David A. Windham
david
/
lychee
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 1.2
Branches Tags
lychee
/
php
/
api.php

api.php 5.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @name        api.php
    5. 

  5.  * @author      Philipp Maurer
    6. 

  6.  * @author      Tobias Reich
    7. 

  7.  * @copyright   2013 by Philipp Maurer, Tobias Reich
    8. 

  8.  */
    9. 

  9. 

  10. if (floatval(phpversion())<5.2) die('Please upgrade to PHP 5.2 or higher!');
    11. 

  11. 

  12. if (!empty($_POST['function'])||!empty($_GET['function'])) {
    13. 

  13. 

  14. 	session_start();
    15. 

  15. 	define('LYCHEE', true);
    16. 

  16. 

  17. 	require('config.php');
    18. 

  18. 	require('functions.php');
    19. 

  19. 

  20. 	// Security
    21. 

  21. 	if (isset($_POST['albumID'])&&($_POST['albumID']==''||$_POST['albumID']<0)) exit('Wrong parameter type for albumID!');
    22. 

  22. 	if (isset($_POST['photoID'])&&$_POST['photoID']=='') exit('Wrong parameter type for photoID!');
    23. 

  23. 

  24. 	//Connect to DB
    25. 

  25. 	$database = dbConnect();
    26. 

  26. 

  27. 	if (isset($_SESSION['login'])&&$_SESSION['login']==true) {
    28. 

  28. 

  29. 		/**
    30. 

  30. 		 * Admin Mode
    31. 

  31. 		 * Full access to Lychee. Only with correct password.
    32. 

  32. 		 */
    33. 

  33. 

  34. 		// Album Functions
    35. 

  35. 		if ($_POST['function']=='getAlbums') echo json_encode(getAlbums(false));
    36. 

  36. 		if ($_POST['function']=='getSmartInfo') echo json_encode(getSmartInfo());
    37. 

  37. 		if ($_POST['function']=='addAlbum'&&isset($_POST['title'])) echo addAlbum($_POST['title']);
    38. 

  38. 		if ($_POST['function']=='getAlbumInfo'&&isset($_POST['albumID'])) echo json_encode(getAlbumInfo($_POST['albumID']));
    39. 

  39. 		if ($_POST['function']=='setAlbumTitle'&&isset($_POST['albumID'])&&isset($_POST['title'])) echo setAlbumTitle($_POST['albumID'], $_POST['title']);
    40. 

  40. 		if ($_POST['function']=='setAlbumPublic'&&isset($_POST['albumID'])) echo setAlbumPublic($_POST['albumID']);
    41. 

  41. 		if ($_POST['function']=='setAlbumPassword'&&isset($_POST['albumID'])&&isset($_POST['password'])) echo setAlbumPassword($_POST['albumID'], $_POST['password']);
    42. 

  42. 		if ($_POST['function']=='deleteAlbum'&&isset($_POST['albumID'])&&isset($_POST['delAll'])) echo deleteAlbum($_POST['albumID'], $_POST['delAll']);
    43. 

  43. 		if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID'])) getAlbumArchive($_GET['albumID']);
    44. 

  44. 

  45. 		// Photo Functions
    46. 

  46. 		if ($_POST['function']=='getPhotos'&&isset($_POST['albumID'])) echo json_encode(getPhotos($_POST['albumID']));
    47. 

  47. 		if ($_POST['function']=='getPhotoInfo'&&isset($_POST['photoID'])) echo json_encode(getPhotoInfo($_POST['photoID']));
    48. 

  48. 		if ($_POST['function']=='getShortlink'&&isset($_POST['photoID'])) echo getShortlink($_POST['photoID']);
    49. 

  49. 		if ($_POST['function']=='setAlbum'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo setAlbum($_POST['photoID'], $_POST['albumID']);
    50. 

  50. 		if ($_POST['function']=='deletePhoto'&&isset($_POST['photoID'])) echo deletePhoto($_POST['photoID']);
    51. 

  51. 		if ($_POST['function']=='setPhotoTitle'&&isset($_POST['photoID'])&&isset($_POST['title'])) echo setPhotoTitle($_POST['photoID'], $_POST['title']);
    52. 

  52. 		if ($_POST['function']=='setPhotoStar'&&isset($_POST['photoID'])) echo setPhotoStar($_POST['photoID']);
    53. 

