David A. Windham
david
/
lychee
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 2abf49ac38
Branches Tags
lychee
/
php
/
api.php

api.php 5.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @name        api.php
    5. 

  5.  * @author      Philipp Maurer
    6. 

  6.  * @author      Tobias Reich
    7. 

  7.  * @copyright   2013 by Philipp Maurer, Tobias Reich
    8. 

  8.  */
    9. 

  9. 

  10. if (floatval(phpversion())<5.2) die('Please upgrade to PHP 5.2 or higher!');
    11. 

  11. 

  12. if (!empty($_POST['function'])||!empty($_GET['function'])) {
    13. 

  13. 

  14. 	session_start();
    15. 

  15. 	define('LYCHEE', true);
    16. 

  16. 

  17. 	require('config.php');
    18. 

  18. 	require('functions.php');
    19. 

  19. 

  20. 	// Security
    21. 

  21. 	if (isset($_POST['albumID'])&&($_POST['albumID']==''||$_POST['albumID']<0)) exit('Wrong parameter type for albumID!');
    22. 

  22. 	if (isset($_POST['photoID'])&&$_POST['photoID']=='') exit('Wrong parameter type for photoID!');
    23. 

  23. 

  24. 	//Connect to DB
    25. 

  25. 	$database = dbConnect();
    26. 

  26. 

  27. 	if (isset($_SESSION['login'])&&$_SESSION['login']==true) {
    28. 

  28. 

  29. 		/**
    30. 

  30. 		 * Admin Mode
    31. 

  31. 		 * Full access to Lychee. Only with correct password.
    32. 

  32. 		 */
    33. 

  33. 

  34. 		// Album Functions
    35. 

  35. 		if ($_POST['function']=='getAlbums') echo json_encode(getAlbums(false));
    36. 

  36. 		if ($_POST['function']=='getSmartInfo') echo json_encode(getSmartInfo());
    37. 

  37. 		if ($_POST['function']=='getAlbum'&&isset($_POST['albumID'])) echo json_encode(getAlbum($_POST['albumID']));
    38. 

  38. 		if ($_POST['function']=='addAlbum'&&isset($_POST['title'])) echo addAlbum($_POST['title']);
    39. 

  39. 		if ($_POST['function']=='setAlbumTitle'&&isset($_POST['albumID'])&&isset($_POST['title'])) echo setAlbumTitle($_POST['albumID'], $_POST['title']);
    40. 

  40. 		if ($_POST['function']=='setAlbumPublic'&&isset($_POST['albumID'])) echo setAlbumPublic($_POST['albumID'], $_POST['password']);
    41. 

  41. 		if ($_POST['function']=='setAlbumPassword'&&isset($_POST['albumID'])&&isset($_POST['password'])) echo setAlbumPassword($_POST['albumID'], $_POST['password']);
    42. 

  42. 		if ($_POST['function']=='deleteAlbum'&&isset($_POST['albumID'])&&isset($_POST['delAll'])) echo deleteAlbum($_POST['albumID'], $_POST['delAll']);
    43. 

  43. 		if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID'])) getAlbumArchive($_GET['albumID']);
    44. 

  44. 

  45. 		// Photo Functions
    46. 

  46. 		if ($_POST['function']=='getPhoto'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
    47. 

  47. 		if ($_POST['function']=='deletePhoto'&&isset($_POST['photoID'])) echo deletePhoto($_POST['photoID']);
    48. 

  48. 		if ($_POST['function']=='setAlbum'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo setAlbum($_POST['photoID'], $_POST['albumID']);
    49. 

  49. 		if ($_POST['function']=='setPhotoTitle'&&isset($_POST['photoID'])&&isset($_POST['title'])) echo setPhotoTitle($_POST['photoID'], $_POST['title']);
    50. 

  50. 		if ($_POST['function']=='setPhotoStar'&&isset($_POST['photoID'])) echo setPhotoStar($_POST['photoID']);
    51. 

