Skip to content

Instantly share code, notes, and snippets.

@kitt

kitt/blogapi.module

Forked from bmann/blogapi.module
Created June 12, 2010 19:03
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kitt/435981 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kitt/435981 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @bmann bmann created this gist Jun 12, 2010.
    958 changes: 958 additions & 0 deletions blogapi.module
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,958 @@
    <?php
    // $Id: blogapi.module,v 1.115.2.5 2008/10/08 20:12:17 goba Exp $

    /**
    * @file
    * Enable users to post using applications that support XML-RPC blog APIs.
    */

    /**
    * Implementation of hook_help().
    */
    function blogapi_help($path, $arg) {
    switch ($path) {
    case 'admin/help#blogapi':
    $output = '<p>'. t("The Blog API module allows your site's users to access and post to their blogs from external blogging clients. External blogging clients are available for a wide range of desktop operating systems, and generally provide a feature-rich graphical environment for creating and editing posts.") .'</p>';
    $output .= '<p>'. t('<a href="@ecto-link">Ecto</a>, a blogging client available for both Mac OS X and Microsoft Windows, can be used with Blog API. Blog API also supports <a href="@blogger-api">Blogger API</a>, <a href="@metaweblog-api">MetaWeblog API</a>, and most of the <a href="@movabletype-api">Movable Type API</a>. Blogging clients and other services (e.g. <a href="@flickr">Flickr\'s</a> "post to blog") that support these APIs may also be compatible.', array('@ecto-link' => url('http://infinite-sushi.com/software/ecto/'), '@blogger-api' => url('http://www.blogger.com/developers/api/1_docs/'), '@metaweblog-api' => url('http://www.xmlrpc.com/metaWeblogApi'), '@movabletype-api' => url('http://www.movabletype.org/docs/mtmanual_programmatic.html'), '@flickr' => url('http://www.flickr.com'))) .'</p>';
    $output .= '<p>'. t('Select the content types available to external clients on the <a href="@blogapi-settings">Blog API settings page</a>. If supported and available, each content type will be displayed as a separate "blog" by the external client.', array('@blogapi-settings' => url('admin/settings/blogapi'))) .'</p>';
    $output .= '<p>'. t('For more information, see the online handbook entry for <a href="@blogapi">Blog API module</a>.', array('@blogapi' => url('http://drupal.org/handbook/modules/blogapi/'))) .'</p>';
    return $output;
    }
    }

    /**
    * Implementation of hook_perm().
    */
    function blogapi_perm() {
    return array('administer content with blog api');
    }

