt_getCategoryList',

  46.                              'mt.getPostCategories'      => 'this:mt_getPostCategories',

  47.                              'mt.setPostCategories'      => 'this:mt_setPostCategories',

  48.                              'mt.supportedTextFilters'   => 'this:mt_supportedTextFilters',

  49.                              'mt.supportedMethods'       => 'this:listMethods',

  50. 

  51.                              # Chyrp

  52.                              "chyrp.getRecentPosts"      => "this:chyrp_getRecentPosts",

  53.                              "chyrp.newPost"             => "this:chyrp_newPost",

  54.                              "chyrp.getPost"             => "this:chyrp_getPost",

  55.                              "chyrp.editPost"            => "this:chyrp_editPost");

  56. 

  57.             Trigger::current()->filter($methods, "xmlrpc_methods");

  58. 

  59.             $this->IXR_Server($methods);

  60.         }

  61. 

  62.         #

  63.         # Function: pingback_ping

  64.         # Receive and register pingbacks. Calls the @pingback@ trigger.

  65.         #

  66.         public function pingback_ping($args) {

  67.             $config = Config::current();

  68. 

  69.             $linked_from = str_replace('&amp;', '&', $args[0]);

  70.             $linked_to   = str_replace('&amp;', '&', $args[1]);

  71. 

  72.             $cleaned_url = str_replace(array("http://www.", "http://"), "", $config->url);

  73. 

  74.             if ($linked_to == $linked_from)

  75.                 return new IXR_ERROR(0, __("The from and to URLs cannot be the same."));

  76. 

  77.             if (!substr_count($linked_to, $cleaned_url))

  78.                 return new IXR_Error(0, __("There doesn't seem to be a valid link in your request."));

  79. 

  80.             if (preg_match("/url=([^&#]+)/", $linked_to, $url))

  81.                 $post = new Post(array("url" => $url[1]));

  82.             else

  83.                 $post = MainController::current()->post_from_url(null,

  84.                                                                  str_replace(rtrim($config->url, "/"), "/", $linked_to),

  85.                                                                  true);

  86. 

  87.             if (!$post)

  88.                 return new IXR_Error(33, __("I can't find a post from that URL."));

  89. 

  90.             # Wait for the "from" server to publish

  91.             sleep(1);

  92. 

  93.             $from = parse_url($linked_from);

  94. 

  95.             if (empty($from["host"]))

  96.                 return false;

  97. 

  98.             if (empty($from["scheme"]) or $from["scheme"] != "http")

  99.                 $linked_from = "http://".$linked_from;

  100. 

  101.             # Grab the page that linked here.

  102.             $content = get_remote($linked_from);

  103. 

  104.             # Get the title of the page.

  105.             preg_match("/<title>([^<]+)<\/title>/i", $content, $title);

  106.             $title = $title[1];

  107. 

  108.             if (empty($title))

  109.                 return new IXR_Error(32, __("There isn't a title on that page."));

  110. 

  111.             $content = strip_tags($content, "<a>");

  112. 

  113.             $url = preg_quote($linked_to, "/");

  114.             if (!preg_match("/<a[^>]*{$url}[^>]*>([^>]*)<\/a>/", $content, $context)) {

  115.                 $url = str_replace("&", "&amp;", preg_quote($linked_to, "/"));

  116.                 if (!preg_match("/<a[^>]*{$url}[^>]*>([^>]*)<\/a>/", $content, $context)) {

  117.                     $url = str_replace("&", "&#038;", preg_quote($linked_to, "/"));

  118.                     if (!preg_match("/<a[^>]*{$url}[^>]*>([^>]*)<\/a>/", $content, $context))

  119.                         return false;

  120.                 }

  121.             }

  122. 

  123.             $context[1] = truncate($context[1], 100, "...", true);

  124. 

  125.             $excerpt = strip_tags(str_replace($context[0], $context[1], $content));

  126. 