  51. 		if ($_POST['function']=='setPhotoPublic'&&isset($_POST['photoID'])&&isset($_POST['url'])) echo setPhotoPublic($_POST['photoID'], $_POST['url']);
    52. 

  52. 		if ($_POST['function']=='setPhotoDescription'&&isset($_POST['photoID'])&&isset($_POST['description'])) echo setPhotoDescription($_POST['photoID'], $_POST['description']);
    53. 

  53. 

  54.         // Add Function
    55. 

  55. 		if ($_POST['function']=='upload'&&isset($_FILES)&&isset($_POST['albumID'])) echo upload($_FILES, $_POST['albumID']);
    56. 

  56. 		if ($_POST['function']=='importUrl'&&isset($_POST['url'])&&isset($_POST['albumID'])) echo importUrl($_POST['url'], $_POST['albumID']);
    57. 

  57. 

  58. 		// Search Function
    59. 

  59. 		if ($_POST['function']=='search'&&isset($_POST['term'])) echo json_encode(search($_POST['term']));
    60. 

  60. 

  61. 		// Session Functions
    62. 

  62. 		if ($_POST['function']=='init') echo json_encode(init('admin'));
    63. 

  63. 		if ($_POST['function']=='login') echo login($_POST['user'], $_POST['password']);
    64. 

  64. 		if ($_POST['function']=='logout') logout();
    65. 

  65. 

  66. 	} else {
    67. 

  67. 

  68. 		/**
    69. 

  69. 		 * Public Mode
    70. 

  70. 		 * Access to view all public folders and photos in Lychee.
    71. 

  71. 		 */
    72. 

  72. 

  73. 		// Album Functions
    74. 

  74. 		if ($_POST['function']=='getAlbums') echo json_encode(getAlbums(true));
    75. 

  75. 		if ($_POST['function']=='getAlbum'&&isset($_POST['albumID'])&&isset($_POST['password'])) {
    76. 

  76. 			if (isAlbumPublic($_POST['albumID'])) {
    77. 

  77. 				// Album Public
    78. 

  78. 				if (checkAlbumPassword($_POST['albumID'], $_POST['password'])) echo json_encode(getAlbum($_POST['albumID']));
    79. 

  79. 				else echo json_encode('HTTP/1.1 403 Wrong password!');
    80. 

  80. 			} else {
    81. 

  81. 				// Album Private
    82. 

  82. 				echo json_encode('HTTP/1.1 403 Album private!');
    83. 

  83. 			}
    84. 

  84. 		}
    85. 

  85. 		if ($_POST['function']=='checkAlbumAccess'&&isset($_POST['albumID'])&&isset($_POST['password'])) {
    86. 

  86. 			if (isAlbumPublic($_POST['albumID'])) {
    87. 

  87. 				// Album Public
    88. 

  88. 				if (checkAlbumPassword($_POST['albumID'], $_POST['password'])) echo true;
    89. 

  89. 				else echo false;
    90. 

  90. 			} else {
    91. 

  91. 				// Album Private
    92. 

  92. 				echo false;
    93. 

  93. 			}
    94. 

  94. 		}
    95. 

  95. 

  96. 		// Photo Functions
    97. 

  97. 		if ($_POST['function']=='getPhoto'&&isset($_POST['photoID'])&&isset($_POST['albumID'])&&isset($_POST['password'])) {
    98. 

  98. 			if (isPhotoPublic($_POST['photoID'], $_POST['password'])) echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
    99. 

  99. 			else echo json_encode('HTTP/1.1 403 Wrong password!');
    100. 

  100. 		}
    101. 

  101. 

  102. 		// Session Functions
    103. 

  103. 		if ($_POST['function']=='init') echo json_encode(init('public'));
    104. 

  104. 		if ($_POST['function']=='login') echo login($_POST['user'], $_POST['password']);
    105. 

  105. 

  106. 	}
    107. 

  107. 

  108. } else {
    109. 

  109. 

  110. 	header('HTTP/1.1 401 Unauthorized');
    111. 

  111. 	die('Error: No permission!');
    112. 

  112. 

  113. }
    114. 

  114. 

  115. ?>
    116.