Updated after crash

PhotoStation API/PhotoStation.json

@@ -0,0 +1,140 @@
+{
+    "SYNO.PhotoStation.Auth": {
+        "path": "auth.php",
+        "methods": {
+            "1": ["login", "logout", "checkauth"]
+        }
+    },
+    "SYNO.PhotoStation.Info": {
+        "path": "info.php",
+        "methods": {
+            "1": ["getinfo"]
+        }
+    },
+    "SYNO.PhotoStation.Album": {
+        "path": "album.php",
+        "methods": {
+            "1": ["list", "getinfo", "create", "edit", "delete", "arrangeitem", "move", "cleararrangeitem", "cancel"]
+        }
+    },
+    "SYNO.PhotoStation.Permission": {
+        "path": "permission.php",
+        "methods": {
+            "1": ["getalbum", "editalbum", "editgroup", "list_public_share", "edit_public_share"]
+        }
+    },
+    "SYNO.PhotoStation.Photo": {
+        "path": "photo.php",
+        "methods": {
+            "1": ["list", "listexif", "listfeatureditem", "listgpsgroup", "listgpsgroupeditem", "getinfo", "getexif", "edit", "delete", "copy", "cancel"]
+        }
+    },
+    "SYNO.PhotoStation.Thumb": {
+        "path": "thumb.php",
+        "methods": {
+            "1": ["get", "get_dsm_thumb"]
+        }
+    },
+    "SYNO.PhotoStation.Cover": {
+        "path": "cover.php",
+        "methods": {
+            "1": ["set"]
+        }
+    },
+    "SYNO.PhotoStation.SmartAlbum": {
+        "path": "smart_album.php",
+        "methods": {
+            "1": ["list", "getinfo", "create", "edit", "delete"]
+        }
+    },
+    "SYNO.PhotoStation.File": {
+        "path": "file.php",
+        "methods": {
+            "1": ["uploadphoto", "uploadvideo"]
+        }
+    },
+    "SYNO.PhotoStation.Download": {
+        "path": "download.php",
+        "methods": {
+            "1": ["getphoto", "getvideo", "getitem"]
+        }
+    },
+    "SYNO.PhotoStation.ory": {
+        "path": "ory.php",
+        "methods": {
+            "1": ["list", "getinfo", "create", "edit", "delete", "arrangeory", "listitem", "additem", "removeitem", "arrangeitem"]
+        }
+    },
+    "SYNO.PhotoStation.About": {
+        "path": "about.php",
+        "methods": {
+            "1": ["get", "set", "set_visibility"]
+        }
+    },
+    "SYNO.PhotoStation.Tag": {
+        "path": "tag.php",
+        "methods": {
+            "1": ["list", "getinfo", "create", "edit", "delete", "searchplace", "delete_unconfirmed_tag"]
+        }
+    },
+    "SYNO.PhotoStation.PhotoTag": {
+        "path": "photo_tag.php",
+        "methods": {
+            "1": ["list", "people_tag", "geo_tag", "desc_tag", "delete", "people_tag_confirm"]
+        }
+    },
+    "SYNO.PhotoStation.Comment": {
+        "path": "comment.php",
+        "methods": {
+            "1": ["list", "create", "delete"]
+        }
+    },
+    "SYNO.PhotoStation.Timeline": {
+        "path": "timeline.php",
+        "methods": {
+            "1": ["getindex"]
+        }
+    },
+    "SYNO.PhotoStation.Group": {
+        "path": "group.php",
+        "methods": {
+            "1": ["list", "get", "get_dsm_group", "getmember", "create", "edit", "editmember", "delete"]
+        }
+    },
+    "SYNO.PhotoStation.Rotate": {
+        "path": "rotate.php",
+        "methods": {
+            "1": ["set"]
+        }
+    },
+    "SYNO.PhotoStation.SlideshowMusic": {
+        "path": "slideshow_music.php",
+        "methods": {
+            "1": ["list", "get", "add", "edit", "delete"]
+        }
+    },
+    "SYNO.PhotoStation.DsmShare": {
+        "path": "dsm_share.php",
+        "methods": {
+            "1": ["list", "copy", "copymusic"]
+        }
+    },
+    "SYNO.PhotoStation.SharedAlbum": {
+        "path": "shared_album.php",
+        "methods": {
+            "1": ["list", "getinfo", "getinfo_public", "create", "edit", "delete", "add_items", "remove_items", "edit_public_share", "get_single_item", "set_single_item"]
+        }
+    },
+    "SYNO.PhotoStation.PhotoLog": {
+        "path": "log.php",
+        "methods": {
+            "1": ["list", "clear", "export"]
+        }
+    },
+    "SYNO.PhotoStation.Path": {
+        "path": "path.php",
+        "methods": {
+            "1": ["	", "checkpath"]
+        }
+    }
+}

PhotoStation API/api.txt

@@ -0,0 +1,10 @@
+
+api=SYNO.PhotoStation.Album&method=list&version=1&id=album_323031372f323031372d31322d3234205a69656d6173737665746b692f636c697073&offset=0&limit=120&sort_by=preference&sort_direction=asc&recursive=false&type=album%2Cphoto%2Cvideo&additional=album_permission%2Cphoto_exif%2Cvideo_quality%2Cvideo_codec%2Cthumb_size
+
+album_permission,photo_exif,video_quality,video_codec,thumb_size
+
+
+http://home.blue.lv/photo/webapi/download.php?api=SYNO.PhotoStation.Download&method=getvideo&version=1&id=video_323031372f323031372d31322d3234205a69656d6173737665746b692f636c697073_30303133342e4d5453&quality_id=2f766f6c756d65312f70686f746f2f323031372f323031372d31322d3234205a69656d6173737665746b692f636c6970732f4065614469722f30303133342e4d54532f53594e4f50484f544f5f46494c4d5f4d2e6d7034&PHPSESSID=gmj2h1mia251deueb8cj1rggn4
+http://home.blue.lv/photo/webapi/download.php?api=SYNO.PhotoStation.Download&method=getvideo&version=1&id=video_323031372f323031372d31322d3234205a69656d6173737665746b692f636c697073_30303133332e4d5453&quality_id=2f766f6c756d65312f70686f746f2f323031372f323031372d31322d3234205a69656d6173737665746b692f636c6970732f4065614469722f30303133332e4d54532f53594e4f50484f544f5f46494c4d5f4d2e6d7034&PHPSESSID=o9gkhs159g8gpjp5vkg4v9h1h2
+
+http://home.blue.lv/photo/webapi/download.php?api=SYNO.PhotoStation.Download&method=getvideo&version=1&id=video_323031372f323031372d31322d3234205a69656d6173737665746b692f636c697073_30303133342e4d5453&PHPSESSID=gmj2h1mia251deueb8cj1rggn4

PhotoStation API/webabi.lua

@@ -0,0 +1,623 @@
+--[[----------------------------------------------------------------------------
+
+PSPhotoStationAPI.lua
+This file is part of Photo StatLr - Lightroom plugin.
+Copyright(c) 2017, Martin Messmer
+
+Photo Station Upload primitives:
+	- initialize
+	- login
+	- logout
+
+	- listAlbum
+	- movePic
+	- deletePic
+	- sortPics
+
+	- addPhotoComments
+	- getPhotoComments
+
+	- getPhotoExifs
+
+	- getTags
+	- getPhotoTags
+
+	- editPhoto
+
+	- createSharedAlbum
+	- editSharedAlbum
+	- listSharedAlbum
+	- addPhotosToSharedAlbum
+	- removePhotosFromSharedAlbum
+
+Photo StatLr is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Photo StatLr is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with Photo StatLr.  If not, see <http://www.gnu.org/licenses/>.
+
+]]
+--------------------------------------------------------------------------------
+
+-- Lightroom API
+local LrFileUtils = import 'LrFileUtils'
+local LrPathUtils = import 'LrPathUtils'
+local LrHttp = import 'LrHttp'
+local LrDate = import 'LrDate'
+
+require "PSUtilities"
+
+--====== local functions =====================================================--
+
+--[[
+callSynoAPI (h, synoAPI, formData)
+	calls the named synoAPI with the respective parameters in formData
+	returns nil, on http error
+	returns the decoded JSON response as table on success
+]]
+local function callSynoAPI (h, synoAPI, formData)
+	local postHeaders = {
+		{ field = 'Content-Type', value = 'application/x-www-form-urlencoded' },
+	}
+
+	local postBody = 'api=' .. synoAPI .. '&' .. formData
+
+	if synoAPI == 'SYNO.PhotoStation.Auth' then
+		writeLogfile(4, "callSynoAPI: LrHttp.post(" .. h.serverUrl .. h.psWebAPI .. h.apiInfo[synoAPI].path .. ",...)\n")
+	else
+		writeLogfile(4, string.format("callSynoAPI: LrHttp.post(%s%s%s, api=%s&%s\n", h.serverUrl, h.psWebAPI, h.apiInfo[synoAPI].path, synoAPI, formData))
+	end
+
+	local respBody, respHeaders = LrHttp.post(h.serverUrl .. h.psWebAPI .. h.apiInfo[synoAPI].path, postBody, postHeaders, 'POST', h.serverTimeout, string.len(postBody))
+
+	if not respBody then
+	    writeTableLogfile(3, 'respHeaders', respHeaders)
+    	if respHeaders then
+      		writeLogfile(3, string.format("Error %s on http request: %s\n",
+      				ifnil(respHeaders["error"].errorCode, 'Unknown'),
+          			trim(ifnil(respHeaders["error"].name, 'Unknown error description'))))
+    		local errorCode = tonumber(ifnil(respHeaders["error"].nativeCode, '1002'))
+      		return nil, errorCode
+    	else
+      		return nil, 1001
+    	end
+	end
+	writeLogfile(4, "Got Body:\n" .. respBody .. "\n")
+
+	local respArray = JSON:decode(respBody)
+
+	if not respArray then return nil, 1003 end
+
+	if respArray.error then
+		local errorCode = tonumber(respArray.error.code)
+		writeLogfile(3, string.format('PSPhotoStationAPI.callSynoAPI: %s returns error %d\n', synoAPI, errorCode))
+		return nil, errorCode
+	end
+
+	return respArray
+end
+
+--====== global functions ====================================================--
+
+PSPhotoStationAPI = {}
+
+---------------------------------------------------------------------------------------------------------
+-- initialize: set serverUrl, loginPath and uploadPath
+function PSPhotoStationAPI.initialize(serverUrl, psPath, serverTimeout)
+	local h = {} -- the handle
+	local apiInfo = {}
+
+	writeLogfile(4, "PSPhotoStationAPI.initialize(PhotoStationUrl=" .. serverUrl .. psPath .. ", Timeout=" .. serverTimeout .. ")\n")
+
+	h.serverUrl = serverUrl
+	h.serverTimeout = serverTimeout
+
+	h.psAlbumRoot	= 	psPath .. '#!Albums'
+	h.psWebAPI 		= 	psPath .. 'webapi/'
+	h.uploadPath 	=	psPath .. 'include/asst_file_upload.php'
+
+	-- bootstrap the apiInfo table
+	apiInfo['SYNO.API.Info'] = {
+		path		= "query.php",
+		minVersion	= 1,
+		maxVersion	= 1,
+	}
+	h.apiInfo = apiInfo
+
+	-- get all API paths via 'SYNO.API.Info'
+	local formData =
+			'query=all&' ..
+			'method=query&' ..
+			'version=1&' ..
+			'ps_username='
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.API.Info', formData)
+
+	if not respArray then return nil, errorCode end
+
+	-- rewrite the apiInfo table with API infos retrieved via SYNO.API.Info
+	h.apiInfo = respArray.data
+-- 	writeTableLogfile(4, 'apiInfo', h.apiInfo)
+
+	return h
+end
+
+---------------------------------------------------------------------------------------------------------
+-- login(h, username, passowrd)
+-- does, what it says
+function PSPhotoStationAPI.login(h, username, password)
+	local formData = 'method=login&' ..
+					 'version=1&' ..
+					 'username=' .. urlencode(username) .. '&' ..
+					 'password=' .. urlencode(password)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Auth', formData)
+
+	if not respArray then return false, errorCode end
+
+	return respArray.success
+end
+
+---------------------------------------------------------------------------------------------------------
+
+-- logout(h)
+-- nothing to do here, invalidating the cookie would be perfect here
+function PSPhotoStationAPI.logout (h)
+	return true
+end
+
+---------------------------------------------------------------------------------------------------------
+-- listAlbum: returns all photos/videos and optionally albums in a given album
+-- returns
+--		albumItems:		table of photo infos, if success, otherwise nil
+--		errorcode:		errorcode, if not success
+function PSPhotoStationAPI.listAlbum(h, dstDir, listItems)
+	-- recursive doesn't seem to work
+	local formData = 'method=list&' ..
+					 'version=1&' ..
+					 'id=' .. PSPhotoStationUtils.getAlbumId(dstDir) .. '&' ..
+					 'type=' .. listItems .. '&' ..
+					 'offset=0&' ..
+					 'limit=-1&' ..
+					 'recursive=false&'..
+					 'additional=album_permission,photo_exif'
+--					 'additional=album_permission,photo_exif,video_codec,video_quality,thumb_size,file_location'
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Album', formData)
+
+	if not respArray then return nil, errorCode end
+
+	writeTableLogfile(4, 'listAlbum(' .. dstDir .. ')', respArray.data.items)
+	return respArray.data.items
+end
+
+---------------------------------------------------------------------------------------------------------
+-- deletePic (h, dstFilename, isVideo)
+function PSPhotoStationAPI.deletePic (h, dstFilename, isVideo)
+	local formData = 'method=delete&' ..
+					 'version=1&' ..
+					 'id=' .. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo) .. '&'
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Photo', formData)
+
+	if not respArray and errorCode ~= 101 then return false, errorCode end
+
+	writeLogfile(3, string.format('deletePic(%s) returns OK (errorCode was %d)\n', dstFilename, ifnil(errorCode, 0)))
+	return respArray.success
+end
+
+---------------------------------------------------------------------------------------------------------
+-- movePic (h, srcFilename, dstAlbum, isVideo)
+function PSPhotoStationAPI.movePic(h, srcFilename, dstAlbum, isVideo)
+	local formData = 'method=copy&' ..
+					 'version=1&' ..
+					 'mode=move&' ..
+					 'duplicate=ignore&' ..
+					 'id=' .. PSPhotoStationUtils.getPhotoId(srcFilename, isVideo) .. '&' ..
+					 'sharepath=' .. PSPhotoStationUtils.getAlbumId(dstAlbum)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Photo', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('movePic(%s, %s) returns OK\n', srcFilename, dstAlbum))
+	return respArray.success
+
+end
+
+---------------------------------------------------------------------------------------------------------
+-- deleteAlbum(h, albumPath)
+function PSPhotoStationAPI.deleteAlbum (h, albumPath)
+	local formData = 'method=delete&' ..
+					 'version=1&' ..
+					 'id=' .. PSPhotoStationUtils.getAlbumId(albumPath) .. '&'
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Album', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('deleteAlbum(%s) returns OK\n', albumPath))
+	return respArray.success
+end
+
+---------------------------------------------------------------------------------------------------------
+-- sortPics (h, albumPath, sortedPhotos)
+function PSPhotoStationAPI.sortPics (h, albumPath, sortedPhotos)
+	local formData = 'method=arrangeitem&' ..
+					 'version=1&' ..
+					 'offset=0&' ..
+					 'limit='.. #sortedPhotos .. '&' ..
+					 'id=' .. PSPhotoStationUtils.getAlbumId(albumPath) .. '&'
+	local i, photoPath, item_ids = {}
+
+	for i, photoPath in ipairs(sortedPhotos) do
+		if i == 1 then
+			item_ids = PSPhotoStationUtils.getPhotoId(sortedPhotos[i])
+		else
+			item_ids = item_ids .. ',' .. PSPhotoStationUtils.getPhotoId(sortedPhotos[i])
+		end
+	end
+
+	formData = formData .. 'item_id=' .. item_ids
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Album', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('sortPics(%s) returns OK.\n', albumPath))
+	return respArray.success
+end
+
+---------------------------------------------------------------------------------------------------------
+-- addPhotoComment (h, dstFilename, isVideo, comment, username)
+function PSPhotoStationAPI.addPhotoComment (h, dstFilename, isVideo, comment, username)
+	local formData = 'method=create&' ..
+					 'version=1&' ..
+					 'id=' .. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo) .. '&' ..
+					 'name=' .. username .. '&' ..
+					 'comment='.. urlencode(comment)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Comment', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('addPhotoComment(%s, %s, %s) returns OK.\n', dstFilename, comment, username))
+	return respArray.success
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getPhotoComments (h, dstFilename, isVideo)
+function PSPhotoStationAPI.getPhotoComments (h, dstFilename, isVideo)
+	local formData = 'method=list&' ..
+					 'version=1&' ..
+					 'id=' .. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Comment', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('getPhotoComments(%s) returns OK.\n', dstFilename))
+	return respArray.data.comments
+end
+
+--[[ currently not needed
+---------------------------------------------------------------------------------------------------------
+-- addSharedPhotoComment (h, dstFilename, isVideo, comment, username, sharedAlbumName)
+function PSPhotoStationAPI.addSharedPhotoComment (h, dstFilename, isVideo, comment, username, sharedAlbumName)
+	local formData = 'method=add_comment&' ..
+					 'version=1&' ..
+					 'item_id=' .. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo) .. '&' ..
+					 'name=' .. username .. '&' ..
+					 'comment='.. urlencode(comment) ..'&' ..
+					 'public_share_id=' .. PSPhotoStationUtils.getSharedAlbumShareId(h, sharedAlbumName)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.AdvancedShare', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('addSharedPhotoComment(%s, %s, %s, %s) returns OK.\n', dstFilename, sharedAlbumName, comment, username))
+	return respArray.success
+end
+]]
+
+---------------------------------------------------------------------------------------------------------
+-- getSharedPhotoComments (h, sharedAlbumName, dstFilename, isVideo)
+function PSPhotoStationAPI.getSharedPhotoComments (h, sharedAlbumName, dstFilename, isVideo)
+	local formData = 'method=list_comment&' ..
+					 'version=1&' ..
+					 'offset=0&' ..
+					 'limit=-1&' ..
+					 'item_id=' 		.. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo) .. '&' ..
+					 'public_share_id=' .. PSPhotoStationUtils.getSharedAlbumShareId(h, sharedAlbumName)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.AdvancedShare', formData)
+
+	if not respArray then return false, errorCode end
+
+	if respArray.data then
+		writeLogfile(3, string.format('getSharedPhotoComments(%s, %s) returns %d comments.\n', dstFilename, sharedAlbumName, #respArray.data))
+	else
+		writeLogfile(3, string.format('getSharedPhotoComments(%s, %s) returns no comments.\n', dstFilename, sharedAlbumName))
+	end
+	return respArray.data
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getSharedAlbumCommentList (h, sharedAlbumName)
+function PSPhotoStationAPI.getSharedAlbumCommentList (h, sharedAlbumName)
+	local formData = 'method=list_log&' ..
+					 'version=1&' ..
+					 'offset=0&' ..
+					 'limit=-1&' ..
+					 'category=comment&' ..
+					 'public_share_id=' .. PSPhotoStationUtils.getSharedAlbumShareId(h, sharedAlbumName)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.AdvancedShare', formData)
+
+	if not respArray then return false, errorCode end
+
+	if respArray.data then
+		writeLogfile(3, string.format('getSharedAlbumCommentList(%s) returns %d comments.\n', sharedAlbumName, respArray.data.total))
+	else
+		writeLogfile(3, string.format('getSharedAlbumCommentList(%s) returns no comments.\n', sharedAlbumName))
+	end
+	return respArray.data.data
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getPhotoExifs (h, dstFilename, isVideo)
+function PSPhotoStationAPI.getPhotoExifs (h, dstFilename, isVideo)
+	local formData = 'method=getexif&' ..
+					 'version=1&' ..
+					 'id=' .. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Photo', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('getPhotoExifs(%s) returns %d exifs.\n', dstFilename, respArray.data.total))
+	return respArray.data.exifs
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getTags (h, type)
+-- get table of tagId/tagString mappings for given type: desc, people, geo
+function PSPhotoStationAPI.getTags(h, type)
+	local formData = 'method=list&' ..
+					 'version=1&' ..
+					 'type=' .. type .. '&' ..
+--					 'additional=info&' ..
+					 'offset=0&' ..
+					 'limit=-1'
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Tag', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('getTags returns %d tags.\n', respArray.data.total))
+	return respArray.data.tags
+end
+
+---------------------------------------------------------------------------------------------------------
+-- createTag (h, type, name)
+-- create a new tagId/tagString mapping of or given type: desc, people, geo
+function PSPhotoStationAPI.createTag(h, type, name)
+	local formData = 'method=create&' ..
+					 'version=1&' ..
+					 'type=' .. type .. '&' ..
+					 'name=' .. urlencode(name)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Tag', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('createTag(%s, %s) returns tagId %s.\n', type, name, respArray.data.id))
+	return respArray.data.id
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getPhotoTags (h, dstFilename, isVideo)
+-- get table of tags (general,people,geo) of a photo
+function PSPhotoStationAPI.getPhotoTags(h, dstFilename, isVideo)
+	local formData = 'method=list&' ..
+					 'version=1&' ..
+					 'type=people,geo,desc&' ..
+					 'additional=info&' ..
+					 'id=' .. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.PhotoTag', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('getPhotoTags(%s) returns %d tags.\n', dstFilename, #respArray.data.tags))
+	return respArray.data.tags
+end
+
+---------------------------------------------------------------------------------------------------------
+-- addPhotoTag (h, dstFilename, isVideo, tagId)
+-- add a new tag (general,people,geo) to a photo
+function PSPhotoStationAPI.addPhotoTag(h, dstFilename, isVideo, type, tagId)
+	local formData = 'method=' .. type .. '_tag&' ..
+					 'version=1&' ..
+					 'tag_id=' .. tagId .. '&' ..
+					 'id=' .. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.PhotoTag', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('addPhotoTag(%s) returns %d item_tag_ids.\n', dstFilename, #respArray.data.item_tag_ids))
+	return respArray.data.item_tag_ids
+end
+
+---------------------------------------------------------------------------------------------------------
+-- editPhoto (h, dstFilename, isVideo, attrValPairs)
+-- edit specific metadata field of a photo
+function PSPhotoStationAPI.editPhoto(h, dstFilename, isVideo, attrValPairs)
+	local formData = 'method=edit&' ..
+					 'version=1&' ..
+					 'id=' .. PSPhotoStationUtils.getPhotoId(dstFilename, isVideo)
+	local logMessage = ''
+
+	for i = 1, #attrValPairs do
+	 	formData = formData .. '&' 		.. attrValPairs[i].attribute .. '=' .. attrValPairs[i].value
+	 	logMessage = logMessage .. ', ' .. attrValPairs[i].attribute .. '=' .. attrValPairs[i].value
+	end
+
+	local success, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Photo', formData)
+
+	if not success then return false, errorCode end
+
+	writeLogfile(3, string.format('editPhoto(%s,%s) returns OK.\n', dstFilename, logMessage))
+	return true
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getSharedAlbums (h)
+-- get table of sharedAlbumId/sharedAlbumName mappings
+function PSPhotoStationAPI.getSharedAlbums(h)
+	local formData = 'method=list&' ..
+					 'version=1&' ..
+					 'additional=public_share&' ..
+					 'offset=0&' ..
+					 'limit=-1'
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.SharedAlbum', formData)
+
+	if not respArray then return nil, errorCode end
+
+	writeLogfile(3, string.format('getSharedAlbums() returns %d albums.\n', respArray.data.total))
+	return respArray.data.items
+end
+
+--[[
+---------------------------------------------------------------------------------------------------------
+-- getSharedAlbumInfo (h, sharedAlbumId)
+-- get infos for the given Shared Album
+function PSPhotoStationAPI.getSharedAlbumInfo(h, sharedAlbumId)
+	local formData = 'method=getinfo&' ..
+					 'version=1&' ..
+					 'additional=public_share&' ..
+					 'id=' .. sharedAlbumId
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.SharedAlbum', formData)
+
+	if not respArray then return nil, errorCode end
+
+	writeLogfile(3, string.format('getSharedAlbumInfo() returns %d albums.\n', #respArray.data.shared_albums))
+	return respArray.data.shared_albums[1];
+end
+]]
+
+---------------------------------------------------------------------------------------------------------
+-- createSharedAlbum(h, name)
+function PSPhotoStationAPI.createSharedAlbum(h, name)
+	local formData = 'method=create&' ..
+					 'version=1&' ..
+--					 'item_id=<photo_id>&' ..
+					 'name=' .. urlencode(name)
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.SharedAlbum', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('createSharedAlbum(%s) returns sharedAlbumId %s.\n', name, respArray.data.id))
+	return respArray.data.id
+end
+
+
+---------------------------------------------------------------------------------------------------------
+-- editSharedAlbum(h, sharedAlbumName, sharedAlbumAttributes)
+function PSPhotoStationAPI.editSharedAlbum(h, sharedAlbumName, sharedAlbumAttributes)
+	local numAttributes = 0
+	local formData = 'method=edit_public_share&' ..
+					 'version=1&' ..
+					 'id=' .. PSPhotoStationUtils.getSharedAlbumId(h, sharedAlbumName)
+
+	for attr, value in pairs(sharedAlbumAttributes) do
+		formData = formData .. '&' .. attr .. '=' .. urlencode(tostring(value))
+		numAttributes = numAttributes + 1
+	end
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.SharedAlbum', formData)
+
+	if not respArray then return nil, errorCode end
+
+	writeLogfile(3, string.format('editSharedAlbum(%s, %d attributes) returns shareId %s.\n', sharedAlbumName, numAttributes, respArray.data.shareid))
+	return respArray.data
+end
+
+---------------------------------------------------------------------------------------------------------
+-- listSharedAlbum: returns all photos/videos in a given shared album
+-- returns
+--		albumItems:		table of photo infos, if success, otherwise nil
+--		errorcode:		errorcode, if not success
+function PSPhotoStationAPI.listSharedAlbum(h, dstDir, listItems)
+	local formData = 'method=list&' ..
+					 'version=1&' ..
+					 'filter_shared_album=' .. PSPhotoStationUtils.getSharedAlbumId(h, dstDir) .. '&' ..
+					 'type=' .. listItems .. '&' ..
+					 'offset=0&' ..
+					 'limit=-1&' ..
+					 'recursive=false&'..
+					 'additional=photo_exif'
+--					 'additional=photo_exif,video_codec,video_quality,thumb_size'
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.Photo', formData)
+
+	if not respArray then return nil, errorCode end
+
+	writeTableLogfile(4, 'listAlbum', respArray.data.items)
+	return respArray.data.items
+end
+
+---------------------------------------------------------------------------------------------------------
+-- PhotoStation.addPhotosToSharedAlbum(h, sharedAlbumName, photos)
+-- add photos to Shared Album
+function PSPhotoStationAPI.addPhotosToSharedAlbum(h, sharedAlbumName, photos)
+	local photoIds = {}
+	for i = 1, #photos do
+		photoIds[i] = PSPhotoStationUtils.getPhotoId(photos[i].dstFilename, photos[i].isVideo)
+	end
+	local itemList = table.concat(photoIds, ',')
+	local formData = 'method=add_items&' ..
+				 'version=1&' ..
+				 'id=' ..  PSPhotoStationUtils.getSharedAlbumId(h, sharedAlbumName) .. '&' ..
+				 'item_id=' .. itemList
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.SharedAlbum', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('addPhotosToSharedAlbum(%s, %d photos) returns OK.\n', sharedAlbumName, #photos))
+	return true
+end
+
+---------------------------------------------------------------------------------------------------------
+-- PhotoStation.removePhotosFromSharedAlbum(h, sharedAlbumName, photos)
+-- remove photos from Shared Album
+function PSPhotoStationAPI.removePhotosFromSharedAlbum(h, sharedAlbumName, photos)
+	local photoIds = {}
+	for i = 1, #photos do
+		photoIds[i] = PSPhotoStationUtils.getPhotoId(photos[i].dstFilename, photos[i].isVideo)
+	end
+	local itemList = table.concat(photoIds, ',')
+	local formData = 'method=remove_items&' ..
+				 'version=1&' ..
+				 'id=' .. PSPhotoStationUtils.getSharedAlbumId(h, sharedAlbumName) .. '&' ..
+				 'item_id=' .. itemList
+
+	local respArray, errorCode = callSynoAPI (h, 'SYNO.PhotoStation.SharedAlbum', formData)
+
+	if not respArray then return false, errorCode end
+
+	writeLogfile(3, string.format('removePhotosFromSharedAlbum(%s,%d photos) returns OK.\n', sharedAlbumName, #photos))
+	return true
+end

PhotoStation API/webapi/PhotoStation.api

@@ -0,0 +1,186 @@
+{
+        "SYNO.PhotoStation.Auth": {
+                "path": "auth.php",
+                "minVersion": 1,
+                "maxVersion": 1,
+                "methods": {
+                        "1": ["login", "logout", "checkauth"]
+                }
+        },
+        "SYNO.PhotoStation.Info": {
+                "path": "info.php",
+                "minVersion": 1,
+                "maxVersion": 1,
+                "methods": {
+                        "1": ["getinfo"]
+                }
+        },
+        "SYNO.PhotoStation.Album": {
+                "path": "album.php",
+                "minVersion": 1,
+                "maxVersion": 1,
+                "methods": {
+                        "1": ["list", "getinfo", "create", "edit", "delete", "arrangeitem", "move", "cleararrangeitem", "cancel"]
+                }
+        },
+        "SYNO.PhotoStation.Permission": {
+                "path": "permission.php",
+                "minVersion": 1,
+                "maxVersion": 1,
+                "methods": {
+                        "1": ["getalbum", "editalbum", "editgroup", "list_public_share", "edit_public_share"]
+                }
+        },
+	"SYNO.PhotoStation.Photo": {
+		"path": "photo.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "listexif", "listfeatureditem", "listgpsgroup", "listgpsgroupeditem", "getinfo", "getexif", "edit", "delete", "copy", "cancel"]
+		}
+	},
+	"SYNO.PhotoStation.Thumb": {
+		"path": "thumb.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["get", "get_dsm_thumb"]
+		}
+	},
+        "SYNO.PhotoStation.Cover": {
+		"path": "cover.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["set"]
+		}
+	},
+        "SYNO.PhotoStation.SmartAlbum": {
+		"path": "smart_album.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "getinfo", "create", "edit", "delete"]
+		}
+	},
+	"SYNO.PhotoStation.File": {
+		"path": "file.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["uploadphoto", "uploadvideo"]
+		}
+	},
+	"SYNO.PhotoStation.Download": {
+		"path": "download.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["getphoto", "getvideo", "getitem"]
+		}
+	},
+        "SYNO.PhotoStation.Category": {
+                "path": "category.php",
+                "minVersion": 1,
+                "maxVersion": 1,
+                "methods": {
+                        "1": ["list", "getinfo", "create", "edit", "delete", "arrangecategory", "listitem", "additem", "removeitem", "arrangeitem"]
+                }
+        },
+	"SYNO.PhotoStation.About": {
+		"path": "about.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["get", "set", "set_visibility"]
+		}
+	},
+	"SYNO.PhotoStation.Tag": {
+		"path": "tag.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "getinfo", "create", "edit", "delete", "searchplace", "delete_unconfirmed_tag"]
+		}
+	},
+	"SYNO.PhotoStation.PhotoTag": {
+		"path": "photo_tag.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "people_tag", "geo_tag", "desc_tag", "delete", "people_tag_confirm"]
+		}
+	},
+	"SYNO.PhotoStation.Comment": {
+		"path": "comment.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "create", "delete"]
+		}
+	},
+	"SYNO.PhotoStation.Timeline": {
+		"path": "timeline.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["getindex"]
+		}
+	},
+	"SYNO.PhotoStation.Group": {
+		"path": "group.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "get", "get_dsm_group", "getmember", "create", "edit", "editmember", "delete"]
+		}
+	},
+        "SYNO.PhotoStation.Rotate": {
+                "path": "rotate.php",
+                "minVersion": 1,
+                "maxVersion": 1,
+                "methods": {
+                        "1": ["set"]
+                }
+        },
+	"SYNO.PhotoStation.SlideshowMusic": {
+		"path": "slideshow_music.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "get", "add", "edit", "delete"]
+		}
+	},
+	"SYNO.PhotoStation.DsmShare": {
+		"path": "dsm_share.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "copy", "copymusic"]
+		}
+	},
+	"SYNO.PhotoStation.SharedAlbum": {
+		"path": "shared_album.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "getinfo", "getinfo_public", "create", "edit", "delete", "add_items", "remove_items", "edit_public_share", "get_single_item", "set_single_item"]
+		}
+	},
+	"SYNO.PhotoStation.PhotoLog": {
+		"path": "log.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["list", "clear", "export"]
+		}
+	},
+	"SYNO.PhotoStation.Path": {
+		"path": "path.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["	", "checkpath"]
+		}
+	}
+}

PhotoStation API/webapi/Query.api

@@ -0,0 +1,10 @@
+{
+	"SYNO.API.Info": {
+		"path": "query.php",
+		"minVersion": 1,
+		"maxVersion": 1,
+		"methods": {
+			"1": ["query"]
+		}
+	}
+}

PhotoStation API/webapi/about.conf.php

@@ -0,0 +1,4 @@
+<?php
+	define('INFO_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+	define('ABOUT_HTML_PATH', SYNOTHEME_DIR.'/about.html');
+	define('TEMPLATE_ABOUT_HTML_PATH', SYNO_PKG_DIR.'/target/etc/about.template.html');

PhotoStation API/webapi/about.inc.php

@@ -0,0 +1,6 @@
+<?php
+	require_once '../include/syno_conf.php';
+	require_once 'about.conf.php';
+
+	require_once INFO_CONF_WEBAPI_SERVICE_INCLUDE_PATH;
+	require_once SZ_WEBAPI_CLASS_PATH;

