arno/lychee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9b5328d888
lychee/php/Modules/Album.php
Nils Asmussen 9b5328d888 Don't validate merge request on server. 
Since we don't show the user invalid merge requests to send to the
server, the user would have to handcraft such requests. Only admins can
merge albums, which we trust anyway. So, let's remove this check.
2016-08-03 22:58:17 +02:00

720 lines
20 KiB
PHP
Raw Blame History

<?php
namespace Lychee\Modules;
use ZipArchive;
final class Album {
private $albumIDs = null;
/**
* @return boolean Returns true when successful.
*/
public function __construct($albumIDs) {
// Init vars
$this->albumIDs = $albumIDs;
return true;
}
/**
* @return string|false ID of the created album.
*/
public function add($title = 'Untitled', $parent = 0) {
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Properties
$id = generateID();
$sysstamp = time();
$public = 0;
$visible = 1;
// Database
$query = Database::prepare(Database::get(), "INSERT INTO ? (id, title, sysstamp, public, visible, parent) VALUES ('?', '?', '?', '?', '?', '?')", array(LYCHEE_TABLE_ALBUMS, $id, $title, $sysstamp, $public, $visible, $parent));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($result===false) return false;
return $id;
}
/**
* Rurns album-attributes into a front-end friendly format. Note that some attributes remain unchanged.
* @return array Returns album-attributes in a normalized structure.
*/
public static function prepareData(array $data) {
// This function requires the following album-attributes and turns them
// into a front-end friendly format: id, title, public, sysstamp, password
// Note that some attributes remain unchanged
// Init
$album = null;
// Set unchanged attributes
$album['id'] = $data['id'];
$album['title'] = $data['title'];
$album['public'] = $data['public'];
// Additional attributes
// Only part of $album when available
if (isset($data['description'])) $album['description'] = $data['description'];
if (isset($data['visible'])) $album['visible'] = $data['visible'];
if (isset($data['downloadable'])) $album['downloadable'] = $data['downloadable'];
// Parse date
$album['sysdate'] = strftime('%B %Y', $data['sysstamp']);
// Parse password
$album['password'] = ($data['password']=='' ? '0' : '1');
// Parse thumbs or set default value
$album['thumbs'] = (isset($data['thumbs']) ? explode(',', $data['thumbs']) : array());
$album['parent'] = $data['parent'];
return $album;
}
/**
* @return array|false Returns an array of photos and album information or false on failure.
*/
public function get() {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Get album information
switch ($this->albumIDs) {
case 'f':
$return['public'] = '0';
$query = Database::prepare(Database::get(), "SELECT id, title, tags, public, star, album, thumbUrl, takestamp, url, medium FROM ? WHERE star = 1 " . Settings::get()['sortingPhotos'], array(LYCHEE_TABLE_PHOTOS));
break;
case 's':
$return['public'] = '0';
$query = Database::prepare(Database::get(), "SELECT id, title, tags, public, star, album, thumbUrl, takestamp, url, medium FROM ? WHERE public = 1 " . Settings::get()['sortingPhotos'], array(LYCHEE_TABLE_PHOTOS));
break;
case 'r':
$return['public'] = '0';
$query = Database::prepare(Database::get(), "SELECT id, title, tags, public, star, album, thumbUrl, takestamp, url, medium FROM ? WHERE LEFT(id, 10) >= unix_timestamp(DATE_SUB(NOW(), INTERVAL 1 DAY)) " . Settings::get()['sortingPhotos'], array(LYCHEE_TABLE_PHOTOS));
break;
case '0':
$return['public'] = '0';
$query = Database::prepare(Database::get(), "SELECT id, title, tags, public, star, album, thumbUrl, takestamp, url, medium FROM ? WHERE album = 0 " . Settings::get()['sortingPhotos'], array(LYCHEE_TABLE_PHOTOS));
break;
default:
$query = Database::prepare(Database::get(), "SELECT * FROM ? WHERE id = '?' LIMIT 1", array(LYCHEE_TABLE_ALBUMS, $this->albumIDs));
$albums = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
$return = $albums->fetch_assoc();
$return = Album::prepareData($return);
$query = Database::prepare(Database::get(), "SELECT id, title, tags, public, star, album, thumbUrl, takestamp, url, medium FROM ? WHERE album = '?' " . Settings::get()['sortingPhotos'], array(LYCHEE_TABLE_PHOTOS, $this->albumIDs));
break;
}
// Get photos
$photos = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
$previousPhotoID = '';
if ($photos===false) return false;
while ($photo = $photos->fetch_assoc()) {
// Turn data from the database into a front-end friendly format
$photo = Photo::prepareData($photo);
// Set previous and next photoID for navigation purposes
$photo['previousPhoto'] = $previousPhotoID;
$photo['nextPhoto'] = '';
// Set current photoID as nextPhoto of previous photo
if ($previousPhotoID!=='') $return['content'][$previousPhotoID]['nextPhoto'] = $photo['id'];
$previousPhotoID = $photo['id'];
// Add to return
$return['content'][$photo['id']] = $photo;
}
if ($photos->num_rows===0) {
// Album empty
$return['content'] = false;
} else {
// Enable next and previous for the first and last photo
$lastElement = end($return['content']);
$lastElementId = $lastElement['id'];
$firstElement = reset($return['content']);
$firstElementId = $firstElement['id'];
if ($lastElementId!==$firstElementId) {
$return['content'][$lastElementId]['nextPhoto'] = $firstElementId;
$return['content'][$firstElementId]['previousPhoto'] = $lastElementId;
}
}
$return['id'] = $this->albumIDs;
$return['num'] = $photos->num_rows;
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
return $return;
}
/**
* Starts a download of an album.
