David A. Windham
david
/
lychee
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 145c3f5147
Branches Tags
lychee
/
php
/
index.php

index.php 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. <?php
    2. 

  2. 

  3. ###
    4. 

  4. # @name			API
    5. 

  5. # @author		Tobias Reich
    6. 

  6. # @copyright	2015 by Tobias Reich
    7. 

  7. ###
    8. 

  8. 

  9. namespace Lychee;
    10. 

  10. 

  11. use Lychee\Modules\Config;
    12. 

  12. use Lychee\Modules\Settings;
    13. 

  13. 

  14. use Lychee\Access\Installation;
    15. 

  15. use Lychee\Access\Admin;
    16. 

  16. use Lychee\Access\Guest;
    17. 

  17. 

  18. require(__DIR__ . '/define.php');
    19. 

  19. require(__DIR__ . '/autoload.php');
    20. 

  20. 

  21. require(__DIR__ . '/helpers/fastImageCopyResampled.php');
    22. 

  22. require(__DIR__ . '/helpers/getExtension.php');
    23. 

  23. require(__DIR__ . '/helpers/getGraphHeader.php');
    24. 

  24. require(__DIR__ . '/helpers/getHashedString.php');
    25. 

  25. require(__DIR__ . '/helpers/hasPermissions.php');
    26. 

  26. require(__DIR__ . '/helpers/search.php');
    27. 

  27. 

  28. # Define the called function
    29. 

  29. if (isset($_POST['function']))		$fn = $_POST['function'];
    30. 

  30. else if (isset($_GET['function']))	$fn = $_GET['function'];
    31. 

  31. else								$fn = null;
    32. 

  32. 

  33. # Check if a function has been specified
    34. 

  34. if (!empty($fn)) {
    35. 

  35. 

  36. 	# Start the session and set the default timezone
    37. 

  37. 	session_start();
    38. 

  38. 	date_default_timezone_set('UTC');
    39. 

  39. 

  40. 	# Validate parameters
    41. 

  41. 	if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1)	exit('Error: Wrong parameter type for albumIDs!');
    42. 

  42. 	if (isset($_POST['photoIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['photoIDs'])!==1)	exit('Error: Wrong parameter type for photoIDs!');
    43. 

  43. 	if (isset($_POST['albumID'])&&preg_match('/^[0-9sfr]{1,}$/', $_POST['albumID'])!==1)	exit('Error: Wrong parameter type for albumID!');
    44. 

  44. 	if (isset($_POST['photoID'])&&preg_match('/^[0-9]{14}$/', $_POST['photoID'])!==1)		exit('Error: Wrong parameter type for photoID!');
    45. 

  45. 

  46. 	# Check if a configuration exists
    47. 

  47. 	if (Config::exists()===false) {
    48. 

  48. 

  49. 		###
    50. 

  50. 		# Installation Access
    51. 

  51. 		# Limited access to configure Lychee. Only available when the config.php file is missing.
    52. 

  52. 		###
    53. 

  53. 

  54. 		$installation = new Installation();
    55. 

  55. 		$installation->check($fn);
    56. 

  56. 

  57. 		exit();
    58. 

  58. 

  59. 	}
    60. 

  60. 

  61. 	# Check if user is logged
    62. 

  62. 	if ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
    63. 

  63. 		(isset($_SESSION['identifier'])&&$_SESSION['identifier']===Settings::get()['identifier'])) {
    64. 

  64. 

  65. 		###
    66. 

  66. 		# Admin Access
    67. 

  67. 		# Full access to Lychee. Only with correct password/session.
    68. 

  68. 		###
    69. 

  69. 

  70. 		$admin = new Admin();
    71. 

  71. 		$admin->check($fn);
    72. 

  72. 

  73. 		exit();
    74. 

  74. 

  75. 	}
    76. 

  76. 

  77. 	###
    78. 

  78. 	# Guest Access
    79. 

  79. 	# Access to view all public folders and photos in Lychee.
    80. 

  80. 	###
    81. 

  81. 

  82. 	$guest = new Guest();
    83. 

  83. 	$guest->check($fn);
    84. 

  84. 

  85. } else {
    86. 

  86. 

  87. 	exit('Error: No API function specified!');
    88. 

  88. 

  89. }
    90. 

  90. 

  91. ?>
    92.