site_iri: comparison web/drupal/modules/blogapi/blogapi.module

equal deleted inserted replaced

-:fcf75e232c5b
+:0ff3ba646492
+<?php
+// $Id: blogapi.module,v 1.115.2.5 2008/10/08 20:12:17 goba Exp $
+/**
+* @file
+* Enable users to post using applications that support XML-RPC blog APIs.
+*/
+/**
+* Implementation of hook_help().
+*/
+function blogapi_help($path, $arg) {
+switch ($path) {
+case 'admin/help#blogapi':
+$output = '<p>'. t("The Blog API module allows your site's users to access and post to their blogs from external blogging clients. External blogging clients are available for a wide range of desktop operating systems, and generally provide a feature-rich graphical environment for creating and editing posts.") .'</p>';
+$output .= '<p>'. t('<a href="@ecto-link">Ecto</a>, a blogging client available for both Mac OS X and Microsoft Windows, can be used with Blog API. Blog API also supports <a href="@blogger-api">Blogger API</a>, <a href="@metaweblog-api">MetaWeblog API</a>, and most of the <a href="@movabletype-api">Movable Type API</a>. Blogging clients and other services (e.g. <a href="@flickr">Flickr\'s</a> "post to blog") that support these APIs may also be compatible.', array('@ecto-link' => url('http://infinite-sushi.com/software/ecto/'), '@blogger-api' => url('http://www.blogger.com/developers/api/1_docs/'), '@metaweblog-api' => url('http://www.xmlrpc.com/metaWeblogApi'), '@movabletype-api' => url('http://www.movabletype.org/docs/mtmanual_programmatic.html'), '@flickr' => url('http://www.flickr.com'))) .'</p>';
+$output .= '<p>'. t('Select the content types available to external clients on the <a href="@blogapi-settings">Blog API settings page</a>. If supported and available, each content type will be displayed as a separate "blog" by the external client.', array('@blogapi-settings' => url('admin/settings/blogapi'))) .'</p>';
+$output .= '<p>'. t('For more information, see the online handbook entry for <a href="@blogapi">Blog API module</a>.', array('@blogapi' => url('http://drupal.org/handbook/modules/blogapi/'))) .'</p>';
+return $output;
+}
+}
+/**
+* Implementation of hook_perm().
+*/
+function blogapi_perm() {
+return array('administer content with blog api');
+}
+/**
+* Implementation of hook_xmlrpc().
+*/
+function blogapi_xmlrpc() {
+return array(
+array(
+'blogger.getUsersBlogs',
+'blogapi_blogger_get_users_blogs',
+array('array', 'string', 'string', 'string'),
+t('Returns a list of blogs to which an author has posting privileges.')),
+array(
+'blogger.getUserInfo',
+'blogapi_blogger_get_user_info',
+array('struct', 'string', 'string', 'string'),
+t('Returns information about an author in the system.')),
+array(
+'blogger.newPost',
+'blogapi_blogger_new_post',
+array('string', 'string', 'string', 'string', 'string', 'string', 'boolean'),
+t('Creates a new post, and optionally publishes it.')),
+array(
+'blogger.editPost',
+'blogapi_blogger_edit_post',
+array('boolean', 'string', 'string', 'string', 'string', 'string', 'boolean'),
+t('Updates the information about an existing post.')),
+array(
+'blogger.getPost',
+'blogapi_blogger_get_post',
+array('struct', 'string', 'string', 'string', 'string'),
+t('Returns information about a specific post.')),
+array(
+'blogger.deletePost',
+'blogapi_blogger_delete_post',
+array('boolean', 'string', 'string', 'string', 'string', 'boolean'),
+t('Deletes a post.')),
+array(
+'blogger.getRecentPosts',
+'blogapi_blogger_get_recent_posts',
+array('array', 'string', 'string', 'string', 'string', 'int'),
+t('Returns a list of the most recent posts in the system.')),
+array(
+'metaWeblog.newPost',
+'blogapi_metaweblog_new_post',