  127.             $match = preg_quote($context[1], "/");

  128.             $excerpt = preg_replace("/.*?\s(.{0,100}{$match}.{0,100})\s.*/s", "\\1", $excerpt);

  129. 

  130.             $excerpt = "[...] ".trim(normalize($excerpt))." [...]";

  131. 

  132.             Trigger::current()->call("pingback", $post, $linked_to, $linked_from, $title, $excerpt);

  133. 

  134.             return _f("Pingback from %s to %s registered!", array($linked_from, $linked_to));

  135.         }

  136. 

  137.         #

  138.         # Function: metaWeblog_getRecentPosts

  139.         # Returns a list of the most recent posts.

  140.         #

  141.         public function metaWeblog_getRecentPosts($args) {

  142.             $this->auth($args[1], $args[2]);

  143. 

  144.             $config  = Config::current();

  145.             $trigger = Trigger::current();

  146.             $result  = array();

  147. 

  148.             foreach ($this->getRecentPosts($args[3]) as $post) {

  149.                 $struct = array(

  150.                                 'postid'            => $post->id,

  151.                                 'userid'            => $post->user_id,

  152.                                 'title'             => $post->title,

  153.                                 'dateCreated'       => new IXR_Date(when('Ymd\TH:i:s', $post->created_at)),

  154.                                 'description'       => $post->body,

  155.                                 'link'              => $post->url(),

  156.                                 'permaLink'         => $post->url(),

  157.                                 'mt_basename'       => $post->url,

  158.                                 'mt_allow_pings'    => (int) $config->enable_trackbacking);

  159. 

  160.                 $result[] = $trigger->filter($struct, 'metaWeblog_getPost', $post);

  161.             }

  162. 

  163.             return $result;

  164.         }

  165. 

  166.         #

  167.         # Function: metaWeblog_getCategories

  168.         # Returns a list of all categories to which the post is assigned.

  169.         #

  170.         public function metaWeblog_getCategories($args) {

  171.             $this->auth($args[1], $args[2]);

  172. 

  173.             $categories = array();

  174.             return Trigger::current()->filter($categories, 'metaWeblog_getCategories');

  175.         }

  176. 

  177.         #

  178.         # Function: metaWeblog_newMediaObject

  179.         # Uploads a file to the server.

  180.         #

  181.         public function metaWeblog_newMediaObject($args) {

  182.             $this->auth($args[1], $args[2]);

  183. 

  184.             $config = Config::current();

  185.             $file = unique_filename(trim($args[3]['name'], ' /'));

  186.             $path = MAIN_DIR.$config->uploads_path.$file;

  187. 

  188.             if (file_put_contents($path, $args[3]['bits']) === false)

  189.                 return new IXR_Error(500, __("Failed to write file."));

  190. 

  191.             $url = $config->chyrp_url.$config->uploads_path.str_replace('+', '%20', urlencode($file));

  192.             Trigger::current()->filter($url, 'metaWeblog_newMediaObject', $path);

  193. 

  194.             return array('url' => $url);

  195.         }

  196. 

  197.         #

  198.         # Function: metaWeblog_getPost

  199.         # Retrieves a specified post.

  200.         #

  201.         public function metaWeblog_getPost($args) {

  202.             $this->auth($args[1], $args[2]);

  203. 

  204.             $post = new Post($args[0], array('filter' => false));

  205.             $struct = array(

  206.                             'postid'            => $post->id,

  207.                             'userid'            => $post->user_id,

  208.                             'title'             => $post->title,

  209.                             'dateCreated'       => new IXR_Date(when('Ymd\TH:i:s', $post->created_at)),

  210.                             'description'       => $post->body,

  211.                             'link'              => $post->url(),

  212.                             'permaLink'         => $post->url(),

  213.                             'mt_basename'       => $post->url,

  214.                             'mt_allow_pings'    => (int) Config::current()->enable_trackbacking);

  215. 

  216.             Trigger::current()->filter($struct, 'metaWeblog_getPost', $post);

  217.             return array($struct);

  218.         }

  219. 

  220.         #

  221.         # Function: metaWeblog_newPost

  222.         # Creates a new post.

