arno/lychee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rewritten Guest Access

Browse Source
This commit is contained in:
Tobias Reich 2014-04-30 10:56:04 +02:00
parent b246a9d1c2
commit fbe7be18c1
3 changed files with 174 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
php/access/guest.php
View File

@ -1,106 +0,0 @@
<?php
/**
* @name Guest Access (Public Mode)
* @author Tobias Reich
* @copyright 2014 by Tobias Reich
*/
if (!defined('LYCHEE')) exit('Error: Direct access is not allowed!');
if (!defined('LYCHEE_ACCESS_GUEST')) exit('Error: You are not allowed to access this area!');
switch ($_POST['function']) {
// Album Functions
case 'getAlbums': $album = new Album($database, $plugins, $settings, null);
echo json_encode($album->getAll(true));
break;
case 'getAlbum': Module::dependencies(isset($_POST['albumID'], $_POST['password']));
$album = new Album($database, $plugins, $settings, $_POST['albumID']);
if ($album->getPublic()) {
// Album Public
if ($album->checkPassword($_POST['password'])) echo json_encode($album->get());
else echo 'Warning: Wrong password!';
} else {
// Album Private
echo 'Warning: Album private!';
}
break;
case 'checkAlbumAccess':Module::dependencies(isset($_POST['albumID'], $_POST['password']));
$album = new Album($database, $plugins, $settings, $_POST['albumID']);
if ($album->getPublic()) {
// Album Public
if ($album->checkPassword($_POST['password'])) echo true;
else echo false;
} else {
// Album Private
echo false;
}
break;
// Photo Functions
case 'getPhoto': Module::dependencies(isset($_POST['photoID'], $_POST['albumID'], $_POST['password']));
$photo = new Photo($database, $plugins, null, $_POST['photoID']);
if ($photo->getPublic($_POST['password']))
echo json_encode($photo->get($_POST['albumID']));
else
echo 'Warning: Wrong password!';
break;
// Session Functions
case 'init': $session = new Session($plugins, $settings);
echo json_encode($session->init($database, $dbName, true, $_POST['version']));
break;
case 'login': Module::dependencies(isset($_POST['user'], $_POST['password']));
$session = new Session($plugins, $settings);
echo $session->login($_POST['user'], $_POST['password']);
break;
// Miscellaneous
default: switch ($_GET['function']) {
case 'getAlbumArchive': Module::dependencies(isset($_GET['albumID'], $_GET['password']));
$album = new Album($database, $plugins, $settings, $_GET['albumID']);
// Album Download
if ($album->getPublic()) {
// Album Public
if ($album->checkPassword($_GET['password'])) $album->getArchive();
else exit('Warning: Wrong password!');
} else {
// Album Private
exit('Warning: Album private or not downloadable!');
}
break;
case 'getPhotoArchive': Module::dependencies(isset($_GET['photoID'], $_GET['password']));
$photo = new Photo($database, $plugins, null, $_GET['photoID']);
// Photo Download
if ($photo->getPublic($_GET['password']))
// Photo Public
$photo->getArchive();
else
// Photo Private
exit('Warning: Photo private or not downloadable!');
break;
default: exit('Error: Function not found! Please check the spelling of the called function.');
break;
}
break;
}
?>