+array('string', 'string', 'string', 'string', 'struct', 'boolean'),
+t('Creates a new post, and optionally publishes it.')),
+array(
+'metaWeblog.editPost',
+'blogapi_metaweblog_edit_post',
+array('boolean', 'string', 'string', 'string', 'struct', 'boolean'),
+t('Updates information about an existing post.')),
+array(
+'metaWeblog.getPost',
+'blogapi_metaweblog_get_post',
+array('struct', 'string', 'string', 'string'),
+t('Returns information about a specific post.')),
+array(
+'metaWeblog.newMediaObject',
+'blogapi_metaweblog_new_media_object',
+array('string', 'string', 'string', 'string', 'struct'),
+t('Uploads a file to your webserver.')),
+array(
+'metaWeblog.getCategories',
+'blogapi_metaweblog_get_category_list',
+array('struct', 'string', 'string', 'string'),
+t('Returns a list of all categories to which the post is assigned.')),
+array(
+'metaWeblog.getRecentPosts',
+'blogapi_metaweblog_get_recent_posts',
+array('array', 'string', 'string', 'string', 'int'),
+t('Returns a list of the most recent posts in the system.')),
+array(
+'mt.getRecentPostTitles',
+'blogapi_mt_get_recent_post_titles',
+array('array', 'string', 'string', 'string', 'int'),
+t('Returns a bandwidth-friendly list of the most recent posts in the system.')),
+array(
+'mt.getCategoryList',
+'blogapi_mt_get_category_list',
+array('array', 'string', 'string', 'string'),
+t('Returns a list of all categories defined in the blog.')),
+array(
+'mt.getPostCategories',
+'blogapi_mt_get_post_categories',
+array('array', 'string', 'string', 'string'),
+t('Returns a list of all categories to which the post is assigned.')),
+array(
+'mt.setPostCategories',
+'blogapi_mt_set_post_categories',
+array('boolean', 'string', 'string', 'string', 'array'),
+t('Sets the categories for a post.')),
+array(
+'mt.supportedMethods',
+'xmlrpc_server_list_methods',
+array('array'),
+t('Retrieve information about the XML-RPC methods supported by the server.')),
+array(
+'mt.supportedTextFilters',
+'blogapi_mt_supported_text_filters',
+array('array'),
+t('Retrieve information about the text formatting plugins supported by the server.')),
+array(
+'mt.publishPost',
+'blogapi_mt_publish_post',
+array('boolean', 'string', 'string', 'string'),
+t('Publish (rebuild) all of the static files related to an entry from your blog. Equivalent to saving an entry in the system (but without the ping).')));
+}
+/**
+* Blogging API callback. Finds the URL of a user's blog.
+*/
+function blogapi_blogger_get_users_blogs($appid, $username, $password) {
+$user = blogapi_validate_user($username, $password);
+if ($user->uid) {
+$types = _blogapi_get_node_types();
+$structs = array();
+foreach ($types as $type) {
+$structs[] = array('url' => url('blog/'. $user->uid, array('absolute' => TRUE)), 'blogid' => $type, 'blogName' => $user->name .": ". $type);
+}
+return $structs;
+}
+else {
+return blogapi_error($user);
+}
+}
+/**
+* Blogging API callback. Returns profile information about a user.
+*/
+function blogapi_blogger_get_user_info($appkey, $username, $password) {
+$user = blogapi_validate_user($username, $password);
+if ($user->uid) {
+$name = explode(' ', $user->realname ? $user->realname : $user->name, 2);
+return array(
+'userid' => $user->uid,
+'lastname' => $name[1],
+'firstname' => $name[0],
+'nickname' => $user->name,
+'email' => $user->mail,
+'url' => url('blog/'. $user->uid, array('absolute' => TRUE)));
+}
+else {
+return blogapi_error($user);
+}
+}
+/**
+* Blogging API callback. Inserts a new blog post as a node.
+*/
+function blogapi_blogger_new_post($appkey, $blogid, $username, $password, $content, $publish) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+// Return an error if not configured type.
