New api object

php/api.php

@@ -53,10 +53,6 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
 	$plugins = explode(';', $settings['plugins']);
 	$plugins = new Plugins($plugins, $database, $settings);
 
-	# Escape
-	foreach(array_keys($_POST) as $key)	$_POST[$key] = urldecode($_POST[$key]);
-	foreach(array_keys($_GET) as $key)	$_GET[$key] = urldecode($_GET[$key]);
-
 	# Validate parameters
 	if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1)	exit('Error: Wrong parameter type for albumIDs!');
 	if (isset($_POST['photoIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['photoIDs'])!==1)	exit('Error: Wrong parameter type for photoIDs!');

src/scripts/album.js

@@ -42,8 +42,12 @@ album.load = function(albumID, refresh) {
 
 		startTime = new Date().getTime();
 
-		params = 'getAlbum&albumID=' + albumID + '&password=' + password.value;
-		lychee.api(params, function(data) {
+		params = {
+			albumID,
+			password: password.value
+		}
+
+		api.post('getAlbum', params, function(data) {
 
 			if (data==='Warning: Album private!') {
 				if (document.location.hash.replace('#', '').split('/')[1]!=undefined) {
@@ -103,15 +107,20 @@ album.add = function() {
 
 	action = function(data) {
 
-		var params,
-			isNumber = function(n) { return !isNaN(parseFloat(n)) && isFinite(n) };
+		var isNumber,
+			title = data.title;
 
 		basicModal.close();
 
-		if (data.title.length===0) data.title = 'Untitled';
+		isNumber = function(n) {
+
+			return !isNaN(parseFloat(n)) && isFinite(n)
 
-		params = 'addAlbum&title=' + escape(encodeURI(data.title));
-		lychee.api(params, function(data) {
+		}
+
+		if (title.length===0) title = 'Untitled';
+
+		api.post('addAlbum', { title }, function(data) {
 
 			// Avoid first album to be true
 			if (data===true) data = 1;
@@ -159,8 +168,11 @@ album.delete = function(albumIDs) {
 
 		basicModal.close();
 
-		params = 'deleteAlbum&albumIDs=' + albumIDs;
-		lychee.api(params, function(data) {
+		params = {
+			albumIDs: albumIDs.join()
+		}
+
+		api.post('deleteAlbum', params, function(data) {
 
 			if (visible.albums()) {
 
@@ -280,8 +292,12 @@ album.setTitle = function(albumIDs) {
 
 		}
 
-		params = 'setAlbumTitle&albumIDs=' + albumIDs + '&title=' + escape(encodeURI(newTitle));
-		lychee.api(params, function(data) {
+		params = {
+			albumIDs: albumIDs.join(),
+			title: newTitle
+		}
+
+		api.post('setAlbumTitle', params, function(data) {
 
 			if (data!==true) lychee.error(null, params, data);
 
@@ -310,7 +326,7 @@ album.setTitle = function(albumIDs) {
 
 }
 
-album.setDescription = function(photoID) {
+album.setDescription = function(albumID) {
 
 	var oldDescription = album.json.description.replace("'", '''),
 		action;
@@ -330,8 +346,12 @@ album.setDescription = function(photoID) {
 			view.album.description();
 		}
 
-		params = 'setAlbumDescription&albumID=' + photoID + '&description=' + escape(encodeURI(description));
-		lychee.api(params, function(data) {
+		params = {
+			albumID,
+			description
+		}
+
+		api.post('setAlbumDescription', params, function(data) {
 
 			if (data!==true) lychee.error(null, params, data);
 
@@ -459,8 +479,14 @@ album.setPublic = function(albumID, e) {
 
 	}
 
-	params = 'setAlbumPublic&albumID=' + albumID + '&password=' + password + '&visible=' + listed + '&downloadable=' + downloadable;
-	lychee.api(params, function(data) {
+	params = {
+		albumID,
+		password,
+		visible: listed,
+		downloadable
+	}
+
+	api.post('setAlbumPublic', params, function(data) {
 
 		if (data!==true) lychee.error(null, params, data);
 
