.*?)[\\\\"|"]*,\s*PasswordDigest=[\\\\"|"]*(?P.*?)[\\\\"|"]*,\s*Nonce=[\\\\"|"]*(?P.*?)[\\\\"|"]*,\s*Created=[\\\\"|"]*(?P.*?)[\\\\"|"]/i', $xwsse, $digest); /* TODO: check for old dates (fixes problem with replay attacks) even better: check if the nonce has been uses before */ /* do we know the user? */ if(!array_key_exists($digest[username], $passwordlist)) return 0; /* does the user exist in wordpress and has a level > 0? */ $user_id = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '".$wpdb->escape($digest[username]) ."'"); if(!$user_id) $user_id = 0; if(!user_can_create_post($user_id, 1)) return 0; /* calculate our own digest and compare it */ $mydigest = base64_encode(pack("H*", sha1(base64_decode($digest[nonce]) . $digest[created] . $passwordlist[$digest[username]]))); if($mydigest != $digest[digest]) return 0; /* we seem to have a valid user */ return $user_id; } function logme($message) { $handle = fopen("atomdata.txt", "a"); $date = date('Y-m-d\Th:i:s\Z'); fwrite($handle, $date . ": " . $message . "\n"); fclose($handle); } function error($message) { header('Status: 400 Posterror'); echo "$message\n"; logme("error: $message"); exit; } /* default action */ $action = 'list'; if($_SERVER["REQUEST_METHOD"] == "POST") { $action = 'post'; } /* For some people, HTTP_RAW_POST_DATA is empty. In this case, use php://input to populate it */ if (!isset($HTTP_RAW_POST_DATA)){ $HTTP_RAW_POST_DATA = file_get_contents('php://input'); } //$fh = fopen("atomtest.txt", "r"); //$HTTP_RAW_POST_DATA = fread($fh, filesize("atomtest.txt")); //fclose($fh); //$action = 'post'; $myheader = "UsernameToken Username=\\\"admin\\\", PasswordDigest=\\\"doxqqkGyBdMB5K2kospnQZmkXSI=\\\", Nonce=\\\"vks5AODOrBoPjo0DL9lCOQ==\\\", Created=\\\"2005-8-12T13:18:22Z\\\""; if($_SERVER[HTTP_X_WSSE]) $myheader = $_SERVER[HTTP_X_WSSE]; // LOG HIT logme("method: ".$_SERVER['REQUEST_METHOD']); //logme("rawpostdata: " . $HTTP_RAW_POST_DATA); //foreach ($_POST as $key=>$value) { logme("$key: $value"); } /* check the passworddigest */ if(!($user_id = wsse_authenticate($myheader))) { header('Status: 401 Unauthorized'); header('WWW-Authenticate: WSSE realm="'.bloginfo('name').'", profile="UsernameToken"'); header('Content-type: text/plain; charset=' . get_settings('blog_charset'), true); echo "Unauthorised!\n"; logme("login error: user unauthorised"); exit; } logme("action: " . $action ); /* send our beloved atom/xml-header */ header('Content-type: application/x.atom+xml; charset=' . get_settings('blog_charset'), true); if($action == 'list') { header('Status: 200 Ok'); echo '';?> /i', $HTTP_RAW_POST_DATA) || preg_match('//i', $HTTP_RAW_POST_DATA)) && preg_match('//i', $HTTP_RAW_POST_DATA)) { /* sms/note/mms */ if(preg_match('/(?P<title>.*?)<\/title>.*?<dc:type>(?P<dctype>.*?)<\/dc:type>.*?<dc:format>(?P<dcformat>.*?)<\/dc:format>.*?<content\s*type="(?P<contenttype>.*?)"\s*mode="(?P<contentmode>.*?)">(?P<content>.*?)<\/content>.*?<summary>(?P<summary>.*?)<\/summary>/si', $HTTP_RAW_POST_DATA, $data)) { $filename_ending = ".txt"; /* image or video */ } elseif(preg_match('/<title>(?P<title>.*?)<\/title>.*?<content\s*type="(?P<contenttype>.*?)\/(?P<contentsubtype>.*?)"\s*mode="(?P<contentmode>.*?)">(?P<content>.*?)<\/content>.*?<summary>(?P<summary>.*?)