api.php 9.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
  1. <?php
  2. /**
  3. * @name API
  4. * @author Philipp Maurer
  5. * @author Tobias Reich
  6. * @copyright 2014 by Philipp Maurer, Tobias Reich
  7. */
  8. @ini_set('max_execution_time', '200');
  9. @ini_set('post_max_size', '200M');
  10. @ini_set('upload_max_size', '200M');
  11. @ini_set('upload_max_filesize', '20M');
  12. @ini_set('max_file_uploads', '100');
  13. if (!empty($_POST['function'])||!empty($_GET['function'])) {
  14. session_start();
  15. define('LYCHEE', true);
  16. require('modules/db.php');
  17. require('modules/session.php');
  18. require('modules/settings.php');
  19. require('modules/upload.php');
  20. require('modules/album.php');
  21. require('modules/photo.php');
  22. require('modules/misc.php');
  23. if (file_exists('config.php')) require('config.php');
  24. else {
  25. /**
  26. * Installation Mode
  27. * Limited access to configure Lychee. Only available when the config.php file is missing.
  28. */
  29. switch ($_POST['function']) {
  30. case 'createConfig': if (isset($_POST['dbHost'])&&isset($_POST['dbUser'])&&isset($_POST['dbPassword'])&&isset($_POST['dbName']))
  31. echo createConfig($_POST['dbHost'], $_POST['dbUser'], $_POST['dbPassword'], $_POST['dbName']);
  32. break;
  33. default: echo 'Warning: No configuration!';
  34. break;
  35. }
  36. exit();
  37. }
  38. // Connect to DB
  39. $database = dbConnect();
  40. // Get Settings
  41. $settings = getSettings();
  42. // Security
  43. if (isset($_POST['albumID'])&&($_POST['albumID']==''||$_POST['albumID']<0||$_POST['albumID']>10000)) exit('Error: Wrong parameter type for albumID!');
  44. if (isset($_POST['photoID'])&&$_POST['photoID']=='') exit('Error: Wrong parameter type for photoID!');
  45. foreach(array_keys($_POST) as $key) $_POST[$key] = mysqli_real_escape_string($database, urldecode($_POST[$key]));
  46. foreach(array_keys($_GET) as $key) $_GET[$key] = mysqli_real_escape_string($database, urldecode($_GET[$key]));
  47. if (isset($_SESSION['login'])&&$_SESSION['login']==true) {
  48. /**
  49. * Admin Mode
  50. * Full access to Lychee. Only with correct password/session.
  51. */
  52. switch ($_POST['function']) {
  53. // Album Functions
  54. case 'getAlbums': echo json_encode(getAlbums(false));
  55. break;
  56. case 'getAlbum': if (isset($_POST['albumID']))
  57. echo json_encode(getAlbum($_POST['albumID']));
  58. break;
  59. case 'addAlbum': if (isset($_POST['title']))
  60. echo addAlbum($_POST['title']);
  61. break;
  62. case 'setAlbumTitle': if (isset($_POST['albumID'])&&isset($_POST['title']))
  63. echo setAlbumTitle($_POST['albumID'], $_POST['title']);
  64. break;
  65. case 'setAlbumDescription': if (isset($_POST['albumID'])&&isset($_POST['description']))
  66. echo setAlbumDescription($_POST['albumID'], $_POST['description']);
  67. break;
  68. case 'setAlbumPublic': if (isset($_POST['albumID']))
  69. if (!isset($_POST['password'])) $_POST['password'] = '';
  70. echo setAlbumPublic($_POST['albumID'], $_POST['password']);
  71. break;
  72. case 'setAlbumPassword':if (isset($_POST['albumID'])&&isset($_POST['password']))
  73. echo setAlbumPassword($_POST['albumID'], $_POST['password']);
  74. break;
  75. case 'deleteAlbum': if (isset($_POST['albumID']))
  76. echo deleteAlbum($_POST['albumID']);
  77. break;
  78. // Photo Functions
  79. case 'getPhoto': if (isset($_POST['photoID'])&&isset($_POST['albumID']))
  80. echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
  81. break;
  82. case 'deletePhoto': if (isset($_POST['photoID']))
  83. echo deletePhoto($_POST['photoID']);
  84. break;
  85. case 'setAlbum': if (isset($_POST['photoID'])&&isset($_POST['albumID']))
  86. echo setAlbum($_POST['photoID'], $_POST['albumID']);
  87. break;
  88. case 'setPhotoTitle': if (isset($_POST['photoID'])&&isset($_POST['title']))
  89. echo setPhotoTitle($_POST['photoID'], $_POST['title']);
  90. break;
  91. case 'setPhotoStar': if (isset($_POST['photoID']))
  92. echo setPhotoStar($_POST['photoID']);
  93. break;
  94. case 'setPhotoPublic': if (isset($_POST['photoID'])&&isset($_POST['url']))
  95. echo setPhotoPublic($_POST['photoID'], $_POST['url']);
  96. break;
  97. case 'setPhotoDescription': if (isset($_POST['photoID'])&&isset($_POST['description']))
  98. echo setPhotoDescription($_POST['photoID'], $_POST['description']);
  99. break;
  100. // Add Functions
  101. case 'upload': if (isset($_FILES)&&isset($_POST['albumID']))
  102. echo upload($_FILES, $_POST['albumID']);