  223.         #

  224.         public function metaWeblog_newPost($args) {

  225.             $this->auth($args[1], $args[2], 'add');

  226.             global $user;

  227. 

  228.             # Support for extended body

  229.             $body = $args[3]['description'];

  230.             if (!empty($args[3]['mt_text_more']))

  231.                 $body .= '<!--more-->'.$args[3]['mt_text_more'];

  232. 

  233.             # Add excerpt to body so it isn't lost

  234.             if (!empty($args[3]['mt_excerpt']))

  235.                 $body = $args[3]['mt_excerpt']."\n\n".$body;

  236. 

  237.             if (trim($body) === '')

  238.                 return new IXR_Error(500, __("Body can't be blank."));

  239. 

  240.             $clean = sanitize(oneof(@$args[3]['mt_basename'], $args[3]['title']));

  241.             $url = Post::check_url($clean);

  242. 

  243.             $_POST['user_id'] = $user->id;

  244.             $_POST['feather'] = XML_RPC_FEATHER;

  245.             $_POST['created_at'] = oneof($this->convertFromDateCreated($args[3]), datetime());

  246. 

  247.             if ($user->group->can('add_post'))

  248.                 $_POST['status'] = ($args[4]) ? 'public' : 'draft';

  249.             else

  250.                 $_POST['status'] = 'draft';

  251. 

  252.             $trigger = Trigger::current();

  253.             $trigger->call('metaWeblog_newPost_preQuery', $args[3]);

  254. 

  255.             $post = Post::add(

  256.                               array(

  257.                                     'title' => $args[3]['title'],

  258.                                     'body'  => $body),

  259.                               $clean,

  260.                               $url);

  261. 

  262.             if ($post->no_results)

  263.                 return new IXR_Error(500, __("Post not found."));

  264. 

  265.             $trigger->call('metaWeblog_newPost', $args[3], $post);

  266. 

  267.             # Send any and all pingbacks to URLs in the body

  268.             if (Config::current()->send_pingbacks)

  269.                 send_pingbacks($args[3]['description'], $post);

  270. 

  271.             return $post->id;

  272.         }

  273. 

  274.         #

  275.         # Function: metaWeblog_editPost

  276.         # Updates a specified post.

  277.         #

  278.         public function metaWeblog_editPost($args) {

  279.             $this->auth($args[1], $args[2], 'edit');

  280.             global $user;

  281. 

  282.             if (!Post::exists($args[0]))

  283.                 return new IXR_Error(500, __("Post not found."));

  284. 

  285.             # Support for extended body

  286.             $body = $args[3]['description'];

  287.             if (!empty($args[3]['mt_text_more']))

  288.                 $body .= '<!--more-->'.$args[3]['mt_text_more'];

  289. 

  290.             # Add excerpt to body so it isn't lost

  291.             if (!empty($args[3]['mt_excerpt']))

  292.                 $body = $args[3]['mt_excerpt']."\n\n".$body;

  293. 

  294.             if (trim($body) === '')

  295.                 return new IXR_Error(500, __("Body can't be blank."));

  296. 

  297.             $post = new Post($args[0], array('filter' => false));

  298. 

  299.             # More specific permission check

  300.             if (!$post->editable($user))

  301.                 return new IXR_Error(500, __("You don't have permission to edit this post."));

  302. 

  303.             # Enforce post status when necessary

  304.             if (!$user->group->can('edit_own_post', 'edit_post'))

  305.                 $status = 'draft';

  306.             else if ($post->status !== 'public' and $post->status !== 'draft')

  307.                 $status = $post->status;

  308.             else

  309.                 $status = ($args[4]) ? 'public' : 'draft';

  310. 

  311.             $trigger = Trigger::current();

  312.             $trigger->call('metaWeblog_editPost_preQuery', $args[3], $post);

  313. 

