<?php

/**
 * @name        API
 * @author      Philipp Maurer
 * @author      Tobias Reich
 * @copyright   2014 by Philipp Maurer, Tobias Reich
 */

@ini_set('max_execution_time', '200');
@ini_set('post_max_size', '200M');
@ini_set('upload_max_size', '200M');
@ini_set('upload_max_filesize', '20M');
@ini_set('max_file_uploads', '100');

if (!empty($_POST['function'])||!empty($_GET['function'])) {

	session_start();
	define('LYCHEE', true);

	require('modules/db.php');
	require('modules/session.php');
	require('modules/settings.php');
	require('modules/upload.php');
	require('modules/album.php');
	require('modules/photo.php');
	require('modules/tags.php');
	require('modules/misc.php');

	if (file_exists('config.php')) require('config.php');
	else {

		/**
		 * Installation Mode
		 * Limited access to configure Lychee. Only available when the config.php file is missing.
		 */

		switch ($_POST['function']) {

			case 'createConfig':	if (isset($_POST['dbHost'])&&isset($_POST['dbUser'])&&isset($_POST['dbPassword'])&&isset($_POST['dbName']))
										echo createConfig($_POST['dbHost'], $_POST['dbUser'], $_POST['dbPassword'], $_POST['dbName']);
									break;

			default:				echo 'Warning: No configuration!';
									break;

		}

		exit();

	}

	// Connect to DB
	$database = dbConnect();

	// Get Settings
	$settings = getSettings();
	
	// Escape
	foreach(array_keys($_POST) as $key) $_POST[$key] = mysqli_real_escape_string($database, urldecode($_POST[$key]));
	foreach(array_keys($_GET) as $key) $_GET[$key] = mysqli_real_escape_string($database, urldecode($_GET[$key]));

	// Validate parameters
	if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1) exit('Error: Wrong parameter type for albumIDs!');
	if (isset($_POST['photoIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['photoIDs'])!==1) exit('Error: Wrong parameter type for photoIDs!');
	if (isset($_POST['albumID'])&&preg_match('/^[0-9sf]{1,}$/', $_POST['albumID'])!==1) exit('Error: Wrong parameter type for albumID!');
	if (isset($_POST['photoID'])&&preg_match('/^[0-9]{14}$/', $_POST['photoID'])!==1) exit('Error: Wrong parameter type for photoID!');	

	if (isset($_SESSION['login'])&&$_SESSION['login']==true) {

		/**
		 * Admin Mode
		 * Full access to Lychee. Only with correct password/session.
		 */

		switch ($_POST['function']) {

			// Album Functions

			case 'getAlbums':		echo json_encode(getAlbums(false));
									break;

			case 'getAlbum':		if (isset($_POST['albumID']))
										echo json_encode(getAlbum($_POST['albumID']));
									break;

			case 'addAlbum':		if (isset($_POST['title']))
										echo addAlbum($_POST['title']);
									break;

			case 'setAlbumTitle':	if (isset($_POST['albumIDs'])&&isset($_POST['title']))
										echo setAlbumTitle($_POST['albumIDs'], $_POST['title']);
									break;

			case 'setAlbumDescription':	if (isset($_POST['albumID'])&&isset($_POST['description']))
											echo setAlbumDescription($_POST['albumID'], $_POST['description']);
										break;

			case 'setAlbumPublic': 	if (isset($_POST['albumID']))
										if (!isset($_POST['password'])) $_POST['password'] = '';
										echo setAlbumPublic($_POST['albumID'], $_POST['password']);
									break;

			case 'setAlbumPassword':if (isset($_POST['albumID'])&&isset($_POST['password']))
										echo setAlbumPassword($_POST['albumID'], $_POST['password']);
									break;

			case 'deleteAlbum':		if (isset($_POST['albumIDs']))
										echo deleteAlbum($_POST['albumIDs']);
									break;

			// Photo Functions

			case 'getPhoto':		if (isset($_POST['photoID'])&&isset($_POST['albumID']))
										echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
									break;

			case 'deletePhoto':		if (isset($_POST['photoIDs']))
										echo deletePhoto($_POST['photoIDs']);
									break;

			case 'setAlbum':		if (isset($_POST['photoIDs'])&&isset($_POST['albumID']))
										echo setAlbum($_POST['photoIDs'], $_POST['albumID']);
									break;

			case 'setPhotoTitle':	if (isset($_POST['photoIDs'])&&isset($_POST['title']))
										echo setPhotoTitle($_POST['photoIDs'], $_POST['title']);
									break;

			case 'setPhotoStar':	if (isset($_POST['photoIDs']))
										echo setPhotoStar($_POST['photoIDs']);
									break;

			case 'setPhotoPublic':	if (isset($_POST['photoID'])&&isset($_POST['url']))
										echo setPhotoPublic($_POST['photoID'], $_POST['url']);
									break;

			case 'setPhotoDescription':	if (isset($_POST['photoID'])&&isset($_POST['description']))
											echo setPhotoDescription($_POST['photoID'], $_POST['description']);
										break;