@@ -495,7 +521,7 @@ album.share = function(service) {
 album.getArchive = function(albumID) {
 
 	var link,
-		url = 'php/api.php?function=getAlbumArchive&albumID=' + albumID;
+		url = api.path + '?function=getAlbumArchive&albumID=' + albumID;
 
 	if (location.href.indexOf('index.html')>0)	link = location.href.replace(location.hash, '').replace('index.html', url);
 	else										link = location.href.replace(location.hash, '') + url;

src/scripts/albums.js

@@ -22,7 +22,7 @@ albums.load = function() {
 
 	if (albums.json===null) {
 
-		lychee.api('getAlbums', function(data) {
+		api.post('getAlbums', {}, function(data) {
 
 			/* Smart Albums */
 			data.unsortedAlbum = {

src/scripts/api.js

@@ -0,0 +1,63 @@
+/**
+ * @description	This module communicates with Lychee's API
+ * @copyright	2015 by Tobias Reich
+ */
+
+api = {
+
+	path: 'php/api.php'
+
+}
+
+api.post = function(fn, params, callback) {
+
+	var success,
+		error;
+
+	loadingBar.show();
+
+	params =  $.extend({function: fn}, params);
+
+	success = function(data) {
+
+		setTimeout(function() { loadingBar.hide() }, 100);
+
+		// Catch errors
+		if (typeof data==='string'&&
+			data.substring(0, 7)==='Error: ') {
+				lychee.error(data.substring(7, data.length), params, data);
+				return false;
+		}
+
+		// Convert 1 to true and an empty string to false
+		if (data==='1')		data = true;
+		else if (data==='')	data = false;
+
+		// Convert to JSON if string start with '{' and ends with '}'
+		if (typeof data==='string'&&
+			data.substring(0, 1)==='{'&&
+			data.substring(data.length-1, data.length)==='}') data = $.parseJSON(data);
+
+		// Output response when debug mode is enabled
+		if (lychee.debugMode) console.log(data);
+
+		callback(data);
+
+	}
+
+	error = function(jqXHR, textStatus, errorThrown) {
+
+		lychee.error('Server error or API not found.', params, errorThrown);
+
+	}
+
+	$.ajax({
+		type: 'POST',
+		url: api.path,
+		data: params,
+		dataType: 'text',
+		success,
+		error
+	});
+
+}

src/scripts/contextMenu.js

@@ -75,7 +75,7 @@ contextMenu.albumTitle = function(albumID, e) {
 		{ type: 'item', title: build.iconic('pencil') + 'Rename', fn: function() { album.setTitle([albumID]) } }
 	];
 
-	lychee.api('getAlbums', function(data) {
+	api.post('getAlbums', {}, function(data) {
 
 		if (data.num!==0) {
 
@@ -176,7 +176,7 @@ contextMenu.move = function(photoIDs, e) {
 
 	}
 
-	lychee.api('getAlbums', function(data) {
+	api.post('getAlbums', {}, function(data) {
 
 		if (data.num===0) {
 

src/scripts/lychee.js

@@ -9,7 +9,6 @@ lychee = {
 	version:		'3.0.0',
 	version_code:	'030000',
 
-	api_path:		'php/api.php',
 	update_path:	'http://lychee.electerious.com/version/index.php',
 	updateURL:		'https://github.com/electerious/Lychee',
 	website:		'http://lychee.electerious.com',
@@ -37,8 +36,11 @@ lychee.init = function() {
 
 	var params;
 
-	params = 'init&version=' + lychee.version_code;
-	lychee.api(params, function(data) {
+	params = {
+		version: lychee.version_code
+	}
+
+	api.post('init', params, function(data) {
 
 		if (data.loggedIn!==true) {
 			lychee.setMode('public');
@@ -71,58 +73,18 @@ lychee.init = function() {
 