* @return resource|boolean Sends a ZIP-file or returns false on failure.
*/
public function getArchive() {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Photos query
switch($this->albumIDs) {
case 's':
$photos = Database::prepare(Database::get(), 'SELECT title, url FROM ? WHERE public = 1', array(LYCHEE_TABLE_PHOTOS));
$zipTitle = 'Public';
break;
case 'f':
$photos = Database::prepare(Database::get(), 'SELECT title, url FROM ? WHERE star = 1', array(LYCHEE_TABLE_PHOTOS));
$zipTitle = 'Starred';
break;
case 'r':
$photos = Database::prepare(Database::get(), 'SELECT title, url FROM ? WHERE LEFT(id, 10) >= unix_timestamp(DATE_SUB(NOW(), INTERVAL 1 DAY)) GROUP BY checksum', array(LYCHEE_TABLE_PHOTOS));
$zipTitle = 'Recent';
break;
default:
$zipTitle = 'Unsorted';
// Get title from database when album is not a SmartAlbum
if ($this->albumIDs!=0 && is_numeric($this->albumIDs)) {
$query = Database::prepare(Database::get(), "SELECT title FROM ? WHERE id = '?' LIMIT 1", array(LYCHEE_TABLE_ALBUMS, $this->albumIDs));
$album = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($album===false) return false;
// Get album object
$album = $album->fetch_object();
// Album not found?
if ($album===null) {
Log::error(Database::get(), __METHOD__, __LINE__, 'Could not find specified album');
return false;
}
// Set title
$zipTitle = $album->title;
}
break;
}
// Escape title
$zipTitle = $this->cleanZipName($zipTitle);
$filename = LYCHEE_DATA . $zipTitle . '.zip';
// Create zip
$zip = new ZipArchive();
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
Log::error(Database::get(), __METHOD__, __LINE__, 'Could not create ZipArchive');
return false;
}
// Add photos to zip
switch($this->albumIDs) {
case 's':
case 'f':
case 'r':
$this->addPhotosToZip($zip, $zipTitle, $photos);
break;
default:
$this->addAlbumToZip($zip, $zipTitle, $this->albumIDs);
break;
}
// Finish zip
$zip->close();
// Send zip
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=\"$zipTitle.zip\"");
header("Content-Length: " . filesize($filename));
readfile($filename);
// Delete zip
unlink($filename);
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
return true;
}
private function cleanZipName($name) {
// Illicit chars
$badChars = array_merge(
array_map('chr', range(0,31)),
array("<", ">", ":", '"', "/", "\\", "|", "?", "*")
);
return str_replace($badChars, '', $name);
}
private function addAlbumToZip($zip, $path, $albumID) {
// Fetch album title
$photos = Database::prepare(Database::get(), "SELECT title, url FROM ? WHERE album = '?'", array(LYCHEE_TABLE_PHOTOS, $albumID));
$this->addPhotosToZip($zip, $path, $photos);
// Fetch subalbums
$query = Database::prepare(Database::get(), "SELECT id, title FROM ? WHERE parent = '?'", array(LYCHEE_TABLE_ALBUMS, $albumID));
$albums = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
// Add them recursively
while($album = $albums->fetch_assoc()) {
$this->addAlbumToZip($zip, $path . '/' . $this->cleanZipName($album['title']), $album['id']);
}
}
private function addPhotosToZip($zip, $path, $query) {
// Execute query
$photos = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
// Parse each path
$files = array();
while ($photo = $photos->fetch_object()) {
// Parse url
$photo->url = LYCHEE_UPLOADS_BIG . $photo->url;
// Parse title
$photo->title = $this->cleanZipName($photo->title);
if (!isset($photo->title)||$photo->title==='') $photo->title = 'Untitled';
// Check if readable
if (!@is_readable($photo->url)) continue;
// Get extension of image
$extension = getExtension($photo->url, false);
// Set title for photo
$zipFileName = $path . '/' . $photo->title . $extension;
// Check for duplicates
if (!empty($files)) {
$i = 1;
while (in_array($zipFileName, $files)) {
// Set new title for photo
$zipFileName = $path . '/' . $photo->title . '-' . $i . $extension;
$i++;
}
}
// Add to array
$files[] = $zipFileName;
// Add photo to zip
$zip->addFile($photo->url, $zipFileName);
}
}
/**
* @return boolean Returns true when successful.
