Cheetah
ChOAuthAPI.php
Go to the documentation of this file.
1 <?php
2 
8 use OAuth2\Response;
9 
10 class ChOAuthAPI
11 {
12  protected $_oModule;
13  protected $_oDb;
14  public $aAction2Scope = array (
15  'me' => 'basic',
16  'user' => 'basic',
17  'friends' => 'basic',
18  'service' => 'basic', // service
19  );
20 
21  function __construct($oModule)
22  {
23  $this->_oModule = $oModule;
24  $this->_oDb = $oModule->_oDb;
25  }
26 
27  function me($aToken)
28  {
29  // {"access_token":"ed3cc95a337b6abca37b329ee8ce2ca62b4120cb","client_id":"test","user_id":"37","expires":1449277891,"scope":"basic"}
30 
31  if (!($aProfileInfo = getProfileInfo($aToken['user_id']))) {
32  $this->errorOutput('404', 'not_found', 'Profile was not found');
33  return;
34  }
35 
36  $this->output($this->_prepareProfileArray($aProfileInfo, false));
37  }
38 
39  function user($aToken)
40  {
41  $iProfileId = (int)ch_get('id');
42 
43  if ($iProfileId == $aToken['user_id']) {
44  $this->me($aToken);
45  return;
46  }
47 
48  if (!($aProfileInfo = $this->_getProfileInfoWithAccessChecking($iProfileId)))
49  return;
50 
51  $this->output($this->_prepareProfileArray($aProfileInfo, !isAdmin($aToken['user_id'])));
52  }
53 
54  function friends($aToken)
55  {
56  $iProfileId = (int)ch_get('id');
57 
58  if (!($aProfileInfo = $this->_getProfileInfoWithAccessChecking($iProfileId)))
59  return;
60 
61  $this->output(array(
62  'user_id' => $iProfileId,
63  'friends' => getMyFriendsEx($iProfileId),
64  ));
65  }
66 
67  function service($aToken)
68  {
69  if (!isAdmin($aToken['user_id'])) {
70  $this->errorOutput(403, 'access_denied', 'Only admin can access service endpoint');
71  return false;
72  }
73 
74  ch_login($aToken['user_id'], false, false);
75 
76  $sUri = ch_get('uri');
77  $sMethod = ch_get('method');
78 
79  if (!($aParams = ch_get('params')))
80  $aParams = array();
81  elseif (is_string($aParams) && preg_match('/^a:[\d+]:\{/', $aParams))
82  $aParams = @unserialize($aParams);
83  if (!is_array($aParams))
84  $aParams = array($aParams);
85 
86  if (!($sClass = ch_get('class')))
87  $sClass = 'Module';
88 
89  if (!ChWsbRequest::serviceExists($sUri, $sMethod, $sClass)) {
90  $this->errorOutput(404, 'not_found', 'Service was not found');
91  return false;
92  }
93 
94  $mixedRet = ChWsbService::call($sUri, $sMethod, $aParams, $sClass);
95 
96  $this->output(array(
97  'uri' => $sUri,
98  'method' => $sMethod,
99  'data' => $mixedRet,
100  ));
101  }
102 
103  function errorOutput($iHttpCode, $sError, $sErrorDesc)
104  {
105  $oReponse = new Response();
106  $oReponse->setError($iHttpCode, $sError, $sErrorDesc);
107  $oReponse->send();
108  }
109 
110  function output($a)
111  {
112  $oReponse = new Response();
113  $oReponse->setParameters($a);
114  $oReponse->send();
115  }
116 
117  protected function _getProfileInfoWithAccessChecking ($iProfileId)
118  {
119  if (!($aProfileInfo = getProfileInfo($iProfileId))) {
120  $this->errorOutput('404', 'not_found', 'Profile was not found');
121  return false;
122  }
123 
124  if (!ch_check_profile_visibility($iProfileId, $aToken['user_id'], true)) {
125  $this->errorOutput(403, 'access_denied', 'You have no rights to view this user info');
126  return false;
127  }
128 
129  return $aProfileInfo;
130  }
131 
132  protected function _prepareProfileArray ($aProfileInfo, $bPublicFieldsOnly = true)
133  {
134  $aProfileInfo['id'] = $aProfileInfo['ID'];
135 
136  if ($bPublicFieldsOnly) {
137  $aProfileInfo = array(
138  'id' => $aProfileInfo['id'],
139  );
140  }
141  else {
142  unset($aProfileInfo['Password']);
143  unset($aProfileInfo['Salt']);
144  unset($aProfileInfo['LangID']);
145  unset($aProfileInfo['ID']);
146  unset($aProfileInfo['Status']);
147  unset($aProfileInfo['DateLastLogin']);