    /**
    * Implementation of hook_xmlrpc().
    */
    function blogapi_xmlrpc() {
    return array(
    array(
    'blogger.getUsersBlogs',
    'blogapi_blogger_get_users_blogs',
    array('array', 'string', 'string', 'string'),
    t('Returns a list of blogs to which an author has posting privileges.')),
    array(
    'blogger.getUserInfo',
    'blogapi_blogger_get_user_info',
    array('struct', 'string', 'string', 'string'),
    t('Returns information about an author in the system.')),
    array(
    'blogger.newPost',
    'blogapi_blogger_new_post',
    array('string', 'string', 'string', 'string', 'string', 'string', 'boolean'),
    t('Creates a new post, and optionally publishes it.')),
    array(
    'blogger.editPost',
    'blogapi_blogger_edit_post',
    array('boolean', 'string', 'string', 'string', 'string', 'string', 'boolean'),
    t('Updates the information about an existing post.')),
    array(
    'blogger.getPost',
    'blogapi_blogger_get_post',
    array('struct', 'string', 'string', 'string', 'string'),
    t('Returns information about a specific post.')),
    array(
    'blogger.deletePost',
    'blogapi_blogger_delete_post',
    array('boolean', 'string', 'string', 'string', 'string', 'boolean'),
    t('Deletes a post.')),
    array(
    'blogger.getRecentPosts',
    'blogapi_blogger_get_recent_posts',
    array('array', 'string', 'string', 'string', 'string', 'int'),
    t('Returns a list of the most recent posts in the system.')),
    array(
    'metaWeblog.newPost',
    'blogapi_metaweblog_new_post',
    array('string', 'string', 'string', 'string', 'struct', 'boolean'),
    t('Creates a new post, and optionally publishes it.')),
    array(
    'metaWeblog.editPost',
    'blogapi_metaweblog_edit_post',
    array('boolean', 'string', 'string', 'string', 'struct', 'boolean'),
    t('Updates information about an existing post.')),
    array(
    'metaWeblog.getPost',
    'blogapi_metaweblog_get_post',
    array('struct', 'string', 'string', 'string'),
    t('Returns information about a specific post.')),
    array(
    'metaWeblog.newMediaObject',
    'blogapi_metaweblog_new_media_object',
    array('string', 'string', 'string', 'string', 'struct'),
    t('Uploads a file to your webserver.')),
    array(
    'metaWeblog.getCategories',
    'blogapi_metaweblog_get_category_list',
    array('struct', 'string', 'string', 'string'),
    t('Returns a list of all categories to which the post is assigned.')),
    array(
    'metaWeblog.getRecentPosts',
    'blogapi_metaweblog_get_recent_posts',
    array('array', 'string', 'string', 'string', 'int'),
    t('Returns a list of the most recent posts in the system.')),
    array(
    'mt.getRecentPostTitles',
    'blogapi_mt_get_recent_post_titles',
    array('array', 'string', 'string', 'string', 'int'),
    t('Returns a bandwidth-friendly list of the most recent posts in the system.')),
    array(
    'mt.getCategoryList',
    'blogapi_mt_get_category_list',
    array('array', 'string', 'string', 'string'),
    t('Returns a list of all categories defined in the blog.')),
    array(
    'mt.getPostCategories',
    'blogapi_mt_get_post_categories',
    array('array', 'string', 'string', 'string'),
    t('Returns a list of all categories to which the post is assigned.')),
    array(
    'mt.setPostCategories',
    'blogapi_mt_set_post_categories',
    array('boolean', 'string', 'string', 'string', 'array'),
    t('Sets the categories for a post.')),
    array(
    'mt.supportedMethods',
    'xmlrpc_server_list_methods',
    array('array'),
    t('Retrieve information about the XML-RPC methods supported by the server.')),
    array(
    'mt.supportedTextFilters',
    'blogapi_mt_supported_text_filters',
    array('array'),
    t('Retrieve information about the text formatting plugins supported by the server.')),
    array(
    'mt.publishPost',
    'blogapi_mt_publish_post',
    array('boolean', 'string', 'string', 'string'),
    t('Publish (rebuild) all of the static files related to an entry from your blog. Equivalent to saving an entry in the system (but without the ping).')));
    }

    /**
    * Blogging API callback. Finds the URL of a user's blog.
    */

    function blogapi_blogger_get_users_blogs($appid, $username, $password) {

    $user = blogapi_validate_user($username, $password);
    if ($user->uid) {
    $types = _blogapi_get_node_types();
    $structs = array();
    foreach ($types as $type) {
    $structs[] = array('url' => url('blog/'. $user->uid, array('absolute' => TRUE)), 'blogid' => $type, 'blogName' => $user->name .": ". $type);
    }
    return $structs;
    }
    else {
    return blogapi_error($user);
    }
    }

    /**
    * Blogging API callback. Returns profile information about a user.
    */
    function blogapi_blogger_get_user_info($appkey, $username, $password) {
    $user = blogapi_validate_user($username, $password);

    if ($user->uid) {
    $name = explode(' ', $user->realname ? $user->realname : $user->name, 2);
    return array(
    'userid' => $user->uid,
    'lastname' => $name[1],
    'firstname' => $name[0],
    'nickname' => $user->name,
    'email' => $user->mail,
    'url' => url('blog/'. $user->uid, array('absolute' => TRUE)));
    }
    else {
    return blogapi_error($user);
    }
    }

    /**
    * Blogging API callback. Inserts a new blog post as a node.
    */
    function blogapi_blogger_new_post($appkey, $blogid, $username, $password, $content, $publish) {
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }

    // BM: if the type isn't blog, go ahead and validate
    if ($blogid !== 'blog') {

    if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
    // Return an error if not configured type.
    return $error;
    }

