api.php 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328
  1. <?php
  2. /**
  3. * @name API
  4. * @author Philipp Maurer
  5. * @author Tobias Reich
  6. * @copyright 2014 by Philipp Maurer, Tobias Reich
  7. */
  8. @ini_set('max_execution_time', '200');
  9. @ini_set('post_max_size', '200M');
  10. @ini_set('upload_max_size', '200M');
  11. @ini_set('upload_max_filesize', '20M');
  12. @ini_set('max_file_uploads', '100');
  13. if (!empty($_POST['function'])||!empty($_GET['function'])) {
  14. session_start();
  15. define('LYCHEE', true);
  16. require('modules/db.php');
  17. require('modules/session.php');
  18. require('modules/settings.php');
  19. require('modules/upload.php');
  20. require('modules/album.php');
  21. require('modules/photo.php');
  22. require('modules/tags.php');
  23. require('modules/misc.php');
  24. if (file_exists('config.php')) require('config.php');
  25. else {
  26. /**
  27. * Installation Mode
  28. * Limited access to configure Lychee. Only available when the config.php file is missing.
  29. */
  30. switch ($_POST['function']) {
  31. case 'createConfig': if (isset($_POST['dbHost'])&&isset($_POST['dbUser'])&&isset($_POST['dbPassword'])&&isset($_POST['dbName']))
  32. echo createConfig($_POST['dbHost'], $_POST['dbUser'], $_POST['dbPassword'], $_POST['dbName']);
  33. break;
  34. default: echo 'Warning: No configuration!';
  35. break;
  36. }
  37. exit();
  38. }
  39. // Connect to DB
  40. $database = dbConnect();
  41. // Get Settings
  42. $settings = getSettings();
  43. // Escape
  44. foreach(array_keys($_POST) as $key) $_POST[$key] = mysqli_real_escape_string($database, urldecode($_POST[$key]));
  45. foreach(array_keys($_GET) as $key) $_GET[$key] = mysqli_real_escape_string($database, urldecode($_GET[$key]));
  46. // Validate parameters
  47. if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1) exit('Error: Wrong parameter type for albumIDs!');
  48. if (isset($_POST['photoIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['photoIDs'])!==1) exit('Error: Wrong parameter type for photoIDs!');
  49. if (isset($_POST['albumID'])&&preg_match('/^[0-9sf]{1,}$/', $_POST['albumID'])!==1) exit('Error: Wrong parameter type for albumID!');
  50. if (isset($_POST['photoID'])&&preg_match('/^[0-9]{14}$/', $_POST['photoID'])!==1) exit('Error: Wrong parameter type for photoID!');
  51. if (isset($_SESSION['login'])&&$_SESSION['login']==true) {
  52. /**
  53. * Admin Mode
  54. * Full access to Lychee. Only with correct password/session.
  55. */
  56. switch ($_POST['function']) {
  57. // Album Functions
  58. case 'getAlbums': echo json_encode(getAlbums(false));
  59. break;
  60. case 'getAlbum': if (isset($_POST['albumID']))
  61. echo json_encode(getAlbum($_POST['albumID']));
  62. break;
  63. case 'addAlbum': if (isset($_POST['title']))
  64. echo addAlbum($_POST['title']);
  65. break;
  66. case 'setAlbumTitle': if (isset($_POST['albumIDs'])&&isset($_POST['title']))
  67. echo setAlbumTitle($_POST['albumIDs'], $_POST['title']);
  68. break;
  69. case 'setAlbumDescription': if (isset($_POST['albumID'])&&isset($_POST['description']))
  70. echo setAlbumDescription($_POST['albumID'], $_POST['description']);
  71. break;
  72. case 'setAlbumPublic': if (isset($_POST['albumID']))
  73. if (!isset($_POST['password'])) $_POST['password'] = '';
  74. echo setAlbumPublic($_POST['albumID'], $_POST['password']);
  75. break;
  76. case 'setAlbumPassword':if (isset($_POST['albumID'])&&isset($_POST['password']))
  77. echo setAlbumPassword($_POST['albumID'], $_POST['password']);
  78. break;
  79. case 'deleteAlbum': if (isset($_POST['albumIDs']))
  80. echo deleteAlbum($_POST['albumIDs']);
  81. break;
  82. // Photo Functions
  83. case 'getPhoto': if (isset($_POST['photoID'])&&isset($_POST['albumID']))
  84. echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
  85. break;
  86. case 'deletePhoto': if (isset($_POST['photoIDs']))
  87. echo deletePhoto($_POST['photoIDs']);
  88. break;
  89. case 'setAlbum': if (isset($_POST['photoIDs'])&&isset($_POST['albumID']))
  90. echo setAlbum($_POST['photoIDs'], $_POST['albumID']);
  91. break;
  92. case 'setPhotoTitle': if (isset($_POST['photoIDs'])&&isset($_POST['title']))
  93. echo setPhotoTitle($_POST['photoIDs'], $_POST['title']);
  94. break;
  95. case 'setPhotoStar': if (isset($_POST['photoIDs']))
  96. echo setPhotoStar($_POST['photoIDs']);
  97. break;
  98. case 'setPhotoPublic': if (isset($_POST['photoID'])&&isset($_POST['url']))
  99. echo setPhotoPublic($_POST['photoID'], $_POST['url']);
  100. break;
  101. case 'setPhotoDescription': if (isset($_POST['photoID'])&&isset($_POST['description']))
  102. echo setPhotoDescription($_POST['photoID'], $_POST['description']);
  103. break;
  104. // Add Functions
  105. case 'upload': if (isset($_FILES)&&isset($_POST['albumID']))