+return $error;
+}
+$edit = array();
+$edit['type'] = $blogid;
+// get the node type defaults
+$node_type_default = variable_get('node_options_'. $edit['type'], array('status', 'promote'));
+$edit['uid'] = $user->uid;
+$edit['name'] = $user->name;
+$edit['promote'] = in_array('promote', $node_type_default);
+$edit['comment'] = variable_get('comment_'. $edit['type'], 2);
+$edit['revision'] = in_array('revision', $node_type_default);
+$edit['format'] = FILTER_FORMAT_DEFAULT;
+$edit['status'] = $publish;
+// check for bloggerAPI vs. metaWeblogAPI
+if (is_array($content)) {
+$edit['title'] = $content['title'];
+$edit['body'] = $content['description'];
+_blogapi_mt_extra($edit, $content);
+}
+else {
+$edit['title'] = blogapi_blogger_title($content);
+$edit['body'] = $content;
+}
+if (!node_access('create', $edit['type'])) {
+return blogapi_error(t('You do not have permission to create this type of post.'));
+}
+if (user_access('administer nodes') && !isset($edit['date'])) {
+$edit['date'] = format_date(time(), 'custom', 'Y-m-d H:i:s O');
+}
+node_invoke_nodeapi($edit, 'blogapi new');
+$valid = blogapi_status_error_check($edit, $publish);
+if ($valid !== TRUE) {
+return $valid;
+}
+node_validate($edit);
+if ($errors = form_get_errors()) {
+return blogapi_error(implode("\n", $errors));
+}
+$node = node_submit($edit);
+node_save($node);
+if ($node->nid) {
+watchdog('content', '@type: added %title using blog API.', array('@type' => $node->type, '%title' => $node->title), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
+// blogger.newPost returns a string so we cast the nid to a string by putting it in double quotes:
+return "$node->nid";
+}
+return blogapi_error(t('Error storing post.'));
+}
+/**
+* Blogging API callback. Modifies the specified blog node.
+*/
+function blogapi_blogger_edit_post($appkey, $postid, $username, $password, $content, $publish) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+$node = node_load($postid);
+if (!$node) {
+return blogapi_error(t('n/a'));
+}
+// Let the teaser be re-generated.
+unset($node->teaser);
+if (!node_access('update', $node)) {
+return blogapi_error(t('You do not have permission to update this post.'));
+}
+// Save the original status for validation of permissions.
+$original_status = $node->status;
+$node->status = $publish;
+// check for bloggerAPI vs. metaWeblogAPI
+if (is_array($content)) {
+$node->title = $content['title'];
+$node->body = $content['description'];
+_blogapi_mt_extra($node, $content);
+}
+else {
+$node->title = blogapi_blogger_title($content);
+$node->body = $content;
+}
+node_invoke_nodeapi($node, 'blogapi edit');
+$valid = blogapi_status_error_check($node, $original_status);
+if ($valid !== TRUE) {
+return $valid;
+}
+node_validate($node);
+if ($errors = form_get_errors()) {
+return blogapi_error(implode("\n", $errors));
+}
+if (user_access('administer nodes') && !isset($edit['date'])) {
+$node->date = format_date($node->created, 'custom', 'Y-m-d H:i:s O');
+}
+$node = node_submit($node);
+node_save($node);
+if ($node->nid) {
+watchdog('content', '@type: updated %title using Blog API.', array('@type' => $node->type, '%title' => $node->title), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
+return TRUE;
+}
+return blogapi_error(t('Error storing post.'));
+}
+/**
+* Blogging API callback. Returns a specified blog node.
+*/
+function blogapi_blogger_get_post($appkey, $postid, $username, $password) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+$node = node_load($postid);
+return _blogapi_get_post($node, TRUE);
+}
+/**
+* Check that the user has permission to save the node with the chosen status.
+*
+* @return
+*   TRUE if no error, or the blogapi_error().
+*/
+function blogapi_status_error_check($node, $original_status) {
+$node = (object) $node;
+$node_type_default = variable_get('node_options_'. $node->type, array('status', 'promote'));
+// If we don't have the 'administer nodes' permission and the status is
+// changing or for a new node the status is not the content type's default,
+// then return an error.
+if (!user_access('administer nodes') && (($node->status != $original_status) || (empty($node->nid) && $node->status != in_array('status', $node_type_default)))) {
+if ($node->status) {
+return blogapi_error(t('You do not have permission to publish this type of post. Please save it as a draft instead.'));
+}
+else {
+return blogapi_error(t('You do not have permission to save this post as a draft. Please publish it instead.'));
+}
+}
+return TRUE;
+}
+/**
+* Blogging API callback. Removes the specified blog node.