    // BM: otherwise, switch the blogid to 'post'
    } else { $blogid = 'post'; }

    $edit = array();
    $edit['type'] = $blogid;
    // get the node type defaults
    $node_type_default = variable_get('node_options_'. $edit['type'], array('status', 'promote'));
    $edit['uid'] = $user->uid;
    $edit['name'] = $user->name;
    $edit['promote'] = in_array('promote', $node_type_default);
    $edit['comment'] = variable_get('comment_'. $edit['type'], 2);
    $edit['revision'] = in_array('revision', $node_type_default);
    $edit['format'] = FILTER_FORMAT_DEFAULT;
    $edit['status'] = $publish;

    // check for bloggerAPI vs. metaWeblogAPI
    if (is_array($content)) {
    $edit['title'] = $content['title'];
    $edit['body'] = $content['description'];
    _blogapi_mt_extra($edit, $content);
    }
    else {
    $edit['title'] = blogapi_blogger_title($content);
    $edit['body'] = $content;
    }

    if (!node_access('create', $edit['type'])) {
    return blogapi_error(t('You do not have permission to create this type of post.'));
    }

    if (user_access('administer nodes') && !isset($edit['date'])) {
    $edit['date'] = format_date(time(), 'custom', 'Y-m-d H:i:s O');
    }

    node_invoke_nodeapi($edit, 'blogapi new');

    $valid = blogapi_status_error_check($edit, $publish);
    if ($valid !== TRUE) {
    return $valid;
    }

    node_validate($edit);
    if ($errors = form_get_errors()) {
    return blogapi_error(implode("\n", $errors));
    }

    $node = node_submit($edit);
    node_save($node);
    if ($node->nid) {
    watchdog('content', '@type: added %title using blog API.', array('@type' => $node->type, '%title' => $node->title), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
    // blogger.newPost returns a string so we cast the nid to a string by putting it in double quotes:
    return "$node->nid";
    }

    return blogapi_error(t('Error storing post.'));
    }

    /**
    * Blogging API callback. Modifies the specified blog node.
    */
    function blogapi_blogger_edit_post($appkey, $postid, $username, $password, $content, $publish) {

    $user = blogapi_validate_user($username, $password);

    if (!$user->uid) {
    return blogapi_error($user);
    }

    $node = node_load($postid);
    if (!$node) {
    return blogapi_error(t('n/a'));
    }
    // Let the teaser be re-generated.
    unset($node->teaser);

    if (!node_access('update', $node)) {
    return blogapi_error(t('You do not have permission to update this post.'));
    }
    // Save the original status for validation of permissions.
    $original_status = $node->status;
    $node->status = $publish;

    // check for bloggerAPI vs. metaWeblogAPI
    if (is_array($content)) {
    $node->title = $content['title'];
    $node->body = $content['description'];
    _blogapi_mt_extra($node, $content);
    }
    else {
    $node->title = blogapi_blogger_title($content);
    $node->body = $content;
    }

    node_invoke_nodeapi($node, 'blogapi edit');

    $valid = blogapi_status_error_check($node, $original_status);
    if ($valid !== TRUE) {
    return $valid;
    }

    node_validate($node);
    if ($errors = form_get_errors()) {
    return blogapi_error(implode("\n", $errors));
    }

    if (user_access('administer nodes') && !isset($edit['date'])) {
    $node->date = format_date($node->created, 'custom', 'Y-m-d H:i:s O');
    }
    $node = node_submit($node);
    node_save($node);
    if ($node->nid) {
    watchdog('content', '@type: updated %title using Blog API.', array('@type' => $node->type, '%title' => $node->title), WATCHDOG_NOTICE, l(t('view'), "node/$node->nid"));
    return TRUE;
    }

    return blogapi_error(t('Error storing post.'));
    }

    /**
    * Blogging API callback. Returns a specified blog node.
    */
    function blogapi_blogger_get_post($appkey, $postid, $username, $password) {
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }

    $node = node_load($postid);

    return _blogapi_get_post($node, TRUE);
    }

    /**
    * Check that the user has permission to save the node with the chosen status.
    *
    * @return
    * TRUE if no error, or the blogapi_error().
    */
    function blogapi_status_error_check($node, $original_status) {

    $node = (object) $node;

    $node_type_default = variable_get('node_options_'. $node->type, array('status', 'promote'));