  106. echo upload($_FILES, $_POST['albumID']);
  107. break;
  108. case 'importUrl': if (isset($_POST['url'])&&isset($_POST['albumID']))
  109. echo importUrl($_POST['url'], $_POST['albumID']);
  110. break;
  111. case 'importServer': if (isset($_POST['albumID']))
  112. echo importServer($_POST['albumID']);
  113. break;
  114. // Search Function
  115. case 'search': if (isset($_POST['term']))
  116. echo json_encode(search($_POST['term']));
  117. break;
  118. // Tag Functions
  119. case 'getTags': if (isset($_POST['photoID']))
  120. echo json_encode(getTags($_POST['photoID']));
  121. break;
  122. case 'setTags': if (isset($_POST['photoIDs'])&&isset($_POST['tags']))
  123. echo setTags($_POST['photoIDs'], $_POST['tags']);
  124. break;
  125. // Session Function
  126. case 'init': echo json_encode(init('admin'));
  127. break;
  128. case 'login': if (isset($_POST['user'])&&isset($_POST['password']))
  129. echo login($_POST['user'], $_POST['password']);
  130. break;
  131. case 'logout': logout();
  132. break;
  133. // Settings
  134. case 'setLogin': if (isset($_POST['username'])&&isset($_POST['password']))
  135. if (!isset($_POST['oldPassword'])) $_POST['oldPassword'] = '';
  136. echo setLogin($_POST['oldPassword'], $_POST['username'], $_POST['password']);
  137. break;
  138. case 'setSorting': if (isset($_POST['type'])&&isset($_POST['order']))
  139. echo setSorting($_POST['type'], $_POST['order']);
  140. break;
  141. // Miscellaneous
  142. case 'update': echo update();
  143. default: if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID']))
  144. // Album Download
  145. getAlbumArchive($_GET['albumID']);
  146. else if (isset($_GET['function'])&&$_GET['function']=='getPhotoArchive'&&isset($_GET['photoID']))
  147. // Photo Download
  148. getPhotoArchive($_GET['photoID']);
  149. else if (isset($_GET['function'])&&$_GET['function']=='update')
  150. // Update Lychee
  151. echo update();
  152. else
  153. // Function unknown
  154. exit('Error: Function not found! Please check the spelling of the called function.');
  155. break;
  156. }
  157. } else {
  158. /**
  159. * Public Mode
  160. * Access to view all public folders and photos in Lychee.
  161. */
  162. switch ($_POST['function']) {
  163. // Album Functions
  164. case 'getAlbums': echo json_encode(getAlbums(true));
  165. break;
  166. case 'getAlbum': if (isset($_POST['albumID'])&&isset($_POST['password'])) {
  167. if (isAlbumPublic($_POST['albumID'])) {
  168. // Album Public
  169. if (checkAlbumPassword($_POST['albumID'], $_POST['password']))
  170. echo json_encode(getAlbum($_POST['albumID']));
  171. else
  172. echo 'Warning: Wrong password!';
  173. } else {
  174. // Album Private
  175. echo 'Warning: Album private!';
  176. }
  177. }
  178. break;
  179. case 'checkAlbumAccess':if (isset($_POST['albumID'])&&isset($_POST['password'])) {
  180. if (isAlbumPublic($_POST['albumID'])) {
  181. // Album Public
  182. if (checkAlbumPassword($_POST['albumID'], $_POST['password']))
  183. echo true;
  184. else
  185. echo false;
  186. } else {
  187. // Album Private
  188. echo false;
  189. }
  190. }
  191. break;
  192. // Photo Functions
  193. case 'getPhoto': if (isset($_POST['photoID'])&&isset($_POST['albumID'])&&isset($_POST['password'])) {
  194. if (isPhotoPublic($_POST['photoID'], $_POST['password']))
  195. echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
  196. else
  197. echo 'Warning: Wrong password!';
  198. }
  199. break;
  200. // Session Functions
  201. case 'init': echo json_encode(init('public'));
  202. break;
  203. case 'login': if (isset($_POST['user'])&&isset($_POST['password']))
  204. echo login($_POST['user'], $_POST['password']);
  205. break;
  206. // Miscellaneous
  207. default: if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID'])&&isset($_GET['password'])) {
  208. // Album Download
  209. if (isAlbumPublic($_GET['albumID'])) {
  210. // Album Public
  211. if (checkAlbumPassword($_GET['albumID'], $_GET['password']))
  212. getAlbumArchive($_GET['albumID']);
  213. else
  214. exit('Warning: Wrong password!');
  215. } else {
  216. // Album Private
  217. exit('Warning: Album private or not downloadable!');
  218. }
  219. } else if (isset($_GET['function'])&&$_GET['function']=='getPhotoArchive'&&isset($_GET['photoID'])&&isset($_GET['password'])) {
  220. // Photo Download
  221. if (isPhotoPublic($_GET['photoID'], $_GET['password']))
  222. // Photo Public
  223. getPhotoArchive($_GET['photoID']);
  224. else
  225. // Photo Private
  226. exit('Warning: Photo private or not downloadable!');
  227. } else {
  228. // Function unknown
  229. exit('Error: Function not found! Please check the spelling of the called function.');
  230. }
  231. break;
  232. }
  233. }
  234. } else {
  235. exit('Error: No permission!');
  236. }
  237. ?>