+*/
+function blogapi_blogger_delete_post($appkey, $postid, $username, $password, $publish) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+node_delete($postid);
+return TRUE;
+}
+/**
+* Blogging API callback. Returns the latest few postings in a user's blog. $bodies TRUE
+* <a href="http://movabletype.org/docs/mtmanual_programmatic.html#item_mt%2EgetRecentPostTitles">
+* returns a bandwidth-friendly list</a>.
+*/
+function blogapi_blogger_get_recent_posts($appkey, $blogid, $username, $password, $number_of_posts, $bodies = TRUE) {
+// Remove unused appkey (from bloggerAPI).
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+// Return an error if not configured type.
+return $error;
+}
+if ($bodies) {
+$result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC",  $blogid, $user->uid, 0, $number_of_posts);
+}
+else {
+$result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
+}
+$blogs = array();
+while ($blog = db_fetch_object($result)) {
+$blogs[] = _blogapi_get_post($blog, $bodies);
+}
+return $blogs;
+}
+function blogapi_metaweblog_new_post($blogid, $username, $password, $content, $publish) {
+return blogapi_blogger_new_post('0123456789ABCDEF', $blogid, $username, $password, $content, $publish);
+}
+function blogapi_metaweblog_edit_post($postid, $username, $password, $content, $publish) {
+return blogapi_blogger_edit_post('0123456789ABCDEF', $postid, $username, $password, $content, $publish);
+}
+function blogapi_metaweblog_get_post($postid, $username, $password) {
+return blogapi_blogger_get_post('01234567890ABCDEF', $postid, $username, $password);
+}
+/**
+* Blogging API callback. Inserts a file into Drupal.
+*/
+function blogapi_metaweblog_new_media_object($blogid, $username, $password, $file) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+$usersize = 0;
+$uploadsize = 0;
+$roles = array_intersect(user_roles(FALSE, 'administer content with blog api'), $user->roles);
+foreach ($roles as $rid => $name) {
+$extensions .= ' '. strtolower(variable_get("blogapi_extensions_$rid", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
+$usersize= max($usersize, variable_get("blogapi_usersize_$rid", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);
+$uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_$rid", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);
+}
+$filesize = strlen($file['bits']);
+if ($filesize > $uploadsize) {
+return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array('@maxsize' => format_size($uploadsize))));
+}
+if (_blogapi_space_used($user->uid) + $filesize > $usersize) {
+return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array('@quota' => format_size($usersize))));
+}
+// Only allow files with whitelisted extensions and convert remaining dots to
+// underscores to prevent attacks via non-terminal executable extensions with
+// files such as exploit.php.jpg.
+$whitelist = array_unique(explode(' ', trim($extensions)));
+$name = basename($file['name']);
+if ($extension_position = strrpos($name, '.')) {
+$filename = drupal_substr($name, 0, $extension_position);
+$final_extension = drupal_substr($name, $extension_position + 1);
+if (!in_array(strtolower($final_extension), $whitelist)) {
+return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array('@extensions' => implode(' ', $whitelist))));
+}
+$filename = str_replace('.', '_', $filename);
+$filename .= '.'. $final_extension;
+}
+$data = $file['bits'];
+if (!$data) {
+return blogapi_error(t('No file sent.'));
+}
+if (!$file = file_save_data($data, $filename)) {
+return blogapi_error(t('Error storing file.'));
+}
+$row = new stdClass();
+$row->uid = $user->uid;
+$row->filepath = $file;
+$row->filesize = $filesize;
+drupal_write_record('blogapi_files', $row);
+// Return the successful result.
+return array('url' => file_create_url($file), 'struct');
+}
+/**
+* Blogging API callback. Returns a list of the taxonomy terms that can be
+* associated with a blog node.
+*/
+function blogapi_metaweblog_get_category_list($blogid, $username, $password) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
+// Return an error if not configured type.
