diff --git a/controllers/multisite.php b/controllers/multisite.php new file mode 100644 index 0000000..41eb5f5 --- /dev/null +++ b/controllers/multisite.php @@ -0,0 +1,562 @@ +_verify_admin(); + + extract($_REQUEST); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + if(!isset($key)) + $json_api->error(__("You must send the 'key' parameter.")); + + if(isset($default)) + $default = (strtolower($default) == 'false'); + else + $default = false; + + return array( "option" => get_blog_option($blog_id, $key, $default) ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * nonce (required) -- the security nonce for this API function + * blog_id (required) if not set then current site id is used + * key (required) key of the blog option to add + * value (required) value of the blog option + * + * Returns Success message or error + */ + public function add_blog_option() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('add_blog_option'); + + extract($_REQUEST); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + if(!isset($key)) + $json_api->error(__("You must send the 'key' parameter.")); + + if(!isset($value)) + $json_api->error(__("You must send the 'value' parameter.")); + + add_blog_option( $blog_id, $key, $value ); + + return array( "message" => __("You successfully added a blog option.") ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * nonce (required) -- the security nonce for this API function + * blog_id (required) if not set then current site id is used + * key (required) key of the blog option to update + * value (required) value of the blog option + * + * Returns Success message or error + */ + public function update_blog_option() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('update_blog_option'); + + extract($_REQUEST); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + if(!isset($key)) + $json_api->error(__("You must send the 'key' parameter.")); + + if(!isset($value)) + $json_api->error(__("You must send the 'value' parameter.")); + + update_blog_option( $blog_id, $key, $value ); + + return array( "message" => __("You successfully updated your blog option.") ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * nonce (required) -- the security nonce for this API function + * blog_id (required) if not set then current site id is used + * key (required) key of the blog option to delete + * + * Returns Success message or error + */ + public function delete_blog_option() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('delete_blog_option'); + + extract($_REQUEST); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + if(!isset($key)) + $json_api->error(__("You must send the 'key' parameter.")); + + delete_blog_option( $blog_id, $key ); + + return array( "message" => __("You successfully deleted your blog option.") ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * blog_id (required) blog id to retrieve address for + * + * Returns blogaddress or error + */ + public function get_blogaddress_by_id() { + global $json_api; + + extract( $_REQUEST ); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + $blogaddress = get_blogaddress_by_id( $blog_id ); + + return array( "blogaddress" => $blogaddress ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * name (required) blog name retrieve address for + * + * Returns blogaddress or error + */ + public function get_blogaddress_by_name() { + global $json_api; + + extract( $_REQUEST ); + + if(!isset($blogname)) + $json_api->error(__("You must send the 'blogname' parameter.")); + + $blogaddress = get_blogaddress_by_name( $blogname ); + + return array( "blogaddress" => $blogaddress ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * name (required) blog name retrieve id for + * + * Returns blog_id or error + */ + public function get_id_from_blogname() { + global $json_api; + + $this->_verify_admin(); + + extract( $_REQUEST ); + + if(!isset($blogname)) + $json_api->error(__("You must send the 'blogname' parameter.")); + + $blog_id = get_id_from_blogname( $blogname ); + + return array( "blog_id" => $blog_id ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * blog_id (required) id of the blog to get + * + * Returns JSON array of blog details in the "blog" array index + */ + public function get_blog_details() { + global $json_api; + + $this->_verify_admin(); + + extract( $_REQUEST ); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + return array( "blog" => get_blog_details( $blog_id ) ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * nonce (required) -- the security nonce for this API function + * domain (required) full domain of the new blog + * path (optional) path of the new blog - defaults to '/' + * title (required) title of the new blog + * user_id (required) id of an existing user to be the admin of the new blog + * meta (optional) an array of meta data (defaults to '') + * + * Returns JSON array of blog details in the "blog" array index + */ + public function