148  unset($aProfileInfo['DateLastNav']);
149  unset($aProfileInfo['Featured']);
150  unset($aProfileInfo['Location']);
151  unset($aProfileInfo['Keyword']);
152  unset($aProfileInfo['Couple']);
153  unset($aProfileInfo['Avatar']);
154  unset($aProfileInfo['aff_num']);
155  unset($aProfileInfo['allow_view_to']);
156  $aProfileInfo['email'] = $aProfileInfo['Email'];
157  }
158 
159  $aProfileInfo['profile_display_name'] = $aProfileInfo['name'] = $GLOBALS['oFunctions']->getUserTitle($aProfileInfo['id']);
160  $aProfileInfo['profile_display_info'] = $GLOBALS['oFunctions']->getUserInfo($aProfileInfo['id']);
161  $aProfileInfo['profile_link'] = getProfileLink($aProfileInfo['id']);
162 
163  if (ChWsbRequest::serviceExists('photos', 'profile_photo', 'Search'))
164  $aProfileInfo['picture'] = ChWsbService::call('photos', 'profile_photo', array($aProfileInfo['id'], 'file'), 'Search');
165  else
166  $aProfileInfo['picture'] = $GLOBALS['oFunctions']->getMemberAvatar($aProfileInfo['id']);
167 
168  return $aProfileInfo;
169  }
170 
171 }
ch_login
ch_login($iId, $bRememberMe=false, $bAlert=true)
Definition: profiles.inc.php:514
$oModule
if(! @isAdmin()) $oModule
Definition: admin.php:25
getMyFriendsEx
getMyFriendsEx($iID, $sWhereParam='', $sSortParam='', $sqlLimit='')
Definition: profiles.inc.php:384
OAuth2\Response
Definition: Response.php:15
ChOAuthAPI
Definition: ChOAuthAPI.php:11
ChWsbRequest\serviceExists
static serviceExists($mixedModule, $sMethod, $sClass="Module")
Definition: ChWsbRequest.php:70
ch_get
ch_get($sName)
Definition: utils.inc.php:1664
use
GNU LESSER GENERAL PUBLIC LICENSE February Free Software Inc Franklin Fifth MA USA Everyone is permitted to copy and distribute verbatim copies of this license but changing it is not allowed[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it By the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This the Lesser General Public applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular based on the explanations below When we speak of free we are referring to freedom of use
Definition: license.txt:27
php
ChOAuthAPI\$_oDb
$_oDb
Definition: ChOAuthAPI.php:13
ChOAuthAPI\output
output($a)
Definition: ChOAuthAPI.php:110
ChOAuthAPI\user
user($aToken)
Definition: ChOAuthAPI.php:39
isAdmin
isAdmin()
Definition: index.php:649
ch_check_profile_visibility
ch_check_profile_visibility($iViewedId, $iViewerId=0, $bReturn=false)
Definition: profiles.inc.php:605
ChOAuthAPI\__construct
__construct($oModule)
Definition: ChOAuthAPI.php:21
ChOAuthAPI\$aAction2Scope
$aAction2Scope
Definition: ChOAuthAPI.php:14
ChOAuthAPI\service
service($aToken)
Definition: ChOAuthAPI.php:67
getProfileLink
getProfileLink( $iID, $sLinkAdd='')
Definition: profiles.inc.php:484
ChOAuthAPI\friends
friends($aToken)
Definition: ChOAuthAPI.php:54
ChOAuthAPI\$_oModule
$_oModule
Definition: ChOAuthAPI.php:12
$aProfileInfo
$aProfileInfo
Definition: short_profile_info.php:23
getProfileInfo
getProfileInfo($iProfileID=0, $checkActiveStatus=false, $forceCache=false)
Definition: profiles.inc.php:249
$sError
$sError
Definition: index.php:425
ChWsbService\call
static call($mixed, $sMethod, $aParams=array(), $sClass='Module')
Definition: ChWsbService.php:32
ChOAuthAPI\_getProfileInfoWithAccessChecking
_getProfileInfoWithAccessChecking($iProfileId)
Definition: ChOAuthAPI.php:117
ChOAuthAPI\me
me($aToken)
Definition: ChOAuthAPI.php:27
$iProfileId
if( $sMembersList) $iProfileId
Definition: communicator.php:29
$GLOBALS
$GLOBALS['iAdminPage']
Definition: advanced_settings.php:10
ChOAuthAPI\_prepareProfileArray
_prepareProfileArray($aProfileInfo, $bPublicFieldsOnly=true)
Definition: ChOAuthAPI.php:132
ChOAuthAPI\errorOutput
errorOutput($iHttpCode, $sError, $sErrorDesc)
Definition: ChOAuthAPI.php:103
Generated by doxygen 1.8.20