+return $error;
+}
+$vocabularies = module_invoke('taxonomy', 'get_vocabularies', $blogid, 'vid');
+$categories = array();
+if ($vocabularies) {
+foreach ($vocabularies as $vocabulary) {
+$terms = module_invoke('taxonomy', 'get_tree', $vocabulary->vid, 0, -1);
+foreach ($terms as $term) {
+$term_name = $term->name;
+foreach (module_invoke('taxonomy', 'get_parents', $term->tid, 'tid') as $parent) {
+$term_name = $parent->name .'/'. $term_name;
+}
+$categories[] = array('categoryName' => $term_name, 'categoryId' => $term->tid);
+}
+}
+}
+return $categories;
+}
+function blogapi_metaweblog_get_recent_posts($blogid, $username, $password, $number_of_posts) {
+return blogapi_blogger_get_recent_posts('0123456789ABCDEF', $blogid, $username, $password, $number_of_posts, TRUE);
+}
+function blogapi_mt_get_recent_post_titles($blogid, $username, $password, $number_of_posts) {
+return blogapi_blogger_get_recent_posts('0123456789ABCDEF', $blogid, $username, $password, $number_of_posts, FALSE);
+}
+function blogapi_mt_get_category_list($blogid, $username, $password) {
+return blogapi_metaweblog_get_category_list($blogid, $username, $password);
+}
+/**
+* Blogging API callback. Returns a list of the taxonomy terms that are
+* assigned to a particular node.
+*/
+function blogapi_mt_get_post_categories($postid, $username, $password) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+$node = node_load($postid);
+$terms = module_invoke('taxonomy', 'node_get_terms', $node, 'tid');
+$categories = array();
+foreach ($terms as $term) {
+$term_name = $term->name;
+foreach (module_invoke('taxonomy', 'get_parents', $term->tid, 'tid') as $parent) {
+$term_name = $parent->name .'/'. $term_name;
+}
+$categories[] = array('categoryName' => $term_name, 'categoryId' => $term->tid, 'isPrimary' => TRUE);
+}
+return $categories;
+}
+/**
+* Blogging API callback. Assigns taxonomy terms to a particular node.
+*/
+function blogapi_mt_set_post_categories($postid, $username, $password, $categories) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+$node = node_load($postid);
+$node->taxonomy = array();
+foreach ($categories as $category) {
+$node->taxonomy[] = $category['categoryId'];
+}
+$validated = blogapi_mt_validate_terms($node);
+if ($validated !== TRUE) {
+return $validated;
+}
+node_save($node);
+return TRUE;
+}
+/**
+* Blogging API helper - find allowed taxonomy terms for a node type.
+*/
+function blogapi_mt_validate_terms($node) {
+// We do a lot of heavy lifting here since taxonomy module doesn't have a
+// stand-alone validation function.
+if (module_exists('taxonomy')) {
+$found_terms = array();
+if (!empty($node->taxonomy)) {
+$term_list = array_unique($node->taxonomy);
+$params = $term_list;
+$params[] = $node->type;
+$result = db_query(db_rewrite_sql("SELECT t.tid, t.vid FROM {term_data} t INNER JOIN {vocabulary_node_types} n ON t.vid = n.vid WHERE t.tid IN (". db_placeholders($term_list) .") AND n.type = '%s'", 't', 'tid'), $params);
+$found_terms = array();
+$found_count = 0;
+while ($term = db_fetch_object($result)) {
+$found_terms[$term->vid][$term->tid] = $term->tid;
+$found_count++;
+}
+// If the counts don't match, some terms are invalid or not accessible to this user.
+if (count($term_list) != $found_count) {
+return blogapi_error(t('Invalid categories submitted.'));
+}
+}
+// Look up all the vocabularies for this node type.
+$result2 = db_query(db_rewrite_sql("SELECT v.vid, v.name, v.required, v.multiple FROM {vocabulary} v INNER JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE n.type = '%s'", 'v', 'vid'), $node->type);
+// Check each vocabulary associated with this node type.
+while ($vocabulary = db_fetch_object($result2)) {
+// Required vocabularies must have at least one term.
+if ($vocabulary->required && empty($found_terms[$vocabulary->vid])) {
+return blogapi_error(t('A category from the @vocabulary_name vocabulary is required.', array('@vocabulary_name' => $vocabulary->name)));
+}
+// Vocabularies that don't allow multiple terms may have at most one.