PhotoStation API/webapi/about.php

@@ -0,0 +1,104 @@
+<?PHP
+require_once 'about.inc.php';
+
+class AboutAPI extends WebAPI
+{
+	public function __construct()
+	{
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		switch ($this->method) {
+			case 'get':
+				$this->Get();
+				break;
+			case 'set':
+				$this->Set();
+				break;
+			case 'set_visibility':
+				$this->SetVisibility();
+				break;
+			default:
+				break;
+		}
+	}
+
+	private function Get()
+	{
+		$html = '';
+		$hasContent = false;
+
+		if (file_exists(ABOUT_HTML_PATH)) {
+			$html = @file_get_contents(ABOUT_HTML_PATH);
+			$hasContent = true;
+		} else {
+			$html = @file_get_contents(TEMPLATE_ABOUT_HTML_PATH);
+		}
+
+		if ($html === false) {
+			$this->SetError(WEBAPI_ERR_UNKNOWN);
+			return;
+		}
+
+		$resp = array(
+			'html' => $html,
+			'has_content' => $hasContent
+		);
+
+		$this->SetResponse($resp);
+	}
+
+	private function Set()
+	{
+		csSYNOPhotoMisc::CheckSessionTimeOut();
+
+		$isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+
+		if (!$isAdmin) {
+			$this->SetError(WEBAPI_ERR_NO_PERMISSION);
+			return;
+		}
+
+		if (!isset($_REQUEST['html'])) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			return;
+		}
+		$html = $_REQUEST['html'];
+
+		if (!is_dir(SYNOTHEME_DIR) && !mkdir(SYNOTHEME_DIR)) {
+			$this->SetError(WEBAPI_ERR_UNKNOWN);
+			return;
+		}
+
+		$ret = @file_put_contents(ABOUT_HTML_PATH, $html);
+		if ($ret === false) {
+			$this->SetError(WEBAPI_ERR_UNKNOWN);
+			return;
+		}
+	}
+
+	private function SetVisibility()
+	{
+		csSYNOPhotoMisc::CheckSessionTimeOut();
+
+		$isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+
+		if (!$isAdmin) {
+			$this->SetError(WEBAPI_ERR_NO_PERMISSION);
+			return;
+		}
+
+		if (isset($_REQUEST['hidden'])) {
+			$hidden = ('true' === $_REQUEST['hidden'] ? 'on' : 'off');
+			csSYNOPhotoMisc::UpdateConfigDB('photo', 'disable_aboutme', $hidden, 'photo_config');
+		}
+		if (isset($_REQUEST['title'])) {
+			csSYNOPhotoMisc::UpdateConfigDB('photo', 'about_me_title', $_REQUEST['title'], 'photo_config');
+		}
+	}
+}
+
+$api = new AboutAPI();
+$api->Run();

PhotoStation API/webapi/album.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('ALBUM_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/album.inc.php

@@ -0,0 +1,8 @@
+<?php
+    require_once('album.conf.php');
+    require_once("../include/syno_conf.php");
+    require_once(SYNOPHOTO_INCLUDE_ALBUM_UTIL);
+
+    require_once(ALBUM_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/album.php

@@ -0,0 +1,941 @@
+<?php
+require_once('album.inc.php');
+require_once('albumutil.php');
+require_once '../include/SYNOPhotoEA.php';
+
+define("PHOTO_ACTION_TMP", '/tmp/photostation_');
+define("PHOTO_ACTION_ALBUM_MOVE_KEY", 'SYNOPS_ALBUM_MOVE');
+define("PHOTO_ACTION_ALBUM_DEL_KEY", 'SYNOPS_ALBUM_DEL');
+
+class AlbumAPI extends WebAPI {
+	function __construct() {
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process() {
+		if (!strcasecmp($this->method, "list")) {
+			$force = "true" === $_REQUEST['force_update'] ? true : false;
+
+			csSYNOPhotoDB::GetDBInstance()->SetSessionCache($force);
+			session_write_close();
+			$this->AlbumList();
+		} elseif (!strcasecmp($this->method, "getinfo")) {
+			csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+			session_write_close();
+			$this->GetInfo();
+		} else {
+			csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+			csSYNOPhotoMisc::CheckSessionTimeOut(true);
+
+			if (!strcasecmp($this->method, "create")) {
+				$this->Create();
+			} elseif (!strcasecmp($this->method, "edit")) {
+				$this->Edit();
+			} elseif (!strcasecmp($this->method, "delete")) {
+				csSYNOPhotoDB::GetDBInstance()->ExpireSessionCache();
+				session_write_close();
+				$this->Delete();
+			} elseif (!strcasecmp($this->method, "move")) {
+				csSYNOPhotoDB::GetDBInstance()->ExpireSessionCache();
+				session_write_close();
+				$this->Move();
+			} elseif (!strcasecmp($this->method, "arrangeitem")) {
+				$this->ArrangeItem();
+			} elseif (!strcasecmp($this->method, "cleararrangeitem")) {
+				$this->ClearArrangeItem();
+			} elseif (!strcasecmp($this->method, "cancel")) {
+				session_write_close();
+				$this->Cancel();
+			}
+		}
+	}
+
+    private function GetParams_Info() {
+        $params = array();
+
+        if (!isset($_REQUEST['id']) || '' === $_REQUEST['id']) {
+            $params['id'] = null; // null means shared root folder
+        } else {
+            $split = explode(',', $_REQUEST['id']);
+            $params['id'] = array();
+            foreach ($split as $albumID) {
+                $id = $this->DecodeItemId($albumID, 'album_');
+                if (false === $id) {
+                    return false;
+                }
+				$params['id'][$albumID] = $id;
+            }
+        }
+		$params['password'] = (isset($_REQUEST['password'])) ? $_REQUEST['password'] : null;
+        $params['additional'] = explode(',', $_REQUEST['additional']);
+        $params['ignore'] = explode(',', $_REQUEST['ignore']);
+
+        return $params;
+    }
+
+    private function GetParams_Create_Edit() {
+        $params = array();
+
+        $params['name'] = $_REQUEST['name'];
+        $params['id'] = null; // null means shared root folder
+        if (isset($_REQUEST['id']) && '' !== $_REQUEST['id']) {
+            $id = $this->DecodeItemId($_REQUEST['id'], 'album_');
+            if (false === $id) {
+                return false;
+            }
+            $params['id'] = $id;
+        }
+        $params['title'] = (isset($_REQUEST['title'])) ? $_REQUEST['title'] : null;
+		$params['description'] = (isset($_REQUEST['description'])) ? $_REQUEST['description'] : null;
+		$params['inheritParent'] = (isset($_REQUEST['inheritParent']) && 'true' === $_REQUEST['inheritParent']) ? true : false;
+        $params['sort_by'] = (isset($_REQUEST['sort_by'])) ? $_REQUEST['sort_by'] : null;
+        if ((null !== $params['sort_by']) && !in_array($params['sort_by'], array('filename', 'takendate', 'createdate', 'preference', 'default'))) {
+            return false;
+        }
+        $params['sort_direction'] = (isset($_REQUEST['sort_direction'])) ? $_REQUEST['sort_direction'] : null;
+        if ((null !== $params['sort_direction']) && !in_array($params['sort_direction'], array('asc', 'desc'))) {
+            return false;
+        }
+        $params['allow_comment'] = (isset($_REQUEST['allow_comment'])) ? $_REQUEST['allow_comment'] : null;
+        if ((null !== $params['allow_comment']) && !in_array($params['allow_comment'], array('true', 'false'))) {
+            return false;
+        }
+        $params['type'] = (isset($_REQUEST['type'])) ? $_REQUEST['type'] : null;
+        if ((null !== $params['type']) && !in_array($params['type'], array('public', 'private', 'password'))) {
+            return false;
+        }
+        $params['password'] = (isset($_REQUEST['password'])) ? $_REQUEST['password'] : null;
+
+        $params['conversion'] = (isset($_REQUEST['conversion'])) ? $_REQUEST['conversion'] : null;
+        if ((null !== $params['conversion']) && !in_array($params['conversion'], array('true', 'false'))) {
+            return false;
+        }
+
+        return $params;
+    }
+
+    private function GetTagIdString($tags)
+    {
+        $arr = explode(',', $tags);
+        $idArr = array();
+        foreach ($arr as $tag) {
+            $split = explode('tag_', $tag);
+            if (2 !== count($split)) {
+                return Error;
+            }
+            array_push($idArr, $split[1]);
+        }
+        $idString = implode(',', $idArr);
+    Error:
+        return $idString;
+	}
+
+	private function GetAlbumString($albums) {
+		$params = array();
+		$idArr = array();
+		$idString = '';
+		$items = explode(',', $albums);
+		foreach($items as $item) {
+			$arr = explode('_', $item);
+			if (2 !== count($arr) || 'album' !== $arr[0]) {
+				return $idString;
+			}
+			$shareName = trim($arr[1]);
+			if ('' !== $shareName) {
+				$shareName = pack('H*', $arr[1]);
+				array_push($params, $shareName);
+			}
+		}
+		$albums = Album::GetBySharename($params);
+		foreach ($albums as $album) {
+			$id = $album['shareid'];
+			array_push($idArr, $id);
+		}
+		$idString = implode(',', $idArr);
+		return $idString;
+	}
+
+	private function GetExifString($values, $prefix) {
+		$arr = explode(',', $values);
+		$idString = '';
+		$idArr = array();
+		foreach($arr as $value) {
+			$split = explode($prefix, $value);
+			if (2 !== count($split)) {
+				goto Error;
+			}
+			array_push($idArr, $split[1]);
+		}
+		$idString = implode(',', $idArr);
+	Error:
+		return $idString;
+	}
+
+    private function GetParams_list() {
+
+        $params = array();
+
+        if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !isset($_REQUEST['type'])) {
+            // FIXME - filter type
+            return false;
+        }
+        $params['offset'] = $_REQUEST['offset'];
+        $params['limit'] = $_REQUEST['limit'];
+        $params['type'] = array();
+        $arr = explode(',', $_REQUEST['type']);
+        foreach ($arr as $item) {
+            if (!in_array($item, array('album', 'photo', 'video'))) {
+                return false;
+            }
+            array_push($params['type'], $item);
+        }
+
+        $params['id'] = (isset($_REQUEST['id'])) ? $_REQUEST['id'] : null; // null means shared root folder
+		$params['albumName'] = '/';
+        if (isset($_REQUEST['id'])) {
+            $split = explode('_', $_REQUEST['id']);  // ex: album_id
+            $params['id'] = $split[1];
+			$params['albumName'] = @pack('H*', $split[1]);
+        }
+        $params['password'] = (isset($_REQUEST['password'])) ? $_REQUEST['password'] : null;
+
+        $params['ignore'] = explode(',', $_REQUEST['ignore']);
+        // additional operator
+        $params['additional'] = array();
+        $params['additional'] = explode(',', $_REQUEST['additional']);
+
+        // sort operator
+        $params['sort_by'] = isset($_REQUEST['sort_by']) ? $_REQUEST['sort_by'] : 'preference';
+        if (!in_array($params['sort_by'], array('filename', 'takendate', 'createdate', 'preference', 'mtime'))) {
+            return false;
+        }
+
+        if (!isset($_REQUEST['sort_direction'])) {
+            $value = csSYNOPhotoMisc::GetConfigDB("album", "thumb_sort_order", "photo_config");
+            $params['sort_direction'] = AlbumAPIUtil::ConvertToSortDirection($value);
+        } else {
+            $params['sort_direction'] = $_REQUEST['sort_direction'];
+        }
+        if (!in_array($params['sort_direction'], array('asc', 'desc'))) {
+            return false;
+        }
+
+        // filter operator
+        $params['keyword'] = (isset($_REQUEST['keyword'])) ? $_REQUEST['keyword'] : null;
+        if (isset($_REQUEST['keyword'])) {
+            $default = 'all';
+            $params['keyword_op'] = (isset($_REQUEST['keyword_op'])) ? $_REQUEST['keyword_op'] : $default;
+            if (isset($params['keyword_op']) && !in_array($params['keyword_op'], array('any', 'all', 'exact'))) {
+                return false;
+            }
+        }
+        $params['date'] = (isset($_REQUEST['date'])) ? $_REQUEST['date'] : null;
+        if (isset($_REQUEST['date'])) {
+            $default = 'taken';
+            $params['date_op'] = (isset($_REQUEST['date_op'])) ? $_REQUEST['date_op'] : $default;
+            if (isset($params['date_op']) && !in_array($params['date_op'], array('taken', 'upload', 'recently_add', 'recently_comment'))) {
+                return false;
+            }
+        }
+        $params['people_tag'] = (isset($_REQUEST['people_tag'])) ? $_REQUEST['people_tag'] : null;
+        if (isset($_REQUEST['people_tag'])) {
+            $params['people_tag'] = $this->GetTagIdString($_REQUEST['people_tag']);
+            $default = 'all';
+            $params['people_tag_op'] = (isset($_REQUEST['people_tag_op'])) ? $_REQUEST['people_tag_op'] : $default;
+            if (isset($params['people_tag_op']) && !in_array($params['people_tag_op'], array('all', 'any'))) {
+                return false;
+            }
+        }
+        $params['geo_tag'] = (isset($_REQUEST['geo_tag'])) ? $_REQUEST['geo_tag'] : null;
+        if (isset($_REQUEST['geo_tag'])) {
+            $params['geo_tag'] = $this->GetTagIdString($_REQUEST['geo_tag']);
+            $default = 'all';
+            $params['geo_tag_op'] = (isset($_REQUEST['geo_tag_op'])) ? $_REQUEST['geo_tag_op'] : $default;
+            if (isset($params['geo_tag_op']) && !in_array($params['geo_tag_op'], array('all', 'any'))) {
+                return false;
+            }
+        }
+        $params['desc_tag'] = (isset($_REQUEST['desc_tag'])) ? $_REQUEST['desc_tag'] : null;
+        if (isset($_REQUEST['desc_tag'])) {
+            $params['desc_tag'] = $this->GetTagIdString($_REQUEST['desc_tag']);
+            $default = 'all';
+            $params['desc_tag_op'] = (isset($_REQUEST['desc_tag_op'])) ? $_REQUEST['desc_tag_op'] : $default;
+            if (isset($params['desc_tag_op']) && !in_array($params['desc_tag_op'], array('all', 'any'))) {
+                return false;
+            }
+		}
+		$params['albums'] = (isset($_REQUEST['albums'])) ? $_REQUEST['albums'] : null;
+		if (isset($_REQUEST['albums'])) {
+			$params['albums'] = $this->GetAlbumString($_REQUEST['albums']);
+		}
+		foreach(SmartAlbum::$exif2IdPrefix as $label => $value) {
+			if (isset($_REQUEST[$label])) {
+				$op = $label.'_op';
+				$params[$label] = $this->GetExifString($_REQUEST[$label], $value.'_');
+				$defaultOp = 'any';
+				$params[$op] = (isset($_REQUEST[$op])) ? $_REQUEST[$op] : $default;
+				if (isset($params[$op]) && 'any' !== $params[$op]) {
+					return false;
+				}
+			}
+		}
+
+        return $params;
+    }
+
+	private function GetParams_ArrangeItem()
+	{
+		if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !isset($_REQUEST['item_id'])) {
+			return false;
+		}
+
+		$params = array();
+		$params['id'] =  (isset($_REQUEST['id'])) ? $_REQUEST['id'] : null; // null means shared root folder
+		if (null !== $params['id'] && '' !== $params['id']) {
+			$split = explode('_', $params['id']);  // ex: 'album_id'
+			if (2 !== count($split)) {
+				return false;
+			}
+			if ('album' !== $split[0]) {
+				return false;
+			}
+			$params['albumName'] = @pack('H*', $split[1]);
+		} else {
+			$params['albumName'] = '/';
+		}
+
+		$params['offset'] = $_REQUEST['offset'];
+		$params['limit'] = $_REQUEST['limit'];
+
+		$params['item_id'] = array();
+		$params['item_name'] = array();
+		$items = explode(',', $_REQUEST['item_id']);
+		// item must be photo or video, and make sure album must be ahead of photo and video
+		foreach ($items as $item) {
+			$arr = explode('_', $item);
+			if (!in_array($arr[0], array('album', 'photo', 'video'))) {
+				return false;
+			}
+			if ('photo' === $arr[0] || 'video' === $arr[0]) {
+				$filename = @pack('H*', $arr[2]);
+				array_push($params['item_name'], $filename);
+			} elseif ('album' === $arr[0]) {
+				$foldername = @pack('H*', $arr[1]);
+				array_push($params['item_name'], basename($foldername).SYNOPHOTO_USER_SORT_ALBUM_SYMBOL);
+			}
+		}
+		$params['item_id'] = $items;
+
+		return $params;
+	}
+
+	private function GetParams_ClearArrangeItem()
+	{
+		$params = array();
+		$params['id'] =  (isset($_REQUEST['id'])) ? $_REQUEST['id'] : null; // null means shared root folder
+		if (null !== $params['id'] && '' !== $params['id']) {
+			$split = explode('_', $params['id']);  // ex: 'album_id'
+			if (2 !== count($split)) {
+				return false;
+			}
+			if ('album' !== $split[0]) {
+				return false;
+			}
+			$params['albumName'] = @pack('H*', $split[1]);
+		} else {
+			$params['albumName'] = '/';
+		}
+
+		return $params;
+	}
+
+    private function ConvertSmartCondition($params) {
+
+        $matchPattern = array('id', 'keyword', 'keyword_op', 'date', 'date_op', 'people_tag', 'people_tag_op', 'geo_tag', 'geo_tag_op', 'desc_tag', 'desc_tag_op', 'albums');
+        $formatPattern = array('dir', 'k', 'k_op', 'd', 'd_op', 'pt', 'pt_op', 'gt', 'gt_op', 'dt', 'dt_op', 'albums');
+        $condition = array();
+        foreach($matchPattern as $field) {
+            if (isset($params[$field])) {
+                $index = array_keys($matchPattern, $field);
+                $condition[$formatPattern[$index[0]]] = $params[$field];
+            }
+		}
+		foreach(SmartAlbum::$exif2IdPrefix as $label => $value) {
+			if (isset($params[$label])) {
+				$condition[$label] = $params[$label];
+				$op = $label.'_op';
+				$condition[$op] = $params[$op];
+			}
+		}
+        return $condition;
+    }
+
+    private function CheckRootSharedFolder($sharePath) {
+        if ('' === $sharePath) {
+            return true;
+        }
+        return false;
+    }
+
+    private function CheckAlbumAccessRight($sharePath, $password) {
+        $ret = WEBAPI_ERR_NONE;
+        // admin
+        if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+            return WEBAPI_ERR_NONE;
+        }
+
+        // not root share folder
+        if (!$this->CheckRootSharedFolder($sharePath)) {
+            $albumInfo = csSYNOPhotoDB::GetDBInstance()->GetAlbum($sharePath);
+            if (empty($albumInfo['password'])) {
+                // Check accessible
+                if (!csSYNOPhotoMisc::CheckAlbumAccessible($sharePath)) {
+                    $ret = PHOTOSTATION_ALBUM_NO_ACCESS_RIGHT;
+                }
+            } else {
+                if (!isset($_SESSION[SYNOPHOTO_ADMIN_USER]['password_pass_album'][$sharePath])) {
+                    if ((md5($password) !== $albumInfo['password'])) {
+                        $ret = PHOTOSTATION_ALBUM_PASSWORD_ERROR;
+                    } else {
+						csSYNOPhotoMisc::PhotoSessionStart();
+                        $_SESSION[SYNOPHOTO_ADMIN_USER]['password_pass_album'][$sharePath] = md5($password);
+                        session_write_close();
+                    }
+                }
+            }
+        }
+        return $ret;
+    }
+
+    private function FormItems($itemList, $params) {
+        $items = array();
+        $allowComment = AlbumAPIUtil::IsAlbumCommentalbGlobal();
+        $showAlbumHit = AlbumAPIUtil::IsShowAlbumHit();
+        $needThumbSize = in_array('thumb_size', $params['additional']);
+        $types = array(0 => 'album', 1 => 'photo', 2 => 'video');
+        $conversionDirs = array();
+		$decorator = array(
+			'album' => 'Decorator::AlbumFormula',
+			'photo'	=> 'Decorator::PhotoFormula',
+			'video'	=> 'Decorator::VideoFormula'
+		);
+        foreach($itemList['items'] as $item_node) {
+			$type = $types[$item_node['itemType']];
+			$func = $decorator[$type];
+
+			$item = array();
+			if ($func) {
+				$item = call_user_func($func, $item_node, array(
+					'allowComment'	=> $allowComment,
+					'showAlbumHit'	=> $showAlbumHit,
+					'param'			=> $params,
+					'needThumbSize'	=> $needThumbSize
+				));
+			}
+
+            $items[] = $item;
+        }
+
+        return $items;
+    }
+
+    private function GetAlbumShareName($value) {
+        if (empty($value)) {
+            return false;
+        }
+
+        $shareNameList = array();
+        $albumIDs = explode(',', $value);
+        foreach ($albumIDs as $albumID) {
+            $arr = explode('album_', $albumID);
+            if (2 !== count($arr)) {
+                return false;
+            }
+            $albumName = trim(@pack('H*', $arr[1]));
+            if (!$albumName || '/' === $albumName) {
+                return false;
+            }
+            array_push($shareNameList, $albumName);
+        }
+        return $shareNameList;
+    }
+
+    private function GetInfo() {
+        // Get and check params
+        $params = array();
+        $params = $this->GetParams_Info();
+        if (!$params) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        $needThumbSize = in_array('thumb_size', $params['additional']);
+        $items = array();
+        if (null === $params['id']) {
+            $item = AlbumAPIUtil::GetRootAlbumInfo($params);
+            array_push($items, $item);
+        } else {
+            $allowComment = AlbumAPIUtil::IsAlbumCommentalbGlobal();
+            $showHits = AlbumAPIUtil::IsShowAlbumHit();
+            $albums = Album::GetBySharename(array_values($params['id']));
+            foreach ($params['id'] as $id => $shareName) {
+				$item = Decorator::AlbumFormula($albums[$shareName], array(
+						'allowComment' => $allowComment,
+						'showAlbumHit' => $showHits,
+						'needThumbSize' => $needThumbSize,
+						'param' => $params
+					));
+                array_push($items, $item);
+            }
+        }
+
+        $resp['items'] = $items;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function AlbumList() {
+        // Get and check params
+        $params = array();
+        $params = $this->GetParams_list();
+        if (!$params) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        $sharePath = @pack('H*', $params['id']);
+        // Check access right
+        if (WEBAPI_ERR_NONE != ($error_code = $this->CheckAlbumAccessRight($sharePath, $params['password']))) {
+            $this->SetError($error_code);
+            goto End;
+        }
+
+		$hasExifCond = false;
+		foreach(SmartAlbum::$exif2IdPrefix as $label => $value) {
+			if (isset($params[$label])) {
+				$hasExifCond = true;
+				break;
+			}
+		}
+		// search operator
+        $itemsSort = array();
+		if (isset($params['keyword']) || isset($params['date']) || isset($params['people_tag']) || isset($params['geo_tag']) || isset($params['desc_tag'])
+			|| isset($params['albums']) || $hasExifCond) {
+			$smart_condition = $this->ConvertSmartCondition($params);
+			$itemList = csSYNOPhotoBrowse::GetBrowseInstance()->GetSearchThumbList_new($smart_condition, $params['offset'], $params['limit']);
+            // filter type
+            $filterItems = AlbumAPIUtil::FilterByType($itemList['items'], $params['type']);
+			$total = $itemList['itemCount'];
+            // FIXME - sorting for search operator
+            $itemsSort['items'] = $filterItems;
+        } else {
+			// album operator
+			csSYNOPhotoMisc::PhotoSessionStart();
+			$_SESSION[SYNOPHOTO_ADMIN_USER]['album_thumb_sort_by'] = $params['sort_by'];
+			$_SESSION[SYNOPHOTO_ADMIN_USER]['album_thumb_sort_order'] = $params['sort_direction'];
+            if (isset($params['id'])) {
+                csSYNOPhotoAlbum::GetAlbumInstance()->AddHitTimes($sharePath);
+            }
+			session_write_close();
+            $itemsSort = array();
+            $itemsSort = csSYNOPhotoBrowse::GetBrowseInstance()->GetThumbList_New(isset($params['id']) ? $sharePath : '/', (int)$params['offset'], (int)$params['limit'], $params['sort_by'], $params['sort_direction'], !in_array('album', $params['type']), !in_array('video', $params['type']), !in_array('photo', $params['type']));
+            $total = $itemsSort['itemCount'];
+        }
+
+        $resp = array();
+        $resp['total'] = $total;
+        $offset = (0 > (int)$params['limit']) ? $resp['total'] : $params['offset'] + $params['limit'];
+        $resp['offset'] = ($offset > $resp['total']) ?  $resp['total'] : $offset;
+        $resp['items'] = $this->FormItems($itemsSort, $params);
+        $this->SetResponse($resp);
+
+    End:
+        return;
+    }
+
+    private function Create() {
+        if (!isset($_REQUEST['name'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // name can't include [.] start or [\/:*?<>|]
+        if (preg_match('/[\\\\\/:\*\?<>\|]/', $_REQUEST['name'], $matches) || preg_match('/^\./', $_REQUEST['name'], $matches)) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // Get and check params
+        $params = array();
+        $params = $this->GetParams_Create_Edit();
+        if (!$params) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get parent share name
+		$parentShareName = null === $params['id'] ? '' : $params['id'];
+
+        $ret = AlbumAPIUtil::SYNOPHOTO_ADMIN_AddAlbum($parentShareName, $params);
+		$username = GetLoginUsername();
+		$parentShareName = $parentShareName === '' ? '/' : $parentShareName;
+		if (is_numeric($ret) && $ret < 0) {
+			PhotoLog::Add("Failed to create album [".$_REQUEST['name']."] in [".$parentShareName."].", false, strtolower($username));
+		} else {
+			PhotoLog::Add("Album [".$_REQUEST['name']."] was created in [".$parentShareName."].", true, strtolower($username));
+		}
+        if (-1 === $ret) {
+            $this->SetError(PHOTOSTATION_ALBUM_CREATE_FAIL);
+            goto End;
+        } elseif (-2 === $ret) {
+            $this->SetError(PHOTOSTATION_ALBUM_NO_UPLOAD_RIGHT);
+            goto End;
+        } elseif (-3 === $ret) {
+            $this->SetError(PHOTOSTATION_ALBUM_NOT_ADMIN);
+            goto End;
+        } elseif (-4 === $ret) {
+            $this->SetError(PHOTOSTATION_ALBUM_HAS_EXIST);
+            goto End;
+        }
+
+        $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('sharename', 'photo_share', 'shareid', $ret);
+        $resp['id'] = $this->EncodeItemId($row['sharename'], "album_");
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Delete() {
+        if (!isset($_REQUEST['id'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        if (false === ($shareNameList = $this->GetAlbumShareName($_REQUEST['id']))) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        $cancelPath = PHOTO_ACTION_TMP.md5(PHOTO_ACTION_ALBUM_DEL_KEY.$_REQUEST['id']);
+        $failCount = 0;
+        foreach ($shareNameList as $shareName) {
+            self::OutputSingleSpace();
+            if (file_exists($cancelPath)) {
+                @unlink($cancelPath);
+                break;
+            }
+
+            $dirName = dirname($shareName);
+            $dirName = ('.' === $dirName) ? '/' : $dirName;
+            if (!csSynoPhotoMisc::CheckAlbumManageable($dirName)) {
+                $failCount++;
+                continue;
+            }
+			$result = Album::DeleteOneBySharename($shareName);
+			if (!$result[0]) {
+				continue;
+			}
+			PhotoLog::Add("Album [".$shareName."] was deleted.", true, strtolower(GetLoginUsername()));
+        }
+        if ($failCount === count($shareNameList)) {
+            $this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);
+            goto End;
+        }
+        SYNOPHOTO_LABEL_UTIL_Check_Photo_Label();
+
+    End:
+        return;
+    }
+
+    private function Edit() {
+        // Get and check params
+        $params = array();
+        $params = $this->GetParams_Create_Edit();
+        if (!$params || null === $params['id']) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+ 
+        $shareName = $params['id'];
+
+        $ret = AlbumAPIUtil::SYNOPHOTO_ADMIN_UpdateAlbum($shareName, $params);
+        if (-1 === $ret) {
+            $this->SetError(PHOTOSTATION_ALBUM_EDIT_FAIL);
+            goto End;
+        } elseif (-2 === $ret) {
+            $this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);
+            goto End;
+        } elseif (-3 === $ret) {
+            $this->SetError(PHOTOSTATION_ALBUM_NOT_ADMIN);
+            goto End;
+        }
+    End:
+        return;
+	}
+
+	private function GetParams_Move() {
+		$param = array();
+
+		/* return when lack of params */
+		if (!isset($_REQUEST['id']) || !isset($_REQUEST['sharepath']) || !isset($_REQUEST['duplicate'])) {
+			return array(false, WEBAPI_ERR_BAD_REQUEST);
+		}
+
+		/* set params */
+		if (preg_match('/^album_/', $_REQUEST['sharepath'])) {
+			$sharepath = trim($this->DecodeItemId($_REQUEST['sharepath'], "album_"));
+		} else {
+			$sharepath = trim(@pack('H*', $_REQUEST['sharepath']));
+		}
+		// $sharepath could be empty
+		$dirpath = pathinfo($sharepath, PATHINFO_DIRNAME);
+		if (!$dirpath || '.' === $dirpath) {
+			$dirpath = '';
+		}
+
+		$destDirs = array();
+		$checkDestDir = $sharepath;
+		while('.' !== $checkDestDir && '' !== $checkDestDir) {
+			$destDirs[] = $checkDestDir;
+			$checkDestDir = pathinfo($checkDestDir, PATHINFO_DIRNAME);
+		}
+
+		$requestIds = explode(',', $_REQUEST['id']);
+		$ids = array();
+		foreach($requestIds as $idStr) {
+			$id_arr = explode('_', $idStr);
+			$albumName = trim(@pack('H*', $id_arr[1]));
+			if (!$albumName || '/' === $albumName) {
+				return array(false, WEBAPI_ERR_BAD_REQUEST);
+			}
+
+			$sourceDir = pathinfo($albumName, PATHINFO_DIRNAME);
+			if ('.' === $sourceDir) {
+				$sourceDir = '';
+			}
+			// dir(source) === dest
+			if ($sharepath === $sourceDir) {
+				return array(false, PHOTOSTATION_ALBUM_SELECT_CONFLICT);
+			}
+			// dest's parent !== dest
+			if (in_array($albumName, $destDirs)) {
+				return array(false, PHOTOSTATION_ALBUM_SELECT_CONFLICT);
+			}
+			$ids[] = $albumName;
+		}
+
+		$param['destShareName'] = $sharepath;
+		$param['isOverwrite'] = 'overwrite' === $_REQUEST['duplicate'] ? true : false;
+		$param['id'] = $ids;
+		return array(true, $param);
+	}
+
+	private function Move() {
+		$ret = false;
+		$param_res = $this->GetParams_Move();
+		if (!$param_res[0]) {
+			$this->SetError($param_res[1]);
+			goto End;
+		}
+		$param = $param_res[1];
+
+		if ('' !== $param['destShareName']) {
+			$destPath = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $param['destShareName'];
+		} else {
+			$destPath = SYNOPHOTO_SERVICE_REAL_DIR . "/";
+		}
+
+		if (!csSynoPhotoMisc::CheckPathValid($destPath)) {
+			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);
+			goto End;
+		}
+
+		if (!csSynoPhotoMisc::CheckAlbumUploadable('' == $param['destShareName'] ? '/' : $param['destShareName'])) {
+			$this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);
+			goto End;
+		}
+
+		$destShareData = array();
+		$destShareData['shareid'] = -1;
+
+		if ($_REQUEST['sharepath'] == '') {
+			$destShareData['sharename'] = '';
+			$albums = Album::GetBySharename(array('/'), true);
+			$row = $albums['/'];
+		} else {
+			$destShareData['sharename'] = $param['destShareName'];
+			$albums = Album::GetBySharename(array($destShareData['sharename']), true);
+			$row = $albums[$destShareData['sharename']];
+		}
+
+		if($row) {
+			$destShareData['shareid'] = $row['shareid'];
+			$destShareData['public'] = $row['public'];
+			$destShareData['password'] = $row['password'];
+			$destShareData['comment'] = $row['comment'];
+		}
+
+		$cancelPath = PHOTO_ACTION_TMP.md5(PHOTO_ACTION_ALBUM_MOVE_KEY.$_REQUEST['id']);
+		$skip = array();
+		foreach ($param['id'] as $albumName) {
+			self::OutputSingleSpace();
+			if (file_exists($cancelPath)) {
+				@unlink($cancelPath);
+				break;
+			}
+
+			$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $albumName;
+			if (!csSynoPhotoMisc::CheckPathValid($path)) {
+				continue;
+			}
+			$ret = SYNOPHOTO_ADMIN_MoveOneAlbum($destShareData, $albumName, $param['isOverwrite']);
+			// skip this album
+			if (1 === $ret) {
+				$skip[] = $this->EncodeItemId($albumName, "album_");
+			}
+		}
+		$ret = true;
+
+		$resp = array(
+			'skip' => $skip
+		);
+
+        $this->SetResponse($resp);
+
+		End:
+			return $ret;
+	}
+
+	private function ArrangeItem()
+	{
+		if (false === ($params = $this->GetParams_ArrangeItem())) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		// chack permission
+		if (!csSynoPhotoMisc::CheckAlbumManageable($params['albumName'])) {
+			$this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);
+			goto End;
+		}
+
+		// get sort_by and sort_direction
+		$sort_by = $_SESSION[SYNOPHOTO_ADMIN_USER]['album_thumb_sort_by'];
+		if (empty($sort_by)) {
+			$value = csSYNOPhotoMisc::GetConfigDB("album", "thumb_sort_type", "photo_config");
+			$sort_by = AlbumAPIUtil::ConvertToSortName($value);
+		}
+		$sort_direction = $_SESSION[SYNOPHOTO_ADMIN_USER]['album_thumb_sort_order'];
+		if (empty($sort_direction)) {
+			$value = csSYNOPhotoMisc::GetConfigDB("album", "thumb_sort_order", "photo_config");
+			$sort_direction = AlbumAPIUtil::ConvertToSortDirection($value);
+		}
+
+		// get original path list
+		$pathList = csSYNOPhotoBrowse::GetBrowseInstance()->GetList_new($params['albumName'], 0, -1, $sort_by, $sort_direction, false, false, false);
+		$totalCount = $pathList['totalCount'];
+
+		// adjust offset and limit
+		$offset = $params['offset'];
+		$limit = (-1 === (int)$params['limit']) ? (int)$totalCount : (int)$params['limit'];
+		if ($offset >= $totalCount || $limit != count($params['item_name'])) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		// get original name list
+		$nameList = array();
+		foreach ($pathList['list'] as $path => $itemType) {
+			$name = (SYNOPHOTO_ITEM_TYPE_ALBUM === $itemType) ? basename($path).SYNOPHOTO_USER_SORT_ALBUM_SYMBOL : basename($path);
+			$nameList[] = $name;
+		}
+
+		// get sort name list
+		array_splice($nameList, $offset, $limit, $params['item_name']);
+		$sortNameList = $nameList;
+
+		// make sure album must be ahead of photo and video
+		$blHavePhotoVideoItem = false;
+		$blPhotoVideoAheadAlbum = false;
+		foreach ($sortNameList as $name) {
+			if ('/' === $name[strlen($name)-1]) {
+				if ($blHavePhotoVideoItem) {
+					$blPhotoVideoAheadAlbum = true;
+					break;
+				}
+			} else {
+				$blHavePhotoVideoItem = true;
+			}
+		}
+		if ($blPhotoVideoAheadAlbum) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		// seve to conf
+		$data['type'] = AlbumAPIUtil::ConvertToSortCode('preference');
+		$data['list'] = $sortNameList;
+		csSYNOPhotoAlbum::GetAlbumInstance()->SaveAlbumThumbSortType($params['albumName'], $data);
+
+	End:
+		return;
+	}
+
+	private function ClearArrangeItem()
+	{
+		if (false === ($params = $this->GetParams_ClearArrangeItem())) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		$albumName = $params['albumName'];
+
+		// chack permission
+		if (!csSynoPhotoMisc::CheckAlbumManageable($albumName)) {
+			$this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);
+			goto End;
+		}
+
+		//remove sort file directly in PS6
+		if ('/' === $albumName) {
+			$fullDirPath = SYNOPHOTO_SERVICE_REAL_DIR;
+			$sortFile = $fullDirPath . '/' . SYNOPhotoEA::SYNO_EA_DIR . '/' . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_ALBUM_SORT);
+		} else {
+			$fullDirPath = sprintf("%s/%s", SYNOPHOTO_SERVICE_REAL_DIR, $albumName);
+			if (false === SYNOPhotoEA::checkFilePath($fullDirPath, SYNOPhotoEA::FILE_ALBUM_SORT, $sortFile)) {
+				goto End;
+			}
+		}
+
+		@unlink($sortFile);
+
+	End:
+		return;
+	}
+
+	private function Cancel()
+	{
+		$ret = false;
+		$resp = array();
+		/* return when lack of params */
+		if (!isset($_REQUEST['id']) || !isset($_REQUEST['action'])) {
+			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);
+			goto End;
+		}
+
+		if ('mvcp' === $_REQUEST['action']) {
+			$key = PHOTO_ACTION_ALBUM_MOVE_KEY;
+		} else if ('delete' === $_REQUEST['action']) {
+			$key = PHOTO_ACTION_ALBUM_DEL_KEY;
+		}
+		$filePath = PHOTO_ACTION_TMP.md5($key.$_REQUEST['id']);
+		@file_put_contents($filePath, "");
+		$ret = true;
+	End:
+		return $ret;
+	}
+}
+
+$api = new AlbumAPI();
+$api->Run();
+
+
+?>