 }
 
-lychee.api = function(params, callback) {
-
-	loadingBar.show();
-
-	$.ajax({
-		type: 'POST',
-		url: lychee.api_path,
-		data: 'function=' + params,
-		dataType: 'text',
-		success: function(data) {
-
-			setTimeout(function() { loadingBar.hide() }, 100);
-
-			// Catch errors
-			if (typeof data==='string'&&
-				data.substring(0, 7)==='Error: ') {
-					lychee.error(data.substring(7, data.length), params, data);
-					return false;
-			}
-
-			// Convert 1 to true and an empty string to false
-			if (data==='1')		data = true;
-			else if (data==='')	data = false;
-
-			// Convert to JSON if string start with '{' and ends with '}'
-			if (typeof data==='string'&&
-				data.substring(0, 1)==='{'&&
-				data.substring(data.length-1, data.length)==='}') data = $.parseJSON(data);
-
-			// Output response when debug mode is enabled
-			if (lychee.debugMode) console.log(data);
-
-			callback(data);
-
-		},
-		error: function(jqXHR, textStatus, errorThrown) {
-
-			lychee.error('Server error or API not found.', params, errorThrown);
-
-		}
-	});
-
-}
-
 lychee.login = function(data) {
 
 	var user		= data.username,
 		password	= md5(data.password),
 		params;
 
-	params = 'login&user=' + user + '&password=' + password;
-	lychee.api(params, function(data) {
+	params = {
+		user,
+		password
+	}
+
+	api.post('login', params, function(data) {
 
 		if (data===true) {
 
@@ -184,7 +146,7 @@ lychee.loginDialog = function() {
 
 lychee.logout = function() {
 
-	lychee.api('logout', function() {
+	api.post('logout', {}, function() {
 		window.location.reload();
 	});
 

src/scripts/password.js

@@ -31,8 +31,13 @@ password.get = function(albumID, callback) {
 	} else {
 
 		// Check password
-		params = 'checkAlbumAccess&albumID=' + albumID + '&password=' + md5(passwd);
-		lychee.api(params, function(data) {
+
+		params = {
+			albumID,
+			password: md5(passwd)
+		}
+
+		api.post('checkAlbumAccess', params, function(data) {
 
 			if (data===true) {
 				basicModal.close();

src/scripts/photo.js

@@ -27,8 +27,13 @@ photo.load = function(photoID, albumID) {
 	var params,
 		checkPasswd;
 
-	params = 'getPhoto&photoID=' + photoID + '&albumID=' + albumID + '&password=' + password.value;
-	lychee.api(params, function(data) {
+	params = {
+		photoID,
+		albumID,
+		password: password.value
+	}
+
+	api.post('getPhoto', params, function(data) {
 
 		if (data==='Warning: Wrong password!') {
 			checkPasswd = function() {
@@ -156,8 +161,11 @@ photo.duplicate = function(photoIDs) {
 
 	albums.refresh();
 
-	params = 'duplicatePhoto&photoIDs=' + photoIDs;
-	lychee.api(params, function(data) {
+	params = {
+		photoIDs: photoIDs.join()
+	}
+
+	api.post('duplicatePhoto', params, function(data) {
 
 		if (data!==true) lychee.error(null, params, data);
 		else album.load(album.getID());
@@ -220,8 +228,11 @@ photo.delete = function(photoIDs) {
 		if (visible.photo()&&nextPhoto!==''&&nextPhoto!==photo.getID()) lychee.goto(album.getID() + '/' + nextPhoto);
 		else if (!visible.albums()) lychee.goto(album.getID());
 
-		params = 'deletePhoto&photoIDs=' + photoIDs;
-		lychee.api(params, function(data) {
+		params = {
+			photoIDs: photoIDs.join()
+		}
+
+		api.post('deletePhoto', params, function(data) {
 
 			if (data!==true) lychee.error(null, params, data);
 
@@ -299,8 +310,12 @@ photo.setTitle = function(photoIDs) {
 			view.album.content.title(id);
 		});
 
-		params = 'setPhotoTitle&photoIDs=' + photoIDs + '&title=' + escape(encodeURI(newTitle));
-		lychee.api(params, function(data) {
+		params = {
+			photoIDs: photoIDs.join(),
+			title: newTitle
+		}
+
+		api.post('setPhotoTitle', params, function(data) {
 
 			if (data!==true) lychee.error(null, params, data);
 
