diff --git a/.htaccess b/.htaccess
index fe09fc5224..9cd6fa34c7 100644
--- a/.htaccess
+++ b/.htaccess
@@ -9,13 +9,15 @@ Deny from all
RewriteEngine on
+# RewriteRule api.* - [E=REMOTE_USER:%{HTTP:Authorization},L]
+
# Protect repo directory from browsing
RewriteRule "(^|/)\.git" - [F]
# Rewrite current-style URLs of the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
+ RewriteRule ^(.*)$ index.php?q=$1 [E=REMOTE_USER:%{HTTP:Authorization},L,QSA]
diff --git a/include/api.php b/include/api.php
index ef41c411c5..d1f0f9330c 100644
--- a/include/api.php
+++ b/include/api.php
@@ -27,10 +27,21 @@
* Simple HTTP Login
*/
function api_login(&$a){
+ // workaround for HTTP-auth in CGI mode
+ if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
+ $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
+ }
+ }
+
if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
header('WWW-Authenticate: Basic realm="Friendika"');
header('HTTP/1.0 401 Unauthorized');
- die('This api require login');
+ die('This api requires login');
}
$user = $_SERVER['PHP_AUTH_USER'];
@@ -52,9 +63,10 @@
if(count($r)){
$record = $r[0];
} else {
+ logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
header('WWW-Authenticate: Basic realm="Friendika"');
header('HTTP/1.0 401 Unauthorized');
- die('This api require login');
+ die('This api requires login');
}
$_SESSION['uid'] = $record['uid'];
$_SESSION['theme'] = $record['theme'];
@@ -303,7 +315,7 @@
// TODO - media uploads and alternate 'source'
- function api_post_message(&$a, $type) {
+ function api_statuses_update(&$a, $type) {
if (local_user()===false) return false;
$user_info = api_get_user($a);
@@ -329,7 +341,7 @@
item_post($a);
// this should output the last post (the one we just posted).
- return api_users_show();
+ return api_users_show($a,$type);
}
api_register_func('api/statuses/update','api_statuses_update', true);
diff --git a/mod/item.php b/mod/item.php
index 98f4ff90c2..e8714f955f 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -722,6 +722,8 @@ function item_post(&$a) {
logger('return: ' . $_POST['return']);
goaway($a->get_baseurl() . "/" . $_POST['return'] );
}
+ if($_POST['api_source'])
+ return;
$json = array('success' => 1);
if(x($_POST,'jsreload') && strlen($_POST['jsreload']))
$json['reload'] = $a->get_baseurl() . '/' . $_POST['jsreload'];
diff --git a/view/api_status_xml.tpl b/view/api_status_xml.tpl
new file mode 100644
index 0000000000..f6cd9c2c02
--- /dev/null
+++ b/view/api_status_xml.tpl
@@ -0,0 +1,46 @@
+{{ if $status }}
+ $status.created_at
+ $status.id
+ $status.text
+ $status.source
+ $status.truncated
+ $status.in_reply_to_status_id
+ $status.in_reply_to_user_id
+ $status.favorited
+ $status.in_reply_to_screen_name
+ $status.geo
+ $status.coordinates
+ $status.place
+ $status.contributors
+
+ $status.user.id
+ $status.user.name
+ $status.user.screen_name
+ $status.user.location
+ $status.user.description
+ $status.user.profile_image_url
+ $status.user.url
+ $status.user.protected
+ $status.user.followers
+ $status.user.profile_background_color
+ $status.user.profile_text_color
+ $status.user.profile_link_color
+ $status.user.profile_sidebar_fill_color
+ $status.user.profile_sidebar_border_color
+ $status.user.friends_count
+ $status.user.created_at
+ $status.user.favourites_count
+ $status.user.utc_offset
+ $status.user.time_zone
+ $status.user.profile_background_image_url
+ $status.user.profile_background_tile
+ $status.user.profile_use_background_image
+
+ $status.user.geo_enabled
+ $status.user.verified
+
+ $status.user.statuses_count
+ $status.user.lang
+ $status.user.contributors_enabled
+
+{{ endif }}