PhotoStation API/webapi/albumutil.php

@@ -0,0 +1,887 @@
+<?php
+
+require_once('album.inc.php');
+
+class AlbumAPIUtil {
+
+    /**
+     * @param $parentAlbumName 
+     * @param $data 
+     * @return 
+     *   id - success 
+     *   -1 - general fail
+     *   -2 - no upload right
+     *   -3 - not admin
+     *   -4 - album hsa exist
+     */
+    static function SYNOPHOTO_ADMIN_AddAlbum($parentAlbumName = '', $params)
+    {
+        if (null !== $params['sort_by'] || null !== $params['sort_direction'] || null !== $params['conversion'] ||
+            null !== $params['allow_comment'] || null !== $params['type'] || null !== $params['password']) {
+            if (!isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+                return -3;
+            }
+        } else {
+            if (!csSynoPhotoMisc::CheckAlbumUploadable(('' === $parentAlbumName) ? '/' : $parentAlbumName)) {
+                return -2;
+            }
+        }
+
+
+        $album_data = array();
+        // only 1st level share can set 'allow_comment' and 'allow conversion'
+        if ('' === $parentAlbumName) {
+            if (null === $params['allow_comment']) {
+                $album_data['comment'] = ('on' === csSYNOPhotoMisc::GetConfigDB("photo", "album_def_allow_comment", "photo_config")) ? 't' : 'f';
+            } else {
+                $album_data['comment'] = ('true' === $params['allow_comment']) ? 't' : 'f';
+            }
+            if (null === $params['conversion']) {
+                $album_data['conversion'] = ('on' === csSYNOPhotoMisc::GetConfigDB("photo", "def_album_disable_conversion", "photo_config")) ? 'f' : 't';
+            } else {
+                $album_data['conversion'] = ('true' === $params['conversion']) ? 't' : 'f';
+            }
+        } else {
+            $album_data['comment'] = 'f';
+            $album_data['conversion'] = 't';
+        }
+
+        $album_name = stripcslashes($params['name']);
+        $album_data['sharename'] = ($parentAlbumName == '') ? $album_name : $parentAlbumName.'/'.$album_name;
+        $album_data['title'] = stripcslashes($params['title']);
+        $album_data['description'] = stripcslashes($params['description']);
+
+        $default_album_public = 'f';
+        if (isSet($_SESSION[SYNOPHOTO_ADMIN_USER]['system_config']['pkgCfg']['albumdefpublic']) &&
+            'yes' == $_SESSION[SYNOPHOTO_ADMIN_USER]['system_config']['pkgCfg']['albumdefpublic']) {
+            $default_album_public = 't';
+        }
+        $album_data['public'] = null === $params['type'] ? $default_album_public : (('public' === $params['type']) ? 't' : 'f');
+        $album_data['is_subdir'] = ($parentAlbumName == '') ? 'f' : 't';
+		$album_data['password'] = (null !== $params['password']) ? md5($params['password']) : '';
+		$inherit = ('' === $album_data['password']) ? $params['inheritParent'] : false;
+
+        $path = SYNOPHOTO_SERVICE_REAL_DIR.'/'.$album_data['sharename'];
+
+		//3rd param is true while create album but not assign permission so that inheriting permission of parent album
+		//4th param is true while the album creator is not admin so that it need to inherit the 'public' column of parent album,
+		//		althought 3rd param is false, AddAlbumToDB still call inherit because of creator is not admin.
+        $createID = SYNOPHOTO_ADMIN_AddAlbumToDB($album_data, $path, $inherit, !$inherit);
+        if ('album existed' === $createID) {
+            return -4;
+        }
+
+        //sort
+        $data = array();
+        $data['type'] = (null !== $params['sort_by']) ? self::ConvertToSortCode($params['sort_by']) : -1;
+        $data['order'] = (null !== $params['sort_by']) ? self::ConvertToSortDirectionCode($params['sort_direction']) : 0;
+        csSYNOPhotoAlbum::GetAlbumInstance()->SaveAlbumThumbSortType($album_data['sharename'], $data);
+
+        csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+        return $createID;
+    }
+
+    /**
+     * @param $shareName 
+     * @param $params 
+     * @return 
+     *   0 - success
+     *  -1 - general fail
+     *  -2 - no manage right
+     *  -3 - not admin
+     */
+    static function SYNOPHOTO_ADMIN_UpdateAlbum($shareName, $params)
+    {
+        // description, title - manage right
+        if ((null !== $params['description'] || null !== $params['title']) && null === $params['sort_by'] && null === $params['sort_direction'] &&
+            null === $params['allow_comment'] && null === $params['type'] && null === $params['password'] && null === $params['conversion']) {
+            if (!csSynoPhotoMisc::CheckAlbumManageable(('' === $shareName) ? '/' : $shareName)) {
+                return -2;
+            }
+        // not changed
+        } elseif (null === $params['description'] && null === $params['title'] && null === $params['sort_by'] && null === $params['sort_direction'] &&
+                  null === $params['allow_comment'] && null === $params['type'] && null === $params['password'] && null === $params['conversion']) {
+            return 0;
+        } else {
+        // title, sort_by, sort_direction, allow_comment, type, password, conversion - admin
+            if (!isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+                return -3;
+            }
+        }
+
+        if ('' === $shareName) {
+            $shareName = '/';
+        }
+
+
+        $setCondition = array();
+		$setQueryParam = array();
+        if (null !== $params['title']) {
+            $setValue = "title = ? ";
+            array_push($setCondition, $setValue);
+			$setQueryParam[] = stripcslashes($params['title']);
+        }
+        if (null !== $params['description']) {
+            $setValue = "description = ?";
+            array_push($setCondition, $setValue);
+			$setQueryParam[] = stripcslashes($params['description']);
+        }
+
+        $objs = Album::GetBySharename(array($shareName), true);
+        $share = $objs[$shareName];
+		if ($share) {
+			$shareid = $share['shareid'];
+		} else {
+			return -1;
+		}
+
+		if ('public' === $params['type']) {
+			$setValue = "public = 't', password = ''";
+			array_push($setCondition, $setValue);
+
+			/* clear access right table if album is public */
+			PHOTO_DB_Query("DELETE FROM " . PHOTO_ACCESS_RIGHT_TABLE . " WHERE shareid = ".$shareid);
+		} else if ('private' === $params['type']) {
+			$setValue = "public = 'f', password = ''";
+			array_push($setCondition, $setValue);
+
+			/* remove all permissions if album is password */
+			PHOTO_DB_Query("DELETE FROM " . PHOTO_ACCESS_RIGHT_TABLE . " WHERE shareid = ".$shareid);
+			PHOTO_DB_Query("DELETE FROM " . PHOTO_UPLOAD_RIGHT_TABLE . " WHERE shareid = ".$shareid);
+			PHOTO_DB_Query("DELETE FROM " . PHOTO_MANAGE_RIGHT_TABLE . " WHERE shareid = ".$shareid);
+
+		} else if ('password' === $params['type'] && $params['password'] !== '') {
+			$setValue = "public = 'f',password='".md5($params['password'])."'";
+			array_push($setCondition, $setValue);
+
+			/* remove all permissions if album is password */
+			PHOTO_DB_Query("DeLETE FROM " . PHOTO_ACCESS_RIGHT_TABLE . " WHERE shareid = ".$shareid);
+			PHOTO_DB_Query("DELETE FROM " . PHOTO_UPLOAD_RIGHT_TABLE . " WHERE shareid = ".$shareid);
+			PHOTO_DB_Query("DELETE FROM " . PHOTO_MANAGE_RIGHT_TABLE . " WHERE shareid = ".$shareid);
+		}
+
+        if (null !== $params['allow_comment']) {
+            if($params['allow_comment'] == 'true') {
+                $setValue = "comment = 't'";
+            } else {
+                $setValue = "comment = 'f'";
+            }
+            array_push($setCondition, $setValue);
+        }
+
+        if (null !== $params['conversion']) {
+            if ($params['conversion'] === 'true' && !$share['conversion']) {
+                $needReindex = true;
+                $setValue = "conversion = 't'";
+                array_push($setCondition, $setValue);
+            } elseif ($params['conversion'] !=='true' && $share['conversion']) {
+                $setValue = "conversion = 'f'";
+                array_push($setCondition, $setValue);
+            }
+        }
+
+        $setString = implode(',', $setCondition);
+        $query = "UPDATE photo_share SET {$setString} WHERE sharename = ?";
+		$setQueryParam[] = $shareName;
+        $db_result = PHOTO_DB_Query($query, $setQueryParam);
+
+        //sort
+        $data = array();
+        if (null !== $params['sort_by']) {
+            $data['type'] = self::ConvertToSortCode($params['sort_by']);
+        }
+        if (null !== $params['sort_direction']) {
+            $data['order'] = self::ConvertToSortDirectionCode($params['sort_direction']);
+        }
+        if ('/' !== $shareName) {
+            csSYNOPhotoAlbum::GetAlbumInstance()->SaveAlbumThumbSortType($shareName, $data);
+        }
+        csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+
+        if ($needReindex) {
+            @exec("/usr/syno/bin/synoindex -P PhotoStation -R " . escapeshellarg(SYNOPHOTO_SERVICE_REAL_DIR . "/" . $shareName));
+        }
+
+        return 0;
+    }
+
+    static function ConvertToTypeName($type) {
+        switch ($type) {
+        case 0:
+            $typeName = 'album';
+            break;
+        case 1:
+            $typeName = 'photo';
+            break;
+        case 2:
+            $typeName = 'video';
+            break;
+        default:
+            break;
+        }
+        return $typeName;
+    }
+
+    static function ConvertToSortDirection($value) {
+        switch ($value) {
+        case -1:
+            $sortDirection = 'default';
+            break;
+        case 0:
+            $sortDirection = 'asc';
+            break;
+        case 1:
+            $sortDirection = 'desc';
+            break;
+        default:
+            break;
+        }
+        return $sortDirection;
+    }
+
+    static function ConvertToSortDirectionCode($name) {
+        switch ($name) {
+        case 'default':
+            $sortCode = -1;
+            break;
+        case 'asc':
+            $sortCode = 0;
+            break;
+        case 'desc':
+            $sortCode = 1;
+            break;
+        default:
+            break;
+        }
+        return $sortCode;
+    }
+
+    static function ConvertToSortName($type) {
+        switch ($type) {
+        case -1:
+            $sortBy = 'default';
+            break;
+        case 0:
+            $sortBy = 'filename';
+            break;
+        case 1:
+            $sortBy = 'takendate';
+            break;
+        case 2:
+            $sortBy = 'createdate';
+            break;
+        case 3:
+            $sortBy = 'preference';
+            break;
+        default:
+            break;
+        }
+        return $sortBy;
+    }
+
+    static function ConvertToSortCode($name) {
+        switch ($name) {
+        case 'default':
+            $sortCode = -1;
+            break;
+        case 'filename':
+            $sortCode = 0;
+            break;
+        case 'takendate':
+            $sortCode = 1;
+            break;
+        case 'createdate':
+            $sortCode = 2;
+            break;
+        case 'preference':
+            $sortCode = 3;
+            break;
+        default:
+            break;
+        }
+        return $sortCode;
+    }
+
+    static function FilterByType($items, $type)
+    {
+        $filterItems = array();
+        foreach ($items as $item) {
+            $typeName = self::ConvertToTypeName($item['itemType']);
+            if (in_array($typeName, $type)) {
+                array_push($filterItems, $item);
+            }
+        }
+        return $filterItems;
+    }
+
+    static function SortItem($photo_video_items, $sortBy, $sortDirection, $offset, $limit) {
+        $itemsSort = array();
+
+        // sort by photo, video
+        if ('filename' === $sortBy) {
+            if ('asc' === $sortDirection) {
+                usort($photo_video_items, 'self::SortFilename_ASC');
+            } else {
+                usort($photo_video_items, 'self::SortFilename_DESC');
+            }
+        } elseif ('takendate' === $sortBy) {
+            if ('asc' === $sortDirection) {
+                usort($photo_video_items, 'self::SortTakendate_ASC');
+            } else {
+                usort($photo_video_items, 'self::SortTakendate_DESC');
+            }
+        } elseif ('createdate' === $sortBy) {
+            if ('asc' === $sortDirection) {
+                usort($photo_video_items, 'self::SortCreatedate_ASC');
+            } else {
+                usort($photo_video_items, 'self::SortCreatedate_DESC');
+            }
+        }
+
+        if (false === $offset && false === $limit) {
+            return $photo_video_items;
+        }
+        // set offset and limit
+        $cutItemsSort = array();
+        if (0 > (int)$limit) {
+            $cutItemsSort = array_slice($photo_video_items, $offset);
+        } else {
+            $cutItemsSort = array_slice($photo_video_items, $offset, $limit);
+        }
+
+        return $cutItemsSort;
+    }
+
+    private function ExtractItem($items, &$albumItems, &$photo_video_items) {
+        $index = count($items);
+        foreach ($items as $key => $item) {
+            if ('album' !== self::ConvertToTypeName($item['itemType'])) {
+                $index = $key;
+                break;
+            }
+        }
+        $albumItems = array_slice($items, 0, $index);
+        $photo_video_items = array_slice($items, $index);
+    }
+
+    static function SortFilename_ASC($a, $b) {
+        if ($a['name'] == $b['name']) {
+            return 0;
+        }
+        return ($a['name'] < $b['name']) ? -1 : 1;
+    }
+
+    static function SortFilename_DESC($a, $b) {
+        if ($a['name'] == $b['name']) {
+            return 0;
+        }
+        return ($a['name'] > $b['name']) ? -1 : 1;
+    }
+
+    static function SortTakendate_ASC($a, $b) {
+        if ($a['takendate'] == $b['takendate']) {
+            return ($a['name'] < $b['name']) ? -1 : 1;
+        }
+        return ($a['takendate'] < $b['takendate']) ? -1 : 1;
+    }
+
+    static function SortTakendate_DESC($a, $b) {
+        if ($a['takendate'] == $b['takendate']) {
+            return ($a['name'] > $b['name']) ? -1 : 1;
+        }
+        return ($a['takendate'] > $b['takendate']) ? -1 : 1;
+    }
+
+    static function SortCreatedate_ASC($a, $b) {
+        if ($a['createdate'] == $b['createdate']) {
+            return ($a['name'] < $b['name']) ? -1 : 1;
+        }
+        return ($a['createdate'] < $b['createdate']) ? -1 : 1;
+    }
+
+    static function SortCreatedate_DESC($a, $b) {
+        if ($a['createdate'] == $b['createdate']) {
+            return ($a['name'] > $b['name']) ? -1 : 1;
+        }
+        return ($a['createdate'] > $b['createdate']) ? -1 : 1;
+    }
+
+    static function SortPreference($items, $sharePath) {
+        $sort = csSYNOPhotoAlbum::GetAlbumThumbSortType($sharePath);
+        $list = array();
+        $result = array();
+        if (!empty($sort['list'])) {
+            $list = $sort['list'];
+            $preArr = array();
+            foreach ($list as $key) {
+                foreach ($items as $item) {
+                    if ($key === $item['name']) {
+                        array_push($result, $item);
+                    }
+                }
+            }
+            
+            // rest photo and video item
+            foreach ($items as $item) {
+                if (!in_array($item, $result)) {
+                    array_push($result, $item);
+                }
+            }
+
+        } else {
+            $result = $items;
+        }
+        
+        return $result;
+    }
+
+    /*
+     *  @return [string] broken / small, large
+     */
+    static function GetThumbStatus($dbPath, $needSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $blConversion) {
+        /* special case for gif, return original file */
+		$path = SYNOPHOTO_SERVICE_REAL_DIR_PREFIX.$dbPath;
+        $info = pathinfo($path);
+        if ('gif' === strtolower($info['extension'])) {
+            $ret['status'] = 'small,large';
+            if ($needSize) {
+                $imgInfo = @getImageSize($path);
+				$mtime = @filemtime($path);
+                $ret['size']['preview']['resolutionx'] = $imgInfo[0];
+                $ret['size']['preview']['resolutiony'] = $imgInfo[1];
+                $ret['size']['preview']['mtime'] = $mtime;
+                $ret['size']['small']['resolutionx'] = $imgInfo[0];
+                $ret['size']['small']['resolutiony'] = $imgInfo[1];
+                $ret['size']['small']['mtime'] = $mtime;
+                $ret['size']['large']['resolutionx'] = $imgInfo[0];
+                $ret['size']['large']['resolutiony'] = $imgInfo[1];
+                $ret['size']['large']['mtime'] = $mtime;
+            }
+            return $ret;
+        }
+
+        if ($needSize) {
+            $ret['size']['preview']['resolutionx'] = 0;
+            $ret['size']['preview']['resolutiony'] = 0;
+            $ret['size']['small']['resolutionx'] = 0;
+            $ret['size']['small']['resolutiony'] = 0;
+            $ret['size']['large']['resolutionx'] = 0;
+            $ret['size']['large']['resolutiony'] = 0;
+        }
+
+        $file_name = basename($path);
+        $dir = dirname($path);
+
+        if (SYNOPhotoEA::checkFilePathByDirFile($dir, $file_name, SYNOPhotoEA::FILE_THUMB_M_FAIL, $thumbSmallBroken) &&
+            SYNOPhotoEA::checkFilePathByDirFile($dir, $file_name, SYNOPhotoEA::FILE_THUMB_XL_FAIL, $thumbLargeBroken)) {
+            $ret['status'] = 'broken';
+        } else {
+            $thumbStatus = array();
+			$hasSmall = $hasLarge = false;
+			if (!$blConversion) {
+				$thumbStatus[] = 'disable';
+			}
+			if (SYNOPhotoEA::checkFilePathByDirFile($dir, $file_name, SYNOPhotoEA::FILE_THUMB_M, $thumbSmallPath)) {
+				$hasSmall = true;
+                if ($needSize) {
+					$ret['size']['small'] = self::CalculateThumbSize($orig_resolutionx, $orig_resolutiony, $blThumbRotated, SYNOPHOTO_THUMBMEDIUM_WIDTH);
+                    $ret['size']['small']['mtime'] = @filemtime($thumbSmallPath);
+                }
+            }
+            if (SYNOPhotoEA::checkFilePathByDirFile($dir, $file_name, SYNOPhotoEA::FILE_THUMB_PREVIEW, $thumbPreviewPath)) {
+                $thumbStatus[] = 'preview';
+                if ($needSize) {
+                    if ($hasSmall) {
+                        $ret['size']['preview'] = self::CalculateThumbSize($orig_resolutionx, $orig_resolutiony, $blThumbRotated, SYNOPHOTO_THUMBPREVIEW_WIDTH);
+                    } else {
+                        $ret['size']['preview'] = self::GetThumbSize($path, $thumbPreviewPath);
+                    }
+                    $ret['size']['preview']['mtime'] = @filemtime($thumbPreviewPath);
+				}
+
+				//use preview-thumb as small-thumb in thumbnail-less browsing
+				if (!$blConversion && !$hasSmall) {
+					$hasSmall = true;
+					if ($needSize) {
+						$ret['size']['small'] = $ret['size']['preview'];
+						$ret['size']['small']['mtime'] = $ret['size']['preview']['mtime'];
+					}
+				}
+			}
+			if (SYNOPhotoEA::checkFilePathByDirFile($dir, $file_name, SYNOPhotoEA::FILE_THUMB_XL, $thumbLargePath)) {
+				$hasLarge = true;
+                if ($needSize) {
+					$ret['size']['large'] = self::CalculateThumbSize($orig_resolutionx, $orig_resolutiony, $blThumbRotated, SYNOPHOTO_THUMBXLARGE_WIDTH);
+                    $ret['size']['large']['mtime'] = @filemtime($thumbLargePath);
+                }
+            }
+
+			if (!$hasLarge && SYNOPhotoEA::checkFilePathByDirFile($dir, $file_name, SYNOPhotoEA::FILE_THUMB_LARGE_PREVIEW, $thumbLargePreviewPath)) {
+				$thumbStatus[] = 'large';
+				if ($needSize) {
+					$ret['size']['large'] = self::GetThumbSize($path, $thumbLargePreviewPath);
+					$ret['size']['large']['mtime'] = @filemtime($thumbLargePreviewPath);
+				}
+			}
+
+			//use original file as large thumb in thumbnail-less browsing
+			if (!$blConversion && !$hasLarge && in_array(strtolower($info['extension']), array('jpeg', 'bmp', 'png', 'jpg', 'jpe'/*, 'image/tiff'*/))) {
+				$hasLarge = true;
+				if ($needSize) {
+					$ret['size']['large']['resolutionx'] = $orig_resolutionx;
+					$ret['size']['large']['resolutiony'] = $orig_resolutiony;
+					$ret['size']['large']['mtime'] = @filemtime($path);
+				}
+				$thumbStatus[] = "large_original";
+			}
+
+			if ($hasSmall) {
+				$thumbStatus[] = 'small';
+			}
+			if ($hasLarge) {
+				$thumbStatus[] = 'large';
+			}
+
+            $ret['status'] = implode(',', $thumbStatus);
+        }
+
+        return $ret;
+	}
+
+	static function CalculateThumbSize($orig_resolutionx, $orig_resolutiony, $blThumbRotated, $thumbSize)
+	{
+		$thumb['resolutionx'] = $thumb['resolutiony'] = 0;
+
+		if (0 >= $orig_resolutionx || 0 >= $orig_resolutiony || 0 >= $thumbSize) {
+			goto End;
+		}
+
+		$ratio = $orig_resolutionx / $orig_resolutiony;
+		if (0 >= $ratio) {
+			goto End;
+		}
+
+		$thumb['resolutionx'] = $orig_resolutionx;
+		$thumb['resolutiony'] = $orig_resolutiony;
+
+		if ($thumbSize < $orig_resolutionx && $thumbSize < $orig_resolutiony) {
+			if ($orig_resolutionx >= $orig_resolutiony) {
+				$thumb['resolutionx'] = ceil($thumbSize * $ratio);
+				$thumb['resolutiony'] = $thumbSize;
+			} else {
+				$thumb['resolutionx'] = $thumbSize;
+				$thumb['resolutiony'] = ceil($thumbSize / $ratio);
+			}
+		}
+
+		if ($blThumbRotated) {
+			$tmp = $thumb['resolutionx'];
+			$thumb['resolutionx'] = $thumb['resolutiony'];
+			$thumb['resolutiony'] = $tmp;
+		}
+	End:
+		return $thumb;
+	}
+
+    static function GetThumbSize($imgPath, $thumbPath) {
+        $thumbInfo = @getImageSize($thumbPath);
+        $ret = array(
+            'resolutionx' => $thumbInfo[0],
+            'resolutiony' => $thumbInfo[1]
+        );
+
+        $info = pathinfo($imgPath);
+        if (!in_array(strtolower($info['extension']), array('jpeg', 'bmp', 'png', 'jpg', 'jpe'/*, 'image/tiff'*/))) {
+            goto END;
+        }
+
+        $imgInfo = @getImageSize($imgPath);
+        $rotated = ($thumbInfo[0] > $thumbInfo[1] && $imgInfo[0] <= $imgInfo[1]) || ($thumbInfo[0] <= $thumbInfo[1] && $imgInfo[0] > $imgInfo[1]);
+
+        if ($rotated && $thumbInfo[0] > $imgInfo[1]) {
+            $ret['resolutionx'] = $imgInfo[1];
+            $ret['resolutiony'] = $imgInfo[0];
+        } else if (!$rotated && $thumbInfo[0] > $imgInfo[0]) {
+            $ret['resolutionx'] = $imgInfo[0];
+            $ret['resolutiony'] = $imgInfo[1];
+        }
+
+    END:
+        return $ret;
+    }
+
+	static function FillThumbStatus(&$item, $coverDBPath, $needThumbSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $blConversion)
+	{
+		if ('' !== $coverDBPath) {
+			$thumbnail = self::GetThumbStatus($coverDBPath, $needThumbSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $blConversion);
+		} else {
+			$thumbnail = array('status' => 'default');
+			if (!$blConversion) {
+				$thumbnail['status'] .= ',disable';
+			}
+			if ($needThumbSize) {
+				$thumbnail['size'] = array(
+					'preview' => array('resolutionx' => 0, 'resolutiony' => 0),
+					'small' => array('resolutionx' => 0, 'resolutiony' => 0),
+					'large' => array('resolutionx' => 0, 'resolutiony' => 0)
+				);
+			}
+		}
+
+		$item['thumbnail_status'] = $thumbnail['status'];
+		if ($needThumbSize) {
+			if (!is_array($item['additional'])) {
+				$item['additional'] = array();
+			}
+			$item['additional']['thumb_size'] = $thumbnail['size'];
+			$item['additional']['thumb_size']['sig'] = bin2hex($coverDBPath);
+		}
+	}
+
+	static function GetCoverResolutionRotation($coverPath) {
+		if ('' === $coverPath) {
+			return array(0, 0, false);
+		}
+		$file = csSYNOPhotoMisc::IsPhotoFile($coverPath) ?
+			File::GetPhotoByDBPath(array($coverPath)) : File::GetVideoByDBPath(array($coverPath));
+
+		$info = $file[$coverPath];
+
+		return array((int)$info['resolutionx'], (int)$info['resolutiony'], 0 !== (int)$info['version'] % 2);
+	}
+
+    static function GetAlbumPermission($sharePath) {
+        $permission['browse'] = csSYNOPhotoMisc::CheckAlbumAccessible($sharePath);
+        $permission['upload'] = csSYNOPhotoMisc::CheckAlbumUploadable($sharePath);
+        $permission['manage'] = csSYNOPhotoMisc::CheckAlbumManageable($sharePath);
+        return $permission;
+    }
+
+	static function GetUnConfirmItemList($limit=false, $offset=false)
+	{
+        $result = array();
+
+		$limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $offset);
+
+        $query = "SELECT photo_image.path FROM photo_image_label LEFT JOIN photo_image ON photo_image_label.image_id=photo_image.id WHERE status='f'";
+        $queryCount = "SELECT COUNT(DISTINCT photo_image.path) FROM photo_image_label LEFT JOIN photo_image ON photo_image_label.image_id=photo_image.id WHERE status='f'";
+        $albumCondition = csSYNOPhotoMisc::GetAccessibleAlbumQueryConditionWithExcludeFormat();
+
+        if(!$albumCondition['albumCond']) {
+            return $result;
+        }
+
+        $query .= " AND {$albumCondition['albumCond']}";
+        $query .= " ORDER BY photo_image.create_time DESC ";
+        $query .= $limitOffsetString;
+        $queryCount .= " AND {$albumCondition['albumCond']}";
+        $db_result = PHOTO_DB_Query($query, $albumCondition['sqlParam']);
+
+        while (false !== ($row = PHOTO_DB_FetchRow($db_result))) {
+            if ($row['path']) {
+                $result[SYNOPHOTO_SERVICE_REAL_DIR_PREFIX.$row['path']] = SYNOPHOTO_ITEM_TYPE_PHOTO;
+            }
+        }
+        $db_result = PHOTO_DB_Query($queryCount, $sqlParam);
+        $row = PHOTO_DB_FetchRow($db_result);
+        $result['total'] = $row[0];
+        return $result;
+    }
+
+    /*
+     *  @param $videoPath video db path
+     */
+    static function GetConvertedVideoInfo($dPath)
+    {
+        $query = "SELECT * FROM video_convert WHERE video_path = ?";
+        $sqlParam = array($dPath);
+        $db_result = PHOTO_DB_Query($query, $sqlParam);
+        $videoArr = array();
+        while ($videoInfo = PHOTO_DB_FetchRow($db_result)) {
+            $videoQuality['id'] = bin2hex(SYNOPHOTO_SERVICE_REAL_DIR_PREFIX.$videoInfo['convert_file_path']);
+            $videoQuality['container'] = $videoInfo['container_type'];
+            $videoQuality['vcodec'] = $videoInfo['vcodec'];
+			$videoQuality['acodec'] = $videoInfo['acodec'];
+			$videoQuality['filesize'] = (int)$videoInfo['filesize'];
+            $videoQuality['resolutionx'] = (int)$videoInfo['resolutionx'];
+            $videoQuality['resolutiony'] = (int)$videoInfo['resolutiony'];
+            $videoQuality['video_bitrate'] = (int)$videoInfo['video_bitrate'];
+            $videoQuality['audio_bitrate'] = (int)$videoInfo['audio_bitrate'];
+            $videoQuality['video_profile'] = (int)$videoInfo['video_profile'];
+            $videoQuality['video_level'] = (int)$videoInfo['video_level'];
+            $videoQuality['profile_name'] = self::GetConvertedName($videoInfo['convert_file_path']);
+            array_push($videoArr, $videoQuality);
+        }
+        return $videoArr;
+    }
+
+    static function GetConvertedName($convertPath)
+    {
+        $fileName = basename($convertPath);
+        $pool = array(SYNOPhotoEA::FILE_FILM_FLV, SYNOPhotoEA::FILE_FILM_H264_MP4, SYNOPhotoEA::FILE_FILM_H_MP4, SYNOPhotoEA::FILE_FILM_M_MP4, SYNOPhotoEA::FILE_FILM_L_MP4,
+                      SYNOPhotoEA::FILE_FILM_MOBILE_MP4, SYNOPhotoEA::FILE_FILM_MOBILE_IPHONE, SYNOPhotoEA::FILE_FILM_MOBILE_ANDROID);
+        foreach ($pool as $name) {
+            $oldName = SYNOPhotoEA::SYNO_PHOTO_PREFIX_OLD.$name;
+            $newName = SYNOPhotoEA::SYNO_PHOTO_PREFIX.$name;
+            if ($oldName === $fileName || $newName === $fileName) {
+                if (SYNOPhotoEA::FILE_FILM_FLV === $name) {
+                    $ret = 'flv';
+                } elseif (SYNOPhotoEA::FILE_FILM_H264_MP4 === $name) {
+                    $ret = 'orig_h264';
+                } elseif (SYNOPhotoEA::FILE_FILM_MPEG4_MP4 === $name) {
+                    $ret = 'orig_mp4';
+                } elseif (SYNOPhotoEA::FILE_FILM_H_MP4 === $name) {
+                    $ret = 'high';
+                } elseif (SYNOPhotoEA::FILE_FILM_M_MP4 === $name) {
+                    $ret = 'medium';
+                } elseif (SYNOPhotoEA::FILE_FILM_L_MP4 === $name) {
+                    $ret = 'low';
+                } elseif (SYNOPhotoEA::FILE_FILM_MOBILE_MP4 === $name) {
+                    $ret = 'mobile';
+                } elseif (SYNOPhotoEA::FILE_FILM_MOBILE_IPHONE === $name) {
+                    $ret = 'orig_iphone';
+                } elseif (SYNOPhotoEA::FILE_FILM_MOBILE_ANDROID === $name) {
+                    $ret = 'orig_android';
+                } elseif (SYNOPhotoEA::FILE_FILM_CONVERT_MPEG4_MP4 === $name) {
+                    $ret = 'convert_mp4';
+                }
+                break;
+            }
+        }
+        return $ret;
+    }
+
+    static function IsAlbumCommentalbGlobal($checkSession = false)
+    {
+        $blAllowUserComment = ('on' === csSYNOPhotoMisc::GetConfigDB("photo", "allow_user_comment", "photo_config"));
+        $blAllowGuestComment = ('on' === csSYNOPhotoMisc::GetConfigDB("photo", "allow_guest_comment", "photo_config"));
+
+        if ($blAllowGuestComment) {
+            return true;
+        } elseif ($blAllowUserComment) {
+            if ($checkSession) {
+                csSYNOPhotoMisc::CheckSessionTimeOut(true);
+                return true;
+            } else {
+                if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user']) || isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    static function IsShowAlbumHit() {
+        $value = csSYNOPhotoMisc::GetConfigDB("photo", "show_album_hit", "photo_config");
+        $show_album_hit = 'off' === $value ? false : true ;
+        return $show_album_hit;
+    }
+
+	static function FormAlbum($album_db_object, $global_allow_comment, $show_hits) {
+		$name = pathinfo($album_db_object['sharename'], PATHINFO_BASENAME);
+		$res = array(
+			'sharepath' => $album_db_object['sharename'],
+			'name' => $name,
+			'title' => $album_db_object['title'] ? $album_db_object['title'] : $name,
+			'description' => $album_db_object['description'],
+			'hits' => $show_hits ? $album_db_object['hits'] : 0,
+			'type' => $album_db_object['public'] ? 'public' : ($album_db_object['password'] ? 'password' : 'private'),
+			'conversion' => $album_db_object['conversion'],
+			'allow_comment' => $global_allow_comment
+		);
+
+		return $res;
+	}
+
+	static function FormAdditional($type, $item, $params) {
+        if ('album' === $type) {
+            $sharePath = $item['sharename'];
+			$shareid = $item['shareid'];
+            if (in_array('album_sorting', $params['additional'])) {
+                $sortData = csSYNOPhotoAlbum::GetAlbumInstance()->GetAlbumThumbSortType($sharePath);
+                $sortBy = AlbumAPIUtil::ConvertToSortName($sortData['type']);
+                $additional['album_sorting']['sort_by'] = $sortBy;
+                $additional['album_sorting']['sort_direction'] = AlbumAPIUtil::ConvertToSortDirection($sortData['order']);
+                $additional['album_sorting']['has_preference_sort'] = !empty($sortData);
+            }
+            if (in_array('album_permission', $params['additional'])) {
+                // here
+                $additional['album_permission'] = AlbumAPIUtil::GetAlbumPermission($sharePath);
+            }
+            if (in_array('item_count', $params['additional'])) {
+                $additional['item_count'] = array(
+					'photo' => Album::GetPhotoCount($item['shareid']),
+					'video' => Album::GetVideoCount($item['shareid'])
+                );
+            }
+        } elseif ('photo' === $type) {
+            if (in_array('photo_exif', $params['additional'])) {
+                $photoInfo = $item;
+                $additional['photo_exif']['takendate'] = $photoInfo['timetaken'];
+                $additional['photo_exif']['camera'] = $photoInfo['camera_make'];
+                $additional['photo_exif']['camera_model'] = $photoInfo['camera_model'];
+                $additional['photo_exif']['exposure'] = $photoInfo['exposure'];
+                $additional['photo_exif']['aperture'] = $photoInfo['aperture'];
+                $additional['photo_exif']['iso'] = (int)$photoInfo['iso'];
+				$additional['photo_exif']['gps'] = json_decode($photoInfo['gps'], true);
+				$additional['photo_exif']['focal_length'] = $photoInfo['focal_length_v2'];
+				$additional['photo_exif']['lens'] = $photoInfo['lens_v2'];
+				$additional['photo_exif']['flash'] = $photoInfo['flash_v2'];
+            }
+        } elseif ('video' === $type) {
+            if (in_array('video_codec', $params['additional'])) {
+                $videoInfo = $item;
+                $additional['video_codec']['container'] = $videoInfo['container_type'];
+                $additional['video_codec']['vcodec'] = $videoInfo['video_codec'];
+                $additional['video_codec']['acodec'] = $videoInfo['audio_codec'];
+                $additional['video_codec']['resolutionx'] = (int)$videoInfo['resolutionx'];
+                $additional['video_codec']['resolutiony'] = (int)$videoInfo['resolutiony'];
+                $additional['video_codec']['frame_bitrate'] = (int)$videoInfo['frame_bitrate'];
+                $additional['video_codec']['video_bitrate'] = (int)$videoInfo['video_bitrate'];
+                $additional['video_codec']['audio_bitrate'] = (int)$videoInfo['audio_bitrate'];
+            }
+            if (in_array('video_quality', $params['additional'])) {
+                $additional['video_quality'] = AlbumAPIUtil::GetConvertedVideoInfo($item['path']);
+            }
+        }
+
+		if (in_array('file_location', $params['additional'])) {
+			$additional['file_location'] = 'album' === $type ?
+				$sharePath : substr($item['path'], strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+		}
+        return $additional;
+	}
+
+	static function GetRootAlbumInfo($params){
+        $info['description'] = '';
+        $info['sharepath'] = '/';
+        $info['name'] = '/';
+        $info['title'] = csSYNOPhotoMisc::GetConfigDB("photo", "photo_page_title", "photo_config");
+        $info['hits'] = null;
+        $info['allow_comment'] = ('on' === csSYNOPhotoMisc::GetConfigDB("photo", "album_def_allow_comment", "photo_config")) ? true : false;
+        $info['type'] = 'public';
+        $info['conversion'] = csSYNOPhotoMisc::IsAlbumAllowConversion('/');
+
+        $item['id'] = null;
+        $item['info'] = $info;
+        if (in_array('album_sorting', $params['additional'])) {
+            $value = csSYNOPhotoMisc::GetConfigDB("album", "album_order_type", "photo_config");
+            $additional['album_sorting']['sort_by'] = ('1' === $value) ? 'preference' : 'filename';
+            $value = csSYNOPhotoMisc::GetConfigDB("album", "album_order_type_is_desc", "photo_config");
+            $additional['album_sorting']['sort_direction'] = ('1' === $value) ? 'desc' : 'asc';
+            $value = csSYNOPhotoAlbum::GetAlbumThumbSortType($info['sharepath']);
+            $additional['album_sorting']['has_preference_sort'] = !empty($value);
+        }
+        if (in_array('album_permission', $params['additional'])) {
+            $permission = self::GetAlbumPermission('/');
+            $additional['album_permission'] = $permission;
+        }
+        if (null !== $additional) {
+            $item['additional'] = $additional;
+        }
+        return $item;
+	}
+}
+
+?>