*/
public function setTitle($title = 'Untitled') {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Execute query
$query = Database::prepare(Database::get(), "UPDATE ? SET title = '?' WHERE id IN (?)", array(LYCHEE_TABLE_ALBUMS, $title, $this->albumIDs));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($result===false) return false;
return true;
}
/**
* @return boolean Returns true when successful.
*/
public function setDescription($description = '') {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Execute query
$query = Database::prepare(Database::get(), "UPDATE ? SET description = '?' WHERE id IN (?)", array(LYCHEE_TABLE_ALBUMS, $description, $this->albumIDs));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($result===false) return false;
return true;
}
/**
* @return boolean Returns true when the album is public.
*/
public function getPublic() {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
if ($this->albumIDs==='0'||$this->albumIDs==='s'||$this->albumIDs==='f') return false;
// Execute query
$query = Database::prepare(Database::get(), "SELECT public FROM ? WHERE id = '?' LIMIT 1", array(LYCHEE_TABLE_ALBUMS, $this->albumIDs));
$albums = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($albums===false) return false;
// Get album object
$album = $albums->fetch_object();
// Album not found?
if ($album===null) {
Log::error(Database::get(), __METHOD__, __LINE__, 'Could not find specified album');
return false;
}
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($album->public==1) return true;
return false;
}
/**
* @return boolean Returns true when the album is downloadable.
*/
public function getDownloadable() {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
if ($this->albumIDs==='0'||$this->albumIDs==='s'||$this->albumIDs==='f'||$this->albumIDs==='r') return false;
// Execute query
$query = Database::prepare(Database::get(), "SELECT downloadable FROM ? WHERE id = '?' LIMIT 1", array(LYCHEE_TABLE_ALBUMS, $this->albumIDs));
$albums = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($albums===false) return false;
// Get album object
$album = $albums->fetch_object();
// Album not found?
if ($album===null) {
Log::error(Database::get(), __METHOD__, __LINE__, 'Could not find specified album');
return false;
}
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($album->downloadable==1) return true;
return false;
}
private function getSubAlbums($albumID) {
$query = Database::prepare(Database::get(), "SELECT id FROM ? WHERE parent = '?'", array(LYCHEE_TABLE_ALBUMS, $albumID));
$albums = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
$ids = array();
while($album = $albums->fetch_assoc()) {
$ids = array_merge($ids, array($album['id']), $this->getSubAlbums($album['id']));
}
return $ids;
}
private function addSubAlbumIDs($ids) {
$res = array();
foreach(explode(',', $ids) as $id)
$res = array_merge($res, array($id), $this->getSubAlbums($id));
return implode(',', $res);
}
/**
* @return boolean Returns true when successful.