wpmu_create_blog() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('wpmu_create_blog'); + + extract( $_REQUEST ); + + if(!isset($domain)) + $json_api->error(__("You must send the 'domain' parameter.")); + + if(!isset($title)) + $json_api->error(__("You must send the 'title' parameter.")); + + if(!isset($user_id)) + $json_api->error(__("You must send the 'user_id' parameter.")); + + if(!isset($path)) + $path = '/'; + + if(!isset($meta)) + $meta = ''; + + $blog_id = wpmu_create_blog( $domain, $path, $title, $user_id, $meta ); + + if ( is_wp_error( $blog_id ) ) + $json_api->error( $blog_id->get_error_message() ); + else + return array( "blog" => get_blog_details( $blog_id ) ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * nonce (required) -- the security nonce for this API function + * blog_id (required) Blog ID of the blog we're going to delete + * drop (optional) Drop tables for this blog (defaults to false) + * + * Returns message of success or error + */ + public function wpmu_delete_blog() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('wpmu_delete_blog'); + + extract( $_REQUEST ); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + if(!isset($drop)) + $drop = false; + else + $drop = ($drop=='true'); + + if( !function_exists('wpmu_delete_blog') ) + require_once( ABSPATH . 'wp-admin/includes/ms.php' ); + + wpmu_delete_blog( $blog_id, $drop ); + + return array( "message" => __( "The Blog was Successfully Deleted." ) ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * nonce (required) -- the security nonce for this API function + * blog_id (required) blog we'll be adding the user to + * user_id (required) user we'll be adding to the blog + * role (optional) role of the user on the new blog (defaults to 'subscriber') + * + * Returns Success message or error + */ + public function add_user_to_blog() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('add_user_to_blog'); + + extract($_REQUEST); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + if(!isset($user_id)) + $json_api->error(__("You must send the 'user_id' parameter.")); + + if(!isset($role)) + $role = 'subscriber'; + + if( $returnval = add_user_to_blog( $blog_id, $user_id, $role ) ) + return array( "message" => __("User was successfully added to the blog.") ); + else + { + if(is_wp_error($returnval)) + $json_api->error( $returnval->get_error_message() ); + else + $json_api->error( __("There was an error adding this user to your blog") ); + } + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * nonce (required) -- the security nonce for this API function + * user_id (required) user we'll be removing from the blog + * blog_id (required) blog we'll be removing the user from + * reassign (optional) user we'll be reassigning posts to (defaults to '') + * + */ + public function remove_user_from_blog() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('remove_user_from_blog'); + + extract($_REQUEST); + + if(!isset($blog_id)) + $json_api->error(__("You must send the 'blog_id' parameter.")); + + if(!isset($user_id)) + $json_api->error(__("You must send the 'user_id' parameter.")); + + if(!isset($reassign)) + $reassign = ''; + + $returnval = remove_user_from_blog( $user_id, $blog_id, $reassign ); + + if( is_wp_error($returnval) ) + $json_api->error( $returnval->get_error_message() ); + else + return array( "message" => __( "User was successfully removed from the blog." ) ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * domain (required) full domain of site we're checking on + * path (required) path of the site we're checking on + * site_id (optional) site id of the blog (defaults to 1) + * + */ + public function domain_exists() { + global $json_api; + + $this->_verify_admin(); + + extract($_REQUEST); + + if(!isset($domain)) + $json_api->error(__("You must send the 'domain' parameter.")); + + if(!isset($path)) + $json_api->error(__("You must send the 'path' parameter.")); + + if(!isset($site_id)) + $site_id = 1; + + if( domain_exists( $domain, $path, $site_id ) ) + return array( "message" => __("The Domain Exists.") ); + else + return array( "message" => __("The Domain Does Not Exist.") ); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * user_id (required) User we want the active blog for + * + * Return blog or error + */ + public function get_active_blog_for_user() { + global $json_api; + + $this->_verify_admin(); + + extract($_REQUEST); + + if(!isset($user_id)) + $json_api->error(__("You must send the 'user_id' parameter.")); + + if( $blog = get_active_blog_for_user( $user_id ) ) + return array( "blog" => $blog ); + else + $json_api->error(__("Active blog was not found.")); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * user_id (required) User we want to list the blogs for + * all (optional) Get all blogs (defaults to false) + * + * Return blogs or error + */ + public function get_blogs_of_user() { + global $json_api; + + $this->_verify_admin(); + + extract( $_REQUEST ); + + if( !isset( $user_id ) ) + $json_api->error(__("You must send the 'user_id' parameter.")); + + if(!isset($all)) + $all = false; + else + $all = ($all=='true'); + + if( $blogs = get_blogs_of_user( $user_id ) ) + return array( "blogs" => $blogs ); + else + $json_api->error(__("No blogs were found for this user.")); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * domain (required) full domain we want the blog id for + * path (optional) path we want the blog id for (defaults to '/') + * + */ + public function get_blog_id_from_url() { + global $json_api; + + $this->_verify_admin(); + + extract($_REQUEST); + + if(!isset($domain)) + $json_api->error(__("You must send the 'domain' parameter.")); + + if(!isset($path)) + $path = '/'; + + if( $blog_id = get_blog_id_from_url( $domain, $path ) ) + return array( "blog_id" => $blog_id ); + else + $json_api->error(__("No blogs were found for this user.")); + } + + /** RESTful endpoint for this multisite function. + * + * Get $_REQUEST options for this endpoint: + * + * u (optional) -- Username (if not logged in) + * p (optional) -- Password (if not logged in) + * + */ + public function is_subdomain_install() { + global $json_api; + + $this->_verify_admin(); + + extract($_REQUEST); + + if( is_subdomain_install() ) + return array( "message" => __("This is a subdomain install.") ); + else + return array( "message" => __("This is not a subdomain install.") ); + } + + private function _verify_nonce($method) { + global $json_api; + + if (!$json_api->query->nonce) + $json_api->error(__("You must include a 'nonce' value to update users. Use the `get_nonce` Core API method.")); + + $nonce_id = $json_api->get_nonce_id('multisite', $method); + + if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) + $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method."); + } + + private function _verify_admin() { + global $json_api; + + extract($_REQUEST); + + if (!current_user_can('administrator')) + { + if( isset($u) and isset($p) ) { + if( !user_pass_ok($u, $p) ) + $json_api->error(__("Your username or password was incorrect.")); + } + else + $json_api->error(__("You must either provide the 'u' and 'p' parameters or login as an administrator.")); + } + } +} +?> diff --git a/controllers/users.php b/controllers/users.php new file mode 100644 index 0000000..8392b79 --- /dev/null +++ b/controllers/users.php @@ -0,0 +1,476 @@ +error("You need to pass a value for 'user_login'."); + + if(!isset($_REQUEST['user_password'])) + $json_api->error("You need to pass a value for 'user_password'."); + + if(!function_exists('wp_signon')) + require_once(ABSPATH . WPINC . '/user.php'); + + $user = wp_signon( $_REQUEST, false ); + if ( is_wp_error( $user ) ) + $json_api->error( $user->get_error_message() ); + + return array( "message" => "Successfully Logged In" ); + } + + /** API function provide a silent login feature for WordPress. + * Since this method alters the session it won't work unless the + * user is actually running this script from their browser ... as + * opposed to a server site GET or POST call. + * + * Doesn't need any parameters via GET or POST to successfully run. + * + */ + public function logout() { + if(!function_exists('wp_logout')) + require_once(ABSPATH . WPINC . '/pluggable.php'); + + wp_logout(); + + return array( "message" => "Successfully Logged Out"); + } + + /** API function provide a way to programmatically check to see + * if a user is currently logged in and returns the user id. + * + * Doesn't need any parameters via GET or POST to successfully run. + * + */ + public function is_user_logged_in() { + if(!function_exists('is_user_logged_in')) + require_once(ABSPATH . WPINC . '/pluggable.php'); + + if ( is_user_logged_in() ) { + global $current_user; + get_currentuserinfo(); + + return array( "user" => $current_user ); + } else { + global $json_api; + $json_api->error(__("No WordPress Users are logged in.")); + } + } + + /** API function to Create a User for WordPress + * + * Accepts the following parameters via GET or POST: + * + * nonce (required) -- the security nonce for this API function + * user_login (required) -- the username of the new user + * user_password (required) -- the password of the new user + * user_email (required) -- the email of the new user + * user_nicename (optional) + * user_url (optional) + * display_name (optional) + * nickname (optional) + * first_name (optional) + * last_name (optional) + * description (optional) + * rich_editing (optional) + * user_registered (optional) + * role (optional) + * jabber (optional) + * aim (optional) + * yim (optional) + * + */ + public function create_user() { + global $json_api; + + $this->_verify_admin(); + + $updating = (isset($_REQUEST['id'])); + + // Only Require these if we're updating + if(!