Prevent download of deleted albums/photos, added code documentation, fixed error when logged out and opening a private photo
This commit is contained in:
parent
06fba792b2
commit
e89676d6ee
@ -97,8 +97,11 @@ class Guest extends Access {
|
||||
Module::dependencies(isset($_POST['photoID'], $_POST['albumID'], $_POST['password']));
|
||||
$photo = new Photo($this->database, $this->plugins, null, $_POST['photoID']);
|
||||
|
||||
if ($photo->getPublic($_POST['password'])) echo json_encode($photo->get($_POST['albumID']));
|
||||
else echo 'Warning: Wrong password!';
|
||||
$pgP = $photo->getPublic($_POST['password']);
|
||||
|
||||
if ($pgP===2) echo json_encode($photo->get($_POST['albumID']));
|
||||
else if ($pgP===1) echo 'Warning: Wrong password!';
|
||||
else if ($pgP===0) echo 'Warning: Photo private!';
|
||||
|
||||
}
|
||||
|
||||
@ -155,8 +158,10 @@ class Guest extends Access {
|
||||
Module::dependencies(isset($_GET['photoID'], $_GET['password']));
|
||||
$photo = new Photo($this->database, $this->plugins, null, $_GET['photoID']);
|
||||
|
||||
$pgP = $photo->getPublic($_GET['password']);
|
||||
|
||||
# Photo Download
|
||||
if ($photo->getPublic($_GET['password'])) {
|
||||
if ($pgP===2) {
|
||||
|
||||
# Photo Public
|
||||
$photo->getArchive();
|
||||
@ -164,7 +169,7 @@ class Guest extends Access {
|
||||
} else {
|
||||
|
||||
# Photo Private
|
||||
exit('Warning: Photo private or not downloadable!');
|
||||
exit('Warning: Photo private or password incorrect!');
|
||||
|
||||
}
|
||||
|
||||
|
@ -368,11 +368,30 @@ class Album extends Module {
|
||||
$zipTitle = 'Unsorted';
|
||||
}
|
||||
|
||||
# Set title
|
||||
# Get title from database when album is not a SmartAlbum
|
||||
if ($this->albumIDs!=0&&is_numeric($this->albumIDs)) {
|
||||
|
||||
$query = Database::prepare($this->database, "SELECT title FROM ? WHERE id = '?' LIMIT 1", array(LYCHEE_TABLE_ALBUMS, $this->albumIDs));
|
||||
$album = $this->database->query($query);
|
||||
$zipTitle = $album->fetch_object()->title;
|
||||
|
||||
# Error in database query
|
||||
if (!$album) {
|
||||
Log::error($this->database, __METHOD__, __LINE__, $this->database->error);
|
||||
return false;
|
||||
}
|
||||
|
||||
# Fetch object
|
||||
$album = $album->fetch_object();
|
||||
|
||||
# Photo not found
|
||||
if ($album===null) {
|
||||
Log::error($this->database, __METHOD__, __LINE__, 'Album not found. Cannot start download.');
|
||||
return false;
|
||||
}
|
||||
|
||||
# Set title
|
||||
$zipTitle = $album->title;
|
||||
|
||||
}
|
||||
|
||||
# Escape title
|
||||
|
@ -571,6 +571,12 @@ class Photo extends Module {
|
||||
|
||||
public function get($albumID) {
|
||||
|
||||
# Functions returns data of a photo
|
||||
# Excepts the following:
|
||||
# (string) $albumID = Album which is currently visible to the user
|
||||
# Returns the following:
|
||||
# (array) $photo
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -596,9 +602,9 @@ class Photo extends Module {
|
||||
|
||||
if ($albumID!='false') {
|
||||
|
||||
# Show photo as public when parent album is public
|
||||
# Check if parent album is available and not photo not unsorted
|
||||
if ($photo['album']!=0) {
|
||||
# Only show photo as public when parent album is public
|
||||
# Check if parent album is not 'Unsorted'
|
||||
if ($photo['album']!=='0') {
|
||||
|
||||
# Get album
|
||||
$query = Database::prepare($this->database, "SELECT public FROM ? WHERE id = '?' LIMIT 1", array(LYCHEE_TABLE_ALBUMS, $photo['album']));
|
||||
@ -606,7 +612,7 @@ class Photo extends Module {
|
||||
$album = $albums->fetch_assoc();
|
||||
|
||||
# Parse album
|
||||
$photo['public'] = ($album['public']=='1' ? '2' : $photo['public']);
|
||||
$photo['public'] = ($album['public']==='1' ? '2' : $photo['public']);
|
||||
|
||||
}
|
||||
|
||||
@ -624,6 +630,12 @@ class Photo extends Module {
|
||||
|
||||
public function getInfo($url) {
|
||||
|
||||
# Functions returns information and metadata of a photo
|
||||
# Excepts the following:
|
||||
# (string) $url = Path to photo-file
|
||||
# Returns the following:
|
||||
# (array) $return
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $url));
|
||||
|
||||
@ -726,6 +738,11 @@ class Photo extends Module {
|
||||
|
||||
public function getArchive() {
|
||||
|
||||
# Functions starts a download of a photo
|
||||
# Returns the following:
|
||||
# (boolean + output) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -737,6 +754,18 @@ class Photo extends Module {
|
||||
$photos = $this->database->query($query);
|
||||
$photo = $photos->fetch_object();
|
||||
|
||||
# Error in database query
|
||||
if (!$photos) {
|
||||
Log::error($this->database, __METHOD__, __LINE__, $this->database->error);
|
||||
return false;
|
||||
}
|
||||
|
||||
# Photo not found
|
||||
if ($photo===null) {
|
||||
Log::error($this->database, __METHOD__, __LINE__, 'Album not found. Cannot start download.');