  103. break;
  104. case 'importUrl': if (isset($_POST['url'])&&isset($_POST['albumID']))
  105. echo importUrl($_POST['url'], $_POST['albumID']);
  106. break;
  107. case 'importServer': if (isset($_POST['albumID']))
  108. echo importServer($_POST['albumID']);
  109. break;
  110. // Search Function
  111. case 'search': if (isset($_POST['term']))
  112. echo json_encode(search($_POST['term']));
  113. break;
  114. // Session Function
  115. case 'init': echo json_encode(init('admin'));
  116. break;
  117. case 'login': if (isset($_POST['user'])&&isset($_POST['password']))
  118. echo login($_POST['user'], $_POST['password']);
  119. break;
  120. case 'logout': logout();
  121. break;
  122. // Settings
  123. case 'setLogin': if (isset($_POST['username'])&&isset($_POST['password']))
  124. if (!isset($_POST['oldPassword'])) $_POST['oldPassword'] = '';
  125. echo setLogin($_POST['oldPassword'], $_POST['username'], $_POST['password']);
  126. break;
  127. case 'setSorting': if (isset($_POST['type'])&&isset($_POST['order']))
  128. echo setSorting($_POST['type'], $_POST['order']);
  129. break;
  130. // Miscellaneous
  131. case 'update': echo update();
  132. default: if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID']))
  133. // Album Download
  134. getAlbumArchive($_GET['albumID']);
  135. else if (isset($_GET['function'])&&$_GET['function']=='getPhotoArchive'&&isset($_GET['photoID']))
  136. // Photo Download
  137. getPhotoArchive($_GET['photoID']);
  138. else if (isset($_GET['function'])&&$_GET['function']=='update')
  139. // Update Lychee
  140. echo update();
  141. else
  142. // Function unknown
  143. exit('Error: Function not found! Please check the spelling of the called function.');
  144. break;
  145. }
  146. } else {
  147. /**
  148. * Public Mode
  149. * Access to view all public folders and photos in Lychee.
  150. */
  151. switch ($_POST['function']) {
  152. // Album Functions
  153. case 'getAlbums': echo json_encode(getAlbums(true));
  154. break;
  155. case 'getAlbum': if (isset($_POST['albumID'])&&isset($_POST['password'])) {
  156. if (isAlbumPublic($_POST['albumID'])) {
  157. // Album Public
  158. if (checkAlbumPassword($_POST['albumID'], $_POST['password']))
  159. echo json_encode(getAlbum($_POST['albumID']));
  160. else
  161. echo 'Warning: Wrong password!';
  162. } else {
  163. // Album Private
  164. echo 'Warning: Album private!';
  165. }
  166. }
  167. break;
  168. case 'checkAlbumAccess':if (isset($_POST['albumID'])&&isset($_POST['password'])) {
  169. if (isAlbumPublic($_POST['albumID'])) {
  170. // Album Public
  171. if (checkAlbumPassword($_POST['albumID'], $_POST['password']))
  172. echo true;
  173. else
  174. echo false;
  175. } else {
  176. // Album Private
  177. echo false;
  178. }
  179. }
  180. break;
  181. // Photo Functions
  182. case 'getPhoto': if (isset($_POST['photoID'])&&isset($_POST['albumID'])&&isset($_POST['password'])) {
  183. if (isPhotoPublic($_POST['photoID'], $_POST['password']))
  184. echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
  185. else
  186. echo 'Warning: Wrong password!';
  187. }
  188. break;
  189. // Session Functions
  190. case 'init': echo json_encode(init('public'));
  191. break;
  192. case 'login': if (isset($_POST['user'])&&isset($_POST['password']))
  193. echo login($_POST['user'], $_POST['password']);
  194. break;
  195. // Miscellaneous
  196. default: if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID'])&&isset($_GET['password'])) {
  197. // Album Download
  198. if (isAlbumPublic($_GET['albumID'])) {
  199. // Album Public
  200. if (checkAlbumPassword($_GET['albumID'], $_GET['password']))
  201. getAlbumArchive($_GET['albumID']);
  202. else
  203. exit('Warning: Wrong password!');
  204. } else {
  205. // Album Private
  206. exit('Warning: Album private or not downloadable!');
  207. }
  208. } else if (isset($_GET['function'])&&$_GET['function']=='getPhotoArchive'&&isset($_GET['photoID'])&&isset($_GET['password'])) {
  209. // Photo Download
  210. if (isPhotoPublic($_GET['photoID'], $_GET['password']))
  211. // Photo Public
  212. getPhotoArchive($_GET['photoID']);
  213. else
  214. // Photo Private
  215. exit('Warning: Photo private or not downloadable!');
  216. } else {
  217. // Function unknown
  218. exit('Error: Function not found! Please check the spelling of the called function.');
  219. }
  220. break;
  221. }
  222. }
  223. } else {
  224. exit('Error: No permission!');
  225. }
  226. ?>