public function api($api_function = false, $params = false)
{
if (isset($_REQUEST['api_key']) and user_id() == 0) {
api_login($_REQUEST['api_key']);
}
if (!defined('MW_API_CALL')) {
define('MW_API_CALL', true);
}
$set_constants = true;
$mod_class_api = false;
$mod_class_api_called = false;
$mod_class_api_class_exist = false;
$caller_commander = false;
if ($api_function == false) {
$api_function_full = $this->app->url_manager->string();
$api_function_full = $this->app->format->replace_once('api_html', '', $api_function_full);
$api_function_full = $this->app->format->replace_once('api/api', 'api', $api_function_full);
$api_function_full = $this->app->format->replace_once('api', '', $api_function_full);
$api_function_full = trim($api_function_full, '/');
//$api_function_full = substr($api_function_full, 4);
} else {
$api_function_full = $api_function;
}
if (isset($api_function_full) and $api_function_full != '') {
if (ltrim($api_function_full, '/') == 'module') {
$set_constants = false;
}
}
if ($set_constants == true) {
$this->app->content_manager->define_constants();
}
if (defined('TEMPLATE_DIR')) {
$load_template_functions = TEMPLATE_DIR . 'functions.php';
if (is_file($load_template_functions)) {
include_once $load_template_functions;
}
}
//$api_function_full = str_ireplace('api/', '', $api_function_full);
$api_function_full = str_replace('..', '', $api_function_full);
$api_function_full = str_replace('\\', '/', $api_function_full);
$api_function_full = str_replace('//', '/', $api_function_full);
$api_function_full = $this->app->database_manager->escape_string($api_function_full);
if (is_string($api_function_full)) {
$mod_api_class = explode('/', $api_function_full);
} else {
$mod_api_class = $api_function_full;
}
$try_class_func = array_pop($mod_api_class);
// $try_class_func2 = array_pop($mod_api_class);
$mod_api_class_copy = $mod_api_class;
$try_class_func2 = array_pop($mod_api_class_copy);
$mod_api_class2 = implode(DS, $mod_api_class_copy);
$mod_api_class = implode(DS, $mod_api_class);
$mod_api_class_clean = ltrim($mod_api_class, '/');
$mod_api_class_clean = ltrim($mod_api_class_clean, '\\');
$mod_api_class_clean_uc1 = ucfirst($mod_api_class_clean);
$mod_api_class1 = normalize_path(modules_path() . $mod_api_class, false) . '.php';
$mod_api_class_native = normalize_path(mw_includes_path() . $mod_api_class, false) . '.php';
$mod_api_class_native_system = normalize_path(dirname(MW_PATH) . DS . $mod_api_class, false) . '.php';
$mod_api_class_native_global_ns = normalize_path(mw_includes_path() . 'classes' . DS . $mod_api_class2, false) . '.php';
$mod_api_class1_uc1 = normalize_path(modules_path() . $mod_api_class_clean_uc1, false) . '.php';
$mod_api_class_native_uc1 = normalize_path(mw_includes_path() . $mod_api_class_clean_uc1, false) . '.php';
$mod_api_class_native_global_ns_uc1 = normalize_path(mw_includes_path() . 'classes' . DS . $mod_api_class_clean_uc1, false) . '.php';
$mod_api_class2 = normalize_path(modules_path() . DS . $mod_api_class_clean . DS . $mod_api_class_clean, false) . '.php';
$mod_api_class2_uc1 = normalize_path(modules_path() . DS . $mod_api_class_clean . DS . $mod_api_class_clean, false) . '.php';
$try_class = '\\' . str_replace('/', '\\', $mod_api_class);
if (class_exists($try_class, false)) {
$caller_commander = 'class_is_already_here';
$mod_class_api_class_exist = true;
} else {
if (is_file($mod_api_class1)) {
$mod_class_api = true;
include_once $mod_api_class1;
} elseif (is_file($mod_api_class_native_system)) {
$mod_class_api = true;
include_once $mod_api_class_native_system;
} elseif (is_file($mod_api_class1_uc1)) {
$mod_class_api = true;
include_once $mod_api_class1_uc1;
} elseif (is_file($mod_api_class_native_global_ns_uc1)) {
$try_class = str_replace('/', '\\', $mod_api_class2);
$mod_class_api = true;
include_once $mod_api_class_native_global_ns_uc1;
} elseif (is_file($mod_api_class_native_global_ns)) {
$try_class = str_replace('/', '\\', $mod_api_class2);
$mod_class_api = true;
include_once $mod_api_class_native_global_ns;