    // If we don't have the 'administer nodes' permission and the status is
    // changing or for a new node the status is not the content type's default,
    // then return an error.
    if (!user_access('administer nodes') && (($node->status != $original_status) || (empty($node->nid) && $node->status != in_array('status', $node_type_default)))) {
    if ($node->status) {
    return blogapi_error(t('You do not have permission to publish this type of post. Please save it as a draft instead.'));
    }
    else {
    return blogapi_error(t('You do not have permission to save this post as a draft. Please publish it instead.'));
    }
    }
    return TRUE;
    }


    /**
    * Blogging API callback. Removes the specified blog node.
    */
    function blogapi_blogger_delete_post($appkey, $postid, $username, $password, $publish) {
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }

    node_delete($postid);
    return TRUE;
    }

    /**
    * Blogging API callback. Returns the latest few postings in a user's blog. $bodies TRUE
    * <a href="http://movabletype.org/docs/mtmanual_programmatic.html#item_mt%2EgetRecentPostTitles">
    * returns a bandwidth-friendly list</a>.
    */
    function blogapi_blogger_get_recent_posts($appkey, $blogid, $username, $password, $number_of_posts, $bodies = TRUE) {
    // Remove unused appkey (from bloggerAPI).
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }

    if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
    // Return an error if not configured type.
    return $error;
    }

    if ($bodies) {
    $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
    }
    else {
    $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $blogid, $user->uid, 0, $number_of_posts);
    }
    $blogs = array();
    while ($blog = db_fetch_object($result)) {
    $blogs[] = _blogapi_get_post($blog, $bodies);
    }
    return $blogs;
    }

    function blogapi_metaweblog_new_post($blogid, $username, $password, $content, $publish) {
    return blogapi_blogger_new_post('0123456789ABCDEF', $blogid, $username, $password, $content, $publish);
    }

    function blogapi_metaweblog_edit_post($postid, $username, $password, $content, $publish) {
    return blogapi_blogger_edit_post('0123456789ABCDEF', $postid, $username, $password, $content, $publish);
    }

    function blogapi_metaweblog_get_post($postid, $username, $password) {
    return blogapi_blogger_get_post('01234567890ABCDEF', $postid, $username, $password);
    }

    /**
    * Blogging API callback. Inserts a file into Drupal.
    */
    function blogapi_metaweblog_new_media_object($blogid, $username, $password, $file) {
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }

    $usersize = 0;
    $uploadsize = 0;

    $roles = array_intersect(user_roles(FALSE, 'administer content with blog api'), $user->roles);

    foreach ($roles as $rid => $name) {
    $extensions .= ' '. strtolower(variable_get("blogapi_extensions_$rid", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
    $usersize= max($usersize, variable_get("blogapi_usersize_$rid", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);
    $uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_$rid", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);
    }

    $filesize = strlen($file['bits']);

    if ($filesize > $uploadsize) {
    return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array('@maxsize' => format_size($uploadsize))));
    }

    if (_blogapi_space_used($user->uid) + $filesize > $usersize) {
    return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array('@quota' => format_size($usersize))));
    }

    // Only allow files with whitelisted extensions and convert remaining dots to
    // underscores to prevent attacks via non-terminal executable extensions with
    // files such as exploit.php.jpg.

    $whitelist = array_unique(explode(' ', trim($extensions)));

    $name = basename($file['name']);

    if ($extension_position = strrpos($name, '.')) {
    $filename = drupal_substr($name, 0, $extension_position);
    $final_extension = drupal_substr($name, $extension_position + 1);

    if (!in_array(strtolower($final_extension), $whitelist)) {
    return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array('@extensions' => implode(' ', $whitelist))));
    }

    $filename = str_replace('.', '_', $filename);
    $filename .= '.'. $final_extension;
    }

    $data = $file['bits'];

    if (!$data) {
    return blogapi_error(t('No file sent.'));
    }

    if (!$file = file_save_data($data, $filename)) {
    return blogapi_error(t('Error storing file.'));
    }

    $row = new stdClass();
    $row->uid = $user->uid;
    $row->filepath = $file;
    $row->filesize = $filesize;

    drupal_write_record('blogapi_files', $row);