PhotoStation API/webapi/auth.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('LOGIN_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/auth.inc.php

@@ -0,0 +1,7 @@
+<?php
+    require_once('auth.conf.php');
+    require_once("../include/syno_conf.php");
+
+    require_once(LOGIN_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/auth.php

@@ -0,0 +1,170 @@
+<?php
+
+require_once('auth.inc.php');
+require_once('authutil.php');
+require_once('albumutil.php');
+require_once('../include/shared_album.php');
+
+class AuthAPI extends WebAPI {
+    function __construct() {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process() {
+        if (!strcasecmp($this->method, "login")) {
+            $this->Login();
+        } elseif (!strcasecmp($this->method, "logout")) {
+            $this->Logout();
+        } elseif (!strcasecmp($this->method, "checkauth")) {
+            $this->CheckAuth();
+        }
+    }
+
+    private function GetConfig() {
+        $resp = array();
+        // php session id
+        $resp['sid'] = session_id();
+
+        // get username
+        // not personal photo
+        if ('root' === SYNOPHOTO_ADMIN_USER) {
+            $resp['username'] = (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']) && !isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'])) ? 'admin' : $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'];
+        } else {
+        // personal photo
+            $resp['username'] = (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']) && !isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'])) ? SYNOPHOTO_ADMIN_NAME : $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'];
+        }
+        $resp['reg_syno_user'] = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user']);
+
+        // get manager
+        $resp['is_admin'] = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+
+        // get commentable
+        $resp['allow_comment'] = AlbumAPIUtil::IsAlbumCommentalbGlobal();
+
+        $permission['browse'] = csSYNOPhotoMisc::CheckAlbumAccessible('/');
+        $permission['upload'] = csSYNOPhotoMisc::CheckAlbumUploadable('/');
+        $permission['manage'] = csSYNOPhotoMisc::CheckAlbumManageable('/');
+        $resp['permission'] = $permission;
+
+        $resp['enable_face_recog'] = false;
+        if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['system_config']['pkgCfg']['runfacerecognition']) &&
+	  'yes' == $_SESSION[SYNOPHOTO_ADMIN_USER]['system_config']['pkgCfg']['runfacerecognition'] &&
+          false === strstr($_SESSION[SYNOPHOTO_ADMIN_USER]['system_config']['defCfg']['unique'], '88f628')) {
+            $resp['enable_face_recog'] = true;
+        }
+
+		$resp['allow_public_share'] = SharedAlbum::CheckPublicSharePermission();
+
+        return $resp;
+    }
+
+    private function PhotoLogin() {
+        $error_code = WEBAPI_ERR_NONE;
+		$command = "/usr/syno/bin/synoautoblock";
+		$params = ["--deny", $_SERVER['REMOTE_ADDR']];
+		csSYNOPhotoMisc::SystemCmd($command, $params, $retval);
+		$command = "";
+		$params = array();
+        if ($retval == 1) {
+            $error_code = PHOTOSTATION_AUTH_LOGIN_NOPRIVILEGE;
+        //if username is ADMIN
+        } elseif (strtoupper($_REQUEST['username']) == "ADMIN" || strtoupper($_REQUEST['username']) == strtoupper(SYNOPHOTO_ADMIN_NAME)) {
+            $ret = AuthAPIUtil::SYNOPHOTO_LOGIN_ValidateAdmin();
+            if(1 == $ret) {
+                $command = "/usr/syno/bin/synoautoblock";
+				$params = ["--reset", $_SERVER['REMOTE_ADDR']];
+			} else {
+                $error_code = PHOTOSTATION_AUTH_LOGIN_ERROR;
+				$command = "/usr/syno/bin/synoautoblock";
+				$params = ["--attempt", $_SERVER['REMOTE_ADDR']];
+            }
+        } else {
+        // not ADMIN
+            // PhotoStation user
+            if ("0" == $_SESSION[SYNOPHOTO_ADMIN_USER]['photo_config']['global']['account_system'] || 'root' != SYNOPHOTO_ADMIN_USER){
+                $ret = AuthAPIUtil::SYNOPHOTO_LOGIN_ValidateUser();
+            } else {
+            // DSM user
+                $ret = AuthAPIUtil::SYNOPHOTO_LOGIN_ValidateDsmUser();
+            }
+
+            if($ret == 1) {
+				$command = "/usr/syno/bin/synoautoblock";
+				$params = ["--reset", $_SERVER['REMOTE_ADDR']];
+            } elseif ($ret == -1) {
+                $error_code = PHOTOSTATION_AUTH_LOGIN_DISABLE_ACCOUNT;  // for PhotoStation user
+            } elseif ($ret == -3) {
+                $error_code = PHOTOSTATION_AUTH_LOGIN_GUEST_ERROR;  // for DSM user
+            } else {
+                $error_code = PHOTOSTATION_AUTH_LOGIN_ERROR;
+				$command = "/usr/syno/bin/synoautoblock";
+				$params = ["--attempt", $_SERVER['REMOTE_ADDR']];
+            }
+        }
+
+        if ($command != "") {
+            putenv('SYNOAUTOBLOCK_SERVICE=Photo Station');
+			csSYNOPhotoMisc::SystemCmd($command, $params, $retval);
+            putenv('SYNOAUTOBLOCK_SERVICE');
+        }
+        return $error_code;
+    }
+
+    private function IsEnableDemoMode()
+    {
+        $isDemoMode = csSYNOPhotoMisc::GetConfigFile(SYNO_CNF_FILE, 'enable_demomode');
+        if ('yes' === $isDemoMode['enable_demomode']) {
+            return true;
+        }
+        return false;
+    }
+
+    private function PhotoLogout() {
+        unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
+    }
+
+    private function Login() {
+		if (!isset($_REQUEST['username'])) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+        if (!$this->IsEnableDemoMode())  {
+            $error_code = $this->PhotoLogin();
+            if (WEBAPI_ERR_NONE != $error_code) {
+                $this->SetError($error_code);
+                goto End;
+            }
+        }
+        csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+		$resp = $this->GetConfig();
+		$this->SetResponse($resp);
+		if(isset($_REQUEST['remember_me'])){
+			setcookie('PHPSESSID', session_id(), time() + 60*60*24*30, '/');
+			setcookie('photo_remember_me', 1, time() + 60*60*24*30, '/');
+		}
+    End:
+        return;
+    }
+
+    private function Logout() {
+        $this->PhotoLogout();
+		setcookie('PHPSESSID', '', time() - 180, '/');
+		setcookie('photo_remember_me', '', time() - 180, '/');
+    }
+
+    private function CheckAuth() {
+        $resp = $this->GetConfig();
+		AuthAPIUtil::SYNOPHOTO_LOGIN_UpdateUserSession($resp['username']);
+		if ($resp['is_admin'] !== isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+			csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+			$resp = $this->GetConfig();
+		}
+		$this->SetResponse($resp);
+	}
+}
+
+$api = new AuthAPI();
+$api->Run();
+
+?>
+

PhotoStation API/webapi/authutil.php

@@ -0,0 +1,229 @@
+<?php
+
+require_once('auth.inc.php');
+
+class AuthAPIUtil {
+
+    static function SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser)
+    {
+        global $SYNOPHOTO_DSM_USER_INFO;
+        $result = array();
+        if (!is_array($pUser)) {
+            return null;
+        }
+        $i = 0;
+		$groups = array();
+        foreach ($pUser as $item) {
+			if (preg_match('/\((\d+)\)/', $item, $match)) {
+				$groups[] = $match[1];
+			}
+
+            if (!preg_match('/(^\w+\s?\w+)\s*\:/', $item, $match) || !preg_match('/\[(.*)\]/', $item, $match_val)) {
+                continue;
+            }
+
+            if (false !== $index = array_search($match[1], $SYNOPHOTO_DSM_USER_INFO)) { // $key = 2;
+                $result[$index] = $match_val[1];
+                $result[$SYNOPHOTO_DSM_USER_INFO[$index]] = $match_val[1];
+            }
+        }
+		$result['groups'] = implode(',', $groups);
+        return $result;
+    }
+
+    static function SYNOPHOTO_LOGIN_AddLog($username, $success)
+    {
+        $ip = $_SERVER['REMOTE_ADDR'];
+        $conf = csSYNOPhotoMisc::GetConfigFile(SYNO_CNF_FILE, 'enable_demomode');
+        if ('yes' == $conf['enable_demomode']) {
+            $ip = 'xxx.xxx.xxx.xxx';
+        }
+
+        if ($success) {
+            PhotoLog::Add($username." logged in from "."[".$ip."].", true, strtolower($username));
+            return;
+        }
+        PhotoLog::Add($username." failed to log in from "."[".$ip."].", false, strtolower($username));
+    }
+
+    /*
+     *  return
+     *    1 - success
+     *    0 - fail
+     */
+    static function SYNOPHOTO_LOGIN_ValidateAdmin()
+    {
+        $user = ('root' == SYNOPHOTO_ADMIN_USER)? 'admin':SYNOPHOTO_ADMIN_NAME;
+        $command = "/usr/syno/bin/synoauth ".escapeshellarg($user)." ".escapeshellarg($_REQUEST['password']);
+        @exec($command, $pAuth, $retval);
+
+        if (0 == $retval) {
+            unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
+			csSYNOPhotoMisc::PhotoSessionStart();
+
+            csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();
+            $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
+            self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], true);
+            return 1;
+        }
+        self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);
+        return 0;
+    }
+
+    /*
+     *  return
+     *    1 - success
+     *    0 - fail
+     *   -1 - disable user (Photo Station Account System)
+     *   -2 - not photo station user (Photo Station Account System)
+     *   -3 - guest account is not allowed to login (DSM Account System)
+     */
+    static function SYNOPHOTO_LOGIN_ValidateDsmUser()
+    {
+        if (!strcasecmp($_REQUEST['username'], 'guest')) {
+            return -3;
+        }
+        $command = "/usr/syno/bin/synophoto_dsm_user --auth ".escapeshellarg($_REQUEST['username'])." ".escapeshellarg($_REQUEST['password']);
+        @exec($command, $pAuth, $auth_retval);
+
+        $user_info = array();
+        if (0 == $auth_retval) {
+            $command = "/usr/syno/bin/synophoto_dsm_user --getinfo ".escapeshellarg($_REQUEST['username']);
+            @exec($command, $pUser, $retval);
+            $user_info = self::SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser);
+        } else {
+            self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);
+            return 0;
+        }
+
+        if ($user_info) {
+            unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
+			csSYNOPhotoMisc::PhotoSessionStart();
+
+            csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();
+            $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] = $user_info[2];
+            $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'] = $user_info[0];
+            $_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account'] = true;
+			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = $user_info['groups'];
+
+            if ($user_info[10]) {
+                $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
+            }
+            self::SYNOPHOTO_LOGIN_AddLog($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'], true);
+            return 1;
+        }
+        self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);
+        return 0;
+    }
+
+    /*
+     * return 
+     *   1 - success
+     *   0 - fail
+     *  -1 - disable user (Photo Station Account System)
+     *  -2 - not photo station user (Photo Station Account System)
+     *  -3 - guest account is not allowed to login (DSM Account System)
+     */
+    static function SYNOPHOTO_LOGIN_ValidateUser()
+    {
+        $escape = PHOTO_DB_GetEscape();
+        $query_usr = "Select count(*) from photo_user where lower(username) like ? $escape";
+        $sqlParam = array(PHOTO_DB_EscapForLike(strtolower($_REQUEST['username'])));
+        $count = PHOTO_DB_QueryCount($GLOBALS['dbconn_photo'], $query_usr, $sqlParam);
+
+        if ($count == 0) {
+            // user is not photo station user
+            return -2;
+        }
+
+        $query = "Select * from photo_user where lower(username) like ? $escape and password = '".md5($_REQUEST['password'])."'";
+        $sqlParam = array(PHOTO_DB_EscapForLike(strtolower($_REQUEST['username'])));
+        $result = PHOTO_DB_Query($query, $sqlParam);
+
+        $user_info = PHOTO_DB_FetchRow($result);
+        if ($user_info) {
+            if(PHOTO_DB_ConvertBool($user_info[4]) == 't') {
+                //disabled
+                return -1;
+            }
+
+            unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
+			csSYNOPhotoMisc::PhotoSessionStart();
+
+            csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();
+            $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] = $user_info[0];
+            $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'] = $user_info[1];
+            $_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account'] = false;
+
+			/* set user's belonging groups */
+			$query = "SELECT groupid FROM " . PHOTO_USER_GROUP_TABLE . " WHERE userid = $user_info[0]";
+			$db_result = PHOTO_DB_Query($query);
+			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = '';
+			$groups = array();
+			while ($row = PHOTO_DB_FetchRow($db_result)) {
+				$groups[] = $row['groupid'];
+			}
+			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = implode(',', $groups);
+
+            if (PHOTO_DB_ConvertBool($user_info[6]) == 't') {
+                $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
+            }
+            self::SYNOPHOTO_LOGIN_AddLog($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'], true);
+            return 1;
+        }
+        self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);
+        return 0;
+    }
+
+	static function SYNOPHOTO_LOGIN_UpdateUserSession($username) {
+		if (null == $username) {
+			return;
+		}
+		// PhotoStation User
+		if ("0" == $_SESSION[SYNOPHOTO_ADMIN_USER]['photo_config']['global']['account_system'] || 'root' != SYNOPHOTO_ADMIN_USER){
+			$isAdmin = 'f';
+			$query = "SELECT userid, admin, disabled FROM photo_user WHERE username = ?";
+			$db_result = PHOTO_DB_Query($query, array($username));
+			while ($row = PHOTO_DB_FetchRow($db_result)) {
+				if (PHOTO_DB_IsTrue($row['disabled'])) {
+					unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
+					return false;
+				}
+				$userid = $row['userid'];
+				$isAdmin = $row['admin'];
+			}
+			if('t' === PHOTO_DB_ConvertBool($isAdmin) || (('root' === SYNOPHOTO_ADMIN_USER) ? 'admin' : substr(SYNOPHOTO_ADMIN_USER, 1)) === $username) {
+				$_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
+			} else {
+				unset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+			}
+
+			$query = "SELECT groupid FROM photo_user_group WHERE userid = ?";
+			$db_result = PHOTO_DB_Query($query, array($userid));
+			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = '';
+			$groups = array();
+			while ($row = PHOTO_DB_FetchRow($db_result)) {
+				$groups[] = $row['groupid'];
+			}
+			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = implode(',', $groups);
+		// DSM User
+		} else {
+			$command = "/usr/syno/bin/synophoto_dsm_user --getinfo ".escapeshellarg($username);
+			@exec($command, $pUser, $retval);
+			$user_info = self::SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser);
+			if (!$user_info || $user_info['Expired'] !== "false") {
+				unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
+				return false;
+			}
+			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = $user_info['groups'];
+			if ($user_info[10]) {
+				$_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
+			} else {
+				unset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+			}
+		}
+	}
+}
+
+?>
+

PhotoStation API/webapi/category.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('CATEGORY_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/category.inc.php

@@ -0,0 +1,7 @@
+<?php
+    require_once('category.conf.php');
+    require_once("../include/syno_conf.php");
+
+    require_once(CATEGORY_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/category.php

@@ -0,0 +1,670 @@
+<?php
+
+require_once('category.inc.php');
+require_once('albumutil.php');
+
+class CategoryAPI extends WebAPI {
+    function __construct() {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process() {
+        if (!strcasecmp($this->method, "list")) {
+			session_write_close();
+            $this->CategoryList();
+        } elseif (!strcasecmp($this->method, "getinfo")) {
+			session_write_close();
+            $this->GetInfo();
+        } elseif (!strcasecmp($this->method, "listitem")) {
+            csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+			session_write_close();
+            $this->ListItem();
+        } else {
+            csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+            csSYNOPhotoMisc::CheckSessionTimeOut();
+
+            if (!strcasecmp($this->method, "create")) {
+                $this->Create();
+            } elseif (!strcasecmp($this->method, "delete")) {
+                $this->Delete();
+            } elseif (!strcasecmp($this->method, "edit")) {
+                $this->Edit();
+            } elseif (!strcasecmp($this->method, "arrangecategory")) {
+                $this->ArrangeCategory();
+            } elseif (!strcasecmp($this->method, "additem")) {
+                $this->AddItem();
+            } elseif (!strcasecmp($this->method, "removeitem")) {
+                $this->RemoveItem();
+            } elseif (!strcasecmp($this->method, "arrangeitem")) {
+                $this->ArrangeItem();
+            }
+        }
+    }
+
+    private function BooleanUniform($data) {
+        if (true === $data || 't' === $data) {
+            return true;
+        } elseif (false === $data || 'f' === $data) {
+            return false;
+        }
+        return false;
+    }
+
+    private function GetCategoryDatabaseID($data) {
+        $arr = explode('category_', $data);
+        $id = $arr[1];
+
+        if (empty($id)) {
+            return false;
+        }
+        if (!is_numeric($id)) {
+            return false;
+        }
+        return $id;
+    }
+
+    private function CheckItemID($data) {
+        $items = explode(',', $data);
+        foreach ($items as $item) {
+            $arr = explode('_', $item);
+            if (!in_array($arr[0], array('album', 'tag', 'smart'))) {
+                return false;
+            }
+        }
+        return $items;
+    }
+
+    private function CheckOffsetLimit($offset, $limit) {
+        if (!is_numeric($offset) || !is_numeric($limit)) {
+            return false;
+        }
+        if (0 > (int)$offset || -1 > (int)$limit) {
+            return false;
+        }
+        return true;
+    }
+
+    private function IsAccessible($id) {
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        $hidden = csSYNOPhotoDB::GetDBInstance()->IsCategoryAccessible($id);
+        if (false === $isAdmin && true === $hidden) {
+            return false;
+        }
+        return true;
+    }
+
+    private function GetItemID($type, $id) {
+        switch ($type) {
+        case 'album':
+            $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('sharename', 'photo_share', 'shareid', $id);
+            $albumID = bin2hex($row['sharename']);
+            $itemID = "album_{$albumID}";
+            break;
+        case 'tag':
+            $itemID = "tag_{$id}";
+            break;
+        case 'smart':
+            $itemID = "smart_{$id}";
+            break;
+        default:
+            return false;
+            break;
+        }
+        return $itemID;
+    }
+
+    private function GetItemName($itemID) {
+        $arr = explode('_', $itemID );
+        if (2 != count($arr)) {
+            return false;
+        }
+        if (!in_array($arr[0], array('album', 'smart', 'tag'))) {
+            return false;
+        }
+        switch ($arr[0]) {
+        case 'album':
+            $name = @pack('H*', $arr[1]);
+            break;
+        case 'smart':
+            $name = @pack('H*', $arr[1]);
+            break;
+        case 'tag':
+            $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('name', 'photo_label', 'id', $arr[1]);
+            $name = $row['name'];
+            break;
+        default:
+            break;
+        }
+        return $name;
+    }
+
+    private function CategoryList() {
+        if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        if (!$this->CheckOffsetLimit($_REQUEST['offset'], $_REQUEST['limit'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+            
+        // check if admin
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+
+        // database query, +0 => convert to int
+		$dbCategories = Category::ListItem($_REQUEST['offset']+0, $_REQUEST['limit']+0, $isAdmin);
+
+        // form to webapi format
+        $categories = array();
+        foreach ($dbCategories as $dbCategory) {
+			$category = Decorator::CategoryFormula($dbCategory);
+			$categories[] = $category;
+        }
+
+        $resp['total'] = (int)csSYNOPhotoDB::GetDBInstance()->GetTotalCategory($isAdmin);
+        $offset = (0 > $_REQUEST['limit']) ? $resp['total'] : (int)($_REQUEST['offset'] + $_REQUEST['limit']);
+        $resp['offset'] = ($offset >  $resp['total']) ?  $resp['total'] : $offset;
+        $resp['categories'] = $categories;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function GetInfo() {
+        if (!isset($_REQUEST['id'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get and check category id
+        $id = $this->GetCategoryDatabaseID($_REQUEST['id']);
+        if (false === $id) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+
+        // check accessible
+        if (!$this->IsAccessible($id)) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+        // datebase query
+        $objs = Category::GetByIds(array($id));
+		$info = $objs[$id];
+        if (!$info) {
+            $this->SetError(PHOTOSTATION_CATEGORY_GETINFO_FAIL);
+            goto End;
+        }
+        
+        // form to webapi format
+        $categories = array();
+        $category['id'] = 'category_'.$info['id'];
+        $category['name'] = $info['name'];
+        $category['hidden'] = $info['hidden'];
+        $category['home'] = $category['id'] === csSYNOPhotoMisc::GetConfigDB("album", "home_category", "photo_config");
+        array_push($categories, $category);
+
+        $resp['categories'] = $categories;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Create() {
+        // check if admin
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (!$isAdmin) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+		$name = trim($_REQUEST['name']);
+        if (!isset($_REQUEST['name']) || '' === $name) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        $hidden = 'true' === $_REQUEST['hidden'] ? true : false;
+        if (Category::CheckNameExists($name)) {
+            $this->SetError(PHOTOSTATION_CATEGORY_DUPLICATE);
+            goto End;
+        }
+
+        // database query
+		$createId = Category::Add($name, $hidden);
+        if (!$createId) {
+            $this->SetError(PHOTOSTATION_CATEGORY_CREATE_FAIL);
+            goto End;
+        }
+
+        $resp['id'] = 'category_'.$createId;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Delete() {
+        // check if admin
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (!$isAdmin) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+        if (!isset($_REQUEST['id'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get and check category id
+        $id = $this->GetCategoryDatabaseID($_REQUEST['id']);
+        if (!$id) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+
+        // database query
+        if (!Category::DeleteByIds(array($id))) {
+            $this->SetError(PHOTOSTATION_CATEGORY_DELETE_FAIL);
+            goto End;
+        }
+
+        $homeVal = csSYNOPhotoMisc::GetConfigDB("album", "home_category", "photo_config");
+        if ($homeVal === $_REQUEST['id']) {
+            csSYNOPhotoMisc::UpdateConfigDB("album", "home_category", '', "photo_config");
+        }
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Edit() {
+        // check if admin
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (!$isAdmin) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+        if (!isset($_REQUEST['id'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get and check category id
+        $id = $this->GetCategoryDatabaseID($_REQUEST['id']);
+        if (!$id) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+
+        $name = isset($_REQUEST['name']) ? trim($_REQUEST['name']) : NULL;
+		$hidden = isset($_REQUEST['hidden']) ?
+			('true' === $_REQUEST['hidden'] ? true : false) : NULL;
+
+		if (NULL === $hidden && ('' === $name || NULL === $name)) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        if (Category::isDuplicated($id, $name)) {
+            $this->SetError(PHOTOSTATION_CATEGORY_DUPLICATE);
+            goto End;
+        }
+        // database query
+		if (!Category::EditById($id, $name, $hidden)) {
+            $this->SetError(PHOTOSTATION_CATEGORY_EDIT_FAIL);
+            goto End;
+        }
+
+        $setHome = isset($_REQUEST['home']) ? 'true' === $_REQUEST['home'] : false;
+        $homeVal = csSYNOPhotoMisc::GetConfigDB("album", "home_category", "photo_config");
+        if ($setHome) {
+            csSYNOPhotoMisc::UpdateConfigDB("album", "home_category", $_REQUEST['id'], "photo_config");
+        } elseif ($homeVal === $_REQUEST['id']) {
+            csSYNOPhotoMisc::UpdateConfigDB("album", "home_category", '', "photo_config");
+        }
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function ArrangeCategory() {
+        // check if admin
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (!$isAdmin) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+        if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !isset($_REQUEST['category_id'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        if (!$this->CheckOffsetLimit($_REQUEST['offset'], $_REQUEST['limit'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get and check category id
+        $ids = array();
+        $categoryIDs = array();
+        $categoryIDs = explode(',', $_REQUEST['category_id']);
+        foreach ($categoryIDs as $categoryID) {
+            if (false === ($id = $this->GetCategoryDatabaseID($categoryID))) {
+                $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+                goto End;
+            }
+            array_push($ids, $id);
+        }
+
+        // database query
+        if (!csSYNOPhotoDB::GetDBInstance()->ArrangeCategory($ids, $_REQUEST['offset'], $_REQUEST['limit'])) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ARRANGE_FAIL);
+            goto End;
+        }
+
+        $this->SetResponse($resp);
+    End:
+        return;
+
+    }
+
+    private function AddItem() {
+        // check if admin
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (!$isAdmin) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['item_id'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get and check category id
+        $id = $this->GetCategoryDatabaseID($_REQUEST['id']);
+        if (!$id) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+        // check item id
+        $itemIDs = $this->CheckItemID($_REQUEST['item_id']);
+        if (!$itemIDs) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+
+        if (!csSYNOPhotoDB::GetDBInstance()->AddCategoryItem($id, $itemIDs)) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ADD_ITEM_FAIL);
+            goto End;
+        }
+
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function FormAlbumInfo($itemID)
+    {
+        $query = "select * from photo_share where shareid=?";
+        $sqlParam = array($itemID);
+        $db_result = PHOTO_DB_Query($query, $sqlParam);
+        if (false === ($db_result = PHOTO_DB_Query($query, $sqlParam))) {
+            return false;
+        }
+        if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
+            return false;
+        }
+        $info['sharepath'] = $row['sharename'];
+        $info['name'] = basename($row['sharename']);
+        $info['title'] = empty($row['title']) ? $info['name'] : $row['title'];
+        $info['description'] = $row['description'];
+        $info['hits'] = $row['hits'];
+        if (PHOTO_DB_IsTrue($row['public'])) {
+            $albumPermission = 'public';
+        } else {
+            $albumPermission = empty($row['password']) ? 'private' : 'password';
+        }
+        $info['type'] = $albumPermission;
+        return $info;
+    }
+
+    private function FormAdditional($type, $additional, $itemID)
+    {
+        if ('album' === $type && in_array('album_permission', $additional)) {
+            $arr = explode('album_', $itemID);
+            if (2 === count($arr)) {
+                $albumName = @pack('H*', $arr[1]);
+                $data['album_permission'] = AlbumAPIUtil::GetAlbumPermission($albumName);
+            }
+        }
+        return $data;
+    }
+
+    private function IsAlbumPassword($albumName)
+    {
+        $query = 'SELECT * FROM photo_share WHERE sharename=?';
+        $sqlParam = array($albumName);
+        if (false === ($db_result = PHOTO_DB_Query($query, $sqlParam))) {
+            return false;
+        }
+        if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
+            return false;
+        }
+        if (false == PHOTO_DB_IsTrue($row['public']) && !empty($row['password'])) {
+            return true;
+        }
+        return false;
+    }
+
+    private function ListItem() {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['offset']) || !isset($_REQUEST['limit'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        $additionalParams = explode(',', $_REQUEST['additional']);
+        $needThumbSize = in_array('thumb_size', $additionalParams);
+
+        if (!$this->CheckOffsetLimit($_REQUEST['offset'], $_REQUEST['limit'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get and check category id
+        $id = $this->GetCategoryDatabaseID($_REQUEST['id']);
+        if (!$id) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+
+        // check accessible
+        if (!$this->IsAccessible($id)) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+        // database query
+        $dbItems = csSYNOPhotoDB::GetDBInstance()->ListCategoryItem($id, $_REQUEST['offset'], $_REQUEST['limit']);
+        if (false === $dbItems) {
+            $this->SetError(PHOTOSTATION_CATEGORY_LIST_ITEM_FAIL);
+            goto End;
+        }
+        $allow_comment = AlbumAPIUtil::IsAlbumCommentalbGlobal();
+
+        // form to webapi format
+        $items = array();
+        $denyCount = 0;
+        foreach ($dbItems as $dbItem) {
+            unset($item);
+            if ('album' === $dbItem['type']) {
+                $typeID = $dbItem['album_id'];
+            } elseif ('tag' === $dbItem['type']) {
+                $typeID = $dbItem['tag_id'];
+            } elseif ('smart' === $dbItem['type']) {
+                $typeID = $dbItem['smart_id'];
+            }
+            if (false === ($itemID = $this->GetItemID($dbItem['type'], $typeID))) {
+                continue;
+            }
+
+            // private can't show
+            if ('album' === $dbItem['type']) {
+                $arr = explode('album_', $itemID);
+                $albumName = @pack('H*', $arr[1]);
+                if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName) && !$this->IsAlbumPassword($albumName)) {
+                    $denyCount++;
+                    continue;
+                }
+            }
+            $item['id'] = $itemID;
+            $item['type'] = $dbItem['type'];
+            $item['name'] = $this->GetItemName($itemID);
+            $additional = $this->FormAdditional($dbItem['type'], $additionalParams, $itemID);
+
+			$coverPath = '';
+            if ('album' === $dbItem['type']) {
+                $arr = explode('album_', $itemID);
+                if (2 === count($arr)) {
+                    $albumName = @pack('H*', $arr[1]);
+                    $result = csSYNOPhotoAlbum::GetAlbumInstance()->GetAlbumCover($albumName);
+
+					$coverPath = $result['coverPath'];
+					$relativePath = substr($coverPath, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+					$dirname = dirname($relativePath);
+					$sharename = in_array($dirname, array('.', ''), true) ? '/' : $dirname;
+                }
+                $item['info'] = $this->FormAlbumInfo($typeID);
+                $item['info']['allow_comment'] = $allow_comment;
+                if (null !== $additional) {
+                    $item['additional']['album_permission'] = $additional['album_permission'];
+                }
+            } elseif ('tag' === $dbItem['type']) {
+                $arr = explode('tag_', $itemID);
+                if (2 === count($arr)) {
+                    $result = csSYNOPhotoAlbum::GetAlbumInstance()->GetLabelAlbumCover($arr[1]);
+
+					$coverPath = $result['coverPath'];
+					$relativePath = substr($coverPath, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+					$dirname = dirname($relativePath);
+					$sharename = in_array($dirname, array('.', ''), true) ? '/' : $dirname;
+                }
+            } elseif ('smart' === $dbItem['type']) {
+                $arr = explode('smart_', $itemID);
+                if (2 === count($arr)) {
+                    $smartName = @pack('H*', $arr[1]);
+                    $album = SmartAlbum::GetSmartAlbumInstance()->GetCoverOfSmartAlbumByName($smartName);
+
+					$coverPath = '';
+					if ($album['success'] && $album['cover']) {
+						$coverPath = $album['cover']['dbPath'];
+					}
+					$relativePath = substr($coverPath, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+					$dirname = dirname($relativePath);
+					$sharename = in_array($dirname, array('.', ''), true) ? '/' : $dirname;
+                }
+            }
+			$blConversion = csSYNOPhotoMisc::IsAlbumAllowConversion($sharename);
+			list($orig_resolutionx, $orig_resolutiony, $blThumbRotated) = AlbumAPIUtil::GetCoverResolutionRotation($coverPath);
+			AlbumAPIUtil::FillThumbStatus($item, $coverPath, $needThumbSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $blConversion);
+            array_push($items, $item);
+        }
+
+        // fixme
+        $resp['total'] = (int)csSYNOPhotoDB::GetDBInstance()->GetTotalCategoryItem($id) - $denyCount;
+        $offset = (0 > (int)$_REQUEST['limit']) ? $resp['total'] : (int)($_REQUEST['offset'] + $_REQUEST['limit']);
+        $resp['offset'] = ($offset >  $resp['total']) ?  $resp['total'] : $offset;
+        $resp['items'] = $items;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function RemoveItem() {
+        // check if admin
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (!$isAdmin) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['item_id'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get and check category id
+        $id = $this->GetCategoryDatabaseID($_REQUEST['id']);
+        if (!$id) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+        // check item id
+        $itemIDs = $this->CheckItemID($_REQUEST['item_id']);
+        if (!$itemIDs) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+
+        // database query
+        if (!csSYNOPhotoDB::GetDBInstance()->RemoveCategoryItem($id, $itemIDs)) {
+            $this->SetError(PHOTOSTATION_CATEGORY_REMOVE_ITEM_FAIL);
+            goto End;
+        }
+
+
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function ArrangeItem() {
+        // check if admin
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (!$isAdmin) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ACCESS_DENY);
+            goto End;
+        }
+
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['offset']) || !isset($_REQUEST['limit'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        if (!$this->CheckOffsetLimit($_REQUEST['offset'], $_REQUEST['limit'])) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get and check category id
+        $id = $this->GetCategoryDatabaseID($_REQUEST['id']);
+        if (!$id) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+        // check item id
+        $itemIDs = $this->CheckItemID($_REQUEST['item_id']);
+        if (!$itemIDs) {
+            $this->SetError(PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT);
+            goto End;
+        }
+
+        // database query
+        if (!csSYNOPhotoDB::GetDBInstance()->ArrangeCategoryItem($id, $itemIDs, $_REQUEST['offset'], $_REQUEST['limit'])) {
+            $this->SetError(PHOTOSTATION_CATEGORY_ARRANGE_ITEM_FAIL);
+            goto End;
+        }
+
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+}
+
+$api = new CategoryAPI();
+$api->Run();
+
+?>