+if (!($vocabulary->multiple) && (isset($found_terms[$vocabulary->vid]) && count($found_terms[$vocabulary->vid]) > 1)) {
+return blogapi_error(t('You may only choose one category from the @vocabulary_name vocabulary.'), array('@vocabulary_name' => $vocabulary->name));
+}
+}
+}
+elseif (!empty($node->taxonomy)) {
+return blogapi_error(t('Error saving categories. This feature is not available.'));
+}
+return TRUE;
+}
+/**
+* Blogging API callback. Sends a list of available input formats.
+*/
+function blogapi_mt_supported_text_filters() {
+// NOTE: we're only using anonymous' formats because the MT spec
+// does not allow for per-user formats.
+$formats = filter_formats();
+$filters = array();
+foreach ($formats as $format) {
+$filter['key'] = $format->format;
+$filter['label'] = $format->name;
+$filters[] = $filter;
+}
+return $filters;
+}
+/**
+* Blogging API callback. Publishes the given node
+*/
+function blogapi_mt_publish_post($postid, $username, $password) {
+$user = blogapi_validate_user($username, $password);
+if (!$user->uid) {
+return blogapi_error($user);
+}
+$node = node_load($postid);
+if (!$node) {
+return blogapi_error(t('Invalid post.'));
+}
+// Nothing needs to be done if already published.
+if ($node->status) {
+return;
+}
+if (!node_access('update', $node) || !user_access('administer nodes')) {
+return blogapi_error(t('You do not have permission to update this post.'));
+}
+$node->status = 1;
+node_save($node);
+return TRUE;
+}
+/**
+* Prepare an error message for returning to the XMLRPC caller.
+*/
+function blogapi_error($message) {
+static $xmlrpcusererr;
+if (!is_array($message)) {
+$message = array($message);
+}
+$message = implode(' ', $message);
+return xmlrpc_error($xmlrpcusererr + 1, strip_tags($message));
+}
+/**
+* Ensure that the given user has permission to edit a blog.
+*/
+function blogapi_validate_user($username, $password) {
+global $user;
+$user = user_authenticate(array('name' => $username, 'pass' => $password));
+if ($user->uid) {
+if (user_access('administer content with blog api', $user)) {
+return $user;
+}
+else {
+return t('You do not have permission to edit this blog.');
+}
+}
+else {
+return t('Wrong username or password.');
+}
+}
+/**
+* For the blogger API, extract the node title from the contents field.
+*/
+function blogapi_blogger_title(&$contents) {
+if (eregi('<title>([^<]*)</title>', $contents, $title)) {
+$title = strip_tags($title[0]);
+$contents = ereg_replace('<title>[^<]*</title>', '', $contents);
+}
+else {
+list($title, $contents) = explode("\n", $contents, 2);
+}
+return $title;
+}
+function blogapi_admin_settings() {
+$node_types = array_map('check_plain', node_get_types('names'));
+$defaults = isset($node_types['blog']) ? array('blog' => 1) : array();
+$form['blogapi_node_types'] = array(
+'#type' => 'checkboxes',
+'#title' => t('Enable for external blogging clients'),
+'#required' => TRUE,
+'#default_value' => variable_get('blogapi_node_types', $defaults),
+'#options' => $node_types,
+'#description' => t('Select the content types available to external blogging clients via Blog API. If supported, each enabled content type will be displayed as a separate "blog" by the external client.')
