index.php 2.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. <?php
  2. /**
  3. * @author Tobias Reich
  4. * @copyright 2016 by Tobias Reich
  5. */
  6. namespace Lychee;
  7. use Lychee\Modules\Config;
  8. use Lychee\Modules\Response;
  9. use Lychee\Modules\Settings;
  10. use Lychee\Modules\Validator;
  11. use Lychee\Access\Installation;
  12. use Lychee\Access\Admin;
  13. use Lychee\Access\Guest;
  14. require(__DIR__ . '/define.php');
  15. require(__DIR__ . '/autoload.php');
  16. require(__DIR__ . '/helpers/fastImageCopyResampled.php');
  17. require(__DIR__ . '/helpers/getExtension.php');
  18. require(__DIR__ . '/helpers/getGraphHeader.php');
  19. require(__DIR__ . '/helpers/getHashedString.php');
  20. require(__DIR__ . '/helpers/hasPermissions.php');
  21. require(__DIR__ . '/helpers/search.php');
  22. // Define the called function
  23. if (isset($_POST['function'])) $fn = $_POST['function'];
  24. else if (isset($_GET['function'])) $fn = $_GET['function'];
  25. else $fn = null;
  26. // Check if a function has been specified
  27. if (!empty($fn)) {
  28. // Start the session and set the default timezone
  29. session_start();
  30. date_default_timezone_set('UTC');
  31. // Validate parameters
  32. if (isset($_POST['albumIDs'])&&Validator::isAlbumIDs($_POST['albumIDs'])===false) Response::error('Wrong parameter type for albumIDs!');
  33. if (isset($_POST['photoIDs'])&&Validator::isPhotoIDs($_POST['photoIDs'])===false) Response::error('Wrong parameter type for photoIDs!');
  34. if (isset($_POST['albumID'])&&Validator::isAlbumID($_POST['albumID'])==false) Response::error('Wrong parameter type for albumID!');
  35. if (isset($_POST['photoID'])&&Validator::isPhotoID($_POST['photoID'])==false) Response::error('Wrong parameter type for photoID!');
  36. // Check if a configuration exists
  37. if (Config::exists()===false) {
  38. /**
  39. * Installation Access
  40. * Limited access to configure Lychee. Only available when the config.php file is missing.
  41. */
  42. Installation::init($fn);
  43. exit();
  44. }
  45. // Check if user is logged
  46. if ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
  47. (isset($_SESSION['identifier'])&&$_SESSION['identifier']===Settings::get()['identifier'])) {
  48. /**
  49. * Admin Access
  50. * Full access to Lychee. Only with correct password/session.
  51. */
  52. Admin::init($fn);
  53. exit();
  54. } else {
  55. /**
  56. * Guest Access
  57. * Access to view all public folders and photos in Lychee.
  58. */
  59. Guest::init($fn);
  60. exit();
  61. }
  62. } else {
  63. Response::error('No API function specified!');
  64. }
  65. ?>