|
||||
return false;
|
||||
}
|
||||
|
||||
# Get extension
|
||||
$extension = getExtension($photo->url);
|
||||
if ($extension===false) {
|
||||
@ -773,6 +802,13 @@ class Photo extends Module {
|
||||
|
||||
public function setTitle($title) {
|
||||
|
||||
# Functions sets the title of a photo
|
||||
# Excepts the following:
|
||||
# (string) $title = Title with a maximum length of 50 chars
|
||||
# Returns the following:
|
||||
# (boolean) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -799,6 +835,13 @@ class Photo extends Module {
|
||||
|
||||
public function setDescription($description) {
|
||||
|
||||
# Functions sets the description of a photo
|
||||
# Excepts the following:
|
||||
# (string) $description = Description with a maximum length of 1000 chars
|
||||
# Returns the following:
|
||||
# (boolean) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -826,6 +869,11 @@ class Photo extends Module {
|
||||
|
||||
public function setStar() {
|
||||
|
||||
# Functions stars a photo
|
||||
# Returns the following:
|
||||
# (boolean) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -865,6 +913,12 @@ class Photo extends Module {
|
||||
|
||||
public function getPublic($password) {
|
||||
|
||||
# Functions checks if photo or parent album is public
|
||||
# Returns the following:
|
||||
# (int) 0 = Photo private and parent album private
|
||||
# (int) 1 = Album public, but password incorrect
|
||||
# (int) 2 = Photo public or album public and password correct
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -877,23 +931,41 @@ class Photo extends Module {
|
||||
$photo = $photos->fetch_object();
|
||||
|
||||
# Check if public
|
||||
if ($photo->public==1) return true;
|
||||
else {
|
||||
if ($photo->public==='1') {
|
||||
|
||||
# Photo public
|
||||
return 2;
|
||||
|
||||
} else {
|
||||
|
||||
# Check if album public
|
||||
$album = new Album($this->database, null, null, $photo->album);
|
||||
$acP = $album->checkPassword($password);
|
||||
$agP = $album->getPublic();
|
||||
if ($acP===true&&$agP===true) return true;
|
||||
$acP = $album->checkPassword($password);
|
||||
|
||||
# Album public and password correct
|
||||
if ($agP===true&&$acP===true) return 2;
|
||||
|
||||
# Album public, but password incorrect
|
||||
if ($agP===true&&$acP===false) return 1;
|
||||
|
||||
}
|
||||
|
||||
# Call plugins
|
||||
$this->plugins(__METHOD__, 1, func_get_args());
|
||||
|
||||
return false;
|
||||
# Photo private
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
public function setPublic() {
|
||||
|
||||
# Functions toggles the public property of a photo
|
||||
# Returns the following:
|
||||
# (boolean) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -925,6 +997,11 @@ class Photo extends Module {
|
||||
|
||||
function setAlbum($albumID) {
|
||||
|
||||
# Functions sets the parent album of a photo
|
||||
# Returns the following:
|
||||
# (boolean) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -948,6 +1025,13 @@ class Photo extends Module {
|
||||
|
||||
public function setTags($tags) {
|
||||
|
||||
# Functions sets the tags of a photo
|
||||
# Excepts the following:
|
||||
# (string) $tags = Comma separated list of tags with a maximum length of 1000 chars
|
||||
# Returns the following:
|
||||
# (boolean) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -979,6 +1063,11 @@ class Photo extends Module {
|
||||
|
||||
public function duplicate() {
|
||||
|
||||
# Functions duplicates a photo
|
||||
# Returns the following:
|
||||
# (boolean) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
@ -1017,6 +1106,11 @@ class Photo extends Module {
|
||||
|
||||
public function delete() {
|
||||
|
||||
# Functions deletes a photo with all its data and files
|
||||
# Returns the following:
|
||||
# (boolean) true = Success
|
||||
# (boolean) false = Failure
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->photoIDs));
|
||||
|
||||
|
@ -35,20 +35,27 @@ photo.load = function(photoID, albumID) {
|
||||
|
||||
api.post('Photo::get', params, function(data) {
|
||||
|
||||
if (data==='Warning: Photo private!') {
|
||||
lychee.content.show();
|
||||
lychee.goto('');
|
||||
return false;
|
||||
}
|
||||
|
||||
if (data==='Warning: Wrong password!') {
|
||||
checkPasswd = function() {
|
||||
if (password.value!=='') photo.load(photoID, albumID);
|
||||
else setTimeout(checkPasswd, 250);
|
||||
if (password.value!=='') photo.load(photoID, albumID);
|
||||
else setTimeout(checkPasswd, 250);
|
||||
};
|
||||
checkPasswd();
|
||||
return false;
|
||||
}
|
||||
|
||||
photo.json = data;
|
||||
|
||||
if (!visible.photo()) view.photo.show();
|
||||
view.photo.init();
|
||||
|
||||
lychee.imageview.show();
|
||||
|
||||
setTimeout(function() {
|
||||
lychee.content.show();
|
||||
//photo.preloadNext(photoID, albumID);
|
||||
|
Loading…
Reference in New Issue
Block a user