    // Return the successful result.
    return array('url' => file_create_url($file), 'struct');
    }
    /**
    * Blogging API callback. Returns a list of the taxonomy terms that can be
    * associated with a blog node.
    */
    function blogapi_metaweblog_get_category_list($blogid, $username, $password) {
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }

    if (($error = _blogapi_validate_blogid($blogid)) !== TRUE) {
    // Return an error if not configured type.
    return $error;
    }

    $vocabularies = module_invoke('taxonomy', 'get_vocabularies', $blogid, 'vid');
    $categories = array();
    if ($vocabularies) {
    foreach ($vocabularies as $vocabulary) {
    $terms = module_invoke('taxonomy', 'get_tree', $vocabulary->vid, 0, -1);
    foreach ($terms as $term) {
    $term_name = $term->name;
    foreach (module_invoke('taxonomy', 'get_parents', $term->tid, 'tid') as $parent) {
    $term_name = $parent->name .'/'. $term_name;
    }
    $categories[] = array('categoryName' => $term_name, 'categoryId' => $term->tid);
    }
    }
    }
    return $categories;
    }

    function blogapi_metaweblog_get_recent_posts($blogid, $username, $password, $number_of_posts) {
    return blogapi_blogger_get_recent_posts('0123456789ABCDEF', $blogid, $username, $password, $number_of_posts, TRUE);
    }

    function blogapi_mt_get_recent_post_titles($blogid, $username, $password, $number_of_posts) {
    return blogapi_blogger_get_recent_posts('0123456789ABCDEF', $blogid, $username, $password, $number_of_posts, FALSE);
    }

    function blogapi_mt_get_category_list($blogid, $username, $password) {
    return blogapi_metaweblog_get_category_list($blogid, $username, $password);
    }

    /**
    * Blogging API callback. Returns a list of the taxonomy terms that are
    * assigned to a particular node.
    */
    function blogapi_mt_get_post_categories($postid, $username, $password) {
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }

    $node = node_load($postid);
    $terms = module_invoke('taxonomy', 'node_get_terms', $node, 'tid');
    $categories = array();
    foreach ($terms as $term) {
    $term_name = $term->name;
    foreach (module_invoke('taxonomy', 'get_parents', $term->tid, 'tid') as $parent) {
    $term_name = $parent->name .'/'. $term_name;
    }
    $categories[] = array('categoryName' => $term_name, 'categoryId' => $term->tid, 'isPrimary' => TRUE);
    }

    return $categories;
    }

    /**
    * Blogging API callback. Assigns taxonomy terms to a particular node.
    */
    function blogapi_mt_set_post_categories($postid, $username, $password, $categories) {
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }

    $node = node_load($postid);
    $node->taxonomy = array();
    foreach ($categories as $category) {
    $node->taxonomy[] = $category['categoryId'];
    }
    $validated = blogapi_mt_validate_terms($node);
    if ($validated !== TRUE) {
    return $validated;
    }
    node_save($node);
    return TRUE;
    }

    /**
    * Blogging API helper - find allowed taxonomy terms for a node type.
    */
    function blogapi_mt_validate_terms($node) {
    // We do a lot of heavy lifting here since taxonomy module doesn't have a
    // stand-alone validation function.
    if (module_exists('taxonomy')) {
    $found_terms = array();
    if (!empty($node->taxonomy)) {
    $term_list = array_unique($node->taxonomy);
    $params = $term_list;
    $params[] = $node->type;
    $result = db_query(db_rewrite_sql("SELECT t.tid, t.vid FROM {term_data} t INNER JOIN {vocabulary_node_types} n ON t.vid = n.vid WHERE t.tid IN (". db_placeholders($term_list) .") AND n.type = '%s'", 't', 'tid'), $params);
    $found_terms = array();
    $found_count = 0;
    while ($term = db_fetch_object($result)) {
    $found_terms[$term->vid][$term->tid] = $term->tid;
    $found_count++;
    }
    // If the counts don't match, some terms are invalid or not accessible to this user.
    if (count($term_list) != $found_count) {
    return blogapi_error(t('Invalid categories submitted.'));
    }
    }
    // Look up all the vocabularies for this node type.
    $result2 = db_query(db_rewrite_sql("SELECT v.vid, v.name, v.required, v.multiple FROM {vocabulary} v INNER JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE n.type = '%s'", 'v', 'vid'), $node->type);
    // Check each vocabulary associated with this node type.
    while ($vocabulary = db_fetch_object($result2)) {
    // Required vocabularies must have at least one term.
    if ($vocabulary->required && empty($found_terms[$vocabulary->vid])) {
    return blogapi_error(t('A category from the @vocabulary_name vocabulary is required.', array('@vocabulary_name' => $vocabulary->name)));
    }
    // Vocabularies that don't allow multiple terms may have at most one.
    if (!($vocabulary->multiple) && (isset($found_terms[$vocabulary->vid]) && count($found_terms[$vocabulary->vid]) > 1)) {
    return blogapi_error(t('You may only choose one category from the @vocabulary_name vocabulary.'), array('@vocabulary_name' => $vocabulary->name));
    }
    }
    }
    elseif (!empty($node->taxonomy)) {
    return blogapi_error(t('Error saving categories. This feature is not available.'));
    }
    return TRUE;
    }