PhotoStation API/webapi/comment.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('COMMENT_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/comment.inc.php

@@ -0,0 +1,7 @@
+<?php
+    require_once('comment.conf.php');
+    require_once("../include/syno_conf.php");
+
+    require_once(COMMENT_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/comment.php

@@ -0,0 +1,308 @@
+<?php
+require_once('comment.inc.php');
+require_once('photoutil.php');
+require_once('albumutil.php');
+require_once(SYNOPHOTO_INCLUDE_SEND_MAIL);
+
+define('PHP_CMD', '/usr/bin/php -n -d extension_dir=/lib/php/modules -d extension=syno_compiler.so -d extension=curl.so -d extension=bz2.so');
+
+class CommentAPI extends WebAPI {
+    function __construct()
+    {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process()
+    {
+        if (!strcasecmp($this->method, "list")) {
+            $this->CommentList();
+        } elseif (!strcasecmp($this->method, "create")) {
+            $this->Create();
+        } elseif (!strcasecmp($this->method, "delete")) {
+            $this->Delete();
+        }
+    }
+
+    /**
+     *  @params - $id like: photo_dir_name, video_dir_name
+     */
+    private function GetItemInfo($id)
+    {
+        $arr = explode('_', $id);
+        if (3 !== count($arr)) {
+            return false;
+        }
+        if (!in_array($arr[0], array('photo', 'video'))) {
+            return false;
+        }
+        // get id
+        $dirName = @pack('H*', $arr[1]);
+        $fileName = @pack('H*', $arr[2]);
+        if ('/' === $dirName) {
+            $filePath = $fileName;
+        } else {
+            $filePath = $dirName.'/'.$fileName;
+        }
+        $realPath = SYNOPHOTO_SERVICE_REAL_DIR.'/'.$filePath;
+
+        if (!csSynoPhotoMisc::CheckPathValid($realPath)) {
+            return false;
+        }
+
+        $table = ('photo' === $arr[0]) ? 'photo_image' : 'video';
+        if ('root' === SYNOPHOTO_ADMIN_USER) {
+            $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $realPath);
+        } else {
+            $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $filePath);
+        }
+        $data['id'] = $row['id'];
+        $data['path'] = $realPath;
+        $data['sharePath'] = $filePath;
+        $data['isPhoto'] = ('photo' === $arr[0]) ? true : false;
+        return $data;
+    }
+
+    private function GetParams_Create()
+    {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['name']) || !isset($_REQUEST['comment'])) {
+            return false;
+        }
+        if ('' === trim($_REQUEST['name']) || '' === trim($_REQUEST['comment'])) {
+            return false;
+        }
+        // get photo, video id
+        if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {
+            return false;
+        }
+        $params['id'] = $data['id'];
+        $params['path'] = $data['path'];
+        $params['sharePath'] = $data['sharePath'];
+        $params['isPhoto'] = $data['isPhoto'];
+
+        if (!empty($_REQUEST['email'])) {
+            if (false === WebAPIUtil::IsEMail($_REQUEST['email'])) {
+                return false;
+            }
+        }
+        $params['email'] = $_REQUEST['email'];
+        $params['name'] = $_REQUEST['name'];
+        $params['comment'] = $_REQUEST['comment'];
+        $userType = csSYNOPhotoMisc::GetUserType();
+        $params['userType'] = $userType;
+        $params['validate_number'] = $_REQUEST['validate_number'];
+        return $params;
+    }
+
+    private function GetParams_Delete()
+    {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['comment_id'])) {
+            return false;
+        }
+        // get photo, video id
+        if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {
+            return false;
+        }
+        $params['id'] = $data['id'];
+        $params['path'] = $data['path'];
+        $params['sharePath'] = $data['sharePath'];
+        $params['isPhoto'] = $data['isPhoto'];
+
+        // get comment id
+        $params['comment_id'] = array();
+        $arr = explode(',', $_REQUEST['comment_id']);
+        foreach ($arr as $comment_id) {
+            $split = explode('comment_', $comment_id);
+            if (2 !== count($split)) {
+                return false;
+            }
+            array_push($params['comment_id'], $split[1]);
+        }
+        return $params;
+    }
+
+    private function GetParams_List()
+    {
+        if (!isset($_REQUEST['id'])) {
+            return false;
+        }
+        if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {
+            return false;
+        }
+        $params['id'] = $data['id'];
+        $params['path'] = $data['path'];
+        $params['sharePath'] = $data['sharePath'];
+        $params['isPhoto'] = $data['isPhoto'];
+        return $params;
+    }
+
+    private function GetCommentID($photoID, $videoPath, $name, $email, $comment, $isPhoto)
+    {
+        if (true === $isPhoto) {
+            $query = "SELECT id FROM photo_comment WHERE photo_id=? AND name=? AND email=? AND comment=? ORDER BY id DESC LIMIT 1";
+            $sqlParam = array($photoID, $name, $email, $comment);
+        } else {
+            $query = "SELECT id FROM video_comment WHERE path=? AND name=? AND email=? AND comment=? ORDER BY id DESC LIMIT 1";
+            $sqlParam = array($videoPath, $name, $email, $comment);
+        }
+
+        if (false === ($db_result = PHOTO_DB_Query($query, $sqlParam))) {
+            return false;
+        }
+        if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
+            return false;
+        }
+        return $row['id'];
+    }
+
+    private function FormComment($data)
+    {
+        $comments = array();
+        foreach ($data as $item) {
+            $comment['id'] = 'comment_'.$item['id'];
+            $comment['name'] = $item['name'];
+            $comment['email'] = $item['email'];
+            $comment['comment'] = $item['comment'];
+            $comment['date'] = $item['date'];
+            array_push($comments, $comment);
+        }
+        return $comments;
+    }
+
+    private function CommentList()
+    {
+        if (false === ($params = $this->GetParams_List())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        // database query
+        if (true === $params['isPhoto']) {
+            $result = csSYNOPhotoDB::GetDBInstance()->GetPhotoComments($params['id']);
+        } else {
+            $result = csSYNOPhotoDB::GetDBInstance()->GetVideoComments($params['path']);
+        }
+        $comments = $this->FormComment($result);
+        
+        $resp['comments'] = $comments;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Delete()
+    {
+        csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+
+        csSYNOPhotoMisc::CheckSessionTimeOut(true);
+
+        if (false === ($params = $this->GetParams_Delete())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        // check album maganeable
+        if (false === csSynoPhotoMisc::CheckAlbumManageable(dirname($params['sharePath']))) {
+            $this->SetError(PHOTOSTATION_COMMENT_ACCESS_DENY);
+            goto End;
+        }
+        // database query
+        if (true === $params['isPhoto']) {
+            foreach ($params['comment_id'] as $comment_id) {
+                csSYNOPhotoDB::GetDBInstance()->DeleteComment(1, $comment_id);
+            }
+        } else {
+            foreach ($params['comment_id'] as $comment_id) {
+                csSYNOPhotoDB::GetDBInstance()->DeleteComment(2, $comment_id);
+            }
+        }
+    End:
+        return;
+    }
+
+    private function Create()
+    {
+        csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+
+        if (false === ($params = $this->GetParams_Create())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // check album is commentable
+        if (false === AlbumAPIUtil::IsAlbumCommentalbGlobal(true)) {
+            $this->SetError(PHOTOSTATION_COMMENT_ACCESS_DENY);
+            goto End;
+        }
+
+        // check validate number. guest must have correct validate number
+        if (0 === $params['userType']) {
+            if (null === $params['validate_number']) {
+                $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
+                goto End;
+            }
+
+            $validateCount = strlen($params['validate_number']);
+            if (4 === $validateCount) {
+                if ((string)$params['validate_number'] !== (string)$_SESSION[SYNOPHOTO_ADMIN_USER]['post_key_photo']) {
+                    $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
+                    goto End;
+                }
+            } elseif (12 === $validateCount) { // for DS photo+
+                $phppath = '/var/packages/PhotoStation/target/photo_scripts/encrypted/gen_comment_validate_string.php';
+                $cmd = PHP_CMD." {$phppath} ".escapeshellarg($params['email']).' '.escapeshellarg($params['comment']);
+                @exec($cmd, $signature, $ret);
+                if (0 !== $ret) {
+                    $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
+                    goto End;
+                }
+                if ($signature[0] !== (string)$params['validate_number']) {
+                    $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
+                    goto End;
+                }
+            } else {
+                $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
+                goto End;
+            }
+        }
+
+        // database query
+        if (false === csSYNOPhotoBrowse::GetBrowseInstance()->AddNewComment($params['path'], ($params['isPhoto']) ? SYNOPHOTO_ITEM_TYPE_PHOTO : SYNOPHOTO_ITEM_TYPE_VIDEO,
+                                                              $params['name'], $params['email'], $params['comment'])) {
+                $this->SetError(PHOTOSTATION_COMMENT_CREATE_FAIL);
+                goto End;
+        }
+
+        // get inserted comment id
+        $insertedID = $this->GetCommentID($params['id'], $params['path'], $params['name'], $params['email'], $params['comment'], $params['isPhoto']);
+
+        $resp['id'] = 'comment_'.$insertedID;
+        $this->SetResponse($resp);
+
+		// Send mail to admin
+		$path = $params['path'];
+		$commentInfo = array();
+		$commentInfo['name'] = $params['name'];
+		$commentInfo['email'] = $params['email'];
+		$commentInfo['comment'] = $params['comment'];
+		if(isset($_POST['url'])) {
+			$commentInfo['photoUrl'] = substr($_POST['url'], strpos($_POST['url'], '#'));
+			$commentInfo['albumUrl'] = substr( $commentInfo['photoUrl'],
+				0, strrpos($commentInfo['photoUrl'], '/') );
+		}
+		$albumPath = substr( $params['sharePath'], 0, strrpos($params['sharePath'], '/') );
+		if (@file_exists($path)) {
+			if (false !== ($item = PhotoAPIUtil::getItemByPath($path, array(), ($params['isPhoto']?'photo':'video'), false))) {
+				$commentInfo['title'] = $item['info']['title'];
+				$commentInfo['albumTitle'] = $albumPath;
+				SYNOPHOTO6_SEND_MAIL_SendCommentMailToAdmin(-1, -1, $commentInfo);
+			}
+		}
+
+    End:
+        return;
+    }
+}
+
+$api = new CommentAPI();
+$api->Run();
+?>
+
+

PhotoStation API/webapi/cover.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('COVER_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/cover.inc.php

@@ -0,0 +1,7 @@
+<?php
+    require_once('cover.conf.php');
+    require_once("../include/syno_conf.php");
+
+    require_once(COVER_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/cover.php

@@ -0,0 +1,176 @@
+<?php
+
+require_once('cover.inc.php');
+
+class CoverAPI extends WebAPI {
+    function __construct()
+    {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process()
+    {
+        csSYNOPhotoMisc::CheckSessionTimeOut(true);
+
+        if (!strcasecmp($this->method, "set")) {
+            $this->SetCover();
+        }
+    }
+
+    /**
+     *  @params - $id like: photo_dir_name, video_dir_name
+     */
+    private function GetItemInfo($id)
+    {
+        $arr = explode('_', $id);
+        if (3 !== count($arr)) {
+            return false;
+        }
+        if (!in_array($arr[0], array('photo', 'video'))) {
+            return false;
+        }
+        // get id
+        $dirName = @pack('H*', $arr[1]);
+        $fileName = @pack('H*', $arr[2]);
+        $filePath = $dirName.'/'.$fileName;
+
+        $realPath = SYNOPHOTO_SERVICE_REAL_DIR.'/'.$filePath;
+
+        if (!csSynoPhotoMisc::CheckPathValid($realPath)) {
+			return false;
+        }
+
+        $table = ('photo' === $arr[0]) ? 'photo_image' : 'video';
+        if ('root' === SYNOPHOTO_ADMIN_USER) {
+            $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $realPath);
+        } else {
+            $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $filePath);
+        }
+        $data['id'] = $row['id'];
+        $data['path'] = $realPath;
+        $data['sharePath'] = $filePath;
+        $data['isPhoto'] = ('photo' === $arr[0]) ? true : false;
+
+        return $data;
+    }
+
+    private function GetParams_Set()
+    {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['item_id'])) {
+            return false;
+        }
+        // get album id
+        $arr = explode('album_', $_REQUEST['id']);
+        if (2 !== count($arr)) {
+            return false;
+        }
+        // check album exist
+        $shareName = @pack('H*', $arr[1]);
+        $params['album_sharePath'] = $shareName;
+
+        $albumFullPath = SYNOPHOTO_SERVICE_REAL_DIR."/".$shareName;
+
+        if (!csSynoPhotoMisc::CheckPathValid($albumFullPath)) {
+            return false;
+        }
+
+        $params['album_path'] = $albumFullPath;
+
+        // get photo, video id
+        if (false === ($data = $this->GetItemInfo($_REQUEST['item_id']))) {
+            return false;
+        }
+        $params['id'] = $data['id'];
+        $params['path'] = $data['path'];
+        $params['sharePath'] = $data['sharePath'];
+        $params['isPhoto'] = $data['isPhoto'];
+
+        return $params;
+    }
+
+    private function SetAblumCover($albumPath, $coverPath)
+    {
+        $albumFullPath = SYNOPHOTO_SERVICE_REAL_DIR."/".$albumPath;
+
+        if (!csSynoPhotoMisc::CheckPathValid($albumFullPath)) {
+            return false;
+        }
+
+        $eaDir = dirname($albumFullPath)."/".SYNOPHOTO_EADIR;
+        if(!@file_exists($eaDir)) {
+            @mkdir($eaDir);
+            @chmod($eaDir, 0777);
+        }
+        $coverDir = $eaDir.'/'.basename($albumPath);
+        if(!@file_exists($coverDir)) {
+            @mkdir($coverDir);
+            @chmod($coverDir, 0777);
+        }
+        $coverFile = $coverDir.'/'.SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_ALBUM_COVER);
+        $coverValue =  substr($coverPath, (strlen($albumPath) + 1));
+
+        if (false === ($handle = fopen($coverFile, "w+"))) {
+            return false;
+        }
+        if ($handle) {
+            if (false === fwrite($handle, $coverValue)) {
+                return false;
+            }
+            fclose($handle);
+    		@chmod($coverFile, 0777);
+        }
+        return true;
+    }
+
+    private function SetCover()
+    {
+        csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+
+        if (false === ($params = $this->GetParams_Set())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // check album exist
+        $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('count(shareid)', 'photo_share', 'sharename', $params['album_sharePath']);
+        if (1 !== (int)$row[0]) {
+            $this->SetError(PHOTOSTATION_COVER_ALBUM_NOT_EXIST);
+            goto End;
+        }
+
+        // check photo/video exist
+        $table = $params['isPhoto'] ? 'photo_image' : 'video';
+        $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('count(id)', $table, 'path', ('root' === SYNOPHOTO_ADMIN_USER) ? $params['path'] : $params['sharePath']);
+        if (1 !== (int)$row[0]) {
+            $this->SetError(PHOTOSTATION_COVER_PHOTO_VIDEO_NOT_EXIST);
+            goto End;
+        }
+
+        // check photo/video in album
+        $ret = strpos($params['path'], $params['album_path']);
+        if (false === $ret || 0 !== $ret) {
+            $this->SetError(PHOTOSTATION_COVER_PHOTO_VIDEO_NOT_IN_ALBUM);
+            goto End;
+        }
+
+        // check album maganeable
+        if (false === csSynoPhotoMisc::CheckAlbumManageable($params['album_sharePath'])) {
+            $this->SetError(PHOTOSTATION_COVER_ACCESS_DENY);
+            goto End;
+        }
+
+        // set album cover
+        if (false === $this->SetAblumCover($params['album_sharePath'], $params['sharePath'])) {
+            $this->SetError(PHOTOSTATION_COVER_SET_FAIL);
+            goto End;
+        }
+
+    End:
+        return;
+    }
+}
+
+$api = new CoverAPI();
+$api->Run();
+
+?>

PhotoStation API/webapi/download.conf.php

@@ -0,0 +1,26 @@
+<?php
+	define('DOWNLOAD_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__) . '/webapi.inc.php');
+	/* The mimetype of raw image files is not listed here */
+	$SYNOPHOTO_ALLOW_PICT_NAMES_MIME = array(
+		'jpg' => 'image/jpeg',
+		'jpeg' => 'image/jpeg',
+		'jpe' => 'image/jpeg',
+		'bmp' => 'image/bmp',
+		'gif' => 'image/gif',
+		'png' => 'image/png',
+		'tiff' => 'image/tiff',
+		'tif' => 'image/tiff'
+	);
+	$SYNOPHOTO_VIDEO_MIME = array(
+		'3gp' => 'video/3gpp',
+		'asf' => 'video/x-ms-asf',
+		'avi' => 'video/x-msvideo',
+		'm4v' => 'video/x-m4v',
+		'mov' => 'video/quicktime',
+		'mp4' => 'video/mp4',
+		'mpe' => 'video/mpeg',
+		'mpeg'=> 'video/mpeg',
+		'mpg'=>	'video/mpeg',
+		'qt' => 'video/quicktime',
+		'wmv' => 'video/x-ms-wmv'
+	);

PhotoStation API/webapi/download.inc.php

@@ -0,0 +1,7 @@
+<?php
+	require_once('download.conf.php');
+	require_once('photoutil.php');
+	require_once("../include/syno_conf.php");
+
+	require_once(DOWNLOAD_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+	require_once(SZ_WEBAPI_CLASS_PATH);

PhotoStation API/webapi/dsm_share.inc.php

@@ -0,0 +1,6 @@
+<?php
+	require_once("../include/syno_conf.php");
+	require_once(dirname(__FILE__).'/webapi.inc.php');
+	require_once('../include/dsm_share.php');
+	require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/dsm_share.php

@@ -0,0 +1,257 @@
+<?php
+require_once('dsm_share.inc.php');
+
+class DsmShareAPI extends WebAPI {
+	private $operationPemission = "dsm_account";
+	protected $idPrefix = 'dsmshare_';
+
+	function __construct() {
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		if (!strcasecmp($this->method, "list")) {
+			$this->ShareList();
+		} else if (!strcasecmp($this->method, "copy")) {
+			$this->ShareCopy();
+		} else if (!strcasecmp($this->method, "copymusic")) {
+			$this->ShareCopyMusic();
+		}
+	}
+
+	private function ShareList()
+	{
+		$resp = array();
+
+		$params = $this->GetParams_List();
+		if (!$params) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		$data = DsmShare::ListItem($params['user'], $params['id'], $params['type'], $params['offset'], $params['limit']);
+		$items = array();
+
+		foreach ($data['data'] as $k => $v) {
+			$v['id'] = $this->EncodeItemId($v['id']);
+			$items[] = $v;
+		}
+		$resp['items'] = $items;
+		$resp['total'] = $data['total'];
+		$offset = (0 > (int)$params['limit']) ? $resp['total'] : $params['offset'] + $params['limit'];
+		$resp['offset'] = ($offset > $resp['total']) ?  $resp['total'] : $offset;
+
+		$this->SetResponse($resp);
+	End:
+		return;
+	}
+
+	private function ShareCopy()
+	{
+		$params = $this->GetParams_Copy();
+		if (!$params) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		$res = DsmShare::CopyItem($params['user'], $params['id'], $params['sharepath'], $params['duplicate']);
+
+		if (!$res) {
+			$this->SetError(PHOTOSTATION_DSMSHARE_UPLOAD_ERROR);
+			goto End;
+		}
+	End:
+		return;
+	}
+
+	private function ShareCopyMusic()
+	{
+		$params = $this->GetParams_CopyMusic();
+		if (!$params) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		if (SlideshowMusic::LIMIT < SlideshowMusic::GetCount() + count($params['id'])) {
+			$this->SetError(array(PHOTOSTATION_SLIDESHOWMUSIC_EXCEED_LIMIT, SlideshowMusic::LIMIT));
+			goto End;
+		}
+
+		foreach ($params['id'] as $id) {
+			if (!SlideshowMusic::Add(basename($id), $id, '', $params['user'])) {
+				$this->SetError(PHOTOSTATION_DSMSHARE_UPLOAD_ERROR);
+				goto End;
+			}
+		}
+
+	End:
+		return;
+	}
+
+	private function GetParams_List()
+	{
+		$id = !$_REQUEST['id'] || 'fm_root' === $_REQUEST['id'] ? '' : $this->DecodeItemId($_REQUEST['id']);
+
+		if (false === $id) {
+			return false;
+		}
+
+		$types = explode(',', preg_replace('/\s/', '', $_REQUEST['type']));
+
+		foreach ($types as $type) {
+			if (!in_array($type, DsmShare::$allowTypes)) {
+				return false;
+			}
+		}
+
+		$user = $this->GetUser();
+
+		if (!$user) {
+			return false;
+		}
+
+		// $variable + 0 => convert to integer
+		$params = array(
+			'id' => $id,
+			'user' => $user,
+			'type' => $types,
+			'offset' => !isset($_REQUEST['offset']) || $_REQUEST['offset'] < 0 ? 0 : $_REQUEST['offset'] + 0,
+			'limit' => !isset($_REQUEST['limit']) || $_REQUEST['limit'] < 0 ? NULL : $_REQUEST['limit'] + 0,
+		);
+		return $params;
+	}
+
+	private function GetUser()
+	{
+		$user = false;
+
+		if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'])) {
+			$user = $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'];
+		} else if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+			$user = ("root" === SYNOPHOTO_ADMIN_USER)? "admin" : SYNOPHOTO_ADMIN_NAME;
+		}
+		return $user;
+	}
+
+	private function GetParams_Copy()
+	{
+		if(!isset($_REQUEST['id']) || !isset($_REQUEST['sharepath'])) {
+			return false;
+		}
+
+		$idWithPrefix = explode(',', $_REQUEST['id']);
+
+		$ids = array();
+
+		$sharepath = trim($_REQUEST['sharepath'], "/");
+
+		$dbPath = $sharepath ? $sharepath : '/';
+
+		foreach ($idWithPrefix as $k) {
+			$decodeId = $this->DecodeItemId($k);
+			if (false === $decodeId) {
+				return false;
+			}
+			if (dirname($decodeId) === SYNOPHOTO_SERVICE_REAL_DIR."/".$sharepath) {
+				return false;
+			}
+			$ids[$decodeId] = 1;
+		}
+
+		if (!csSYNOPhotoMisc::CheckPathValid($sharepath) || !csSYNOPhotoMisc::CheckAlbumUploadable($dbPath)) {
+			return false;
+		}
+
+		$duplicate = $_REQUEST['duplicate'] ? $_REQUEST['duplicate'] : DsmShare::IGNORE;
+
+		if (!in_array($duplicate, array(DsmShare::OVERWRITE, DsmShare::IGNORE))) {
+			return false;
+		}
+
+		$user = $this->GetUser();
+
+		if (!$user) {
+			return false;
+		}
+
+		// $variable + 0 => convert to integer
+		$params = array(
+			'id' => array_keys($ids),
+			'user' => $user,
+			'sharepath' => $sharepath,
+			'duplicate' => $duplicate
+		);
+		return $params;
+	}
+
+	private function GetParams_CopyMusic()
+	{
+		if(!isset($_REQUEST['id'])) {
+			return false;
+		}
+
+		$idWithPrefix = explode(',', $_REQUEST['id']);
+
+		$ids = array();
+
+		foreach ($idWithPrefix as $k) {
+			$decodeId = $this->DecodeItemId($k);
+			if (false === $decodeId) {
+				return false;
+			}
+			$ids[$decodeId] = 1;
+		}
+
+		$user = $this->GetUser();
+
+		if (!$user) {
+			return false;
+		}
+
+		$params = array(
+			'id' => array_keys($ids),
+			'user' => $user
+		);
+		return $params;
+	}
+
+	protected function CheckPermission()
+	{
+		$res = true;
+		$check = array(
+			"list" => $this->operationPemission,
+			"copy" => $this->operationPemission,
+			"copymusic" => $this->operationPemission
+		);
+		if (!array_key_exists($this->method, $check)) {
+			goto End;
+		}
+
+		$funcName = "check_".$check[$this->method];
+
+		if (!method_exists($this, $funcName)) {
+			$res = false;
+			goto End;
+		}
+
+		$res = $this->$funcName();
+
+	End:
+		if (!$res) {
+			$this->SetError(PHOTOSTATION_DSMSHARE_ACCESS_DENY);
+		}
+		return $res;
+	}
+
+	private function check_dsm_account()
+	{
+		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+		csSYNOPhotoMisc::CheckSessionTimeOut(true);
+		return "1" === csSYNOPhotoMisc::GetConfigDB("global", "account_system", "photo_config") || isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+	}
+}
+$api = new DsmShareAPI();
+$api->Run();
+
+?>

PhotoStation API/webapi/embed.php

@@ -0,0 +1,84 @@
+<?
+require_once('albumutil.php');
+require_once('photoutil.php');
+
+$id_str = $_GET['id'];
+$id_arr = explode('_', $id_str);
+if (3 !== count($id_arr) || ('photo' !== $id_arr[0] && 'video' !== $id_arr[0])) {
+	$error = true;
+}
+$albumName = @pack('H*', $id_arr[1]);
+$fileName = @pack('H*', $id_arr[2]);
+$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . ("/" === $albumName ? "" : $albumName . "/") . $fileName;
+
+$item = checkVideoAvailable($albumName, $path, $id_arr[0]);
+
+if ($item) {
+	$quality = findQualityObject($item['additional']['video_quality'], $_GET['quality']);
+	$quality_id = $quality['id'];
+	$videoType = $quality['container'];
+	$videoProfile = $quality['profile_name'];
+	$video = SYNOPHOTO_URL_PREFIX . "/photo/webapi/download.php/1.mp4?api=SYNO.PhotoStation.Download&method=getvideo&version=1&id=$id_str&quality_id=$quality_id";
+	$image = SYNOPHOTO_URL_PREFIX . "/photo/webapi/thumb.php?api=SYNO.PhotoStation.Thumb&method=get&version=1&id=$id_str&size=large";
+	$title = $item['info']['title'].' - '. __(photo_str_ap_name_6);
+} else {
+	$title = __(photo_str_ap_name_6);
+}
+
+function findQualityObject ($videoQuality, $qualityProfileName)
+{
+	if (!$videoQuality) {
+		return null;
+	}
+	foreach ($videoQuality as $i) {
+		if ($qualityProfileName == $i['profile_name']) {
+			return $i;
+		}
+	}
+	usort($videoQuality, function($a, $b) {
+		$profileOrder = Array('high'=>0, 'medium'=>1, 'low'=>2, 'orig_h264'=>3, 'mobile'=>4, 'flv'=>5);
+		return $profileOrder[$a['profile_name']] > $profileOrder[$b['profile_name']] ? 1 : -1;
+	});
+	return $videoQuality[0];
+}
+
+function checkVideoAvailable ($albumName, $path, $type)
+{
+	if (!csSynoPhotoMisc::CheckPathValid($path)) {
+		return false;
+	}
+
+	csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+	if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {
+		return false;
+	}
+
+	if (@file_exists($path)) {
+		if (!($item = PhotoAPIUtil::getItemByPath($path, array('video_quality'), $type, false))) {
+			return false;
+		}
+	}
+	return $item;
+}
+
+?>
+<!DOCTYPE html>
+<html><head><title><?= $title ?></title>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+	<meta http-equiv="X-UA-Compatible" content="IE=11" />
+	<script type="text/javascript" src="../jwplayer/jwplayer.js"></script>
+	<script type="text/javascript" src="../photo_new/syno_embed.js"></script>
+	<link rel="shortcut icon" href="../favicon.ico">
+</head><body>
+<? if ($error) {?>
+<div style=text-align:center;margin-top:100px><?=__(photo_str_video_unavailable)?></div>
+<? } else {?>
+<div id='player'></div>
+<script>
+var video = "<?= $video?>",
+	image = "<?= $image?>",
+	videoType = "<?= $videoType?>";
+	videoProfile = "<?= $videoProfile?>";
+</script>
+<?}?>
+</body></html>

PhotoStation API/webapi/file.conf.php

@@ -0,0 +1,2 @@
+<?php
+	define('FILE_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__) . '/webapi.inc.php');

PhotoStation API/webapi/file.inc.php

@@ -0,0 +1,6 @@
+<?php
+	require_once('file.conf.php');
+	require_once("../include/syno_conf.php");
+
+	require_once(FILE_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+	require_once(SZ_WEBAPI_CLASS_PATH);