} elseif (is_file($mod_api_class_native_uc1)) {
$mod_class_api = true;
include_once $mod_api_class_native_uc1;
} elseif (is_file($mod_api_class_native)) {
$mod_class_api = true;
include_once $mod_api_class_native;
} elseif (is_file($mod_api_class2)) {
$mod_class_api = true;
include_once $mod_api_class2;
} elseif (is_file($mod_api_class2_uc1)) {
$mod_class_api = true;
include_once $mod_api_class2_uc1;
}
}
$api_exposed = '';
// user functions
$api_exposed .= 'user_login user_logout social_login_process';
// content functions
$api_exposed .= 'set_language ';
$api_exposed .= api_expose(true);
if (is_logged()) {
$api_exposed .= api_expose_user(true);
}
if (is_admin()) {
$api_exposed .= api_expose_admin(true);
}
$api_exposed = explode(' ', $api_exposed);
$api_exposed = array_unique($api_exposed);
$api_exposed = array_trim($api_exposed);
$hooks = api_bind(true);
if (is_logged()) {
$hooks_admin = api_bind_user(true);
if (is_array($hooks_admin)) {
$hooks = array_merge($hooks, $hooks_admin);
}
}
if (is_admin()) {
$hooks_admin = api_bind_admin(true);
if (is_array($hooks_admin)) {
$hooks = array_merge($hooks, $hooks_admin);
}
}
if ($api_function == false) {
$api_function = $this->app->url_manager->segment(1);
}
if (!defined('MW_API_RAW')) {
if ($mod_class_api != false) {
$url_segs = $this->app->url_manager->segment(-1);
}
} else {
if (is_array($api_function)) {
$url_segs = $api_function;
} else {
$url_segs = explode('/', $api_function);
}
}
if (!defined('MW_API_FUNCTION_CALL')) {
define('MW_API_FUNCTION_CALL', $api_function);
}
switch ($caller_commander) {
case 'class_is_already_here':
if ($params != false) {
$data = $params;
} elseif (!$_POST and !$_REQUEST) {
$data = $this->app->url_manager->params(true);
if (empty($data)) {
$data = $this->app->url_manager->segment(2);
}
} else {
//$data = $_REQUEST;
$data = array_merge($_GET, $_POST);
}
static $loaded_classes = array();
//$try_class_n = src_
if (isset($loaded_classes[$try_class]) == false) {
$res = new $try_class($data);
$loaded_classes[$try_class] = $res;
} else {
$res = $loaded_classes[$try_class];
//
}
if (method_exists($res, $try_class_func) or method_exists($res, $try_class_func2)) {
if (method_exists($res, $try_class_func2)) {
$try_class_func = $try_class_func2;
}
$res = $res->{$try_class_func}($data);
if (defined('MW_API_RAW')) {
$mod_class_api_called = true;
}
return $this->_api_responce($res);
}
break;
default:
$res = false;
if (isset($hooks[$api_function_full])) {
$data = array_merge($_GET, $_POST);
$call = $hooks[$api_function_full];
if (!empty($call)) {
foreach ($call as $call_item) {
$res = call_user_func($call_item, $data);
}
}
if ($res != false) {
return $this->_api_responce($res);
}
}
if ($mod_class_api == true and $mod_api_class != false) {
$mod_api_class = str_replace('..', '', $mod_api_class);
$try_class = str_replace('/', '\\', $mod_api_class);
$try_class_full = str_replace('/', '\\', $api_function_full);
$try_class_full2 = str_replace('\\', '/', $api_function_full);
$mod_api_class_test = explode('/', $try_class_full2);
$try_class_func_test = array_pop($mod_api_class_test);
$mod_api_class_test_full = implode('/', $mod_api_class_test);
$mod_api_err = false;
if (!defined('MW_API_RAW')) {
if (!in_array($try_class_full, $api_exposed) and !in_array($try_class_full2, $api_exposed) and !in_array($mod_api_class_test_full, $api_exposed)) {
$mod_api_err = true;
foreach ($api_exposed as $api_exposed_value) {
if ($mod_api_err == true) {
if ($api_exposed_value == $try_class_full) {
$mod_api_err = false;
} elseif (strtolower('\\' . $api_exposed_value) == strtolower($try_class_full)) {
$mod_api_err = false;
} elseif ($api_exposed_value == $try_class_full2) {
$mod_api_err = false;
} else {
$convert_slashes = str_replace('\\', '/', $try_class_full);
if ($convert_slashes == $api_exposed_value) {
$mod_api_err = false;
}
}
}
}
} else {
$mod_api_err = false;
}
}
if ($mod_class_api and $mod_api_err == false) {
if (!class_exists($try_class, false)) {
$remove = $url_segs;
$last_seg = array_pop($remove);
$last_prev_seg = array_pop($remove);