    /**
    * Blogging API callback. Sends a list of available input formats.
    */
    function blogapi_mt_supported_text_filters() {
    // NOTE: we're only using anonymous' formats because the MT spec
    // does not allow for per-user formats.
    $formats = filter_formats();

    $filters = array();
    foreach ($formats as $format) {
    $filter['key'] = $format->format;
    $filter['label'] = $format->name;
    $filters[] = $filter;
    }

    return $filters;
    }

    /**
    * Blogging API callback. Publishes the given node
    */
    function blogapi_mt_publish_post($postid, $username, $password) {
    $user = blogapi_validate_user($username, $password);
    if (!$user->uid) {
    return blogapi_error($user);
    }
    $node = node_load($postid);
    if (!$node) {
    return blogapi_error(t('Invalid post.'));
    }

    // Nothing needs to be done if already published.
    if ($node->status) {
    return;
    }

    if (!node_access('update', $node) || !user_access('administer nodes')) {
    return blogapi_error(t('You do not have permission to update this post.'));
    }

    $node->status = 1;
    node_save($node);

    return TRUE;
    }

    /**
    * Prepare an error message for returning to the XMLRPC caller.
    */
    function blogapi_error($message) {
    static $xmlrpcusererr;
    if (!is_array($message)) {
    $message = array($message);
    }

    $message = implode(' ', $message);

    return xmlrpc_error($xmlrpcusererr + 1, strip_tags($message));
    }

    /**
    * Ensure that the given user has permission to edit a blog.
    */
    function blogapi_validate_user($username, $password) {
    global $user;

    $user = user_authenticate(array('name' => $username, 'pass' => $password));

    if ($user->uid) {
    if (user_access('administer content with blog api', $user)) {
    return $user;
    }
    else {
    return t('You do not have permission to edit this blog.');
    }
    }
    else {
    return t('Wrong username or password.');
    }
    }

    /**
    * For the blogger API, extract the node title from the contents field.
    */
    function blogapi_blogger_title(&$contents) {
    if (eregi('<title>([^<]*)</title>', $contents, $title)) {
    $title = strip_tags($title[0]);
    $contents = ereg_replace('<title>[^<]*</title>', '', $contents);
    }
    else {
    list($title, $contents) = explode("\n", $contents, 2);
    }
    return $title;
    }

    function blogapi_admin_settings() {
    $node_types = array_map('check_plain', node_get_types('names'));
    $defaults = isset($node_types['blog']) ? array('blog' => 1) : array();
    $form['blogapi_node_types'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Enable for external blogging clients'),
    '#required' => TRUE,
    '#default_value' => variable_get('blogapi_node_types', $defaults),
    '#options' => $node_types,
    '#description' => t('Select the content types available to external blogging clients via Blog API. If supported, each enabled content type will be displayed as a separate "blog" by the external client. <strong>BM: hacked to support "post" type with Posterous.</strong>')
    );

    $blogapi_extensions_default = variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');
    $blogapi_uploadsize_default = variable_get('blogapi_uploadsize_default', 1);
    $blogapi_usersize_default = variable_get('blogapi_usersize_default', 1);

    $form['settings_general'] = array(
    '#type' => 'fieldset',
    '#title' => t('File settings'),
    '#collapsible' => TRUE,
    );