@@ -359,8 +374,12 @@ photo.setAlbum = function(photoIDs, albumID) {
 
 	albums.refresh();
 
-	params = 'setPhotoAlbum&photoIDs=' + photoIDs + '&albumID=' + albumID;
-	lychee.api(params, function(data) {
+	params = {
+		photoIDs: photoIDs.join(),
+		albumID
+	}
+
+	api.post('setPhotoAlbum', params, function(data) {
 
 		if (data!==true) lychee.error(null, params, data);
 
@@ -385,8 +404,11 @@ photo.setStar = function(photoIDs) {
 
 	albums.refresh();
 
-	params = 'setPhotoStar&photoIDs=' + photoIDs;
-	lychee.api(params, function(data) {
+	params = {
+		photoIDs: photoIDs.join()
+	}
+
+	api.post('setPhotoStar', params, function(data) {
 
 		if (data!==true) lychee.error(null, params, data);
 
@@ -396,8 +418,6 @@ photo.setStar = function(photoIDs) {
 
 photo.setPublic = function(photoID, e) {
 
-	var params;
-
 	if (photo.json.public==2) {
 
 		var action;
@@ -440,8 +460,7 @@ photo.setPublic = function(photoID, e) {
 
 	albums.refresh();
 
-	params = 'setPhotoPublic&photoID=' + photoID;
-	lychee.api(params, function(data) {
+	api.post('setPhotoPublic', { photoID }, function(data) {
 
 		if (data!==true) lychee.error(null, params, data);
 
@@ -469,8 +488,12 @@ photo.setDescription = function(photoID) {
 			view.photo.description();
 		}
 
-		params = 'setPhotoDescription&photoID=' + photoID + '&description=' + escape(encodeURI(description));
-		lychee.api(params, function(data) {
+		params = {
+			photoID,
+			description
+		}
+
+		api.post('setPhotoDescription', params, function(data) {
 
 			if (data!==true) lychee.error(null, params, data);
 
@@ -569,8 +592,12 @@ photo.setTags = function(photoIDs, tags) {
 		album.json.content[id].tags = tags;
 	});
 
-	params = 'setPhotoTags&photoIDs=' + photoIDs + '&tags=' + tags;
-	lychee.api(params, function(data) {
+	params = {
+		photoIDs: photoIDs.join(),
+		tags
+	}
+
+	api.post('setPhotoTags', params, function(data) {
 
 		if (data!==true) lychee.error(null, params, data);
 
@@ -666,7 +693,7 @@ photo.getSize = function() {
 photo.getArchive = function(photoID) {
 
 	var link,
-		url = 'php/api.php?function=getPhotoArchive&photoID=' + photoID;
+		url = api.path + '?function=getPhotoArchive&photoID=' + photoID;
 
 	if (location.href.indexOf('index.html')>0)	link = location.href.replace(location.hash, '').replace('index.html', url);
 	else										link = location.href.replace(location.hash, '') + url;

src/scripts/search.js

@@ -11,8 +11,7 @@ search = {
 
 search.find = function(term) {
 
-	var params,
-		albumsData = '',
+	var albumsData = '',
 		photosData = '',
 		code;
 
@@ -21,8 +20,7 @@ search.find = function(term) {
 
 		if ($('#search').val().length!==0) {
 
-			params = 'search&term=' + term;
-			lychee.api(params, function(data) {
+			api.post('search', { term }, function(data) {
 
 				// Build albums
 				if (data&&data.albums) {

src/scripts/settings.js

@@ -22,8 +22,15 @@ settings.createConfig = function() {
 		if (dbHost.length<1) dbHost = 'localhost';
 		if (dbName.length<1) dbName = 'lychee';
 