  314.             $post->update(

  315.                           array('title' => $args[3]['title'], 'body' => $body ),

  316.                           null,

  317.                           null,

  318.                           $status,

  319.                           sanitize(oneof(@$args[3]['mt_basename'], $args[3]['title'])),

  320.                           oneof($this->convertFromDateCreated($args[3]), $post->created_at));

  321. 

  322.             $trigger->call('metaWeblog_editPost', $args[3], $post);

  323. 

  324.             return true;

  325.         }

  326. 

  327.         #

  328.         # Function: blogger_deletePost

  329.         # Deletes a specified post.

  330.         #

  331.         public function blogger_deletePost($args) {

  332.             $this->auth($args[2], $args[3], 'delete');

  333.             global $user;

  334. 

  335.             $post = new Post($args[1], array('filter' => false));

  336. 

  337.             if ($post->no_results)

  338.                 return new IXR_Error(500, __("Post not found."));

  339.             else if (!$post->deletable($user))

  340.                 return new IXR_Error(500, __("You don't have permission to delete this post."));

  341. 

  342.             Post::delete($args[1]);

  343.             return true;

  344.         }

  345. 

  346.         #

  347.         # Function: blogger_getUsersBlogs

  348.         # Returns information about the Chyrp installation.

  349.         #

  350.         public function blogger_getUsersBlogs($args) {

  351.             $this->auth($args[1], $args[2]);

  352. 

  353.             $config = Config::current();

  354.             return array(array(

  355.                                'url'      => $config->url,

  356.                                'blogName' => $config->name,

  357.                                'blogid'   => 1));

  358.         }

  359. 

  360.         #

  361.         # Function: blogger_getUserInfo

  362.         # Retrieves a specified user.

  363.         #

  364.         public function blogger_getUserInfo($args) {

  365.             $this->auth($args[1], $args[2]);

  366.             global $user;

  367. 

  368.             return array(array(

  369.                                'userid'    => $user->id,

  370.                                'nickname'  => $user->full_name,

  371.                                'firstname' => '',

  372.                                'lastname'  => '',

  373.                                'email'     => $user->email,

  374.                                'url'       => $user->website));

  375.         }

  376. 

  377.         #

  378.         # Function: mt_getRecentPostTitles

  379.         # Returns a bandwidth-friendly list of the most recent posts.

  380.         #

  381.         public function mt_getRecentPostTitles($args) {

  382.             $this->auth($args[1], $args[2]);

  383. 

  384.             $result = array();

  385. 

  386.             foreach ($this->getRecentPosts($args[3]) as $post) {

  387.                 $result[] = array(

  388.                                   'postid'      => $post->id,

  389.                                   'userid'      => $post->user_id,

  390.                                   'title'       => $post->title,

  391.                                   'dateCreated' => new IXR_Date(when('Ymd\TH:i:s', $post->created_at)));

  392.             }

  393. 

  394.             return $result;

  395.         }

  396. 

  397.         #

  398.         # Function: mt_getCategoryList

  399.         # Returns a list of categories.

  400.         #

  401.         public function mt_getCategoryList($args) {

  402.             $this->auth($args[1], $args[2]);

  403. 

  404.             $categories = array();

  405.             return Trigger::current()->filter(

  406.                                               $categories,

  407.                                               'mt_getCategoryList');

  408.         }

  409. 

  410.         #

  411.         # Function: mt_getPostCategories

  412.         # Returns a list of all categories to which the post is assigned.

  413.         #

  414.         public function mt_getPostCategories($args) {

  415.             $this->auth($args[1], $args[2]);

  416. 

  417.             if (!Post::exists($args[0]))

  418.                 return new IXR_Error(500, __("Post not found."));

  419. 

  420.             $categories = array();

  421.             return Trigger::current()->filter(

  422.                                               $categories,

  423.                                               'mt_getPostCategories',

  424.                                               new Post($args[0], array('filter' => false)));

  425.         }

  426. 

  427.         #

  428.         # Function: mt_setPostCategories

  429.         # Sets the categories for a post.

  430.         #

  431.         public function mt_setPostCategories($args) {

  432.             $this->auth($args[1], $args[2], 'edit');

  433.             global $user;

  434. 