<\/summary>/si', $HTTP_RAW_POST_DATA, $data)) { /* Check the content type. If image, assume jpg, if video, we need to parse the subtype to see if it's 3gpp (.3gp) or mp4 (.mp4) */ if ($data[contenttype] == "image") { $filename_ending = ".jpg"; $data[dctype]="Image"; $data[dcformat]="Image"; } elseif ($data[contenttype] == "video" && $data[contentsubtype] == "3gpp") { $filename_ending = ".3gp"; $data[dctype]="Video"; $data[dcformat]="3gp"; } elseif ($data[contentype] == "video" && $data[contentsubtype] == "mp4") { $filename_ending = ".mp4"; $data[dctype]="Video"; $data[dcformat]="mp4"; } else { // BAIL OUT!!! logme("don't know how to deal with mime type: $data[contenttype]/$data[contentsubtype]"); error("I do not recognize the object type"); } } else { // BAIL OUT!!! logme("Bah. Here's what I read:"); logme("title: $data[title]"); logme("contenttype: $data[contenttype]"); logme("contentsubtype: $data[contentsubtype]"); logme("summary: $data[summary]"); error("I do not recognize the xml of the standalone-object"); } logme("filetype: $filename_ending"); /* can we write to the upload directory? */ if (!is_writable(get_settings('upload_path') . '/')) error("Wordpress upload directory is not writable"); /* find a unique filename */ $filename_counter = 2; $filename = "/lifeblog-". $data[title]; $pathtofile = $filename . $filename_ending; /* pathtofile already has a slash--redundant */ while( file_exists(get_settings('upload_path') . $pathtofile) ) { $pathtofile = $filename . "_" . $filename_counter++ . $filename_ending; if($filename_counter > 100) error("could not save uploaded file"); } logme("filename: $pathtofile"); /* save the file */ $temp = fopen(get_settings('upload_path').$pathtofile, "w"); if($data[contentmode] == "base64") $data[content] = base64_decode($data[content]); fwrite($temp, $data[content]); fclose($temp); /* we need to recognize related content later */ $newid = "url:$pathtofile,type:$data[dctype],format:$data[dcformat],summary:".$wpdb->escape($data[summary]); logme("id: $newid"); /* answer */ header('Status: 201 Created'); echo '<?xml version="1.0" encoding="'.get_settings('blog_charset').'"?'.'>';?> <entry xmlns="http://purl.org/atom/ns#"> <title>blog entry blog summary (?P.*?)<\/title>.*?<created>(?P<created>.*?)<\/created>.*?<content\s*type="(?P<contenttype>.*?)"\s*mode="(?P<contentmode>.*?)">(?P<content>.*?)<\/content>(?P<links>.*?)<\/entry>/si', $HTTP_RAW_POST_DATA, $data) && preg_match_all('/<link.*?type="(?P<linktype>.*?)"\s*href="url:(?P<linkurl>.*?),type:(?P<linktype2>.*?),format:(?P<linkformat>.*?),summary:(?P<linksummary>.*?)"\/>/si', $data[links], $related)) { /* construct the new post */ $post_date = current_time('mysql'); $post_date_gmt = current_time('mysql', 1); //$post_status = 'draft'; $post_status = 'publish'; $post_title = $data[title]; if($lifeblog_category) { logme("custom category"); if(!($term_id = $wpdb->get_var("SELECT term_id FROM $wpdb->terms WHERE name ='".$wpdb->escape($lifeblog_category)."'"))) { $lifeblog_category = $wpdb->escape(wp_specialchars($lifeblog_category)); $id_result = $wpdb->get_row("SHOW TABLE STATUS LIKE '$wpdb->terms'"); $term_id = $id_result->Auto_increment; $category_nicename = sanitize_title($lifeblog_category, $term_id); logme("nicename is: $category_nicename"); $wpdb->query("INSERT INTO $wpdb->terms (name, slug) VALUES ('$lifeblog_category', '$category_nicename')"); logme("category added"); } $post_category = array($term_id); } else { $post_category = $post_default_category; logme("using default category"); } logme("category: $post_category"); $post_author = $user_id; /* the content ... */ $content = "<div class=\"Lifeblog_Posting\">\n"; // Comment the following line out if you want the body text AFTER // pictures in the blog post $content .