    $form['settings_general']['blogapi_extensions_default'] = array(
    '#type' => 'textfield',
    '#title' => t('Default permitted file extensions'),
    '#default_value' => $blogapi_extensions_default,
    '#maxlength' => 255,
    '#description' => t('Default extensions that users can upload. Separate extensions with a space and do not include the leading dot.'),
    );

    $form['settings_general']['blogapi_uploadsize_default'] = array(
    '#type' => 'textfield',
    '#title' => t('Default maximum file size per upload'),
    '#default_value' => $blogapi_uploadsize_default,
    '#size' => 5,
    '#maxlength' => 5,
    '#description' => t('The default maximum file size a user can upload.'),
    '#field_suffix' => t('MB')
    );

    $form['settings_general']['blogapi_usersize_default'] = array(
    '#type' => 'textfield',
    '#title' => t('Default total file size per user'),
    '#default_value' => $blogapi_usersize_default,
    '#size' => 5,
    '#maxlength' => 5,
    '#description' => t('The default maximum size of all files a user can have on the site.'),
    '#field_suffix' => t('MB')
    );

    $form['settings_general']['upload_max_size'] = array('#value' => '<p>'. t('Your PHP settings limit the maximum file size per upload to %size.', array('%size' => format_size(file_upload_max_size()))).'</p>');

    $roles = user_roles(0, 'administer content with blog api');
    $form['roles'] = array('#type' => 'value', '#value' => $roles);

    foreach ($roles as $rid => $role) {
    $form['settings_role_'. $rid] = array(
    '#type' => 'fieldset',
    '#title' => t('Settings for @role', array('@role' => $role)),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
    );
    $form['settings_role_'. $rid]['blogapi_extensions_'. $rid] = array(
    '#type' => 'textfield',
    '#title' => t('Permitted file extensions'),
    '#default_value' => variable_get('blogapi_extensions_'. $rid, $blogapi_extensions_default),
    '#maxlength' => 255,
    '#description' => t('Extensions that users in this role can upload. Separate extensions with a space and do not include the leading dot.'),
    );
    $form['settings_role_'. $rid]['blogapi_uploadsize_'. $rid] = array(
    '#type' => 'textfield',
    '#title' => t('Maximum file size per upload'),
    '#default_value' => variable_get('blogapi_uploadsize_'. $rid, $blogapi_uploadsize_default),
    '#size' => 5,
    '#maxlength' => 5,
    '#description' => t('The maximum size of a file a user can upload (in megabytes).'),
    );
    $form['settings_role_'. $rid]['blogapi_usersize_'. $rid] = array(
    '#type' => 'textfield',
    '#title' => t('Total file size per user'),
    '#default_value' => variable_get('blogapi_usersize_'. $rid, $blogapi_usersize_default),
    '#size' => 5,
    '#maxlength' => 5,
    '#description' => t('The maximum size of all files a user can have on the site (in megabytes).'),
    );
    }

    return system_settings_form($form);
    }

    function blogapi_menu() {
    $items['blogapi/rsd'] = array(
    'title' => 'RSD',
    'page callback' => 'blogapi_rsd',
    'access arguments' => array('access content'),
    'type' => MENU_CALLBACK,
    );
    $items['admin/settings/blogapi'] = array(
    'title' => 'Blog API',
    'description' => 'Configure the content types available to external blogging clients.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('blogapi_admin_settings'),
    'access arguments' => array('administer site configuration'),
    'type' => MENU_NORMAL_ITEM,
    );

    return $items;
    }

    function blogapi_init() {
    if (drupal_is_front_page()) {
    drupal_add_link(array('rel' => 'EditURI',
    'type' => 'application/rsd+xml',
    'title' => t('RSD'),
    'href' => url('blogapi/rsd', array('absolute' => TRUE))));
    }
    }

    function blogapi_rsd() {
    global $base_url;