*/
public function setPublic($public, $password, $visible, $downloadable) {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Convert values
$public = ($public==='1' ? 1 : 0);
$visible = ($visible==='1' ? 1 : 0);
$downloadable = ($downloadable==='1' ? 1 : 0);
// Get all album ids, including subalbums
$ids = $this->addSubAlbumIDs($this->albumIDs);
// Set public
$query = Database::prepare(Database::get(), "UPDATE ? SET public = '?', visible = '?', downloadable = '?', password = NULL WHERE id IN (?)", array(LYCHEE_TABLE_ALBUMS, $public, $visible, $downloadable, $ids));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($result===false) return false;
// Reset permissions for photos
if ($public===1) {
$query = Database::prepare(Database::get(), "UPDATE ? SET public = 0 WHERE album IN (?)", array(LYCHEE_TABLE_PHOTOS, $ids));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($result===false) return false;
}
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
// Set password
if (isset($password)&&strlen($password)>0) return $this->setPassword($password);
return true;
}
/**
* @return boolean Returns true when successful.
*/
private function setPassword($password) {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
if (strlen($password)>0) {
// Get hashed password
$password = getHashedString($password);
// Set hashed password
// Do not prepare $password because it is hashed and save
// Preparing (escaping) the password would destroy the hash
$query = Database::prepare(Database::get(), "UPDATE ? SET password = '$password' WHERE id IN (?)", array(LYCHEE_TABLE_ALBUMS, $this->albumIDs));
} else {
// Unset password
$query = Database::prepare(Database::get(), "UPDATE ? SET password = NULL WHERE id IN (?)", array(LYCHEE_TABLE_ALBUMS, $this->albumIDs));
}
// Execute query
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($result===false) return false;
return true;
}
/**
* @return boolean Returns when album is public.
*/
public function checkPassword($password) {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Execute query
$query = Database::prepare(Database::get(), "SELECT password FROM ? WHERE id = '?' LIMIT 1", array(LYCHEE_TABLE_ALBUMS, $this->albumIDs));
$albums = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($albums===false) return false;
// Get album object
$album = $albums->fetch_object();
// Album not found?
if ($album===null) {
Log::error(Database::get(), __METHOD__, __LINE__, 'Could not find specified album');
return false;
}
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
// Check if password is correct
if ($album->password=='') return true;
if ($album->password===crypt($password, $album->password)) return true;
return false;
}
/**
* @return boolean Returns true when successful.
*/
public function merge() {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Convert to array
$albumIDs = explode(',', $this->albumIDs);
// Get first albumID
$albumID = array_splice($albumIDs, 0, 1);
$albumID = $albumID[0];
// Move photos
$query = Database::prepare(Database::get(), "UPDATE ? SET album = ? WHERE album IN (?)", array(LYCHEE_TABLE_PHOTOS, $albumID, $this->albumIDs));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($result===false) return false;
// $albumIDs contains all IDs without the first albumID
// Convert to string
$filteredIDs = implode(',', $albumIDs);
// Move subalbums
$query = Database::prepare(Database::get(), "UPDATE ? SET parent = ? WHERE parent IN (?)", array(LYCHEE_TABLE_ALBUMS, $albumID, $filteredIDs));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($result===false) return false;
// Delete other albums
$query = Database::prepare(Database::get(), "DELETE FROM ? WHERE id IN (?)", array(LYCHEE_TABLE_ALBUMS, $filteredIDs));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($result===false) return false;
return true;
}
/**
* @return boolean Returns true when successful.
*/
public function delete() {
// Check dependencies
Validator::required(isset($this->albumIDs), __METHOD__);
// Call plugins
Plugins::get()->activate(__METHOD__, 0, func_get_args());
// Get all album ids, including subalbums
$ids = $this->addSubAlbumIDs($this->albumIDs);
// Init vars
$photoIDs = array();
// Execute query
$query = Database::prepare(Database::get(), "SELECT id FROM ? WHERE album IN (?)", array(LYCHEE_TABLE_PHOTOS, $ids));
$photos = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
if ($photos===false) return false;
// Only delete photos when albums contain photos
if ($photos->num_rows>0) {
// Add each id to photoIDs
while ($row = $photos->fetch_object()) $photoIDs[] = $row->id;
// Convert photoIDs to a string
$photoIDs = implode(',', $photoIDs);
// Delete all photos
$photo = new Photo($photoIDs);
if ($photo->delete()!==true) return false;
}
// Delete albums
$query = Database::prepare(Database::get(), "DELETE FROM ? WHERE id IN (?)", array(LYCHEE_TABLE_ALBUMS, $ids));
$result = Database::execute(Database::get(), $query, __METHOD__, __LINE__);
// Call plugins
Plugins::get()->activate(__METHOD__, 1, func_get_args());
if ($result===false) return false;
return true;
}
}
?>
Reference in New Issue View Git Blame Copy Permalink