			// Add Functions

			case 'upload':			if (isset($_FILES)&&isset($_POST['albumID']))
										echo upload($_FILES, $_POST['albumID']);
									break;

			case 'importUrl':		if (isset($_POST['url'])&&isset($_POST['albumID']))
										echo importUrl($_POST['url'], $_POST['albumID']);
									break;

			case 'importServer':	if (isset($_POST['albumID']))
										echo importServer($_POST['albumID']);
									break;

			// Search Function

			case 'search':			if (isset($_POST['term']))
										echo json_encode(search($_POST['term']));
									break;
									
			// Tag Functions
			
			case 'getTags':			if (isset($_POST['photoID']))
										echo json_encode(getTags($_POST['photoID']));
									break;
			
			case 'setTags':			if (isset($_POST['photoIDs'])&&isset($_POST['tags']))
										echo setTags($_POST['photoIDs'], $_POST['tags']);
									break;

			// Session Function

			case 'init':			echo json_encode(init('admin'));
									break;

			case 'login':			if (isset($_POST['user'])&&isset($_POST['password']))
										echo login($_POST['user'], $_POST['password']);
									break;

			case 'logout':			logout();
									break;

			// Settings

			case 'setLogin':		if (isset($_POST['username'])&&isset($_POST['password']))
										if (!isset($_POST['oldPassword'])) $_POST['oldPassword'] = '';
										echo setLogin($_POST['oldPassword'], $_POST['username'], $_POST['password']);
									break;

			case 'setSorting':		if (isset($_POST['type'])&&isset($_POST['order']))
										echo setSorting($_POST['type'], $_POST['order']);
									break;

			// Miscellaneous

			case 'update':			echo update();

			default:				if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID']))

										// Album Download
										getAlbumArchive($_GET['albumID']);

									else if (isset($_GET['function'])&&$_GET['function']=='getPhotoArchive'&&isset($_GET['photoID']))

										// Photo Download
										getPhotoArchive($_GET['photoID']);

									else if (isset($_GET['function'])&&$_GET['function']=='update')

										// Update Lychee
										echo update();

									else

										// Function unknown
										exit('Error: Function not found! Please check the spelling of the called function.');

									break;

		}

	} else {

		/**
		 * Public Mode
		 * Access to view all public folders and photos in Lychee.
		 */

		switch ($_POST['function']) {

			// Album Functions

			case 'getAlbums':		echo json_encode(getAlbums(true));
									break;

			case 'getAlbum':		if (isset($_POST['albumID'])&&isset($_POST['password'])) {
										if (isAlbumPublic($_POST['albumID'])) {
											// Album Public
											if (checkAlbumPassword($_POST['albumID'], $_POST['password']))
												echo json_encode(getAlbum($_POST['albumID']));
											else
												echo 'Warning: Wrong password!';
										} else {
											// Album Private
											echo 'Warning: Album private!';
										}
									}
									break;

			case 'checkAlbumAccess':if (isset($_POST['albumID'])&&isset($_POST['password'])) {
										if (isAlbumPublic($_POST['albumID'])) {
											// Album Public
											if (checkAlbumPassword($_POST['albumID'], $_POST['password']))
												echo true;
											else
												echo false;
										} else {
											// Album Private
											echo false;
										}
									}
									break;

			// Photo Functions

			case 'getPhoto':		if (isset($_POST['photoID'])&&isset($_POST['albumID'])&&isset($_POST['password'])) {
										if (isPhotoPublic($_POST['photoID'], $_POST['password']))
											echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
										else
											echo 'Warning: Wrong password!';
									}
									break;

			// Session Functions

			case 'init':			echo json_encode(init('public'));
									break;

			case 'login':			if (isset($_POST['user'])&&isset($_POST['password']))
										echo login($_POST['user'], $_POST['password']);
									break;

			// Miscellaneous

			default:				if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID'])&&isset($_GET['password'])) {

										// Album Download
										if (isAlbumPublic($_GET['albumID'])) {
											// Album Public
											if (checkAlbumPassword($_GET['albumID'], $_GET['password']))
												getAlbumArchive($_GET['albumID']);
											else
												exit('Warning: Wrong password!');
										} else {
											// Album Private
											exit('Warning: Album private or not downloadable!');
										}

									} else if (isset($_GET['function'])&&$_GET['function']=='getPhotoArchive'&&isset($_GET['photoID'])&&isset($_GET['password'])) {

										// Photo Download
										if (isPhotoPublic($_GET['photoID'], $_GET['password']))
											// Photo Public
											getPhotoArchive($_GET['photoID']);
										else
											// Photo Private
											exit('Warning: Photo private or not downloadable!');

									} else {

										// Function unknown
										exit('Error: Function not found! Please check the spelling of the called function.');

									}
									break;

		}

	}

} else {

	exit('Error: No permission!');

}

?>