$updating) { + if(!isset($_REQUEST['user_login'])) + $json_api->error("You need to pass a value for 'user_login'."); + + if(!isset($_REQUEST['user_password'])) + $json_api->error("You need to pass a value for 'user_password'."); + + if(!isset($_REQUEST['user_email'])) + $json_api->error("You need to pass a value for 'user_email'."); + + if( email_exists( $_REQUEST[ 'user_email' ] ) ) + $json_api->error(__("This email address already exists")); + + $this->_verify_nonce('create_user'); + } + else + $this->_verify_nonce('update_user'); + + nocache_headers(); + + require_once(ABSPATH . WPINC . '/registration.php'); + + if(isset($_REQUEST['user_password'])) + $password = $_REQUEST['user_password']; + else + $password = wp_generate_password( 12, false ); + + $userdata = array( "user_pass" => $password, + "user_login" => $_REQUEST['user_login'], + "user_email" => $_REQUEST['user_email'] ); + + if($updating and isset($_REQUEST['id'])) + $userdata['ID'] = $_REQUEST['id']; + + if(isset($_REQUEST['user_nicename'])) + $userdata['user_nicename'] = $_REQUEST['user_nicename']; + + if(isset($_REQUEST['user_url'])) + $userdata['user_url'] = $_REQUEST['user_url']; + + if(isset($_REQUEST['display_name'])) + $userdata['display_name'] = $_REQUEST['display_name']; + + if(isset($_REQUEST['nickname'])) + $userdata['nickname'] = $_REQUEST['nickname']; + + if(isset($_REQUEST['first_name'])) + $userdata['first_name'] = $_REQUEST['first_name']; + + if(isset($_REQUEST['last_name'])) + $userdata['last_name'] = $_REQUEST['last_name']; + + if(isset($_REQUEST['description'])) + $userdata['description'] = $_REQUEST['description']; + + if(isset($_REQUEST['rich_editing'])) + $userdata['rich_editing'] = $_REQUEST['rich_editing']; + + if(isset($_REQUEST['user_registered'])) + $userdata['user_registered'] = $_REQUEST['user_registered']; + + if(isset($_REQUEST['role'])) + $userdata['role'] = $_REQUEST['role']; + + if(isset($_REQUEST['jabber'])) + $userdata['jabber'] = $_REQUEST['jabber']; + + if(isset($_REQUEST['aim'])) + $userdata['aim'] = $_REQUEST['aim']; + + if(isset($_REQUEST['yim'])) + $userdata['yim'] = $_REQUEST['yim']; + + $user_id = wp_insert_user( $userdata ); + + if($updating) + $user_id = $_REQUEST['id']; + + if (empty($user_id)) + $json_api->error(__("Could not create user.")); + + $user = get_userdata($user_id); + + return array( 'user' => $user ); + } + + /** API function to Add User Meta for WordPress + * + * Accepts the following parameters via GET or POST: + * + * nonce (required) -- the security nonce for this API function + * id (required) -- id of the user you're adding meta to + * key (required) -- key of the user meta you're adding + * value (required) -- value of the user meta + * unique (optional) -- delete other values for this user meta so this entry is unique + * + */ + public function add_user_meta() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('add_user_meta'); + + nocache_headers(); + + if(!isset($_REQUEST['id'])) + $json_api->error(__("The user's 'id' must be set.")); + + if(!isset($_REQUEST['key'])) + $json_api->error(__("The 'key' must be set.")); + + if(!isset($_REQUEST['value'])) + $json_api->error(__("The 'value' must be set.")); + + if(!isset($_REQUEST['unique'])) + $unique = false; + else + $unique = ($_REQUEST['unique'] == 'true'); + + if( add_user_meta( $_REQUEST['id'], $_REQUEST['key'], $_REQUEST['value'], $unique ) ) + return array( "message" => __("User meta was added successfully.") ); + else + $json_api->error( __("User meta wasn't able to be added.") ); + } + + /** API function to Update a User for WordPress. + * + * Accepts the following parameters via GET or POST: + * + * nonce (required) -- the security nonce for this API function + * id (required) -- id of the user you're updating a user + * user_login (optional) -- the username of the new user + * user_password (optional) -- the password of the new user + * user_email (optional) -- the email of the new user + * user_nicename (optional) + * user_url (optional) + * display_name (optional) + * nickname (optional) + * first_name (optional) + * last_name (optional) + * description (optional) + * rich_editing (optional) + * user_registered (optional) + * role (optional) + * jabber (optional) + * aim (optional) + * yim (optional) + * + */ + public function update_user() { + global $json_api; + + if(!isset($_REQUEST['id'])) + $json_api->error(__("The user's 'id' must be set.")); + + return $this->create_user(); + } + + /** API function to Update User Meta for WordPress. + * + * Accepts the following parameters via GET or POST: + * + * nonce (required) -- the security nonce for this API function + * id (required) -- id of the user you're updating meta for + * key (required) -- key of the user meta you're adding + * value (required) -- value of the user meta + * prev_value (optional) -- Previous value to replace + * + */ + public function update_user_meta() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('update_user_meta'); + + nocache_headers(); + + if(!isset($_REQUEST['id'])) + $json_api->error(__("The user's 'id' must be set.")); + + if(!isset($_REQUEST['key'])) + $json_api->error(__("The 