<?php /** * @name API * @author Philipp Maurer * @author Tobias Reich * @copyright 2014 by Philipp Maurer, Tobias Reich */ @ini_set('max_execution_time', '200'); @ini_set('post_max_size', '200M'); @ini_set('upload_max_size', '200M'); @ini_set('upload_max_filesize', '20M'); @ini_set('max_file_uploads', '100'); if (!empty($_POST['function'])||!empty($_GET['function'])) { session_start(); define('LYCHEE', true); require('modules/db.php'); require('modules/session.php'); require('modules/settings.php'); require('modules/upload.php'); require('modules/album.php'); require('modules/photo.php'); require('modules/tags.php'); require('modules/misc.php'); if (file_exists('config.php')) require('config.php'); else { /** * Installation Mode * Limited access to configure Lychee. Only available when the config.php file is missing. */ switch ($_POST['function']) { case 'createConfig': if (isset($_POST['dbHost'])&&isset($_POST['dbUser'])&&isset($_POST['dbPassword'])&&isset($_POST['dbName'])) echo createConfig($_POST['dbHost'], $_POST['dbUser'], $_POST['dbPassword'], $_POST['dbName']); break; default: echo 'Warning: No configuration!'; break; } exit(); } // Connect to DB $database = dbConnect(); // Get Settings $settings = getSettings(); // Escape foreach(array_keys($_POST) as $key) $_POST[$key] = mysqli_real_escape_string($database, urldecode($_POST[$key])); foreach(array_keys($_GET) as $key) $_GET[$key] = mysqli_real_escape_string($database, urldecode($_GET[$key])); // Validate parameters if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1) exit('Error: Wrong parameter type for albumIDs!'); if (isset($_POST['photoIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['photoIDs'])!==1) exit('Error: Wrong parameter type for photoIDs!'); if (isset($_POST['albumID'])&&preg_match('/^[0-9sf]{1,}$/', $_POST['albumID'])!==1) exit('Error: Wrong parameter type for albumID!'); if (isset($_POST['photoID'])&&preg_match('/^[0-9]{14}$/', $_POST['photoID'])!==1) exit('Error: Wrong parameter type for photoID!'); if (isset($_SESSION['login'])&&$_SESSION['login']==true) { /** * Admin Mode * Full access to Lychee. Only with correct password/session. */ switch ($_POST['function']) { // Album Functions case 'getAlbums': echo json_encode(getAlbums(false)); break; case 'getAlbum': if (isset($_POST['albumID'])) echo json_encode(getAlbum($_POST['albumID'])); break; case 'addAlbum': if (isset($_POST['title'])) echo addAlbum($_POST['title']); break; case 'setAlbumTitle': if (isset($_POST['albumIDs'])&&isset($_POST['title'])) echo setAlbumTitle($_POST['albumIDs'], $_POST['title']); break; case 'setAlbumDescription': if (isset($_POST['albumID'])&&isset($_POST['description'])) echo setAlbumDescription($_POST['albumID'], $_POST['description']); break; case 'setAlbumPublic': if (isset($_POST['albumID'])) if (!isset($_POST['password'])) $_POST['password'] = ''; echo setAlbumPublic($_POST['albumID'], $_POST['password']); break; case 'setAlbumPassword':if (isset($_POST['albumID'])&&isset($_POST['password'])) echo setAlbumPassword($_POST['albumID'], $_POST['password']); break; case 'deleteAlbum': if (isset($_POST['albumIDs'])) echo deleteAlbum($_POST['albumIDs']); break; // Photo Functions case 'getPhoto': if (isset($_POST['photoID'])&&isset($_POST['albumID'])) echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID'])); break; case 'deletePhoto': if (isset($_POST['photoIDs'])) echo deletePhoto($_POST['photoIDs']); break; case 'setAlbum': if (isset($_POST['photoIDs'])&&isset($_POST['albumID'])) echo setAlbum($_POST['photoIDs'], $_POST['albumID']); break; case 'setPhotoTitle': if (isset($_POST['photoIDs'])&&isset($_POST['title'])) echo setPhotoTitle($_POST['photoIDs'], $_POST['title']); break; case 'setPhotoStar': if (isset($_POST['photoIDs'])) echo setPhotoStar($_POST['photoIDs']); break; case 'setPhotoPublic': if (isset($_POST['photoID'])&&isset($_POST['url'])) echo setPhotoPublic($_POST['photoID'], $_POST['url']); break; case 'setPhotoDescription': if (isset($_POST['photoID'])&&isset($_POST['description'])) echo