-		params = 'dbCreateConfig&dbName=' + escape(dbName) + '&dbUser=' + escape(dbUser) + '&dbPassword=' + escape(dbPassword) + '&dbHost=' + escape(dbHost) + '&dbTablePrefix=' + escape(dbTablePrefix);
-		lychee.api(params, function(data) {
+		params = {
+			dbName,
+			dbUser,
+			dbPassword,
+			dbHost,
+			dbTablePrefix
+		}
+
+		api.post('dbCreateConfig', params, function(data) {
 
 			if (data!==true) {
 
@@ -152,7 +159,13 @@ settings.createLogin = function() {
 		basicModal.close();
 
 		params = 'setLogin&username=' + escape(username) + '&password=' + md5(password);
-		lychee.api(params, function(data) {
+
+		params = {
+			username,
+			password: md5(password)
+		}
+
+		api.post('setLogin', params, function(data) {
 
 			if (data!==true) {
 
@@ -221,8 +234,13 @@ settings.setLogin = function() {
 
 		basicModal.close();
 
-		params = 'setLogin&oldPassword=' + md5(oldPassword) + '&username=' + escape(username) + '&password=' + md5(password);
-		lychee.api(params, function(data) {
+		params = {
+			oldPassword: md5(oldPassword),
+			username,
+			password: md5(password)
+		}
+
+		api.post('setLogin', params, function(data) {
 
 			if (data!==true) lychee.error(null, params, data);
 
@@ -274,8 +292,12 @@ settings.setSorting = function() {
 		basicModal.close();
 		albums.refresh();
 
-		params = 'setSorting&type=' + sorting[0] + '&order=' + sorting[1];
-		lychee.api(params, function(data) {
+		params = {
+			type: sorting[0],
+			order: sorting[1]
+		}
+
+		api.post('setSorting', params, function(data) {
 
 			if (data===true) {
 				lychee.sorting = 'ORDER BY ' + sorting[0] + ' ' + sorting[1];
@@ -339,8 +361,7 @@ settings.setDropboxKey = function(callback) {
 
 	action = function(data) {
 
-		var params,
-			key = data.key;
+		var key = data.key;
 
 		if (data.key.length<1) {
 			basicModal.error('key');
@@ -349,8 +370,7 @@ settings.setDropboxKey = function(callback) {
 
 		basicModal.close();
 
-		params = 'setDropboxKey&key=' + key;
-		lychee.api(params, function(data) {
+		api.post('setDropboxKey', { key }, function(data) {
 
 			if (data===true) {
 				lychee.dropboxKey = key;

src/scripts/upload.js

@@ -111,7 +111,7 @@ upload.start = {
 				formData.append('tags', '');
 				formData.append(0, file);
 
-				xhr.open('POST', lychee.api_path);
+				xhr.open('POST', api.path);
 
 				xhr.onload = function() {
 
@@ -267,8 +267,12 @@ upload.start = {
 
 					$('.basicModal .rows .row .status').html('Importing');
 
-					params = 'importUrl&url=' + escape(encodeURI(data.link)) + '&albumID=' + albumID;
-					lychee.api(params, function(data) {
+					params = {
+						url: data.link,
+						albumID
+					}
+
+					api.post('importUrl', params, function(data) {
 
 						basicModal.close();
 						upload.notify('Import complete');
@@ -326,8 +330,12 @@ upload.start = {
 
 				$('.basicModal .rows .row .status').html('Importing');
 
-				params = 'importServer&albumID=' + albumID + '&path=' + escape(encodeURI(data.path));
-				lychee.api(params, function(data) {
+				params = {
+					albumID,
+					path: data.path
+				}
+
+				api.post('importServer', params, function(data) {
 
 					basicModal.close();
 					upload.notify('Import complete');
@@ -397,8 +405,12 @@ upload.start = {
 
 				$('.basicModal .rows .row .status').html('Importing');
 
-				params = 'importUrl&url=' + escape(links) + '&albumID=' + albumID;
-				lychee.api(params, function(data) {
+				params = {
+					url: links,
+					albumID
+				}
+
+				api.post('importUrl', params, function(data) {
 
 					basicModal.close();
 					upload.notify('Import complete');