PhotoStation API/webapi/file.php

@@ -0,0 +1,204 @@
+<?PHP
+
+set_time_limit(0);
+
+require_once('file.inc.php');
+
+class FileAPI extends WebAPI
+{
+	function __construct()
+	{
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		$this->Init();
+
+		csSYNOPhotoMisc::CheckSessionTimeOut(true);
+
+		if (!strcasecmp($this->method, "uploadphoto")) {
+			$this->UploadFile(true);
+		}
+		if (!strcasecmp($this->method, "uploadvideo")) {
+			$this->UploadFile(false);
+		}
+	}
+
+	private function Init()
+	{
+		csSYNOPhotoMisc::PhotoSessionStart();
+
+		$_SESSION[SYNOPHOTO_ADMIN_USER]['security_identifier'] = csSYNOPhotoMisc::GetSessionIdentifier();
+		if (isset($_REQUEST['session'])) {
+			csSYNOPhotoMisc::RestoreSession();
+		}
+		csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+	}
+
+	private function UploadFile($isPhoto)
+	{
+		$ret = false;
+		/* return when lack of params */
+		if (!isset($_REQUEST['dest_folder_path']) || !isset($_REQUEST['duplicate']) || !isset($_REQUEST['filename']) || !isset($_REQUEST['mtime'])) {
+				$this->SetError(PHOTOSTATION_FILE_BAD_PARAMS);
+				goto End;
+		}
+
+		/* set required params */
+		$destShareName = $_REQUEST['dest_folder_path'];
+		if ('' === $destShareName) {
+			if (!csSYNOPhotoMisc::CheckAlbumUploadable('/')) {
+				$this->SetError(PHOTOSTATION_FILE_ACCESS_DENY);
+				goto End;
+			}
+		} elseif (!csSYNOPhotoMisc::CheckAlbumUploadable($destShareName)) {
+			$this->SetError(PHOTOSTATION_FILE_ACCESS_DENY);
+			goto End;
+		}
+
+		$fileName = $_REQUEST['filename'];
+		if ($isPhoto && !csSYNOPhotoMisc::IsPhotoFile($fileName)) {
+			$this->SetError(PHOTOSTATION_FILE_FILE_EXT_ERR);
+			goto End;
+		}
+		if (!$isPhoto && !csSYNOPhotoMisc::IsVideoFile($fileName)) {
+			$this->SetError(PHOTOSTATION_FILE_FILE_EXT_ERR);
+			goto End;
+		}
+
+		$destDir = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $destShareName;
+		if (!csSynoPhotoMisc::CheckPathValid($destDir)) {
+			$this->SetError(PHOTOSTATION_FILE_BAD_PARAMS);
+			goto End;
+		}
+
+		if (!file_exists($destDir)) {
+			$this->SetError(PHOTOSTATION_FILE_DIR_NOT_EXISTS);
+			goto End;
+		}
+
+		$mtime = $_REQUEST['mtime'];
+
+		$dup = $_REQUEST['duplicate'];
+		$overwrite = ('ignore' === $dup) ? 0 : (('overwrite' === $dup) ? 1 : 2);	// default is rename
+
+		/* set all uploaded file data */
+		$hasFile = false;
+		$files = array();
+		$allowed_upload_form_names = array('original', 'thumb_small', 'thumb_large', 'high', 'medium', 'low', 'mobile', 'iphone', 'android', 'flv');
+
+		foreach($allowed_upload_form_names as $name) {
+			$files[$name] = null;
+
+			if (isset($_FILES[$name])) {
+				if ($_FILES[$name]['error'] > 0) { // files is not uploaded successfully by form upload
+					$this->SetError(PHOTOSTATION_FILE_UPLOAD_ERROR);
+					goto End;
+				}
+
+				$files[$name] = $_FILES[$name];
+			}
+
+			$hasFile = true;
+		}
+
+		if (!$hasFile) {
+			$this->SetError(PHOTOSTATION_FILE_NO_FILE);
+			goto End;
+		}
+
+		$destPath = $destDir . "/" . $fileName;
+
+		if (@file_exists($destPath)) {
+			if (0 === $overwrite) {
+				//ignore
+				$ret = false;
+				goto End;
+			} else if (2 === $overwrite) {
+				//rename
+				$dir = pathinfo($destPath, PATHINFO_DIRNAME);
+				$name = pathinfo($destPath, PATHINFO_FILENAME);
+				$ext = pathinfo($destPath, PATHINFO_EXTENSION);
+
+				$rename_suffix = 0;
+				$rename_path = $destPath;
+
+				while (file_exists($rename_path)) {
+					$rename_path = "$dir/$name" . "_" . (++$rename_suffix) . ".$ext";
+				}
+
+				$destPath = $rename_path;
+			}
+		}
+
+		$IsOldEAFilePrefix = csSYNOPhotoMisc::IsOldEAFilePrefix();
+
+		/* set all destination file path */
+		$destEADir = SYNOPhotoEA::getEADirPath($destPath);
+		$smallPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_THUMB_M, $IsOldEAFilePrefix);
+		$largePath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_THUMB_XL, $IsOldEAFilePrefix);
+		$vHighPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_H_MP4, $IsOldEAFilePrefix);
+		$vMediumPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_M_MP4, $IsOldEAFilePrefix);
+		$vLowPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_L_MP4, $IsOldEAFilePrefix);
+		$vFlvPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_FLV, $IsOldEAFilePrefix);
+		$vMobilePath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_MOBILE_MP4, $IsOldEAFilePrefix);
+		$vIPhonePath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_MOBILE_IPHONE, $IsOldEAFilePrefix);
+		$vAndroidPath = $destEADir . "/" . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_FILM_MOBILE_ANDROID, $IsOldEAFilePrefix);
+
+		@mkdir($destDir, 0777, true);
+		@mkdir($destEADir, 0777, true);
+
+		/* write all existed files */
+		$this->writeFile($files['thumb_small']['tmp_name'], $smallPath);
+		$this->writeFile($files['thumb_large']['tmp_name'], $largePath);
+		if (!$isPhoto) {
+			$this->writeFile($files['high']['tmp_name'], $vHighPath);
+			$this->writeFile($files['medium']['tmp_name'], $vMediumPath);
+			$this->writeFile($files['low']['tmp_name'], $vLowPath);
+			$this->writeFile($files['flv']['tmp_name'], $vFlvPath);
+			$this->writeFile($files['mobile']['tmp_name'], $vMobilePath);
+			$this->writeFile($files['iphone']['tmp_name'], $vIPhonePath);
+			$this->writeFile($files['android']['tmp_name'], $vAndroidPath);
+		}
+		$ret = $this->writeFile($files['original']['tmp_name'], $destPath);
+
+		/* trigger index */
+		if (!empty($files['original']) && $ret) {
+			@touch($destPath, $mtime / 1000);
+			$path_part = pathinfo($rename_path ? $rename_path : $fileName);
+			if (isset($_REQUEST['title'])) {
+				$path_part['title'] = $_REQUEST['title'];
+			}
+			if (isset($_REQUEST['description'])) {
+				$path_part['description'] = $_REQUEST['description'];
+			}
+
+			$dbPath = SYNOPHOTO_SERVICE_REAL_DIR_PATH . trim($destShareName . "/" . $path_part['basename'], "/");
+			File::AddFile($dbPath, $destPath, $path_part['title'], $path_part['description']);
+		}
+
+		PhotoLog::Add($fileName." was uploaded to album ".$destShareName." successfully.", true, strtolower(GetLoginUsername()));
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function writeFile($tmpPath, $destPath)
+	{
+		if (empty($tmpPath)) {
+			return false;
+		}
+		if (!is_uploaded_file($tmpPath)) {
+			return false;
+		}
+		if (!@move_uploaded_file($tmpPath, $destPath)) {
+			return false;
+		}
+		@chmod($destPath, 0777);
+		return true;
+	}
+}
+
+$api = new FileAPI();
+$api->Run();

PhotoStation API/webapi/formulautil.php

@@ -0,0 +1,239 @@
+<?
+
+class Decorator {
+
+	static function CategoryFormula ($dbObject, $config = array())
+	{
+		$encodedId = $config['id'];
+		$categroy = array();
+		$category['id'] = $encodedId ? $encodedId : 'category_'.$dbObject['id'];
+		$category['name'] = $dbObject['name'];
+		$category['hidden'] = $dbObject['hidden'];
+		return $category;
+	}
+
+	static function AlbumFormula($dbObject, $config = array())
+	{
+		$allowComment = $config['allowComment'];
+		$showAlbumHit = $config['showAlbumHit'];
+		$id = $config['id'];
+		$param = $config['param'];
+		$needThumbSize = isset($config['needThumbSize']) ? $config['needThumbSize'] : in_array('thumb_size', $param['additional']);
+
+		$sharepath = $dbObject['sharename'];
+		$item_info = AlbumAPIUtil::FormAlbum($dbObject, $allowComment, $showAlbumHit);
+		if (!in_array('thumbnail', $param['ignore'])) {
+			$result = csSYNOPhotoAlbum::GetAlbumInstance()->GetAlbumCover($sharepath);
+			$coverPath = $result['coverPath'];
+		}
+		list($orig_resolutionx, $orig_resolutiony, $blThumbRotated) = AlbumAPIUtil::GetCoverResolutionRotation($coverPath);
+
+		// replace conversion with the first layer album's
+		$item_info['conversion'] = csSYNOPhotoMisc::IsAlbumAllowConversion($sharepath);
+		$item = array(
+			'info'	=> $item_info,
+			'id'	=> $id ? $id : self::EncodeItemId($sharepath, 'album_'),
+			'type'	=> 'album',
+			'additional' => AlbumAPIUtil::FormAdditional('album', $dbObject, $param)
+		);
+
+		AlbumAPIUtil::FillThumbStatus($item, $coverPath, $needThumbSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $item_info['conversion']);
+		return $item;
+	}
+
+	static function SmartFormula($dbObject, $config = array())
+	{
+		$param = $config['param'];
+		$id = $config['id'];
+		$needThumbSize = isset($config['needThumbSize']) ? $config['needThumbSize'] : in_array('thumb_size', $param['additional']);
+
+        $smartAlbum['id'] = $id ? $id : self::EncodeItemId($dbObject['name'], 'smart_');
+        $smartAlbum['type'] = 'smart';
+        $album = SmartAlbum::GetSmartAlbumInstance()->GetCoverOfSmartAlbumByName($dbObject['name']);
+        $smartAlbum['thumbnail_status'] = 'default';
+
+		if (false === $album['success'] && !isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+			return -1;
+		}
+
+		$coverPath = '';
+        if ($album['success'] && isset($album['cover']['dbPath'])) {
+			$coverPath = $album['cover']['dbPath'];
+			$relativePath = substr($coverPath, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+			$dirname = dirname($relativePath);
+			$sharename = in_array($dirname, array('.', ''), true) ? '/' : $dirname;
+        }
+
+        $smartAlbum['name'] = $dbObject['name'];
+        if (in_array('smart_condition', $param['additional'])) {
+			$smartAlbumCond = SmartAlbum::GetSmartAlbumInstance()->GetSmartCondition($dbObject['name']);
+            $smartAlbum['additional']['smart_condition'] = $smartAlbumCond;
+        }
+
+        $blConversion = csSYNOPhotoMisc::IsAlbumAllowConversion($sharename);
+        list($orig_resolutionx, $orig_resolutiony, $blThumbRotated) = AlbumAPIUtil::GetCoverResolutionRotation($coverPath);
+        AlbumAPIUtil::FillThumbStatus($smartAlbum, $coverPath, $needThumbSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $blConversion);
+
+        return $smartAlbum;
+	}
+
+	static function TagFormula($dbObject, $config = array())
+	{
+		$param = $config['param'];
+		$needThumbSize = isset($config['needThumbSize']) ? $config['needThumbSize'] : in_array('thumb_size', $param['additional']);
+		$id = $config['id'];
+
+		$tag['id'] = $id ? $id : 'tag_'.$dbObject['id'];
+		$tag['type'] = 'tag';
+		$tag['tag_type'] = Label::GetCategoryName($dbObject['category']);
+		$tag['name'] = $dbObject['name'];
+
+		$additional = self::TagAdditional($dbObject, $param);
+		if (null !== $additional) {
+			$tag['additional'] = $additional;
+		}
+		if ('true' === $param['thumbnail_status']) {
+			$result = csSYNOPhotoAlbum::GetAlbumInstance()->GetLabelAlbumCoverFromDB($dbObject['id']);
+			$coverPath = $result['dbPath'];
+			$relativePath = substr($coverPath, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+			$dirname = dirname($relativePath);
+			$sharename = in_array($dirname, array('.', ''), true) ? '/' : $dirname;
+
+			$blConversion = csSYNOPhotoMisc::IsAlbumAllowConversion($sharename);
+			list($orig_resolutionx, $orig_resolutiony, $blThumbRotated) = AlbumAPIUtil::GetCoverResolutionRotation($coverPath);
+			AlbumAPIUtil::FillThumbStatus($tag, $coverPath, $needThumbSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $blConversion);
+		}
+		return $tag;
+	}
+
+    private static function TagAdditional($data, $params)
+    {
+        if (in_array('info', $params['additional'])) {
+            if (Label::PEOPLE === $data['category']) {
+                $people['name'] = $data['name'];
+                $additional['info'] = $people;
+            } elseif (Label::GEO === $data['category']) {
+                $geo['name'] = $data['name'];
+                if (false !== ($extra = json_decode($data['info'], true))) {
+                    $geo['lat'] = $extra['lat'];
+                    $geo['lng'] = $extra['lng'];
+                    $geo['place_id'] = $extra['placeId'];
+                    $geo['address'] = (null === $extra['address']) ? '' : $extra['address'];
+                }
+                $additional['info'] = $geo;
+            } elseif (Label::DESC === $data['category']) {
+                $desc['name'] = $data['name'];
+                $additional['info'] = $desc;
+            }
+        }
+        if (in_array('extra', $params['additional'])) {
+            $additional['extra'] = $data['info'];
+        }
+        if (in_array('count', $params['additional'])) {
+            $total = ItemLabel::GetCountByLabelId($data['id']);
+            $additional['count'] = (int)$total;
+        }
+        return $additional;
+    }
+
+	static function VideoFormula($dbObject, $config = array())
+	{
+		$params = $config['param'];
+		$needThumbSize = $config['needThumbSize'] ? $config['needThumbSize'] : in_array('thumb_size', $params['additional']);
+		$item = array(
+			'id'	=> $config['id'] ? $config['id'] : self::EncodeItemId($dbObject['path'], "video_"),
+			'type'	=> 'video'
+		);
+        $customTitleDesc = csSYNOPhotoDB::GetDBInstance()->GetVideoCustomizedTitleDescription($dbObject['path']);
+
+		$item_info = array(
+			'name'			=> $dbObject['name'],
+			'title'			=> empty($customTitleDesc['title']) ? $dbObject['name'] : $customTitleDesc['title'],
+			'description'	=> $customTitleDesc['description'],
+			'createdate'	=> $dbObject['date'],
+			'takendate'		=> $dbObject['mdate'],
+			'size'			=> $dbObject['filesize'],
+			'duration'		=> (int)$dbObject['duration'],
+			'gps'			=> json_decode($dbObject['gps']),
+			'rotation'		=> (int)$dbObject['rotation']
+		);
+		if (isset($dbObject['pos'])) {
+			$item['pos'] = (int) $dbObject['pos'];
+		}
+
+		$coverPath = $dbObject['path'];
+		$sharepath = substr($coverPath, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+		$dir = in_array(dirname($sharepath), array('.', ''), true) ? '/' : dirname($sharepath);
+		// additional handler
+		$item['info'] = $item_info;
+		$item['additional'] = AlbumAPIUtil::FormAdditional('video', $dbObject, $params);
+
+		$isConversion = csSYNOPhotoMisc::IsAlbumAllowConversion($dir);
+
+		AlbumAPIUtil::FillThumbStatus($item, $coverPath, $needThumbSize, $dbObject['resolutionx'], $dbObject['resolutiony'], false, $isConversion);
+		return $item;
+	}
+
+	static function PhotoFormula($dbObject, $config = array())
+	{
+		$params = $config['param'];
+		$needThumbSize = $config['needThumbSize'] ? $config['needThumbSize'] : in_array('thumb_size', $params['additional']);
+		$item = array(
+			'id'	=> $config['id'] ? $config['id'] : self::EncodeItemId($dbObject['path'], "photo_"),
+			'type'	=> 'photo'
+		);
+
+		$item_info = array(
+			'name'			=> $dbObject['name'],
+			'title'			=> $dbObject['title'],
+			'description'	=> $dbObject['description'],
+			'createdate'	=> $dbObject['createdate'],
+			'takendate'		=> $dbObject['timetaken'],
+			'size'			=> $dbObject['size'],
+			'resolutionx'	=> (int)$dbObject['resolutionx'],
+			'resolutiony'	=> (int)$dbObject['resolutiony'],
+			'rotated'		=> (0 === (int)$dbObject['version'] % 2) ? false : true,
+			'rotate_version'=> (int)$dbObject['version'],
+			'rotation'		=> (int)$dbObject['rotation'],
+			'lat'			=> $dbObject['lat'],
+			'lng'			=> $dbObject['lng']
+		);
+		if (isset($dbObject['pos'])) {
+			$item['pos'] = (int) $dbObject['pos'];
+		}
+
+		if (isset($dbObject['gps_idx'])) {
+			$item['gps_idx'] = $dbObject['gps_idx'];
+		}
+
+		$coverPath = $dbObject['path'];
+		$blThumbRotated = (0 === (int)$dbObject['version'] % 2) ? false : true;
+
+		$sharepath = substr($coverPath, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+		$dir = in_array(dirname($sharepath), array('.', ''), true) ? '/' : dirname($sharepath);
+		// additional handler
+		$item['info'] = $item_info;
+		$item['additional'] = AlbumAPIUtil::FormAdditional('photo', $dbObject, $params);
+
+		$isConversion = csSYNOPhotoMisc::IsAlbumAllowConversion($dir);
+
+		AlbumAPIUtil::FillThumbStatus($item, $coverPath, $needThumbSize, $dbObject['resolutionx'], $dbObject['resolutiony'], $blThumbRotated, $isConversion);
+		return $item;
+	}
+
+	static function EncodeItemId($id, $prefix) {
+		if (!in_array($prefix, array('photo_', 'video_'))) {
+			return $prefix.bin2hex($id);
+		}
+
+		$sharepath = substr($id, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+		$fileName = basename($sharepath);
+		$sharename = dirname($sharepath);
+		if ('.' === $sharename || '' === $sharename) {
+			$sharename = '/';
+		}
+		return $prefix.bin2hex($sharename)."_".bin2hex($fileName);
+	}
+}
+
+?>

PhotoStation API/webapi/group.conf.php

@@ -0,0 +1,2 @@
+<?php
+	define('GROUP_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__) . '/webapi.inc.php');

PhotoStation API/webapi/group.inc.php

@@ -0,0 +1,6 @@
+<?php
+	require_once('group.conf.php');
+	require_once("../include/syno_conf.php");
+
+	require_once(GROUP_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+	require_once(SZ_WEBAPI_CLASS_PATH);

PhotoStation API/webapi/group.php

@@ -0,0 +1,407 @@
+<?PHP
+
+require_once('group.inc.php');
+
+class GroupAPI extends WebAPI
+{
+	function __construct()
+	{
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		/* if not admin, returns directly */
+		csSYNOPhotoMisc::CheckSessionTimeOut();
+
+		if (!strcasecmp($this->method, "list")) {
+			$this->ListGroup();
+		}
+		if (!strcasecmp($this->method, "get")) {
+			$this->GetGroup();
+		}
+		if (!strcasecmp($this->method, "get_dsm_group")) {
+			$this->GetDSMGroup();
+		}
+		if (!strcasecmp($this->method, "getmember")) {
+			$this->GetGroupMember();
+		}
+		if (!strcasecmp($this->method, "create")) {
+			$this->CreateGroup();
+		}
+		if (!strcasecmp($this->method, "delete")) {
+			$this->DeleteGroup();
+		}
+		if (!strcasecmp($this->method, "editmember")) {
+			$this->EditMember();
+		}
+		if (!strcasecmp($this->method, "edit")) {
+			$this->EditGroup();
+		}
+	}
+
+	private function ListGroup()
+	{
+		$ret = false;
+		$resp = array();
+
+		/* set params */
+		$offset = isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0;
+		$limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : 15;
+		$search = isset($_REQUEST['query']) ? $_REQUEST['query'] : '';
+
+		$groups = $this->GetAllGroups($offset, $limit, $search);
+
+		$resp['totalCount'] = $groups['totalCount'];
+		$resp['groups'] = $groups['all_groups'];
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+
+	}
+
+	private function GetGroupPublicShareRight($gid)
+	{
+		$query = "SELECT * FROM " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " WHERE groupid = ?";
+		$sqlParam = array($gid);
+		$db_result = PHOTO_DB_Query($query, $sqlParam);
+		if (($row = PHOTO_DB_FetchRow($db_result))) {
+			return 'on';
+		} else {
+			return 'off';
+		}
+	}
+	private function UpdateGroupPublicShareRight($gid, $public_share) {
+		if ($public_share === 'true') {
+			$query = "INSERT INTO " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " VALUES (?)";
+		} else {
+			$query = "DELETE FROM " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " WHERE groupid = (?)";
+		}
+		$sqlParam = array($gid);
+		$db_result = PHOTO_DB_Query($query, $sqlParam);
+	}
+
+	private function GetGroup()
+	{
+		$ret = false;
+		$resp = array();
+
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		/* set params */
+		$id = $_REQUEST['id'];
+
+		$query = "SELECT * FROM photo_group WHERE groupid = ?";
+		$sqlParam = array($id);
+		$db_result = PHOTO_DB_Query($query, $sqlParam);
+
+		if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+		$resp['groupid'] = $row['groupid'];
+		$resp['groupname'] = $row['groupname'];
+		$resp['description'] = $row['description'];
+		$resp['public_share'] = $this->GetGroupPublicShareRight($id);
+
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function GetDSMGroup() {
+		$ret = false;
+		$resp = array();
+
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		/* set params */
+		$id = $_REQUEST['id'];
+		$resp['public_share'] = $this->GetGroupPublicShareRight($id);
+
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function GetGroupMember()
+	{
+		$ret = false;
+		$resp = array();
+
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		/* set params */
+		$id = $_REQUEST['id'];
+		$start = isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0;
+		$limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : 15;
+
+		$limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $start);
+		$query = "SELECT A.userid, A.username, A.description, B.groupid FROM photo_user A LEFT JOIN photo_user_group B ON A.userid = B.userid AND B.groupid = ? $limitOffsetString";
+		$sqlParam = array($id);
+		$db_result = PHOTO_DB_Query($query, $sqlParam);
+
+		$resp['users'] = array();
+		while($row = PHOTO_DB_FetchRow($db_result)) {
+			$item = array();
+			$item['id'] = $row['userid'];
+			$item['username'] = $row['username'];
+			$item['description'] = $row['description'];
+			$item['add'] = $id == $row['groupid'];
+			$resp['users'][] = $item;
+		}
+
+		$query = "SELECT count(*) FROM photo_user";
+		$db_result = PHOTO_DB_Query($query);
+		$row = PHOTO_DB_FetchRow($db_result);
+
+		$resp['totalCount'] = $row[0];
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function CreateGroup()
+	{
+		$ret = false;
+		$resp = array();
+
+		if (!isset($_REQUEST['groupname'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		/* set params */
+		$groupname = $_REQUEST['groupname'];
+		$description = isset($_REQUEST['description']) ? $_REQUEST['description'] : '';
+
+		$query = "SELECT MAX(groupid) FROM photo_group";
+		$db_result = PHOTO_DB_Query($query);
+		$max_gid = PHOTO_DB_FetchRow($db_result);
+		$new_gid = $max_gid[0] + 1;
+		$query = "INSERT INTO photo_group (groupid, groupname, description) VALUES (?, ?, ?)";
+		$sqlParam = array($new_gid, $groupname, $description);
+		PHOTO_DB_Query($query, $sqlParam);
+
+		$this->UpdateGroupPublicShareRight($new_id, $_REQUEST['public_share']);
+		$resp['id'] = $new_gid;
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function EditMember()
+	{
+		$ret = false;
+		$resp = array();
+
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		/* set params */
+		$gid = $_REQUEST['id'];
+		$addList = isset($_REQUEST['group_user_add']) ? $_REQUEST['group_user_add'] : '';
+		$deleteList = isset($_REQUEST['group_user_delete']) ? $_REQUEST['group_user_delete'] : '';
+
+		$this->DeleteUserFromGroup($gid, $deleteList);
+		$this->AddUserToGroup($gid, $addList);
+
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function DeleteUserFromGroup($gid, $users)
+	{
+		if ($gid == null || $gid == "" || $users == null || $users == "") {
+			return;
+		}
+
+		$ids = explode(',', $users);
+		foreach ($ids as $id) {
+			if ('' === $id) {
+				continue;
+			}
+			$query = "DELETE FROM photo_user_group WHERE userid = ? AND groupid = ?";
+			$sqlParam = array($id, $gid);
+			$db_result = PHOTO_DB_Query($query, $sqlParam);
+		}
+	}
+
+	private function AddUserToGroup($gid, $users)
+	{
+		if ($gid == null || $gid == "" || $users == null || $users == "") {
+			return;
+		}
+
+		$ids = explode(',', $users);
+		foreach ($ids as $id) {
+			if ('' === $id) {
+				continue;
+			}
+			$query = "SELECT MAX(id) FROM photo_user_group";
+			$db_result = PHOTO_DB_Query($query);
+			$max_id = PHOTO_DB_FetchRow($db_result);
+			$new_id = $max_id[0] + 1;
+			$query = "INSERT INTO photo_user_group (id, userid, groupid) VALUES (?, ?, ?)";
+			$sqlParam = array($new_id, $id, $gid);
+			$db_result = PHOTO_DB_Query($query, $sqlParam);
+		}
+	}
+
+	private function EditGroup()
+	{
+		$ret = false;
+		$resp = array();
+
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		/* set params */
+		$id = $_REQUEST['id'];
+		$description = isset($_REQUEST['description']) ? $_REQUEST['description'] : null;
+
+		$this->UpdateGroupPublicShareRight($id, $_REQUEST['public_share']);
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			$this->SetResponse($resp);
+			goto End;
+		}
+
+		if (isset($_REQUEST['description'])) {
+			$query = "UPDATE photo_group set description = ? where groupid = ?";
+			$sqlParam = array($description, $id);
+			$db_result = PHOTO_DB_Query($query, $sqlParam);
+		}
+
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function DeleteGroup() {
+		$ret = false;
+		$resp = array();
+
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		/* set params */
+		$gid = $_REQUEST['id'];
+
+		$query = "DELETE FROM photo_group WHERE groupid = ?";
+		$sqlParam = array($gid);
+		PHOTO_DB_Query($query, $sqlParam);
+
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function GetAllGroups($start, $limit, $search)
+	{
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			return $this->GetAllDSMGroup($start, $limit, $search);
+		}
+
+		$i = 0;
+		$limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $start);
+		$query = "SELECT * FROM photo_group WHERE groupname LIKE ? ORDER BY groupname ASC $limitOffsetString";
+		$db_result = PHOTO_DB_Query($query, array("%$search%"));
+		$result = array('all_groups' => array());
+		while ($row = PHOTO_DB_FetchRow($db_result)) {
+			$result['all_groups'][$i]['groupid'] = $row['groupid'];
+			$result['all_groups'][$i]['groupname'] = $row['groupname'];
+			$result['all_groups'][$i]['description'] = $row['description'];
+			$i ++;
+		}
+		$query = "SELECT count(*) FROM photo_group WHERE groupname LIKE ?";
+		$db_result = PHOTO_DB_Query($query, array("%$search%"));
+		$row = PHOTO_DB_FetchRow($db_result);
+		$result['totalCount'] = $row[0];
+		return $result;
+	}
+
+	private function GetAllDSMGroup($start, $limit, $query = '')
+	{
+		$command = "/usr/syno/bin/synophoto_dsm_user --group " . escapeshellarg($query);
+		@exec($command, $pListGroupCount, $retval);
+		if (0 > $retval) {
+			$result['totalCount'] = 0;
+			return $result;
+		}
+		$result['totalCount'] = $pListGroupCount[0];
+
+		$command = "/usr/syno/bin/synophoto_dsm_user --group " . escapeshellarg($start) . " " . escapeshellarg($limit) . " ASC:" . escapeshellarg($query);
+		@exec($command, $pListGroupName, $retval);
+
+		if (0 !== $retval) {
+			$result['totalCount'] = 0;
+			return $result;
+		}
+
+		$i = 0;
+		$result['all_groups'] = array();
+		foreach ($pListGroupName as $group_str) {
+			$group_info = split(',', $group_str);
+			$result['all_groups'][$i]['groupid'] = $group_info[0];
+			$result['all_groups'][$i]['groupname'] = $group_info[1];
+			$result['all_groups'][$i]['description'] = htmlspecialchars($group_info[2], ENT_QUOTES);
+			$result['all_groups'][$i]['disable'] = 'true' === $group_info[3] ? 't' : 'f';
+			$i ++;
+		}
+
+		return $result;
+	}
+}
+
+$api = new GroupAPI();
+$api->Run();

PhotoStation API/webapi/info.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('INFO_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/info.inc.php

@@ -0,0 +1,7 @@
+<?php
+    require_once('info.conf.php');
+    require_once("../include/syno_conf.php");
+
+    require_once(INFO_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/info.php

@@ -0,0 +1,168 @@
+<?PHP
+
+require_once('info.inc.php');
+
+class InfoAPI extends WebAPI {
+    function __construct() {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process() {
+        if (!strcasecmp($this->method, "getinfo")) {
+            $this->GetInfo();
+
+//			$this->CheckShareId();
+        }
+    }
+
+	private function CheckShareId()
+	{
+		$PHP_BIN = "/usr/bin/php";
+		$PHP_PARAMETER = "-n -d extension=pdo.so -d extension=pdo_pgsql.so -d extension=pdo_sqlite.so";
+		$SHARE_ID_UPDATE_PHP = SYNO_PKG_DIR."/target/photo_scripts/update_photo_share.php";
+		$cmd = sprintf("%s %s %s '%s' >/dev/null &", $PHP_BIN, $PHP_PARAMETER, $SHARE_ID_UPDATE_PHP, SYNOPHOTO_ADMIN_NAME);
+
+		system($cmd);
+	}
+
+    private function GetInfo() {
+        $resp = array();
+
+        // get version
+        $resp['version'] = '2965';
+
+        // get PhotoStation title
+        $resp['title'] = trim(csSYNOPhotoMisc::GetConfigDB("photo", "photo_page_title", "photo_config"));
+
+        // get about_me title
+        $value = csSYNOPhotoMisc::GetConfigDB("photo", "about_me_title", "photo_config");
+        $resp['about_me_title'] = $value ? $value : __(photo_str_category_about_me);
+
+        // get root album sort_by
+        $value = csSYNOPhotoMisc::GetConfigDB("album", "thumb_sort_type", "photo_config");
+        $resp['sort_by'] = 'filename';
+        if ('0' === $value) {
+            $resp['sort_by'] = 'filename';
+        } elseif ('1' === $value) {
+            $resp['sort_by'] = 'takendate';
+        } elseif ('2' === $value) {
+            $resp['sort_by'] = 'createdate';
+        }
+
+        // get root album sort_direction
+        $value = csSYNOPhotoMisc::GetConfigDB("album", "thumb_sort_order", "photo_config");
+        $resp['sort_direction'] = ('1' === $value) ? 'desc' : 'asc';
+
+        // get use album explorer setting
+        $value = csSYNOPhotoMisc::GetConfigDB("album", "use_album_explorer", "photo_config");
+        $resp['use_album_explorer'] = 'off' !== $value; //return "on" by default
+
+        // get paging setting
+        $value = csSYNOPhotoMisc::GetConfigDB("album", "paging_use_bar", "photo_config");
+        $resp['paging_use_bar'] = 'off' !== $value; //return "on" by default
+        $value = intval(csSYNOPhotoMisc::GetConfigDB("album", "paging_item_count", "photo_config"));
+        $resp['paging_item_count'] = ($value >= 50 && $value <= 500) ? $value : 50;
+
+        // get folder sort direction
+        $value = csSYNOPhotoMisc::GetConfigDB("album", "album_order_type_is_desc", "photo_config");
+        $resp['folder_sort_direction'] = ("1" === $value) ? 'desc' : 'asc';
+
+        // get allow downoload original photo
+		/*
+        $value = csSYNOPhotoMisc::GetConfigDB("photo", "allow_orig", "photo_config");
+        $resp['allow_download_orig'] = ('on' === $value) ? true : false;
+		*/
+
+		// get allow download album
+		$value = csSYNOPhotoDB::GetDBInstance()->GetConfig('photo', 'allow_album_download');
+		$resp['allow_download_album'] = ('on' === $value) ? true : false;
+		// #2253 - reserve these two key for compatibility with DS photo+ which is using webapi already
+		$resp['allow_download_orig'] = $resp['allow_download_album'];
+		$resp['allow_download_video'] = $resp['allow_download_album'];
+
+		// get allow download video
+		/*
+		$value = csSYNOPhotoMisc::GetConfigDB('photo', 'allow_video_download', 'photo_config');
+		$resp['allow_download_video'] = ('on' === $value) ? true : false;
+		*/
+
+		// get disable right button
+		$value = csSYNOPhotoMisc::GetConfigDB('photo', 'disable_right_button', 'photo_config');
+		$resp['disable_right_button'] = ('on' === $value) ? true : false;
+
+        // get allow search
+        $value = csSYNOPhotoMisc::GetConfigDB("photo", "hide_search", "photo_config");
+        $resp['hide_search'] = ('on' === $value) ? true : false;
+
+        // get hide gps info from normal user
+        $value = csSYNOPhotoMisc::GetConfigDB("photo", "hide_gps_from_normal_user", "photo_config");
+        $resp['hide_gps_from_normal_user'] = ('on' === $value) ? true : false;
+
+        // get allow rss feed
+        $value = csSYNOPhotoMisc::GetConfigDB("photo", "hide_rss_feed", "photo_config");
+        $resp['hide_rss_feed'] = ('on' === $value) ? true : false;
+
+        // get enable blog
+        $resp['enable_blog'] = csSYNOPhotoMisc::IsBlogEnabled();
+ 
+		$resp['external_host'] = csSYNOPhotoMisc::GetServerHost();
+		$resp['external_host_quickconnect'] = csSYNOPhotoMisc::GetServerHost(true);
+		$resp['external_host_external_ip'] = csSYNOPhotoMisc::GetServerHost(true, true);
+		$resp['allow_social_share'] = !("on" == csSYNOPhotoDB::GetDBInstance()->GetConfig("photo", "disable_share"));
+		$resp['allow_social_upload'] = ("on" == csSYNOPhotoMisc::GetConfigDB("photo", "allow_guest_fb_upload", "photo_config")); // means user actually...
+		$resp['allow_social_upload_guest'] = $resp['allow_social_upload'] && ("on" == csSYNOPhotoMisc::GetConfigDB("photo", "allow_social_network_upload_guest", "photo_config")); // real guest...
+		$resp['social_network_list'] = SocialNetwork::ReadList();
+
+        // get virtual album (people, geo, desc tag)
+        $tag['people_tag'] = $tag['geo_tag'] = $tag['desc_tag'] = false;
+        if ('on' === ($value = csSYNOPhotoMisc::GetConfigDB("photo", "person_label_album", "photo_config"))) {
+            $tag['people_tag'] = true;
+        }
+        if ('on' === ($value = csSYNOPhotoMisc::GetConfigDB("photo", "place_label_album", "photo_config"))) {
+            $tag['geo_tag'] = true;
+        }
+        if ('on' === ($value = csSYNOPhotoMisc::GetConfigDB("photo", "general_label_album", "photo_config"))) {
+            $tag['desc_tag'] = true;
+        }
+        $resp['virtual_tag'] = $tag;
+
+        // get default get location
+        $value = csSYNOPhotoMisc::GetConfigDB("gmap", "gps_default", "photo_config");
+        $location['lat'] = $location['lng'] = '';
+        $arr = explode(',', $value);
+        if (2 === count($arr)) {
+            $location['lat'] = $arr[0];
+            $location['lng'] = $arr[1];
+        }
+        $resp['default_geo_location'] = $location;
+
+        // get home category
+        $resp['home_category'] = csSYNOPhotoMisc::GetConfigDB("album", "home_category", "photo_config");
+
+        // get default album type
+        $resp['default_album_public'] = false;
+        if (isSet($_SESSION[SYNOPHOTO_ADMIN_USER]['system_config']['pkgCfg']['albumdefpublic']) &&
+            'yes' == $_SESSION[SYNOPHOTO_ADMIN_USER]['system_config']['pkgCfg']['albumdefpublic']) {
+            $resp['default_album_public'] = true;
+        }
+
+        // get disable_aboutme
+        $resp['disable_aboutme'] = 'on' === csSYNOPhotoMisc::GetConfigDB("photo", "disable_aboutme", "photo_config") ? true : false;
+
+        $resp['show_album_hit'] = "off" === csSYNOPhotoMisc::GetConfigDB("photo", "show_album_hit", "photo_config") ? false : true;
+
+        $resp['use_dsm_account'] = ("1" === csSYNOPhotoMisc::GetConfigDB("global", "account_system", "photo_config"));
+
+        $resp['collapse_left_panel'] = 'on' === csSYNOPhotoMisc::GetConfigDB("photo", "collapse_left_panel", "photo_config") ? true : false;
+        $resp['hide_lightbox_information'] = 'on' === csSYNOPhotoMisc::GetConfigDB("photo", "hide_lightbox_information", "photo_config") ? true : false;
+		$resp['use_pop_window_to_edit_desc'] = 'on' === csSYNOPhotoMisc::GetConfigDB("photo", "use_pop_window_to_edit_desc", "photo_config") ? true : false;
+		$resp['def_album_disable_conversion'] = 'on' === csSYNOPhotoMisc::GetConfigDB("photo", "def_album_disable_conversion", "photo_config") ? true : false;
+
+        $this->SetResponse($resp);
+    }
+}
+
+$api = new InfoAPI();
+$api->Run();
+
+?>