$last_prev_seg2 = array_pop($remove);
if (class_exists($last_prev_seg, false)) {
$try_class = $last_prev_seg;
} elseif (class_exists($last_prev_seg2, false)) {
$try_class = $last_prev_seg2;
}
}
if (!class_exists($try_class, false)) {
$try_class_mw = ltrim($try_class, '/');
$try_class_mw = ltrim($try_class_mw, '\\');
$try_class = $try_class_mw;
}
if (class_exists($try_class, false)) {
if ($params != false) {
$data = $params;
} elseif (!$_POST and !$_REQUEST) {
$data = $this->app->url_manager->params(true);
if (empty($data)) {
$data = $this->app->url_manager->segment(2);
}
} else {
$data = array_merge($_GET, $_POST);
}
$res = new $try_class($data);
if (method_exists($res, $try_class_func) or method_exists($res, $try_class_func2)) {
if (method_exists($res, $try_class_func2)) {
$try_class_func = $try_class_func2;
}
$res = $res->{$try_class_func}($data);
$mod_class_api_called = true;
return $this->_api_responce($res);
}
} else {
mw_error('The api class ' . $try_class . ' does not exist');
}
}
}
break;
}
if ($api_function) {
} else {
$api_function = 'index';
}
if ($api_function == 'module' and $mod_class_api_called == false) {
$this->module();
} else {
$err = false;
if (!in_array($api_function, $api_exposed)) {
$err = true;
}
if ($err == true) {
foreach ($api_exposed as $api_exposed_item) {
if ($api_exposed_item == $api_function) {
$err = false;
}
}
}
if (isset($api_function_full)) {
foreach ($api_exposed as $api_exposed_item) {
if (is_string($api_exposed_item) and is_string($api_function_full)) {
$api_function_full = str_replace('\\', '/', $api_function_full);
$api_function_full = ltrim($api_function_full, '/');
if (strtolower($api_exposed_item) == strtolower($api_function_full)) {
$err = false;
}
}
}
}
if ($err == false) {
if ($mod_class_api_called == false) {
if (!$_POST and !$_REQUEST) {
// $data = $this->app->url_manager->segment(2);
$data = $this->app->url_manager->params(true);
if (empty($data)) {
$data = $this->app->url_manager->segment(2);
}
} else {
//$data = $_REQUEST;
$data = array_merge($_GET, $_POST);
}
$api_function_full_2 = explode('/', $api_function_full);
unset($api_function_full_2[count($api_function_full_2) - 1]);
$api_function_full_2 = implode('/', $api_function_full_2);
if (function_exists($api_function)) {
$res = $api_function($data);
} elseif (class_exists($api_function, false)) {
//
$segs = $this->app->url_manager->segment();
$mmethod = array_pop($segs);
$class = new $api_function($this->app);
if (method_exists($class, $mmethod)) {
$res = $class->{$mmethod}($data);
}
} else {
$api_function_full_2 = str_replace(array('..', '/'), array('', '\\'), $api_function_full_2);
$api_function_full_2 = __NAMESPACE__ . '\\' . $api_function_full_2;
if (class_exists($api_function_full_2, false)) {
//
$segs = $this->app->url_manager->segment();
$mmethod = array_pop($segs);
$class = new $api_function_full_2($this->app);
if (method_exists($class, $mmethod)) {
$res = $class->{$mmethod}($data);
}
} elseif (isset($api_function_full)) {
$api_function_full = str_replace('\\', '/', $api_function_full);
$api_function_full1 = explode('/', $api_function_full);
$mmethod = array_pop($api_function_full1);
$mclass = array_pop($api_function_full1);
if (class_exists($mclass, false)) {
$class = new $mclass($this->app);
if (method_exists($class, $mmethod)) {
$res = $class->{$mmethod}($data);
}
}
}
}
}
if (isset($res) and isset($hooks[$api_function]) and is_array($hooks[$api_function]) and !empty($hooks[$api_function])) {
foreach ($hooks[$api_function] as $hook_key => $hook_value) {
if ($hook_value != false and $hook_value != null) {
$hook_value($res);
}
}
} else {
//error('The api function ' . $api_function . ' does not exist', __FILE__, __LINE__);
}
// print $api_function;
} else {
$api_function = mw()->format->clean_html($api_function);
$api_function = mw()->format->clean_xss($api_function);
mw_error('The api function ' . $api_function . ' is not defined in the allowed functions list');
}
if (isset($res)) {
return $this->_api_responce($res);
}
return;
}
}