  53. 		if ($_POST['function']=='setPhotoPublic'&&isset($_POST['photoID'])&&isset($_POST['url'])) echo setPhotoPublic($_POST['photoID'], $_POST['url']);
    54. 

  54. 		if ($_POST['function']=='setPhotoDescription'&&isset($_POST['photoID'])&&isset($_POST['description'])) echo setPhotoDescription($_POST['photoID'], $_POST['description']);
    55. 

  55. 		if ($_POST['function']=='previousPhoto'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo json_encode(previousPhoto($_POST['photoID'], $_POST['albumID'], false));
    56. 

  56. 		if ($_POST['function']=='nextPhoto'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo json_encode(nextPhoto($_POST['photoID'], $_POST['albumID'], false));
    57. 

  57. 

  58.         // Add Function
    59. 

  59. 		if ($_POST['function']=='upload'&&isset($_FILES)&&isset($_POST['albumID'])) echo upload($_FILES, $_POST['albumID']);
    60. 

  60. 		if ($_POST['function']=='importUrl'&&isset($_POST['url'])&&isset($_POST['albumID'])) echo importUrl($_POST['url'], $_POST['albumID']);
    61. 

  61. 

  62. 		// Search Function
    63. 

  63. 		if ($_POST['function']=='search'&&isset($_POST['term'])) echo json_encode(search($_POST['term']));
    64. 

  64. 

  65. 		// Session Functions
    66. 

  66. 		if ($_POST['function']=='init') echo json_encode(init('admin'));
    67. 

  67. 		if ($_POST['function']=='login') echo login($_POST['user'], $_POST['password']);
    68. 

  68. 		if ($_POST['function']=='logout') logout();
    69. 

  69. 

  70. 	} else {
    71. 

  71. 

  72. 		/**
    73. 

  73. 		 * Public Mode
    74. 

  74. 		 * Access to view all public folders and photos in Lychee.
    75. 

  75. 		 */
    76. 

  76. 

  77. 		// Album Functions
    78. 

  78. 		if ($_POST['function']=='getAlbums') echo json_encode(getAlbums(true));
    79. 

  79. 		if ($_POST['function']=='getAlbumInfo'&&isset($_POST['albumID'])&&isset($_POST['password'])&&isAlbumPublic($_POST['albumID'], $_POST['password'])) echo json_encode(getAlbumInfo($_POST['albumID']));
    80. 

  80. 

  81. 		// Photo Functions
    82. 

  82. 		if ($_POST['function']=='getPhotos') {
    83. 

  83. 			if (isset($_POST['albumID'])&&isset($_POST['password'])&&isAlbumPublic($_POST['albumID'], $_POST['password'])) echo json_encode(getPhotos($_POST['albumID']));
    84. 

  84. 			else echo json_encode('HTTP/1.1 403 Wrong password!');
    85. 

  85. 		}
    86. 

  86. 

  87. 		if ($_POST['function']=='getPhotoInfo') {
    88. 

  88. 			if (isset($_POST['photoID'])&&isset($_POST['password'])&&isPhotoPublic($_POST['photoID'], $_POST['password'])) echo json_encode(getPhotoInfo($_POST['photoID']));
    89. 

  89. 			else echo json_encode('HTTP/1.1 403 Wrong password!');
    90. 

  90. 		}
    91. 

  91. 

  92. 		if ($_POST['function']=='previousPhoto'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo json_encode(previousPhoto($_POST['photoID'], $_POST['albumID'], false));
    93. 

  93. 		if ($_POST['function']=='nextPhoto'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo json_encode(nextPhoto($_POST['photoID'], $_POST['albumID'], false));
    94. 

  94. 

  95. 		// Session Functions
    96. 

  96. 		if ($_POST['function']=='init') echo json_encode(init('public'));
    97. 

  97. 		if ($_POST['function']=='login') echo login($_POST['user'], $_POST['password']);
    98. 

  98. 

  99. 	}
    100. 

  100. 

  101. } else {
    102. 

  102. 

  103. 	header('HTTP/1.1 401 Unauthorized');
    104. 

  104. 	die('Error: No permission!');
    105. 

  105. 

  106. }
    107. 

  107. 

  108. ?>
    109.