PhotoStation API/webapi/log.inc.php

@@ -0,0 +1,6 @@
+<?
+	require_once("../include/syno_conf.php");
+	require_once(dirname(__FILE__).'/webapi.inc.php');
+	require_once('../include/log.php');
+	require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/log.php

@@ -0,0 +1,154 @@
+<?php
+require_once('log.inc.php');
+
+class PhotoLogAPI extends WebAPI {
+	private $operationPemission = "admin";
+
+	function __construct() {
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		if (!strcasecmp($this->method, "list")) {
+			$this->LogList();
+		} else if (!strcasecmp($this->method, "clear")) {
+			$this->Clear();
+		} else if (!strcasecmp($this->method, "export")) {
+			$this->Export();
+		}
+	}
+
+	private function LogList()
+	{
+		$resp = array();
+
+		$params = $this->GetParams_List();
+		if (!$params) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		$res = PhotoLog::ListItem($params['offset'], $params['limit']);
+
+		$resp['items'] = $res['data'];
+		$resp['total'] = $res['total'];
+        $offset = (0 > (int)$params['limit']) ? $resp['total'] : $params['offset'] + $params['limit'];
+        $resp['offset'] = ($offset > $resp['total']) ?  $resp['total'] : $offset;
+
+		$this->SetResponse($resp);
+	End:
+		return;
+	}
+
+	private function Clear()
+	{
+		$params = $this->GetParams_Clear();
+		if (!$params) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		PhotoLog::Clear($params['user']);
+
+	End:
+		return;
+	}
+
+	private function Export()
+	{
+		$params = $this->GetParams_Export();
+		if (!$params) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		PhotoLog::ExportFile($params['format']);
+
+	End:
+		return;
+	}
+
+	private function GetParams_List()
+	{
+		// $variable + 0 => convert to integer
+		$params = array(
+			'offset' => !isset($_REQUEST['offset']) || $_REQUEST['offset'] < 0 ? 0 : $_REQUEST['offset'] + 0,
+			'limit' => !isset($_REQUEST['limit']) || $_REQUEST['limit'] < 0 ? NULL : $_REQUEST['limit'] + 0
+		);
+		return $params;
+	}
+
+	private function GetParams_Export()
+	{
+		$format = strtolower($_REQUEST['format']);
+		if (!in_array($format, PhotoLog::$SupportFormat)) {
+			return false;
+		}
+
+		return array("format" => $format);
+	}
+
+	private function GetParams_Clear()
+	{
+		$user = $this->GetUser();
+
+		if (!$user) {
+			return false;
+		}
+
+		return array("user" => $user);
+	}
+
+	private function GetUser()
+	{
+		$user = false;
+
+		if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'])) {
+			$user = $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'];
+		} else if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+			$user = ("root" === SYNOPHOTO_ADMIN_USER)? "admin" : SYNOPHOTO_ADMIN_NAME;
+		}
+		return $user;
+	}
+
+	protected function CheckPermission()
+	{
+		$res = true;
+		$check = array(
+			"list" => $this->operationPemission,
+			"clear" => $this->operationPemission,
+			"export" => $this->operationPemission
+		);
+
+		if (!array_key_exists($this->method, $check)) {
+			goto End;
+		}
+
+		$funcName = "check_".$check[$this->method];
+
+		if (!method_exists($this, $funcName)) {
+			$res = false;
+			goto End;
+		}
+
+		$res = $this->$funcName();
+
+	End:
+		if (!$res) {
+			$this->SetError(PHOTOSTATION_LOG_ACCESS_DENY);
+		}
+		return $res;
+	}
+
+	private function check_admin()
+	{
+		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+		csSYNOPhotoMisc::CheckSessionTimeOut();
+		return isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+	}
+}
+$api = new PhotoLogAPI();
+$api->Run();
+
+?>

PhotoStation API/webapi/path.inc.php

@@ -0,0 +1,7 @@
+<?
+    require_once("../include/syno_conf.php");
+	require_once(dirname(__FILE__).'/webapi.inc.php');
+	require_once(SZ_WEBAPI_CLASS_PATH);
+	require_once('albumutil.php');
+	require_once('../include/item_label.php');
+	require_once('../include/label.php');

PhotoStation API/webapi/path.php

@@ -0,0 +1,383 @@
+<?
+require_once('path.inc.php');
+
+class PathAPI extends WebAPI {
+	private $isAdmin = false;
+	private $validIdPrefix = array(
+						// array( getIDFunction, GetDBObjectFunc, CheckPermission, HasItemFunc, Formula)
+		'defaultsmart' => array('GetId', null, null, null, null),
+		'smart' => array('GetName', 'SmartAlbum::GetByNames', null, 'SmartHasItem', 'Decorator::SmartFormula'),
+		'tag' => array('GetId', 'Label::GetByIds', null, 'TagHasItem', 'Decorator::TagFormula'),
+		'album' => array('GetName', 'Album::GetBySharename', 'AlbumAccessible', 'AlbumHasItem', 'Decorator::AlbumFormula'),
+		'category' => array('GetId', 'Category::GetByIds', 'CategoryAccessible', 'CategoryHasItem', 'Decorator::CategoryFormula'),
+		'photo' => array('GetItemName', 'File::GetPhotoByDBPath', 'ItemAccessible', 'HasNoItem', 'Decorator::PhotoFormula'),
+		'video' => array('GetItemName', 'File::GetVideoByDBPath', 'ItemAccessible', 'HasNoItem', 'Decorator::VideoFormula')
+	);
+
+	function __construct() {
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		if (!strcasecmp($this->method, "getpath")) {
+			$this->GetPath();
+		} else if (!strcasecmp($this->method, "checkpath")) {
+			$this->CheckPath();
+		}
+	}
+
+	private function GetPath()
+	{
+		$param = $this->GetParam_GetPath();
+		$items = array();
+		if (!$param) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+		$items[] = AlbumAPIUtil::GetRootAlbumInfo($param);
+		if (0 !== count($param['sharepath'])) {
+			$result = Album::GetBySharename($param['sharepath']);
+
+			$allowComment = AlbumAPIUtil::IsAlbumCommentalbGlobal();
+			$showAlbumHit = AlbumAPIUtil::IsShowAlbumHit();
+			$needThumbSize = in_array('thumb_size', $param['additional']);
+
+			foreach ($param['sharepath'] as $sharepath) {
+				$item = array();
+
+				$item = Decorator::AlbumFormula($result[$sharepath], array(
+					'allowComment' => $allowComment,
+					'showAlbumHit' => $showAlbumHit,
+					'param'		   => $param,
+					'needThumbSize' => $needThumbSize
+				));
+
+				$items[] = $item;
+			}
+		}
+
+		$resp = array(
+			'items' => $items,
+			'total' => count($items)
+		);
+		$this->SetResponse($resp);
+	End:
+		return;
+	}
+
+	private function GetParam_GetPath()
+	{
+		if (!isset($_REQUEST['id'])){
+			return false;
+		}
+		if (preg_match('/^(photo|video)_/', $_REQUEST['id'])) {
+			$ids = explode("_", $_REQUEST['id']);
+			$path = @pack("H*", $ids[1]) .'/'. @pack("H*", $ids[2]);
+		} else {
+			$path = $this->DecodeItemId($_REQUEST['id'], '_');
+		}
+
+		if (false === $path) {
+			return false;
+		}
+		$dir = pathinfo($path, PATHINFO_DIRNAME);;
+		$dirs = array();
+		while (!in_array($dir, array('.', '', '/'), true)) {
+			$dirs[] = $dir;
+			$dir = pathinfo($dir, PATHINFO_DIRNAME);
+		}
+		$param = array(
+			'additional' => explode(',', $_REQUEST['additional']),
+			'sharepath' => array_reverse($dirs),
+			'ignore' => explode(',', $_REQUEST['ignore'])
+		);
+
+		return $param;
+	}
+
+	private function CheckPath()
+	{
+		$param = $this->GetParam_CheckPath();
+		if (!$param) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		$allowComment = AlbumAPIUtil::IsAlbumCommentalbGlobal();
+		$showAlbumHit = AlbumAPIUtil::IsShowAlbumHit();
+		$needThumbSize = in_array('thumb_size', $param['additional']);
+
+		$previous = false;
+		$items = array();
+		$formedItem = array();
+		$last_token = end($param['validToken']);
+
+		foreach ($param['validToken'] as $token => $value) {
+			$type = $value['type'];
+			$id = $value['id'];
+			list($idProcessFunc, $GetObjFunc, $permissionFunc, $hasItemFunc, $formula) = $this->validIdPrefix[$type];
+			if (!$GetObjFunc) {
+				continue;
+			}
+			$id = $this->$idProcessFunc($id);
+			if (in_array($type, array('photo', 'video'))) {
+				$objs = call_user_func($GetObjFunc, array($id['dbPath']));
+				$item = $objs[$id['dbPath']];
+			} else {
+				$objs = call_user_func($GetObjFunc, array($id));
+				$item = $objs[$id];
+			}
+
+			if (!$item) {
+				$this->SetError(array(PHOTOSTATION_PATH_ACCESS_DENY));
+				goto End;
+			}
+
+			$items[$token] = array(
+				'id' => $token,
+				'type' => $type,
+				'info' => $item
+			);
+
+			// check current permission
+			if ($permissionFunc) {
+				$code = $this->$permissionFunc($item);
+				if ($type === 'album') {
+					if ($code === WEBAPI_ERR_NONE && !$previousCode) {
+						$previousToken = $previousCode = null;
+					} else if ($last_token != $value && in_array($code, array(PHOTOSTATION_ALBUM_NO_ACCESS_RIGHT, PHOTOSTATION_ALBUM_PASSWORD_ERROR)) && !$previousCode) {
+						$previousCode = $code;
+						$previousToken = $token;
+
+					// password -> public / private
+					} else if ($code === PHOTOSTATION_ALBUM_NO_ACCESS_RIGHT && $previousCode === PHOTOSTATION_ALBUM_PASSWORD_ERROR) {
+						// password -> public
+						if ($item['public']) {
+							$this->SetError(array($previousCode, $previousToken));
+							goto End;
+
+						// password -> private
+						} else {
+							$this->SetError(array($code, $token));
+							goto End;
+						}
+
+					// private/password -> password (error)
+					} else if ($code === PHOTOSTATION_ALBUM_PASSWORD_ERROR &&
+						in_array($previousCode, array(PHOTOSTATION_ALBUM_NO_ACCESS_RIGHT, PHOTOSTATION_ALBUM_PASSWORD_ERROR))) {
+						$this->SetError(array($code, $token));
+						goto End;
+
+					// private/password -> password (passed)
+					} else if ($code == WEBAPI_ERR_NONE && $previousCode && $item['password']) {
+						$previousCode = $previousToken = null;
+
+					// private -> public
+					} else if ($code == WEBAPI_ERR_NONE && $previousCode && $this->NotPasswordAlbum($item)) {
+						$this->SetError(array($previousCode, $previousToken));
+						goto End;
+					} else if ($code !== WEBAPI_ERR_NONE) {
+						$this->SetError(array($code, $token));
+						goto End;
+					}
+				} else {
+					if ($previousCode) {
+						$this->SetError(array($previousCode, $previousToken));
+						goto End;
+					}
+					if ($code !== WEBAPI_ERR_NONE) {
+						$this->SetError(array($code, $token));
+						goto End;
+					}
+				}
+			}
+			
+			// check previous and current valid
+			if ($previous) {
+				$parentObj = $items[$previous];
+				$parentFunc = $this->validIdPrefix[$parentObj['type']];
+
+				// check previous has current
+				$hasItemFunc = $parentFunc[3];
+				if ($hasItemFunc && !$this->$hasItemFunc($parentObj['info'], $type, $id, $item)) {
+					$this->SetError(array(PHOTOSTATION_PATH_ACCESS_DENY));
+					goto End;
+				}
+			}
+			if ($formula) {
+				$formedItem[$token] = call_user_func($formula, $item, array(
+						'allowComment' => $allowComment,
+						'showAlbumHit' => $showAlbumHit,
+						'param'		   => $param,
+						'id'		   => $token,
+						'needThumbSize' => $needThumbSize
+					)
+				);
+			} else {
+				$formedItem[$token] = $items[$token];
+			}
+			$previous = $token;
+		}
+
+		$result = array();
+		foreach ($param['tokens'] as $token) {
+			if ($formedItem[$token]) {
+				$result[] = $formedItem[$token];
+			} else {
+				$result[] = array(
+					"id" => $token
+				);
+			}
+		}
+        $resp['total'] = count($result);
+		$resp['items'] = $result;
+        $this->SetResponse($resp);
+	End:
+		return;
+	}
+	private function ItemAccessible($obj)
+	{
+		$relativePath = substr($obj['path'], strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+		$dirname = pathinfo($relativePath, PATHINFO_DIRNAME);
+		$sharename = '.' === $dirname ? '/' : $dirname;
+		$accessible = csSYNOPhotoMisc::CheckAlbumAccessible($sharename);
+		return $accessible ? WEBAPI_ERR_NONE : PHOTOSTATION_PHOTO_ACCESS_DENY;
+	}
+
+	private function AlbumAccessible($obj)
+	{
+		$sharename = $obj['sharename'];
+		$accessible = csSYNOPhotoMisc::CheckAlbumAccessible($sharename);
+		if ($obj['password'] && !$accessible) {
+			return PHOTOSTATION_ALBUM_PASSWORD_ERROR;
+		} else if (!$accessible) {
+			return PHOTOSTATION_ALBUM_NO_ACCESS_RIGHT;
+		}
+		return WEBAPI_ERR_NONE;
+	}
+
+	private function CategoryAccessible($obj)
+	{
+		if ($obj['hidden'] && !$this->isAdmin) {
+			return PHOTOSTATION_CATEGORY_ACCESS_DENY;
+		}
+		return WEBAPI_ERR_NONE;
+	}
+
+	private function SmartHasItem($parentObj, $itemType, $itemId, $itemObj)
+	{
+		$itemlist = SmartAlbum::GetSmartAlbumInstance()->GetItemsInSmartAlbum($parentObj, "filename", "asc", 0, -1);
+		foreach ($itemlist as $item) {
+			if ($item['id'] === $itemObj['id']) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	private function TagHasItem($parentObj, $itemType, $itemId, $itemObj)
+	{
+		if ('photo' === $itemType) {
+			$item = ItemLabel::GetByItemKeyLabelId($itemObj['id'], $parentObj['id'], true);
+		} else if ('video' === $itemType) {
+			$item = ItemLabel::GetByItemKeyLabelId($itemObj['path'], $parentObj['id'], false);
+		} else {
+			return false;
+		}
+
+		return $item ? true : false;
+	}
+
+	private function AlbumHasItem($parentObj, $itemType, $itemId, $itemObj)
+	{
+		if (in_array($itemType, array('photo', 'video'))) {
+			return $itemObj['shareid'] === $parentObj['shareid'];
+		}
+		return Album::HasItem($parentObj['sharename'], $itemObj['sharename']);
+	}
+
+	private function CategoryHasItem($parentObj, $itemType, $itemId, $itemObj)
+	{
+		if ('album' === $itemType) {
+			return Category::HasItem($parentObj['id'], $itemType, $itemObj['shareid']);
+		}
+		return Category::HasItem($parentObj['id'], $itemType, $itemId);
+	}
+
+	private function HasNoItem($parentObj, $itemType, $itemId, $itemObj)
+	{
+		return false;
+	}
+
+	private function GetParam_CheckPath()
+	{
+		$param = array();
+
+		if(!isset($_REQUEST['token'])) {
+			return false;
+		}
+
+		$tokens = split('/', $_REQUEST['token']);
+
+		$validTokens = array();
+		foreach($tokens as $token) {
+			$token = trim($token);
+			if (!$token) {
+				continue;
+			}
+
+			$parts = explode('_', $token, 2);
+			if (2 > count($parts) || !array_key_exists($parts[0], $this->validIdPrefix)) {
+				continue;
+			}
+			$validTokens[$token] = array(
+				'type' => $parts[0],
+				'id' => $parts[1]
+			);
+		}
+
+		$param = array(
+			'tokens' => $tokens,
+			'validToken' => $validTokens,
+			'ignore' => explode(',', $_REQUEST['ignore']),
+			'additional' => explode(',', $_REQUEST['additional'])
+		);
+
+		return $param;
+	}
+
+
+	private function GetId ($id) {
+		return $id;
+	}
+
+	private function GetName ($id) {
+		return @pack('H*', $id);
+	}
+
+	private function GetItemName ($id) {
+		$parts = split('_', $id);
+		$sharename = $this->GetName($parts[0]);
+		$filename = $this->GetName($parts[1]);
+		return array(
+			'sharename' => $sharename,
+			'filename'	=> $filename,
+			'dbPath' => SYNOPHOTO_SERVICE_REAL_DIR_PATH. ('/' === $sharename ? '': "$sharename/"). $filename
+		);
+	}
+
+	private function NotPasswordAlbum ($item) {
+		return !$item['password'];
+	}
+
+	protected function CheckPermission()
+	{
+		$this->isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+		return true;
+	}
+}
+
+$api = new PathAPI();
+$api->Run();
+

PhotoStation API/webapi/permission.conf.php

@@ -0,0 +1,2 @@
+<?php
+	define('PERMISSION_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__) . '/webapi.inc.php');

PhotoStation API/webapi/permission.inc.php

@@ -0,0 +1,7 @@
+<?php
+	require_once('permission.conf.php');
+	require_once("../include/syno_conf.php");
+
+	require_once(SYNOPHOTO_INCLUDE_ALBUM_UTIL);
+	require_once(PERMISSION_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+	require_once(SZ_WEBAPI_CLASS_PATH);