  435.             $post = new Post($args[0], array('filter' => false));

  436. 

  437.             if ($post->no_results)

  438.                 return new IXR_Error(500, __("Post not found."));

  439.             else if (!$post->deletable($user))

  440.                 return new IXR_Error(500, __("You don't have permission to edit this post."));

  441. 

  442.             Trigger::current()->call('mt_setPostCategories', $args[3], $post);

  443.             return true;

  444.         }

  445. 

  446.         #

  447.         # Function: mt_supportedTextFilters

  448.         # Returns an empty array, as this is not applicable for Chyrp.

  449.         #

  450.         public function mt_supportedTextFilters() {

  451.             return array();

  452.         }

  453. 

  454.         #

  455.         # Function: getRecentPosts

  456.         # Returns an array of the most recent posts.

  457.         #

  458.         private function getRecentPosts($limit) {

  459.             global $user;

  460. 

  461.             if (!in_array(XML_RPC_FEATHER, Config::current()->enabled_feathers))

  462.                 throw new Exception(_f("The %s feather is not enabled.", array(XML_RPC_FEATHER)));

  463. 

  464.             $where = array('feather' => XML_RPC_FEATHER);

  465. 

  466.             if ($user->group->can('view_own_draft', 'view_draft'))

  467.                 $where['status'] = array('public', 'draft');

  468.             else

  469.                 $where['status'] = 'public';

  470. 

  471.             if (!$user->group->can('view_draft', 'edit_draft', 'edit_post', 'delete_draft', 'delete_post'))

  472.                 $where['user_id'] = $user->id;

  473. 

  474.             return Post::find(

  475.                               array(

  476.                                     'where'  => $where,

  477.                                     'order'  => 'created_at DESC, id DESC',

  478.                                     'limit'  => $limit),

  479.                               array('filter' => false));

  480.         }

  481. 

  482.         #

  483.         # Function: convertFromDateCreated

  484.         # Converts an IXR_Date (in $args['dateCreated']) to SQL date format.

  485.         #

  486.         private function convertFromDateCreated($args) {

  487.             if (array_key_exists('dateCreated', $args))

  488.                 return when('Y-m-d H:i:s', $args['dateCreated']->getIso());

  489.             else

  490.                 return null;

  491.         }

  492. 

  493.         #

  494.         # Function: auth

  495.         # Authenticates a given login and password, and checks for appropriate permission

  496.         #

  497.         private function auth($login, $password, $do = 'add') {

  498.             if (!Config::current()->enable_xmlrpc)

  499.                 throw new Exception(__("XML-RPC support is disabled for this site."));

  500. 

  501.             global $user;

  502.             if (!User::authenticate($login, $password))

  503.                 throw new Exception(__("Login incorrect."));

  504.             else

  505.                 $user = new User(

  506.                                  null,

  507.                                  array(

  508.                                        'where' => array(

  509.                                                         'login' => $login

  510.                                                         )

  511.                                        )

  512.                                  );

  513. 

  514. 

  515.             if (!$user->group->can("{$do}_own_post", "{$do}_post", "{$do}_draft", "{$do}_own_draft"))

  516.                 throw new Exception(_f("You don't have permission to %s posts/drafts.", array($do)));

  517.         }

  518. 

  519.         #

  520.         # Function: error_handler

  521.         #

  522.         public static function error_handler($errno, $errstr, $errfile, $errline) {

  523.             if (error_reporting() === 0 or $errno == E_STRICT) return;

  524.             throw new Exception(sprintf("%s in %s on line %s", $errstr, $errfile, $errline));

  525.         }

  526. 

  527.         #

  528.         # Function: exception_handler

  529.         #

  530.         public static function exception_handler($exception) {

  531.             $ixr_error = new IXR_Error(500, $exception->getMessage());

  532.             echo $ixr_error->getXml();

  533.         }

  534. 

  535.     }

  536.     $server = new XMLRPC();

  537.     ?>