+);
+$blogapi_extensions_default = variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');
+$blogapi_uploadsize_default = variable_get('blogapi_uploadsize_default', 1);
+$blogapi_usersize_default = variable_get('blogapi_usersize_default', 1);
+$form['settings_general'] = array(
+'#type' => 'fieldset',
+'#title' => t('File settings'),
+'#collapsible' => TRUE,
+);
+$form['settings_general']['blogapi_extensions_default'] = array(
+'#type' => 'textfield',
+'#title' => t('Default permitted file extensions'),
+'#default_value' => $blogapi_extensions_default,
+'#maxlength' => 255,
+'#description' => t('Default extensions that users can upload. Separate extensions with a space and do not include the leading dot.'),
+);
+$form['settings_general']['blogapi_uploadsize_default'] = array(
+'#type' => 'textfield',
+'#title' => t('Default maximum file size per upload'),
+'#default_value' => $blogapi_uploadsize_default,
+'#size' => 5,
+'#maxlength' => 5,
+'#description' => t('The default maximum file size a user can upload.'),
+'#field_suffix' => t('MB')
+);
+$form['settings_general']['blogapi_usersize_default'] = array(
+'#type' => 'textfield',
+'#title' => t('Default total file size per user'),
+'#default_value' => $blogapi_usersize_default,
+'#size' => 5,
+'#maxlength' => 5,
+'#description' => t('The default maximum size of all files a user can have on the site.'),
+'#field_suffix' => t('MB')
+);
+$form['settings_general']['upload_max_size'] = array('#value' => '<p>'. t('Your PHP settings limit the maximum file size per upload to %size.', array('%size' => format_size(file_upload_max_size()))).'</p>');
+$roles = user_roles(0, 'administer content with blog api');
+$form['roles'] = array('#type' => 'value', '#value' => $roles);
+foreach ($roles as $rid => $role) {
+$form['settings_role_'. $rid] = array(
+'#type' => 'fieldset',
+'#title' => t('Settings for @role', array('@role' => $role)),
+'#collapsible' => TRUE,
+'#collapsed' => TRUE,
+);
+$form['settings_role_'. $rid]['blogapi_extensions_'. $rid] = array(
+'#type' => 'textfield',
+'#title' => t('Permitted file extensions'),
+'#default_value' => variable_get('blogapi_extensions_'. $rid, $blogapi_extensions_default),
+'#maxlength' => 255,
+'#description' => t('Extensions that users in this role can upload. Separate extensions with a space and do not include the leading dot.'),
+);
+$form['settings_role_'. $rid]['blogapi_uploadsize_'. $rid] = array(
+'#type' => 'textfield',
+'#title' => t('Maximum file size per upload'),
+'#default_value' => variable_get('blogapi_uploadsize_'. $rid, $blogapi_uploadsize_default),
+'#size' => 5,
+'#maxlength' => 5,
+'#description' => t('The maximum size of a file a user can upload (in megabytes).'),
+);
+$form['settings_role_'. $rid]['blogapi_usersize_'. $rid] = array(
+'#type' => 'textfield',
+'#title' => t('Total file size per user'),
+'#default_value' => variable_get('blogapi_usersize_'. $rid, $blogapi_usersize_default),
+'#size' => 5,
+'#maxlength' => 5,
+'#description' => t('The maximum size of all files a user can have on the site (in megabytes).'),
+);
+}
+return system_settings_form($form);
+}
+function blogapi_menu() {
+$items['blogapi/rsd'] = array(
+'title' => 'RSD',
+'page callback' => 'blogapi_rsd',
+'access arguments' => array('access content'),
+'type' => MENU_CALLBACK,
+);
+$items['admin/settings/blogapi'] = array(
+'title' => 'Blog API',
+'description' => 'Configure the content types available to external blogging clients.',
+'page callback' => 'drupal_get_form',
+'page arguments' => array('blogapi_admin_settings'),
+'access arguments' => array('administer site configuration'),
+'type' => MENU_NORMAL_ITEM,
+);
+return $items;
+}
+function blogapi_init() {
+if (drupal_is_front_page()) {
+drupal_add_link(array('rel' => 'EditURI',
+'type' => 'application/rsd+xml',
+'title' => t('RSD'),
+'href' => url('blogapi/rsd', array('absolute' => TRUE))));
+}
+}
+function blogapi_rsd() {
+global $base_url;
+$xmlrpc = $base_url .'/xmlrpc.php';
+$base = url('', array('absolute' => TRUE));
+$blogid = 1; # until we figure out how to handle multiple bloggers
+drupal_set_header('Content-Type: application/rsd+xml; charset=utf-8');
+print <<<__RSD__
+<?xml version="1.0"?>
+<rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
+<service>
+<engineName>Drupal</engineName>
+<engineLink>http://drupal.org/</engineLink>
+<homePageLink>$base</homePageLink>
+<apis>
+<api name="MetaWeblog" preferred="false" apiLink="$xmlrpc" blogID="$blogid" />
+<api name="Blogger" preferred="false" apiLink="$xmlrpc" blogID="$blogid" />
+<api name="MovableType" preferred="true" apiLink="$xmlrpc" blogID="$blogid" />
+</apis>
+</service>
+</rsd>
+__RSD__;
+}
+/**
+* Handles extra information sent by clients according to MovableType's spec.