167
php/access/guest_foo.php Normal file
View File

@ -0,0 +1,167 @@
<?php
###
# @name Guest Access (Public Mode)
# @author Tobias Reich
# @copyright 2014 by Tobias Reich
###
if (!defined('LYCHEE')) exit('Error: Direct access is not allowed!');
if (!defined('LYCHEE_ACCESS_GUEST')) exit('Error: You are not allowed to access this area!');
class Guest extends Access {
public function check($fn) {
switch ($fn) {
# Album functions
case 'getAlbums': $this->getAlbums(); break;
case 'getAlbum': $this->getAlbum(); break;
case 'checkAlbumAccess': $this->checkAlbumAccess(); break;
# Photo functions
case 'getPhoto': $this->getPhoto(); break;
# Session functions
case 'init': $this->init(); break;
case 'login': $this->login(); break;
# $_GET functions
case 'getAlbumArchive': $this->getAlbumArchive(); break;
case 'getPhotoArchive': $this->getPhotoArchive(); break;
# Error
default: exit('Error: Function not found! Please check the spelling of the called function.'); break;
}
return true;
}
# Album functions
private function getAlbums() {
$album = new Album($this->database, $this->plugins, $this->settings, null);
echo json_encode($album->getAll(true));
}
private function getAlbum() {
Module::dependencies(isset($_POST['albumID'], $_POST['password']));
$album = new Album($this->database, $this->plugins, $this->settings, $_POST['albumID']);
if ($album->getPublic()) {
# Album public
if ($album->checkPassword($_POST['password'])) echo json_encode($album->get());
else echo 'Warning: Wrong password!';
} else {
# Album private
echo 'Warning: Album private!';
}
}
private function checkAlbumAccess() {
Module::dependencies(isset($_POST['albumID'], $_POST['password']));
$album = new Album($this->database, $this->plugins, $this->settings, $_POST['albumID']);
if ($album->getPublic()) {
# Album public
if ($album->checkPassword($_POST['password'])) echo true;
else echo false;
} else {
# Album private
echo false;
}
}
# Photo functions
private function getPhoto() {
Module::dependencies(isset($_POST['photoID'], $_POST['albumID'], $_POST['password']));
$photo = new Photo($this->database, $this->plugins, null, $_POST['photoID']);
if ($photo->getPublic($_POST['password'])) echo json_encode($photo->get($_POST['albumID']));
else echo 'Warning: Wrong password!';
}
# Session functions
private function init() {
global $dbName;
$session = new Session($this->plugins, $this->settings);
echo json_encode($session->init($this->database, $dbName, true, $_POST['version']));
}
private function login() {
Module::dependencies(isset($_POST['user'], $_POST['password']));
$session = new Session($this->plugins, $this->settings);
echo $session->login($_POST['user'], $_POST['password']);
}
# $_GET functions
private function getAlbumArchive() {
Module::dependencies(isset($_GET['albumID'], $_GET['password']));
$album = new Album($this->database, $this->plugins, $this->settings, $_GET['albumID']);
if ($album->getPublic()) {
# Album Public
if ($album->checkPassword($_GET['password'])) $album->getArchive();
else exit('Warning: Wrong password!');
} else {
# Album Private
exit('Warning: Album private or not downloadable!');
}
}
private function getPhotoArchive() {
Module::dependencies(isset($_GET['photoID'], $_GET['password']));
$photo = new Photo($this->database, $this->plugins, null, $_GET['photoID']);
# Photo Download
if ($photo->getPublic($_GET['password'])) {
# Photo Public
$photo->getArchive();
} else {
# Photo Private
exit('Warning: Photo private or not downloadable!');
}
}
}
?>

11
php/api.php
View File

@ -62,8 +62,8 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
if (isset($_POST['photoID'])&&preg_match('/^[0-9]{14}$/', $_POST['photoID'])!==1) exit('Error: Wrong parameter type for photoID!'); if (isset($_POST['photoID'])&&preg_match('/^[0-9]{14}$/', $_POST['photoID'])!==1) exit('Error: Wrong parameter type for photoID!');
# Fallback for switch statement # Fallback for switch statement
if (!isset($_POST['function'])) $_POST['function'] = ''; if (isset($_POST['function'])) $fn = $_POST['function'];
if (!isset($_GET['function'])) $_GET['function'] = ''; else $fn = $_GET['function'];
if (isset($_SESSION['login'])&&$_SESSION['login']==true) { if (isset($_SESSION['login'])&&$_SESSION['login']==true) {
@ -75,7 +75,7 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
define('LYCHEE_ACCESS_ADMIN', true); define('LYCHEE_ACCESS_ADMIN', true);
$admin = new Admin($database, $plugins, $settings); $admin = new Admin($database, $plugins, $settings);
$admin->check($_POST['function']); $admin->check($fn);
} else { } else {
@ -85,7 +85,10 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
### ###
define('LYCHEE_ACCESS_GUEST', true); define('LYCHEE_ACCESS_GUEST', true);
require(__DIR__ . '/access/guest.php'); require(__DIR__ . '/access/guest_foo.php');
$guest = new Guest($database, $plugins, $settings);
$guest->check($fn);
} }