'key' must be set.")); + + if(!isset($_REQUEST['value'])) + $json_api->error(__("The 'value' must be set.")); + + if(!isset($_REQUEST['prev_value'])) + $prev_value = ''; + else + $prev_value = $_REQUEST['prev_value']; + + if( update_user_meta( $_REQUEST['id'], $_REQUEST['key'], $_REQUEST['value'], $prev_value ) ) + return array( "message" => __("User meta was updated successfully.") ); + else + $json_api->error( __("User meta wasn't able to be updated.") ); + } + + /** API function to Delete a User for WordPress. + * + * Accepts the following parameters via GET or POST: + * + * nonce (required) -- the security nonce for this API function + * id (required) -- id of the user you're updating a user + * reassign (optional) -- the id of the user to reassign posts to -- defaults to admin's id + * + */ + public function delete_user() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('delete_user'); + + nocache_headers(); + + if(!isset($_REQUEST['id'])) + $json_api->error(__("The user's 'id' must be set.")); + + if(!isset($_REQUEST['reassign'])) + { + $admin_email = get_option('admin_email'); + + require_once(ABSPATH . WPINC . '/registration.php'); + + $reassign = email_exists($admin_email); + } + else + $reassign = $_REQUEST['reassign']; + + if(!function_exists('wp_delete_user')) + require_once(ABSPATH . 'wp-admin/includes/user.php'); + + if( wp_delete_user( (int)$_REQUEST['id'], (int)$reassign ) ) + return array( "message" => __("User deleted successfully.") ); + else + $json_api->error( __("User wasn't able to be deleted.") ); + } + + /** API function to Delete a User Meta for WordPress + * + * Accepts the following parameters via GET or POST: + * + * nonce (required) -- the security nonce for this API function + * id (required) -- id of the user you're deleting meta for + * key (required) -- key of the user meta you're deleting + * value (optional) -- meta value to delete + * + */ + public function delete_user_meta() { + global $json_api; + + $this->_verify_admin(); + $this->_verify_nonce('delete_user_meta'); + + nocache_headers(); + + if(!isset($_REQUEST['id'])) + $json_api->error(__("The user's 'id' must be set.")); + + if(!isset($_REQUEST['key'])) + $json_api->error(__("The 'key' must be set.")); + + if(!isset($_REQUEST['value'])) + $value = ''; + else + $value = $_REQUEST['value']; + + if( delete_user_meta( $_REQUEST['id'], $_REQUEST['key'], $value ) ) + return array( "message" => __("User meta was deleted successfully.") ); + else + $json_api->error( __("User meta wasn't able to be deleted.") ); + } + + /** API function to Get Userdata for WordPress + * + * Accepts the following parameters via GET or POST: + * + * id (required) -- id of the user you're getting userdata for + * + */ + public function get_userdata() { + global $json_api; + + $this->_verify_admin(); + + if(!isset($_REQUEST['id'])) + $json_api->error(__("The user's 'id' must be set.")); + + $userdata = get_userdata( $_REQUEST['id'] ); + + if(!$userdata) + $json_api->error(__("User was not found.")); + else + return array( "user" => $userdata ); + } + + /** API function to Get User Meta for WordPress. + * + * Accepts the following parameters via GET or POST: + * + * id (required) -- id of the user you're getting user_meta from + * key (required) -- key of the user_meta your retrieving + * single (optional) -- return one value -- defaults to false + * + */ + public function get_user_meta() { + global $json_api; + + $this->_verify_admin(); + + if(!isset($_REQUEST['id'])) + $json_api->error(__("The user's 'id' must be set.")); + + if(!isset($_REQUEST['key'])) + $json_api->error(__("The 'key' must be set.")); + + $single = ( $_REQUEST['single'] == 'true' ); + + $usermeta = get_user_meta( $_REQUEST['id'], $_REQUEST['key'], $single ); + + if(!$usermeta) + $json_api->error( "'" . $_REQUEST['key'] . "' " . __("was not found.")); + else + return array( 'usermeta' => $usermeta ); + } + + /** API function to Get Users for WordPress. + * Doesn't require any GET or POST parameters. + */ + public function get_users() { + global $json_api; + + $this->_verify_admin(); + + $blogusers = get_users_of_blog(); + + return $blogusers; + } + + private function _verify_nonce($method) + { + global $json_api; + + if (!$json_api->query->nonce) + $json_api->error(__("You must include a 'nonce' value to update users. Use the `get_nonce` Core API method.")); + + $nonce_id = $json_api->get_nonce_id('users', $method); + + if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) + $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method."); + } + + private function _verify_admin() + { + global $json_api; + + extract($_REQUEST); + + if (!current_user_can('administrator')) + { + if( isset($u) and isset($p) ) { + if( !user_pass_ok($u, $p) ) + $json_api->error(__("Your username or password was incorrect.")); + } + else + $json_api->error(__("You must either provide the 'u' and 'p' parameters or login as an administrator.")); + } + } +} +?>