+*/
+function _blogapi_mt_extra(&$node, $struct) {
+if (is_array($node)) {
+$was_array = TRUE;
+$node = (object)$node;
+}
+// mt_allow_comments
+if (array_key_exists('mt_allow_comments', $struct)) {
+switch ($struct['mt_allow_comments']) {
+case 0:
+$node->comment = COMMENT_NODE_DISABLED;
+break;
+case 1:
+$node->comment = COMMENT_NODE_READ_WRITE;
+break;
+case 2:
+$node->comment = COMMENT_NODE_READ_ONLY;
+break;
+}
+}
+// merge the 3 body sections (description, mt_excerpt, mt_text_more) into
+// one body
+if ($struct['mt_excerpt']) {
+$node->body = $struct['mt_excerpt'] .'<!--break-->'. $node->body;
+}
+if ($struct['mt_text_more']) {
+$node->body = $node->body .'<!--extended-->'. $struct['mt_text_more'];
+}
+// mt_convert_breaks
+if ($struct['mt_convert_breaks']) {
+$node->format = $struct['mt_convert_breaks'];
+}
+// dateCreated
+if ($struct['dateCreated']) {
+$node->date = format_date(mktime($struct['dateCreated']->hour, $struct['dateCreated']->minute, $struct['dateCreated']->second, $struct['dateCreated']->month, $struct['dateCreated']->day, $struct['dateCreated']->year), 'custom', 'Y-m-d H:i:s O');
+}
+if ($was_array) {
+$node = (array)$node;
+}
+}
+function _blogapi_get_post($node, $bodies = TRUE) {
+$xmlrpcval = array(
+'userid' => $node->name,
+'dateCreated' => xmlrpc_date($node->created),
+'title' => $node->title,
+'postid' => $node->nid,
+'link' => url('node/'. $node->nid, array('absolute' => TRUE)),
+'permaLink' => url('node/'. $node->nid, array('absolute' => TRUE)),
+);
+if ($bodies) {
+if ($node->comment == 1) {
+$comment = 2;
+}
+else if ($node->comment == 2) {
+$comment = 1;
+}
+$xmlrpcval['content'] = "<title>$node->title</title>$node->body";
+$xmlrpcval['description'] = $node->body;
+// Add MT specific fields
+$xmlrpcval['mt_allow_comments'] = (int) $comment;
+$xmlrpcval['mt_convert_breaks'] = $node->format;
+}
+return $xmlrpcval;
+}
+/**
+* Validate blog ID, which maps to a content type in Drupal.
+*
+* Only content types configured to work with Blog API are supported.
+*
+* @return
+*   TRUE if the content type is supported and the user has permission
+*   to post, or a blogapi_error() XML construct otherwise.
+*/
+function _blogapi_validate_blogid($blogid) {
+$types = _blogapi_get_node_types();
+if (in_array($blogid, $types, TRUE)) {
+return TRUE;
+}
+return blogapi_error(t("Blog API module is not configured to support the %type content type, or you don't have sufficient permissions to post this type of content.", array('%type' => $blogid)));
+}
+function _blogapi_get_node_types() {
+$available_types = array_keys(array_filter(variable_get('blogapi_node_types', array('blog' => 1))));
+$types = array();
+foreach (node_get_types() as $type => $name) {
+if (node_access('create', $type) && in_array($type, $available_types)) {
+$types[] = $type;
+}
+}
+return $types;
+}
+function _blogapi_space_used($uid) {
+return db_result(db_query('SELECT SUM(filesize) FROM {blogapi_files} f WHERE f.uid = %d', $uid));
+}

branch	drupal
changeset 74	0ff3ba646492