lychee/php/api.php
Tobias Reich 34413640e4 V1.3
New:
- Protect public albums with passwords
- Export to Dropbox
- Sharing-Link is displayed directly inside the sharing-dropdown
- Delete photos with cmd+backspace

Improved:
- Massive speed improvements
- Changing the title, starring, description, etc. is now instant
- Longer filenames for pictures (more security)

ShortLinks are removed for more independency and privacy.
There are a lot of changes under the hood, including a lot of bug fixes and improvements. Please report every bug you find!

How to update:
1. Replace all files, excluding `uploads/` and `php/config.php`
2. Open `php/update.php` in your browser
2013-09-03 11:59:30 +02:00

115 lines
5.0 KiB
PHP
Executable File

<?php
/**
* @name api.php
* @author Philipp Maurer
* @author Tobias Reich
* @copyright 2013 by Philipp Maurer, Tobias Reich
*/
if (floatval(phpversion())<5.2) die('Please upgrade to PHP 5.2 or higher!');
if (!empty($_POST['function'])||!empty($_GET['function'])) {
session_start();
define('LYCHEE', true);
require('config.php');
require('functions.php');
// Security
if (isset($_POST['albumID'])&&($_POST['albumID']==''||$_POST['albumID']<0)) exit('Wrong parameter type for albumID!');
if (isset($_POST['photoID'])&&$_POST['photoID']=='') exit('Wrong parameter type for photoID!');
//Connect to DB
$database = dbConnect();
if (isset($_SESSION['login'])&&$_SESSION['login']==true) {
/**
* Admin Mode
* Full access to Lychee. Only with correct password.
*/
// Album Functions
if ($_POST['function']=='getAlbums') echo json_encode(getAlbums(false));
if ($_POST['function']=='getSmartInfo') echo json_encode(getSmartInfo());
if ($_POST['function']=='getAlbum'&&isset($_POST['albumID'])) echo json_encode(getAlbum($_POST['albumID']));
if ($_POST['function']=='addAlbum'&&isset($_POST['title'])) echo addAlbum($_POST['title']);
if ($_POST['function']=='setAlbumTitle'&&isset($_POST['albumID'])&&isset($_POST['title'])) echo setAlbumTitle($_POST['albumID'], $_POST['title']);
if ($_POST['function']=='setAlbumPublic'&&isset($_POST['albumID'])) echo setAlbumPublic($_POST['albumID']);
if ($_POST['function']=='setAlbumPassword'&&isset($_POST['albumID'])&&isset($_POST['password'])) echo setAlbumPassword($_POST['albumID'], $_POST['password']);
if ($_POST['function']=='deleteAlbum'&&isset($_POST['albumID'])&&isset($_POST['delAll'])) echo deleteAlbum($_POST['albumID'], $_POST['delAll']);
if (isset($_GET['function'])&&$_GET['function']=='getAlbumArchive'&&isset($_GET['albumID'])) getAlbumArchive($_GET['albumID']);
// Photo Functions
if ($_POST['function']=='getPhoto'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
if ($_POST['function']=='deletePhoto'&&isset($_POST['photoID'])) echo deletePhoto($_POST['photoID']);
if ($_POST['function']=='setAlbum'&&isset($_POST['photoID'])&&isset($_POST['albumID'])) echo setAlbum($_POST['photoID'], $_POST['albumID']);
if ($_POST['function']=='setPhotoTitle'&&isset($_POST['photoID'])&&isset($_POST['title'])) echo setPhotoTitle($_POST['photoID'], $_POST['title']);
if ($_POST['function']=='setPhotoStar'&&isset($_POST['photoID'])) echo setPhotoStar($_POST['photoID']);
if ($_POST['function']=='setPhotoPublic'&&isset($_POST['photoID'])&&isset($_POST['url'])) echo setPhotoPublic($_POST['photoID'], $_POST['url']);
if ($_POST['function']=='setPhotoDescription'&&isset($_POST['photoID'])&&isset($_POST['description'])) echo setPhotoDescription($_POST['photoID'], $_POST['description']);
// Add Function
if ($_POST['function']=='upload'&&isset($_FILES)&&isset($_POST['albumID'])) echo upload($_FILES, $_POST['albumID']);
if ($_POST['function']=='importUrl'&&isset($_POST['url'])&&isset($_POST['albumID'])) echo importUrl($_POST['url'], $_POST['albumID']);
// Search Function
if ($_POST['function']=='search'&&isset($_POST['term'])) echo json_encode(search($_POST['term']));
// Session Functions
if ($_POST['function']=='init') echo json_encode(init('admin'));
if ($_POST['function']=='login') echo login($_POST['user'], $_POST['password']);
if ($_POST['function']=='logout') logout();
} else {
/**
* Public Mode
* Access to view all public folders and photos in Lychee.
*/
// Album Functions
if ($_POST['function']=='getAlbums') echo json_encode(getAlbums(true));
if ($_POST['function']=='getAlbum'&&isset($_POST['albumID'])&&isset($_POST['password'])) {
if (isAlbumPublic($_POST['albumID'])) {
// Album Public
if (checkAlbumPassword($_POST['albumID'], $_POST['password'])) echo json_encode(getAlbum($_POST['albumID']));
else echo json_encode('HTTP/1.1 403 Wrong password!');
} else {
// Album Private
echo json_encode('HTTP/1.1 403 Album private!');
}
}
if ($_POST['function']=='checkAlbumAccess'&&isset($_POST['albumID'])&&isset($_POST['password'])) {
if (isAlbumPublic($_POST['albumID'])) {
// Album Public
if (checkAlbumPassword($_POST['albumID'], $_POST['password'])) echo true;
else echo false;
} else {
// Album Private
echo false;
}
}
// Photo Functions
if ($_POST['function']=='getPhoto'&&isset($_POST['photoID'])&&isset($_POST['albumID'])&&isset($_POST['password'])) {
if (isPhotoPublic($_POST['photoID'], $_POST['password'])) echo json_encode(getPhoto($_POST['photoID'], $_POST['albumID']));
else echo json_encode('HTTP/1.1 403 Wrong password!');
}
// Session Functions
if ($_POST['function']=='init') echo json_encode(init('public'));
if ($_POST['function']=='login') echo login($_POST['user'], $_POST['password']);
}
} else {
header('HTTP/1.1 401 Unauthorized');
die('Error: No permission!');
}
?>