    $xmlrpc = $base_url .'/xmlrpc.php';
    $base = url('', array('absolute' => TRUE));
    $blogid = 1; # until we figure out how to handle multiple bloggers

    drupal_set_header('Content-Type: application/rsd+xml; charset=utf-8');
    print <<<__RSD__
    <?xml version="1.0"?>
    <rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
    <service>
    <engineName>Drupal</engineName>
    <engineLink>http://drupal.org/</engineLink>
    <homePageLink>$base</homePageLink>
    <apis>
    <api name="MetaWeblog" preferred="false" apiLink="$xmlrpc" blogID="$blogid" />
    <api name="Blogger" preferred="false" apiLink="$xmlrpc" blogID="$blogid" />
    <api name="MovableType" preferred="true" apiLink="$xmlrpc" blogID="$blogid" />
    </apis>
    </service>
    </rsd>
    __RSD__;
    }

    /**
    * Handles extra information sent by clients according to MovableType's spec.
    */
    function _blogapi_mt_extra(&$node, $struct) {
    if (is_array($node)) {
    $was_array = TRUE;
    $node = (object)$node;
    }

    // mt_allow_comments
    if (array_key_exists('mt_allow_comments', $struct)) {
    switch ($struct['mt_allow_comments']) {
    case 0:
    $node->comment = COMMENT_NODE_DISABLED;
    break;
    case 1:
    $node->comment = COMMENT_NODE_READ_WRITE;
    break;
    case 2:
    $node->comment = COMMENT_NODE_READ_ONLY;
    break;
    }
    }

    // merge the 3 body sections (description, mt_excerpt, mt_text_more) into
    // one body
    if ($struct['mt_excerpt']) {
    $node->body = $struct['mt_excerpt'] .'<!--break-->'. $node->body;
    }
    if ($struct['mt_text_more']) {
    $node->body = $node->body .'<!--extended-->'. $struct['mt_text_more'];
    }

    // mt_convert_breaks
    if ($struct['mt_convert_breaks']) {
    $node->format = $struct['mt_convert_breaks'];
    }

    // dateCreated
    if ($struct['dateCreated']) {
    $node->date = format_date(mktime($struct['dateCreated']->hour, $struct['dateCreated']->minute, $struct['dateCreated']->second, $struct['dateCreated']->month, $struct['dateCreated']->day, $struct['dateCreated']->year), 'custom', 'Y-m-d H:i:s O');
    }

    if ($was_array) {
    $node = (array)$node;
    }
    }

    function _blogapi_get_post($node, $bodies = TRUE) {
    $xmlrpcval = array(
    'userid' => $node->name,
    'dateCreated' => xmlrpc_date($node->created),
    'title' => $node->title,
    'postid' => $node->nid,
    'link' => url('node/'. $node->nid, array('absolute' => TRUE)),
    'permaLink' => url('node/'. $node->nid, array('absolute' => TRUE)),
    );
    if ($bodies) {
    if ($node->comment == 1) {
    $comment = 2;
    }
    else if ($node->comment == 2) {
    $comment = 1;
    }
    $xmlrpcval['content'] = "<title>$node->title</title>$node->body";
    $xmlrpcval['description'] = $node->body;
    // Add MT specific fields
    $xmlrpcval['mt_allow_comments'] = (int) $comment;
    $xmlrpcval['mt_convert_breaks'] = $node->format;
    }

    return $xmlrpcval;
    }

    /**
    * Validate blog ID, which maps to a content type in Drupal.
    *
    * Only content types configured to work with Blog API are supported.
    *
    * @return
    * TRUE if the content type is supported and the user has permission
    * to post, or a blogapi_error() XML construct otherwise.
    */
    function _blogapi_validate_blogid($blogid) {
    $types = _blogapi_get_node_types();
    // BM: for posterous, I have to tell them that Blog is available
    $types[] = 'blog';
    if (in_array($blogid, $types, TRUE)) {
    return TRUE;
    }
    return blogapi_error(t("Blog API module is not configured to support the %type content type, or you don't have sufficient permissions to post this type of content.", array('%type' => $blogid)));
    }

    function _blogapi_get_node_types() {
    $available_types = array_keys(array_filter(variable_get('blogapi_node_types', array('blog' => 1))));
    $types = array();
    foreach (node_get_types() as $type => $name) {
    if (node_access('create', $type) && in_array($type, $available_types)) {
    $types[] = $type;
    }
    }

    return $types;
    }

    function _blogapi_space_used($uid) {
    return db_result(db_query('SELECT SUM(filesize) FROM {blogapi_files} f WHERE f.uid = %d', $uid));
    }