= "$data[content]\n"; for($i=0;$i<count($related[linktype]);$i++) { //logme("nr ". ($i+1).".: ".$related[linktype][$i].", ".$related[linkurl][$i].", ".$related[linktype2][$i].", ".$related[linkformat][$i].", ".$related[linksummary][$i]); if(file_exists(get_settings('upload_path') . $related[linkurl][$i])) { $content .= "<div class=\"Lifeblog_Resource\">\n"; if($related[linktype2][$i] == "Image" && $related[linkformat][$i] == "Image") { if(!$lifeblog_imagewidth || !is_numeric($lifeblog_imagewidth)) $lifeblog_imagewidth = 450; $imgfile = get_settings('upload_path') . $related['linkurl'][$i]; $thumbfile = get_settings('upload_path') . '/' . preg_replace('!(\.[^.]+)?$!', __('.thumbnail').'$1', basename($related['linkurl'][$i]), 1); //logme("file to process is: " . $imgfile . " and will rescale to " . $lifeblog_imagewidth . " pixels."); //logme("assuming thumbnail filename is ". $thumbfile); if(file_exists($imconvert)) { /* We're running convert from imagemagick. yay */ @exec (escapeshellcmd($imconvert) . " -resize \>" . $lifeblog_imagewidth . " " . escapeshellarg($imgfile) . " " . escapeshellarg($thumbfile) ); } else { wp_create_thumbnail($imgfile, $lifeblog_imagewidth); } //logme("wp_create_thumbnail ran"); if(file_exists($thumbfile)) { //logme("Thumbnail file is there"); $thumbpath = '/' . preg_replace('!(\.[^.]+)?$!', __('.thumbnail').'$1', basename($related[linkurl][$i]), 1); $content .= "<a href=\"".get_settings('siteurl') . '/' . get_settings('upload_path') . $related[linkurl][$i] . "\"><img src=\"". get_settings('siteurl') . '/' . get_settings('upload_path') . $thumbpath . "\" alt=\"".htmlentities2(stripslashes($related[linksummary][$i]))."\" /></a>"; } else { $content .= "<img src=\"". get_settings('siteurl') . '/' . get_settings('upload_path') . $related[linkurl][$i] . "\" alt=\"".htmlentities2(stripslashes($related[linksummary][$i]))."\" />"; } } elseif($related[linktype2][$i] == "Video") { $content .= "<p>Download: <a href=\"".get_settings('siteurl') . '/' . get_settings('upload_path') . $related[linkurl][$i] . "\">".str_replace('/','',$related[linkurl][$i])."</a></p>"; } else { logme("related[linktype2][$i]: $related[linktype2][$i]"); $filename = get_settings('upload_path') . $related[linkurl][$i]; $fh = fopen($filename, "r"); $filecontent = fread($fh, filesize($filename)); fclose($fh); $content .= "<div class=\"Lifeblog_". $related[linkformat][$i] ."\">\n"; if($related[linksummary][$i] != '') $content .= stripslashes($related[linksummary][$i])." (".$related[linkformat][$i]."):\n"; $content .= "<blockquote>$filecontent</blockquote>\n"; $content .= "</div>\n"; } $content .= "</div>\n"; } else { logme("The related resource ". get_settings('upload_path') . $related[linkurl][$i] . " could not be found"); } } // Uncomment this line if you want the body text AFTER the pictures // $content .= "$data[content]\n"; $content .= "</div>"; $post_content = apply_filters( 'content_save_pre', $content); /* publish post */ $post_data = compact('1', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status'); $post_ID = wp_insert_post($post_data); if(!$post_ID) { error("Something went wrong while posting!"); } logme("article $post_ID posted"); } else { // BAIL OUT! error("I do not recognize the xml"); } header('Status: 201 Created'); echo '<?xml version="1.0" encoding="'.get_settings('blog_charset').'"?'.'>';?> <entry xmlns="http://purl.org/atom/ns#"> <title>blog entry blog summary '; ?> $post_ID