setPhotoDescription($_POST['photoID'], $_POST['description']); break; // Add Functions case 'upload': if (isset($_FILES)&&isset($_POST['albumID'])) echo upload($_FILES, $_POST['albumID']); break; case 'importUrl': if (isset($_POST['url'])&&isset($_POST['albumID'])) echo importUrl($_POST['url'], $_POST['albumID']); break; case 'importServer': if (isset($_POST['albumID'])) echo importServer($_POST['albumID']); break; // Search Function case 'search': if (isset($_POST['term'])) echo json_encode(search($_POST['term'])); break; // Tag Functions case 'getTags': if (isset($_POST['photoID'])) echo json_encode(getTags($_POST['photoID'])); break; case 'setTags': if (isset($_POST['photoIDs'])&&isset($_POST['tags'])) echo setTags($_POST['photoIDs'], $_POST['tags']); break; // Session Function case 'init': echo json_encode(init('admin')); break; case 'login': if (isset($_POST['user'])&&isset($_POST['password'])) echo login($_POST['user'], $_POST['password']); break; case 'logout': logout(); break; // Settings case 'setLogin': if (isset($_POST['username'])&&isset($_POST['password'])) if (!isset($_POST['oldPassword'])) $_POST['oldPassword'] = ''; echo setLogin($_POST['oldPassword'], $_POST['username'], $_POST['password']); break; case 'setSorting': if (isset($_POST['type'])&&isset($_POST['order'])) echo setSorting($_POST['type'], $_POST['order']); break; // Miscellaneous case 'update': echo update(); default: if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID'])) // Album Download getAlbumArchive($_GET['albumID']); else if (isset($_GET['function'])&&$_GET['function']=='getPhotoArchive'&&isset($_GET['photoID'])) // Photo Download getPhotoArchive($_GET['photoID']); else if (isset($_GET['function'])&&$_GET['function']=='update') // Update Lychee echo update(); else // Function unknown exit('Error: Function not found! Please check the spelling of the called function.'); break; } } else { /** * Public Mode * Access to view all public folders and photos in Lychee. */ switch ($_POST['function']) { // Album Functions case 'getAlbums': echo json_encode(getAlbums(true)); break; case 'getAlbum': if (isset($_POST['albumID'])&&isset($_POST['password'])) { if (isAlbumPublic($_POST['albumID'])) { // Album Public if (checkAlbumPassword($_POST['albumID'], $_POST['password'])) echo json_encode(getAlbum($_POST['albumID'])); else echo 'Warning: Wrong password!'; } else { // Album Private echo 'Warning: Album private!'; } } break; case 'checkAlbumAccess':if (isset($_POST['albumID'])&&isset($_POST['password'])) { if (isAlbumPublic($_POST['albumID'])) { // Album Public if (checkAlbumPassword($_POST['albumID'], $_POST['password'])) echo true; else echo false; } else { // Album Private echo false; } } break; // Photo Functions case 'getPhoto': if (isset($_POST['photoID'])&&isset($_POST['albumID'])&&isset($_POST['password'])) { if (isPhotoPublic($_POST['photoID'], $_POST['password'])) echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID'])); else echo 'Warning: Wrong password!'; } break; // Session Functions case 'init': echo json_encode(init('public')); break; case 'login': if (isset($_POST['user'])&&isset($_POST['password'])) echo login($_POST['user'], $_POST['password']); break; // Miscellaneous default: if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID'])&&isset($_GET['password'])) { // Album Download if (isAlbumPublic($_GET['albumID'])) { // Album Public if (checkAlbumPassword($_GET['albumID'], $_GET['password'])) getAlbumArchive($_GET['albumID']); else exit('Warning: Wrong password!'); } else { // Album Private exit('Warning: Album private or not downloadable!'); } } else if (isset($_GET['function'])&&$_GET['function']=='getPhotoArchive'&&isset($_GET['photoID'])&&isset($_GET['password'])) { // Photo Download if (isPhotoPublic($_GET['photoID'], $_GET['password'])) // Photo Public getPhotoArchive($_GET['photoID']); else // Photo Private exit('Warning: Photo private or not downloadable!'); } else { // Function unknown exit('Error: Function not found! Please check the spelling of the called function.'); } break; } } } else { exit('Error: No permission!'); } ?>