PhotoStation API/webapi/permission.php

@@ -0,0 +1,872 @@
+<?PHP
+
+require_once('permission.inc.php');
+
+class PermissionAPI extends WebAPI
+{
+	function __construct()
+	{
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		/* if not admin, returns directly */
+		csSYNOPhotoMisc::CheckSessionTimeOut();
+
+		if (!strcasecmp($this->method, "getalbum")) {
+			$this->GetAlbum();
+		}
+		if (!strcasecmp($this->method, "editalbum")) {
+			$this->EditAlbum();
+		}
+		if (!strcasecmp($this->method, "editgroup")) {
+			$this->EditGroup();
+		}
+		if (!strcasecmp($this->method, "list_public_share")) {
+			$this->ListPublicShare();
+		}
+		if (!strcasecmp($this->method, "edit_public_share")) {
+			$this->EditPublicShare();
+		}
+	}
+
+	private function GetAlbum()
+	{
+		$ret = false;
+		$resp = array();
+
+		if (!isset($_REQUEST['type'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+		/* set params */
+		if (!isset($_REQUEST['id']) || '' === $_REQUEST['id'] || 'album_' === $_REQUEST['id']) {
+			$albumName = '';
+		} else {
+			$id_arr = explode('_', $_REQUEST['id']);
+			if ('album' == $id_arr[0] && 2 === count($id_arr)) {
+				$albumName = @pack('H*', $id_arr[1]);
+			} else {
+				$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+				goto End;
+			}
+		}
+
+		$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . ("/" === $albumName ? "" : $albumName);
+
+		if (!csSynoPhotoMisc::CheckPathValid($path)) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		if (!file_exists($path)) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		$start = isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0;
+		$limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : 15;
+		$search = isset($_REQUEST['query']) ? $_REQUEST['query'] : '';
+
+		$needUsr = strstr($_REQUEST['type'], 'user_permission') ? true : false;
+		$needGrp = strstr($_REQUEST['type'], 'group_permission') ? true : false;
+		if (!$needUsr && !$needGrp) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		if ($needUsr) {
+			$resp['user_permission'] = array();
+			if (false === ($data = $this->GetAlbumUserData($albumName, $start, $limit, $search))) {
+				$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+				goto End;
+			}
+			$users = $data['all'];
+			foreach ($users as $row) {
+				$user = null;
+				$user['id'] = $row['userid'];
+				$user['name'] = $row['username'];
+				$user['description'] = $row['description'];
+				$user['disabled'] = $row['disabled'];
+
+				$pObj = null;
+				$pObj['browse'] = $row['browse'];
+				$pObj['upload'] = $row['upload'];
+				$pObj['manage'] = $row['manage'];
+
+				$user['permission'] = $pObj;
+				$resp['user_permission'][] = $user;
+			}
+			$resp['total_user_count'] = $data['totalCount'];
+		}
+
+		if ($needGrp) {
+			$resp['group_permission'] = array();
+			if (false === ($data = $this->GetAlbumGroupData($albumName, $start, $limit, $search))) {
+				$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+				goto End;
+			}
+			$groups = $data['all'];
+			foreach ($groups as $row) {
+				$group = null;
+				$group['id'] = $row['groupid'];
+				$group['name'] = $row['groupname'];
+				$group['description'] = $row['description'];
+				$group['disabled'] = $row['disabled'];
+
+				$pObj = null;
+				$pObj['browse'] = $row['browse'];
+				$pObj['upload'] = $row['upload'];
+				$pObj['manage'] = $row['manage'];
+
+				$group['permission'] = $pObj;
+				$resp['group_permission'][] = $group;
+			}
+			$resp['total_group_count'] = $data['totalCount'];
+		}
+
+		$this->SetResponse($resp);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function EditAlbum()
+	{
+		$ret = false;
+
+		/* set params */
+		if (!isset($_REQUEST['id']) || '' === $_REQUEST['id'] || 'album_' === $_REQUEST['id']) {
+			$albumName = '/';
+		} else {
+			$id_arr = explode('_', $_REQUEST['id']);
+			if ('album' == $id_arr[0] && 2 === count($id_arr)) {
+				$albumName = @pack('H*', $id_arr[1]);
+			} else {
+				$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+				goto End;
+			}
+		}
+
+		/* set user modified list */
+		$userBrowseDelete = isset($_REQUEST['user_browse_delete']) ? $_REQUEST['user_browse_delete'] : '';
+		$userUploadDelete = isset($_REQUEST['user_upload_delete']) ? $_REQUEST['user_upload_delete'] : '';
+		$userManageDelete = isset($_REQUEST['user_manage_delete']) ? $_REQUEST['user_manage_delete'] : '';
+		$userBrowseAdd = isset($_REQUEST['user_browse_add']) ? $_REQUEST['user_browse_add'] : '';
+		$userUploadAdd = isset($_REQUEST['user_upload_add']) ? $_REQUEST['user_upload_add'] : '';
+		$userManageAdd = isset($_REQUEST['user_manage_add']) ? $_REQUEST['user_manage_add'] : '';
+		/* set group modified list */
+		$groupBrowseDelete = isset($_REQUEST['group_browse_delete']) ? $_REQUEST['group_browse_delete'] : '';
+		$groupUploadDelete = isset($_REQUEST['group_upload_delete']) ? $_REQUEST['group_upload_delete'] : '';
+		$groupManageDelete = isset($_REQUEST['group_manage_delete']) ? $_REQUEST['group_manage_delete'] : '';
+		$groupBrowseAdd = isset($_REQUEST['group_browse_add']) ? $_REQUEST['group_browse_add'] : '';
+		$groupUploadAdd = isset($_REQUEST['group_upload_add']) ? $_REQUEST['group_upload_add'] : '';
+		$groupManageAdd = isset($_REQUEST['group_manage_add']) ? $_REQUEST['group_manage_add'] : '';
+
+		/* get the album info first */
+		$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $albumName;
+
+		if (!csSynoPhotoMisc::CheckPathValid($path)) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		if (!file_exists($path)) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+		$query = "SELECT shareid, sharename, public, password FROM photo_share WHERE sharename = ?";
+		$db_result = PHOTO_DB_Query($query, array($albumName));
+		if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		/* get album type, 0 for public, 1 for private, 2 for password */
+		if (PHOTO_DB_IsTrue($row['public'])) {
+			$type = 0;
+		} elseif ('' === $row['password']) {
+			$type = 1;
+		} else {
+			$type = 2;
+		}
+		$shareid = $row['shareid'];
+		$sharename = $row['sharename'];
+
+		switch ($type) {
+			case 0:
+				/* update for user permission */
+				/* add/delete self upload right */
+				SYNOPHOTO_ADMIN_AddAccessRightByShareid($shareid, $userUploadAdd, PHOTO_UPLOAD_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_DeleteAccessRightByShareid($shareid, $userUploadDelete, PHOTO_UPLOAD_RIGHT_TABLE);
+				/* add/delete self manage right */
+				SYNOPHOTO_ADMIN_AddAccessRightByShareid($shareid, $userManageAdd, PHOTO_MANAGE_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_DeleteAccessRightByShareid($shareid, $userManageDelete, PHOTO_MANAGE_RIGHT_TABLE);
+				/* add child browse, upload, manage rights for manager */
+				SYNOPHOTO_ADMIN_AddChildRightBySharename($sharename, $userManageAdd, PHOTO_MANAGE_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_AddChildRightBySharename($sharename, $userManageAdd, PHOTO_UPLOAD_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_AddChildRightBySharename($sharename, $userManageAdd, PHOTO_ACCESS_RIGHT_TABLE);
+				/* delete parent's manage right */
+				SYNOPHOTO_ADMIN_DeleteParentRightBySharename($sharename, $userManageDelete, PHOTO_MANAGE_RIGHT_TABLE);
+
+				/* update for group permission */
+				$this->AddGroupPermission($shareid, $groupBrowseAdd, 1);
+				$this->AddGroupPermission($shareid, $groupUploadAdd, 2);
+				$this->AddGroupPermission($shareid, $groupManageAdd, 4);
+				$this->DeleteGroupPermission($shareid, $groupBrowseDelete, 1);
+				$this->DeleteGroupPermission($shareid, $groupUploadDelete, 2);
+				$this->DeleteGroupPermission($shareid, $groupManageDelete, 4);
+
+				$this->AddChildGroupRightBySharename($sharename, $groupManageAdd, 1);
+				$this->AddChildGroupRightBySharename($sharename, $groupManageAdd, 2);
+				$this->AddChildGroupRightBySharename($sharename, $groupManageAdd, 4);
+				$this->DeleteParentGroupRightBySharename($sharename, $groupManageDelete, 4);
+
+				break;
+			case 1:
+				/* add/delete self browse right */
+				SYNOPHOTO_ADMIN_AddAccessRightByShareid($shareid, $userBrowseAdd, PHOTO_ACCESS_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_DeleteAccessRightByShareid($shareid, $userBrowseDelete, PHOTO_ACCESS_RIGHT_TABLE);
+				/* add/delete self upload right */
+				SYNOPHOTO_ADMIN_AddAccessRightByShareid($shareid, $userUploadAdd, PHOTO_UPLOAD_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_DeleteAccessRightByShareid($shareid, $userUploadDelete, PHOTO_UPLOAD_RIGHT_TABLE);
+				/* add/delete self manage right */
+				SYNOPHOTO_ADMIN_AddAccessRightByShareid($shareid, $userManageAdd, PHOTO_MANAGE_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_DeleteAccessRightByShareid($shareid, $userManageDelete, PHOTO_MANAGE_RIGHT_TABLE);
+				/* add child browse, upload, manage rights for manager */
+				SYNOPHOTO_ADMIN_AddChildRightBySharename($sharename, $userManageAdd, PHOTO_MANAGE_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_AddChildRightBySharename($sharename, $userManageAdd, PHOTO_UPLOAD_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_AddChildRightBySharename($sharename, $userManageAdd, PHOTO_ACCESS_RIGHT_TABLE);
+				/* delete parent's manage right */
+				SYNOPHOTO_ADMIN_DeleteParentRightBySharename($sharename, $userManageDelete, PHOTO_MANAGE_RIGHT_TABLE);
+				/* delete child's browse right */
+				SYNOPHOTO_ADMIN_DeleteChildRightBySharename($sharename, $userBrowseDelete, PHOTO_ACCESS_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_DeleteChildRightBySharename($sharename, $userBrowseDelete, PHOTO_UPLOAD_RIGHT_TABLE);
+				SYNOPHOTO_ADMIN_DeleteChildRightBySharename($sharename, $userBrowseDelete, PHOTO_MANAGE_RIGHT_TABLE);
+
+				/* update for group permission */
+				$this->AddGroupPermission($shareid, $groupBrowseAdd, 1);
+				$this->AddGroupPermission($shareid, $groupUploadAdd, 2);
+				$this->AddGroupPermission($shareid, $groupManageAdd, 4);
+				$this->DeleteGroupPermission($shareid, $groupBrowseDelete, 1);
+				$this->DeleteGroupPermission($shareid, $groupUploadDelete, 2);
+				$this->DeleteGroupPermission($shareid, $groupManageDelete, 4);
+
+				$this->AddChildGroupRightBySharename($sharename, $groupManageAdd, 1);
+				$this->AddChildGroupRightBySharename($sharename, $groupManageAdd, 2);
+				$this->AddChildGroupRightBySharename($sharename, $groupManageAdd, 4);
+				$this->DeleteParentGroupRightBySharename($sharename, $groupManageDelete, 4);
+				$this->DeleteChildGroupRightBySharename($sharename, $groupBrowseDelete, 1);
+				$this->DeleteChildGroupRightBySharename($sharename, $groupBrowseDelete, 2);
+				$this->DeleteChildGroupRightBySharename($sharename, $groupBrowseDelete, 4);
+
+				break;
+			case 2:
+				/* remove all permissions if album is password */
+				$query = "Delete from " . PHOTO_ACCESS_RIGHT_TABLE . " where shareid = ".$shareid;
+				PHOTO_DB_Query($query);
+				$query = "Delete from " . PHOTO_UPLOAD_RIGHT_TABLE . " where shareid = ".$shareid;
+				PHOTO_DB_Query($query);
+				$query = "Delete from " . PHOTO_MANAGE_RIGHT_TABLE . " where shareid = ".$shareid;
+				PHOTO_DB_Query($query);
+
+				/* update for group permission */
+				$query = "DELETE FROM " . PHOTO_GROUP_PERMISSION_TABLE . " WHERE shareid = " . $shareid;
+				PHOTO_DB_Query($query);
+
+				break;
+		}
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function EditGroup()
+	{
+		$ret = false;
+
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+		$gid = $_REQUEST['id'];
+
+		/* set album modified list */
+		$albumBrowseDelete = isset($_REQUEST['album_browse_delete']) ? $_REQUEST['album_browse_delete'] : '';
+		$albumUploadDelete = isset($_REQUEST['album_upload_delete']) ? $_REQUEST['album_upload_delete'] : '';
+		$albumManageDelete = isset($_REQUEST['album_manage_delete']) ? $_REQUEST['album_manage_delete'] : '';
+		$albumBrowseAdd = isset($_REQUEST['album_browse_add']) ? $_REQUEST['album_browse_add'] : '';
+		$albumUploadAdd = isset($_REQUEST['album_upload_add']) ? $_REQUEST['album_upload_add'] : '';
+		$albumManageAdd = isset($_REQUEST['album_manage_add']) ? $_REQUEST['album_manage_add'] : '';
+
+		$this->AddAlbumPermission($gid, $albumBrowseAdd, 1);
+		$this->AddAlbumPermission($gid, $albumUploadAdd, 2);
+		$this->AddAlbumPermission($gid, $albumManageAdd, 4);
+		$this->DeleteAlbumPermission($gid, $albumManageDelete, 4);
+		$this->DeleteAlbumPermission($gid, $albumUploadDelete, 2);
+		$this->DeleteAlbumPermission($gid, $albumBrowseDelete, 1);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function GetAlbumUserData($sharename, $start = 0, $limit = 15, $search = '')
+	{
+		/* edit sharename for root album */
+		if ('' === $sharename) {
+			$sharename = '/';
+		}
+		$query = "SELECT * FROM photo_share WHERE sharename = ?";
+		$db_result = PHOTO_DB_Query($query, array($sharename));
+		if ($row = PHOTO_DB_FetchRow($db_result)) {
+			$shareid = $row['shareid'];
+			$isPublic = ('t' == $row['public']);
+		} else {
+			return false;
+		}
+
+		$parentid = null;
+		/* find the nearest private parent */
+		if (false !== strstr($sharename, '/')) {
+			$parent = substr($sharename, 0, strpos($sharename, "/"));
+			$query = "SELECT * FROM photo_share WHERE sharename = ?";
+			$db_result = PHOTO_DB_Query($query, array($parent));
+			$row = PHOTO_DB_FetchRow($db_result);
+			if ('' == $row['password'] && PHOTO_DB_ConvertBool($row['public']) == 'f') {
+				// For parent albunm be privated
+				// Only users who have the permission of the parent album can be candidates of the second album.
+				// So we must filter them out
+				$parentid = $row['shareid'];
+			}
+		}
+
+		$users = $this->GetAllUsers($start, $limit, $search);
+		$result['totalCount'] = $users['totalCount'];
+		$result['all'] = array();
+
+		for ($i = $start; $i < $users['totalCount'] && $i < $start + $limit; $i++) {
+			$idx = $i - $start;
+			$result['all'][$idx]['disabled'] = 0;
+			if (null != $parentid) {
+				$query = "SELECT * FROM " . PHOTO_ACCESS_RIGHT_TABLE . " WHERE shareid = " . $parentid;
+				$query .= " AND userid = " . $users['all_users'][$idx]['userid'];
+				$db_result_parent = PHOTO_DB_Query($query);
+
+				// Only users who have the permission of the parent album can be candidates of the second album.
+				if (false === ($row_parent = PHOTO_DB_FetchRow($db_result_parent))) {
+					$result['all'][$idx]['disabled'] = 1;
+				}
+			}
+
+			$result['all'][$idx]['userid'] = $users['all_users'][$idx]['userid'];
+			$result['all'][$idx]['username'] = $users['all_users'][$idx]['username'];
+			$result['all'][$idx]['description'] = $users['all_users'][$idx]['description'];
+
+			/* check album access right */
+			$query = "SELECT * FROM " . PHOTO_ACCESS_RIGHT_TABLE . " WHERE shareid = " . $shareid;
+			$query .= " AND userid = " . $users['all_users'][$idx]['userid'];
+			$db_result = PHOTO_DB_Query($query);
+
+			$row = PHOTO_DB_FetchRow($db_result);
+			if (($row != null || $isPublic) && (0 == $result['all'][$idx]['disabled'])) {
+				$result['all'][$idx]['browse'] = 1;
+				$result['all'][$idx]['browse_orig'] = 1;
+			} else {
+				$result['all'][$idx]['browse'] = 0;
+				$result['all'][$idx]['browse_orig'] = 0;
+			}
+			/* check album upload right */
+			$query_2 = "Select * from " . PHOTO_UPLOAD_RIGHT_TABLE . " where shareid = " . $shareid;
+			$query_2 .= " and userid = " . $users['all_users'][$idx]['userid'];
+			$db_result_2 = PHOTO_DB_Query($query_2);
+
+			$row_2 = PHOTO_DB_FetchRow($db_result_2);
+			if ($row_2 != null) {
+				$result['all'][$idx]['upload'] = 1;
+				$result['all'][$idx]['upload_orig'] = 1;
+			} else {
+				$result['all'][$idx]['upload'] = 0;
+				$result['all'][$idx]['upload_orig'] = 0;
+			}
+			/* check album manage right */
+			$query_3 = "Select * from " . PHOTO_MANAGE_RIGHT_TABLE . " where shareid = " . $shareid;
+			$query_3 .= " and userid = " . $users['all_users'][$idx]['userid'];
+			$db_result_3 = PHOTO_DB_Query($query_3);
+
+			$row_3 = PHOTO_DB_FetchRow($db_result_3);
+			if ($row_3 != null) {
+				$result['all'][$idx]['manage'] = 1;
+				$result['all'][$idx]['manage_orig'] = 1;
+			} else {
+				$result['all'][$idx]['manage'] = 0;
+				$result['all'][$idx]['manage_orig'] = 0;
+			}
+		}
+		return $result;
+	}
+
+	private function GetAllUsers($start, $limit, $search)
+	{
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			return $this->GetAllDSMUser($start, $limit, $search);
+		}
+
+		$i = 0;
+		$limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $start);
+		$query = "SELECT * FROM photo_user WHERE admin = 'f' AND username LIKE ? ORDER BY username ASC $limitOffsetString";
+		$db_result = PHOTO_DB_Query($query, array("%$search%"));
+		while ($row = PHOTO_DB_FetchRow($db_result)) {
+			$result['all_users'][$i]['userid'] = $row['userid'];
+			$result['all_users'][$i]['username'] = $row['username'];
+			$result['all_users'][$i]['description'] = $row['description'];
+			$i++;
+		}
+		$query = "SELECT count(*) FROM photo_user WHERE admin = 'f' AND username LIKE ?";
+		$db_result = PHOTO_DB_Query($query, array("%$search%"));
+		$row = PHOTO_DB_FetchRow($db_result);
+		$result['totalCount'] = $row[0];
+		return $result;
+	}
+
+	private function GetAllDSMUser($start, $limit, $query = '')
+	{
+		$command = "/usr/syno/bin/synophoto_dsm_user --enum " . escapeshellarg($query);
+		@exec($command, $pListUserCount, $retval);
+		if (0 > $retval) {
+			$result['totalCount'] = 0;
+			return json_encode($result);
+		}
+		$result['totalCount'] = $pListUserCount[0];
+
+		/* get the order of user info */
+		$dir = "ASC";
+
+		/* modify start value to skip admin and guest */
+		if (isset($pListUserCount[1])) {
+			$result['totalCount'] --;
+			if ($pListUserCount[1] < $start) {
+				$start += 1;
+			}
+		}
+		if (isset($pListUserCount[2])) {
+			$result['totalCount'] --;
+			if ($pListUserCount[2] < $start) {
+				$start += 1;
+			}
+		}
+		/* modify limit value accoring to start value */
+		if (isset($pListUserCount[1])) {
+			if ($start <= $pListUserCount[1] && $pListUserCount[1] < $start + $limit) {
+				$limit += 1;
+			}
+		}
+		if (isset($pListUserCount[2])) {
+			if ($start <= $pListUserCount[2] && $pListUserCount[2] < $start + $limit) {
+				$limit += 1;
+			}
+		}
+
+		$command = "/usr/syno/bin/synophoto_dsm_user --enum " . escapeshellarg($start) . " " . escapeshellarg($limit) . " " . $dir . ":" . escapeshellarg($query);
+		@exec($command, $pListUserName, $retval);
+
+		if (0 !== $retval) {
+			$result['totalCount'] = 0;
+			return json_encode($result);
+		}
+
+		$i = 0;
+		$result['all_users'] = array();
+		foreach ($pListUserName as $user_str) {
+			$user_info = split(',', $user_str);
+			if ('guest' == $user_info[1] || 'admin' == $user_info[1]) {
+				continue;
+			}
+
+			$result['all_users'][$i]['userid'] = $user_info[0];
+			$result['all_users'][$i]['username'] = $user_info[1];
+			$result['all_users'][$i]['description'] = $user_info[2];
+			$result['all_users'][$i]['disable'] = ($user_info[3] == 'true') ? "t" : "f";
+			$result['all_users'][$i]['admin'] = ($user_info[5] == 1) ? "t" : "f";
+
+			$i++;
+		}
+
+		return $result;
+	}
+
+	private function GetAlbumGroupData($sharename, $start = 0, $limit = 15, $search = '')
+	{
+		/* edit sharename for root album */
+		if ('' === $sharename) {
+			$sharename = '/';
+		}
+		$query = "SELECT * FROM photo_share WHERE sharename = ?";
+		$db_result = PHOTO_DB_Query($query, array($sharename));
+		if ($row = PHOTO_DB_FetchRow($db_result)) {
+			$shareid = $row['shareid'];
+			$isPublic = ('t' == $row['public']);
+		} else {
+			return false;
+		}
+
+		$parentid = null;
+		/* find the nearest private parent */
+		if (false !== strstr($sharename, '/')) {
+			$parent = substr($sharename, 0, strpos($sharename, "/"));
+			$query = "SELECT * FROM photo_share WHERE sharename = ?";
+			$db_result = PHOTO_DB_Query($query, array($parent));
+			$row = PHOTO_DB_FetchRow($db_result);
+			if ('' == $row['password'] && PHOTO_DB_ConvertBool($row['public']) == 'f') {
+				// For parent albunm be privated
+				// Only users who have the permission of the parent album can be candidates of the second album.
+				// So we must filter them out
+				$parentid = $row['shareid'];
+			}
+		}
+
+		$groups = $this->GetAllGroups($start, $limit, $search);
+		$result['totalCount'] = $groups['totalCount'];
+		$result['all'] = array();
+		for ($i = $start; $i < $groups['totalCount'] && $i < $start + $limit; $i ++) {
+			$idx = $i - $start;
+			$result['all'][$idx]['disabled'] = 0;
+			if (null != $parentid) {
+				$query = "SELECT * FROM " . PHOTO_GROUP_PERMISSION_TABLE . " WHERE shareid = " . $parentid;
+				$query .= " AND groupid = " . $groups['all_groups'][$idx]['groupid'];
+				$db_result_parent = PHOTO_DB_Query($query);
+
+				// Only groups which have the permission of the parent album can be candidates of the second album.
+				if (false === ($row_parent = PHOTO_DB_FetchRow($db_result_parent))) {
+					$result['all'][$idx]['disabled'] = 1;
+				}
+			}
+
+			$result['all'][$idx]['groupid'] = $groups['all_groups'][$idx]['groupid'];
+			$result['all'][$idx]['groupname'] = $groups['all_groups'][$idx]['groupname'];
+			$result['all'][$idx]['description'] = $groups['all_groups'][$idx]['description'];
+
+			$query = "SELECT * FROM " . PHOTO_GROUP_PERMISSION_TABLE . " WHERE shareid = " . $shareid;
+			$query .= " AND groupid = " . $groups['all_groups'][$idx]['groupid'];
+			$db_result = PHOTO_DB_Query($query);
+
+			$row = PHOTO_DB_FetchRow($db_result);
+			if ((($row != null && (1 & $row['permission'])) || $isPublic) && (0 == $result['all'][$idx]['disabled'])) {
+				$result['all'][$idx]['browse'] = 1;
+				$result['all'][$idx]['browse_orig'] = 1;
+			} else {
+				$result['all'][$idx]['browse'] = 0;
+				$result['all'][$idx]['browse_orig'] = 0;
+			}
+			if ($row != null && (2 & $row['permission'])) {
+				$result['all'][$idx]['upload'] = 1;
+				$result['all'][$idx]['upload_orig'] = 1;
+			} else {
+				$result['all'][$idx]['upload'] = 0;
+				$result['all'][$idx]['upload_orig'] = 0;
+			}
+			if ($row != null && (4 & $row['permission'])) {
+				$result['all'][$idx]['manage'] = 1;
+				$result['all'][$idx]['manage_orig'] = 1;
+			} else {
+				$result['all'][$idx]['manage'] = 0;
+				$result['all'][$idx]['manage_orig'] = 0;
+			}
+		}
+		return $result;
+	}
+
+	private function GetAllGroups($start, $limit, $search)
+	{
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			return $this->GetAllDSMGroup($start, $limit, $search);
+		}
+
+		$i = 0;
+		$limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $start);
+		$query = "SELECT * FROM photo_group WHERE groupname LIKE ? ORDER BY groupname ASC $limitOffsetString";
+		$db_result = PHOTO_DB_Query($query, array("%$search%"));
+		while ($row = PHOTO_DB_FetchRow($db_result)) {
+			$result['all_groups'][$i]['groupid'] = $row['groupid'];
+			$result['all_groups'][$i]['groupname'] = $row['groupname'];
+			$result['all_groups'][$i]['description'] = $row['description'];
+			$i ++;
+		}
+		$query = "SELECT count(*) FROM photo_group WHERE groupname LIKE ?";
+		$db_result = PHOTO_DB_Query($query, array("%$search%"));
+		$row = PHOTO_DB_FetchRow($db_result);
+		$result['totalCount'] = $row[0];
+		return $result;
+	}
+
+	private function GetAllDSMGroup($start, $limit, $query = '')
+	{
+		$command = "/usr/syno/bin/synophoto_dsm_user --group " . escapeshellarg($query);
+		@exec($command, $pListGroupCount, $retval);
+		if (0 > $retval) {
+			$result['totalCount'] = 0;
+			return $result;
+		}
+		$result['totalCount'] = $pListGroupCount[0];
+
+		$command = "/usr/syno/bin/synophoto_dsm_user --group " . escapeshellarg($start) . " " . escapeshellarg($limit) . " ASC:" . escapeshellarg($query);
+		@exec($command, $pListGroupName, $retval);
+
+		if (0 !== $retval) {
+			$result['totalCount'] = 0;
+			return $result;
+		}
+
+		$i = 0;
+		$result['all_groups'] = array();
+		foreach ($pListGroupName as $group_str) {
+			$group_info = split(',', $group_str);
+			$result['all_groups'][$i]['groupid'] = $group_info[0];
+			$result['all_groups'][$i]['groupname'] = $group_info[1];
+			$result['all_groups'][$i]['description'] = $group_info[2];
+
+			$i ++;
+		}
+
+		return $result;
+	}
+
+	private function AddGroupPermission($shareid, $groups, $type)
+	{
+		if ($shareid == null || $shareid == "" || $groups == null || $groups == "") {
+			return;
+		}
+		$ids = explode(',', $groups);
+		foreach ($ids as $id) {
+			if ('' === $id) {
+				continue;
+			}
+			$query = "UPDATE " . PHOTO_GROUP_PERMISSION_TABLE . " SET permission = permission | $type WHERE shareid = " . $shareid . " AND groupid = " . $id;
+			$db_result = PHOTO_DB_Query($query);
+			if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
+				$date = date('Y-m-d H:i:s');
+				$query = "INSERT INTO " . PHOTO_GROUP_PERMISSION_TABLE . " (groupid, shareid, permission, create_time) ";
+				$query = $query . "VALUES (" . $id . ", " . $shareid . ", " . $type . ", '" . $date . "')";
+				$db_result = PHOTO_DB_Query($query);
+			}
+		}
+	}
+
+	private function AddAlbumPermission($gid, $albums, $type)
+	{
+		if ($gid == null || $gid == "" || $albums == null || $albums == "") {
+			return;
+		}
+		$ids = explode(',', $albums);
+		foreach ($ids as $id) {
+			if ('' === $id) {
+				continue;
+			}
+			$query = "UPDATE " . PHOTO_GROUP_PERMISSION_TABLE . " SET permission = permission | $type WHERE shareid = " . $id . " AND groupid = " . $gid;
+			$db_result = PHOTO_DB_Query($query);
+			if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
+				$date = date('Y-m-d H:i:s');
+				$query = "INSERT INTO " . PHOTO_GROUP_PERMISSION_TABLE . " (groupid, shareid, permission, create_time) ";
+				$query = $query . "VALUES (" . $gid . ", " . $id . ", " . $type . ", '" . $date . "')";
+				$db_result = PHOTO_DB_Query($query);
+			}
+		}
+	}
+
+	private function DeleteGroupPermission($shareid, $groups, $type)
+	{
+		if ($shareid == null || $shareid == "" || $groups == null || $groups == "") {
+			return;
+		}
+		$type = -1 - $type;
+		$ids = explode(',', $groups);
+		foreach ($ids as $id) {
+			if ('' === $id) {
+				continue;
+			}
+			$query = "UPDATE " . PHOTO_GROUP_PERMISSION_TABLE . " SET permission = permission & $type WHERE shareid = " . $shareid . " AND groupid = " . $id;
+			$db_result = PHOTO_DB_Query($query);
+		}
+		$query = "DELETE FROM " . PHOTO_GROUP_PERMISSION_TABLE . " WHERE permission = 0";
+		$db_result = PHOTO_DB_Query($query);
+	}
+
+	private function DeleteAlbumPermission($gid, $albums, $type)
+	{
+		if ($gid == null || $gid == "" || $albums == null || $albums == "") {
+			return;
+		}
+		$type = -1 - $type;
+		$ids = explode(',', $albums);
+		foreach ($ids as $id) {
+			if ('' === $id) {
+				continue;
+			}
+			$query = "UPDATE " . PHOTO_GROUP_PERMISSION_TABLE . " SET permission = permission & $type WHERE shareid = " . $id . " AND groupid = " . $gid;
+			$db_result = PHOTO_DB_Query($query);
+		}
+		$query = "DELETE FROM " . PHOTO_GROUP_PERMISSION_TABLE . " WHERE permission = 0";
+		$db_result = PHOTO_DB_Query($query);
+	}
+
+	private function AddChildGroupRightBySharename($sharename, $groups, $type)
+	{
+		if($sharename == null || $sharename == "" || $groups == null || $groups == "") {
+			return;
+		}
+		$queryParam = array();
+		if ("/" === $sharename) {
+			$query = "SELECT shareid FROM photo_share WHERE sharename <> '/' AND sharename NOT LIKE '%/%/%'";
+		} else {
+			$query = "SELECT shareid FROM photo_share WHERE sharename LIKE ? AND sharename NOT LIKE ?";
+			$queryParam = array("$sharename/%", "$sharename/%/%");
+		}
+		if ($table === PHOTO_ACCESS_RIGHT_TABLE) {
+			$query .= " AND public='f'";
+		}
+		$query .= " AND password=''";
+		$db_result = PHOTO_DB_Query($query, $queryParam);
+
+		while ($row = PHOTO_DB_FetchRow($db_result)) {
+			$shareid = $row['shareid'];
+			$this->AddGroupPermission($shareid, $groups, $type);
+		}
+	}
+
+	private function DeleteChildGroupRightBySharename($sharename, $groups, $type)
+	{
+		if($sharename == null || $sharename == "" || $groups == null || $groups == "") {
+			return;
+		}
+		$escape = PHOTO_DB_GetEscape();
+		$query = "SELECT shareid FROM photo_share WHERE sharename LIKE ?";
+		$db_result = PHOTO_DB_Query($query, array("$sharename/%"));
+		while ($row = PHOTO_DB_FetchRow($db_result)) {
+			$shareid = $row['shareid'];
+			$this->DeleteGroupPermission($shareid, $groups, $type);
+		}
+	}
+
+	private function DeleteParentGroupRightBySharename($sharename, $groups, $type)
+	{
+		if($sharename == null || $sharename == "" || $groups == null || $groups == "") {
+			return;
+		}
+		if ('/' === $sharename || '' === $sharename) {
+			return;
+		}
+		$parentName = substr($sharename, 0, strrpos($sharename, '/'));
+		if ('' === $parentName) {
+			$parentName = '/';
+		}
+		$escape = PHOTO_DB_GetEscape();
+		$query = "SELECT shareid FROM photo_share WHERE sharename=?";
+		$db_result = PHOTO_DB_Query($query, array($parentName));
+		if ($row = PHOTO_DB_FetchRow($db_result)) {
+			$shareid = $row['shareid'];
+			$this->DeleteGroupPermission($shareid, $groups, $type);
+		}
+		$this->DeleteParentGroupRightBySharename($parentName, $groups, $type);
+	}
+
+	private function ListPublicShare()
+	{
+		$ret = false;
+
+		if (!isset($_REQUEST['type']) || !isset($_REQUEST['offset']) || !isset($_REQUEST['limit'])) {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+		$type = $_REQUEST['type'];
+
+		// fetch list
+		if ($type === 'user') {
+			$list_result = $this->GetAllUsers($_REQUEST['offset'], $_REQUEST['limit'], "");
+		} else if ($type === 'group') {
+			$list_result = $this->GetAllGroups($_REQUEST['offset'], $_REQUEST['limit'], "");
+		} else {
+			$this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
+			goto End;
+		}
+
+		// fetch all public_share permission
+		$table_name = "photo_" . ($type === 'group' ? 'group_' : '') . "public_share_right";
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			$table_name .= '_for_dsm_account';
+		}
+		$query = "SELECT * FROM $table_name";
+		$db_result = PHOTO_DB_Query($query);
+		$permission_list = array();
+		while ($row = PHOTO_DB_FetchRow($db_result)) {
+			$permission_list[$row[0]] = 1;
+		}
+
+		// combine list and permission
+		$result = array();
+		$result['total'] = $list_result['totalCount'];
+		$result['items'] = array();
+		$item['type'] = $type;
+		foreach($list_result['all_' .$type. 's'] as $list_item) {
+			$item['id'] = $list_item[$type . 'id'];
+			$item['name'] = $list_item[$type . 'name'];
+			$item['allow_public_share'] = isset($permission_list[$item['id']]);
+			$result['items'][] = $item;
+		}
+
+		$ret = true;
+		$this->SetResponse($result);
+	End:
+		return $ret;
+	}
+
+	private function EditPublicShare()
+	{
+		$table_name = "photo_public_share_right";
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			$table_name .= '_for_dsm_account';
+		}
+
+		if (isset($_REQUEST['enable_user'])) {
+			$this->EnablePublicShare($table_name, explode(",", $_REQUEST['enable_user']));
+		}
+
+		if (isset($_REQUEST['disable_user'])) {
+			$this->DisablePublicShare($table_name, explode(",", $_REQUEST['disable_user']), 'user');
+		}
+
+		$table_name = "photo_group_public_share_right";
+		if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
+			$table_name .= '_for_dsm_account';
+		}
+
+		if (isset($_REQUEST['enable_group'])) {
+			$this->EnablePublicShare($table_name, explode(",", $_REQUEST['enable_group']));
+		}
+
+		if (isset($_REQUEST['disable_group'])) {
+			$this->DisablePublicShare($table_name, explode(",", $_REQUEST['disable_group']), 'group');
+		}
+	}
+
+	private function EnablePublicShare($table, $ids)
+	{
+		$query = "INSERT INTO $table VALUES (?)";
+		foreach ($ids as $id) {
+			PHOTO_DB_Query($query, array($id));
+		}
+	}
+
+	private function DisablePublicShare($table, $ids, $type)
+	{
+		$query = "DELETE FROM $table WHERE " . $type ."id = (?)";
+		foreach ($ids as $id) {
+			PHOTO_DB_Query($query, array($id));
+		}
+	}
+}
+
+$api = new PermissionAPI();
+$api->Run();

PhotoStation API/webapi/photo.conf.php

@@ -0,0 +1,3 @@
+<?php
+	define('PHOTO_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__) . '/webapi.inc.php');
+	$SYNOPHOTO_ALLOW_SORT_TYPE = array('filename', 'takendate', 'createdate');

PhotoStation API/webapi/photo.inc.php

@@ -0,0 +1,8 @@
+<?php
+	require_once('photo.conf.php');
+	require_once("../include/syno_conf.php");
+	require_once(SYNOPHOTO_INCLUDE_ALBUM_UTIL);
+	require_once(SYNOPHOTO_INCLUDE_GPS_UTIL);
+
+	require_once(PHOTO_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+	require_once(SZ_WEBAPI_CLASS_PATH);

PhotoStation API/webapi/photo_tag.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('PHOTO_TAG_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/photo_tag.inc.php

@@ -0,0 +1,9 @@
+<?php
+    require_once('photo_tag.conf.php');
+    require_once("../include/syno_conf.php");
+    require_once("../include/label.php");
+    require_once("../include/item_label.php");
+
+    require_once(PHOTO_TAG_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/photo_tag.php

@@ -0,0 +1,644 @@
+<?php
+
+set_time_limit(0);
+
+require_once('photo_tag.inc.php');
+
+class PhotoTagAPI extends WebAPI {
+    function __construct() {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process() {
+        if (!strcasecmp($this->method, "list")) {
+            csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+            $this->PhotoTagList();
+        } else {
+            csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+            csSYNOPhotoMisc::CheckSessionTimeOut(true);
+
+            if (!strcasecmp($this->method, "people_tag")) {
+                $this->AddPeopleTag();
+            } elseif (!strcasecmp($this->method, "geo_tag")) {
+                $this->AddGeoDescTag(1);
+            } elseif (!strcasecmp($this->method, "desc_tag")) {
+                $this->AddGeoDescTag(2);
+            } elseif (!strcasecmp($this->method, "delete")) {
+                $this->Delete();
+            } elseif (!strcasecmp($this->method, "people_tag_confirm")) {
+                $this->PeopleTagConfirm();
+            }
+        }
+    }
+
+    /**
+     *  @params - $id like: photo_dir_name, video_dir_name
+     */
+    private function GetItemInfo($id)
+    {
+        $arr = explode('_', $id);
+        if (3 !== count($arr)) {
+            return false;
+        }
+        if (!in_array($arr[0], array('photo', 'video'))) {
+            return false;
+        }
+        // get id
+        $dirName = @pack('H*', $arr[1]);
+        $fileName = @pack('H*', $arr[2]);
+        $filePath = $dirName === '/' ? $fileName : $dirName.'/'.$fileName;
+        $realPath = SYNOPHOTO_SERVICE_REAL_DIR.'/'.$filePath;
+		if (!csSYNOPhotoMisc::CheckPathValid($realPath)) {
+            return false;
+        }
+        $table = ('photo' === $arr[0]) ? 'photo_image' : 'video';
+        if ('root' === SYNOPHOTO_ADMIN_USER) {
+            $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $realPath);
+        } else {
+            $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $filePath);
+        }
+        $data['id'] = $row['id'];
+		$data['path'] = $realPath;
+		$data['dbPath'] = SYNOPHOTO_SERVICE_REAL_DIR_PATH.$filePath;
+        $data['sharePath'] = $filePath;
+        $data['isPhoto'] = ('photo' === $arr[0]) ? true : false;
+
+        return $data;
+    }
+
+    private function GetParams_PeopleTagConfirm()
+    {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['tag_id']) || !isset($_REQUEST['confirm'])) {
+            return false;
+        }
+        if (!in_array($_REQUEST['confirm'], array('true', 'false'))) {
+            return false;
+        }
+        $params['confirm'] = $_REQUEST['confirm'];
+        if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {
+            return false;
+        }
+        if (false === $data['isPhoto']) {
+            return false;
+        }
+        $params['id'] = $data['id'];
+        $params['sharePath'] = $data['sharePath'];
+        $params['isPhoto'] = $data['isPhoto'];
+        $arr = explode('tag_', $_REQUEST['tag_id']);
+        if (2 !== count($arr)) {
+            return false;
+        }
+        $params['tag_id'] = (int)$arr[1];
+        return $params;
+    }
+
+    private function GetParams_PeopleTag()
+    {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['tag_id']) ||
+            !isset($_REQUEST['x']) || !isset($_REQUEST['y']) ||
+            !isset($_REQUEST['width']) || !isset($_REQUEST['height'])) {
+            return false;
+        }
+        if (!is_numeric($_REQUEST['x']) || !is_numeric ($_REQUEST['y']) || !is_numeric ($_REQUEST['width']) || !is_numeric($_REQUEST['height'])) {
+            return false;
+        }
+        $params['x'] = floatval($_REQUEST['x']);
+        $params['y'] = floatval($_REQUEST['y']);
+        $params['width'] = floatval($_REQUEST['width']);
+        $params['height'] = floatval($_REQUEST['height']);
+
+        if (1 < $params['x'] || 0 > $params['x'] ||
+            1 < $params['y'] || 0 > $params['y'] ||
+            1 < $params['width'] || 0 >= $params['width'] ||
+            1 < $params['height'] || 0 >= $params['height']) {
+            return false;
+        }
+
+        if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {
+            return false;
+        }
+        $params['id'] = $data['id'];
+        $params['path'] = $data['path'];
+        $params['sharePath'] = $data['sharePath'];
+        if (false === $data['isPhoto']) {
+            return false;
+        }
+        $params['isPhoto'] = $data['isPhoto'];
+
+        $arr = explode('tag_', $_REQUEST['tag_id']);
+        if (2 !== count($arr)) {
+            return false;
+        }
+        $params['tag_id'] = (int) $arr[1];
+        return $params;
+    }
+
+    private function GetParams_Tag()
+    {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['tag_id'])) {
+            return false;
+        }
+        $params['ids'] = array();
+        $ids = explode(',', $_REQUEST['id']);
+        foreach ($ids as $id) {
+            if (false === ($data = $this->GetItemInfo($id))) {
+                return false;
+            }
+            $info['id'] = $data['id'];
+            $info['path'] = $data['path'];
+            $info['dbPath'] = $data['dbPath'];
+            $info['sharePath'] = $data['sharePath'];
+            $info['isPhoto'] = $data['isPhoto'];
+            array_push($params['ids'], $info);
+        }
+
+        // get tag id
+        $params['tag_ids'] = array();
+        $arr = explode(',', $_REQUEST['tag_id']);
+        foreach ($arr as $tagID) {
+            $split = explode('tag_', $tagID);
+            if (2 !== count($split)) {
+                return false;
+            }
+            array_push($params['tag_ids'], $split[1]);
+        }
+        return $params;
+    }
+
+	private function GetParams_Delete()
+	{
+		if (!isset($_REQUEST['id']) ||
+			(!isset($_REQUEST['tag_id']) && !isset($_REQUEST['item_tag_id'])) ||
+			(isset($_REQUEST['tag_id']) && isset($_REQUEST['item_tag_id']))) {
+			return false;
+		}
+		$params['ids'] = array();
+		$ids = explode(',', $_REQUEST['id']);
+		foreach ($ids as $id) {
+			if (false === ($data = $this->GetItemInfo($id))) {
+				return false;
+			}
+			$info['id'] = $data['id'];
+			$info['path'] = $data['path'];
+			$info['sharePath'] = $data['sharePath'];
+			$info['dbPath'] = $data['dbPath'];
+			$info['isPhoto'] = $data['isPhoto'];
+			array_push($params['ids'], $info);
+		}
+
+		// get tag id
+		$params['tag_ids'] = array();
+		if (isset($_REQUEST['tag_id'])) {
+			$arr = explode(',', $_REQUEST['tag_id']);
+			foreach ($arr as $tagID) {
+				$split = explode('tag_', $tagID);
+				if (2 !== count($split)) {
+					return false;
+				}
+				array_push($params['tag_ids'], $split[1]);
+			}
+		}
+		// get item_tag_id
+		$params['item_tag_ids'] = array();
+		if (isset($_REQUEST['item_tag_id'])) {
+			$arr = explode(',', $_REQUEST['item_tag_id']);
+			foreach ($arr as $photoTagID) {
+				$split = explode('item_tag_', $photoTagID);
+				if (2 !== count($split)) {
+					return false;
+				}
+				array_push($params['item_tag_ids'], $split[1]);
+			}
+		}
+        return $params;
+	}
+
+    private function GetParams_List($id, $type)
+    {
+        if (false === ($data = $this->GetItemInfo($id))) {
+            return false;
+        }
+        $params['id'] = $data['id'];
+        $params['path'] = $data['path'];
+        $params['isPhoto'] = $data['isPhoto'];
+
+        $params['type'] = explode(',', $type);
+        foreach ($params['type'] as $type) {
+            if (!in_array($type, array('people', 'geo', 'desc'))) {
+                return false;
+            }
+        }
+        $params['additional'] = explode(',', $_REQUEST['additional']);
+        return $params;
+    }
+
+    private function CheckVideoExist($videoPath)
+    {
+        $query = 'SELECT count(id) FROM video WHERE path=?';
+        $sqlParam = array($videoPath);
+        if (false === ($db_result = PHOTO_DB_Query($query, $sqlParam))) {
+            return false;
+        }
+       	if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
+            return false;
+        }
+        if (1 !== (int)$row[0]) {
+            return false;
+        }
+        return true;
+    }
+
+    private function GetPhotoPeopleTagInfo($data)
+    {
+        if (!empty($data['info'])) {
+            $info = json_decode($data['info'], true);
+            $people['x'] = $info['x'];
+            $people['y'] = $info['y'];
+            $people['width'] = $info['width'];
+            $people['height'] = $info['height'];
+        }
+        return $people;
+    }
+
+    private function FormAdditional($data, $params, $type)
+    {
+        if (in_array('info', $params['additional'])) {
+            if ('people' === $type) {
+                $people = $this->GetPhotoPeopleTagInfo($data);
+                $people['name'] = $data['name'];
+                $people['is_confirmed'] = $data['status'];
+                $additional['info'] = $people;
+            } elseif ('geo' === $type) {
+                $geo['name'] = $data['name'];
+                $info = json_decode($data['label_info'], true);
+                $geo['lat'] = $info['lat'];
+                $geo['lng'] = $info['lng'];
+		$geo['place_id'] = $info['placeId'];
+                $geo['address'] = (null === $info['address']) ? '' : $info['address'];
+                $additional['info'] = $geo;
+            } elseif ('desc' === $type) {
+                $desc['name'] = $data['name'];
+                $additional['info'] = $desc;
+            }
+        }
+        if (in_array('extra', $params['additional'])) {
+            if ('people' === $type) {
+                $additional['extra'] = $data['info'];
+            } elseif ('geo' === $type) {
+                $additional['extra'] = $data['label_info'];
+            } elseif ('desc' === $type) {
+                $additional['extra'] = $data['info'];
+            }
+        }
+        if (in_array('count', $params['additional'])) {
+            $total = ItemLabel::GetCountByLabelId($data['label_id']);
+            $additional['count'] = (int)$total;
+        }
+        return $additional;
+    }
+
+    private function FromTags($result, $params)
+    {
+        $tags = array();
+        if (in_array('people', $params['type'])) {
+            foreach ($result['person'] as $people) {
+                unset($tag);
+                $tag['id'] = 'tag_'.$people['label_id'];
+				$tag['item_tag_id'] = 'item_tag_'.$people['id'];
+                $tag['type'] = 'people';
+                $tag['name'] = $people['name'];
+                $additional = $this->FormAdditional($people, $params, 'people');
+                if (null !== $additional) {
+                    $tag['additional'] = $additional;
+                }
+                array_push($tags, $tag);
+            }
+        }
+
+        if (in_array('geo', $params['type'])) {
+            foreach ($result['place'] as $geo) {
+                unset($tag);
+                $tag['id'] = 'tag_'.$geo['label_id'];
+				$tag['item_tag_id'] = 'item_tag_'.$geo['id'];
+                $tag['type'] = 'geo';
+                $tag['name'] = $geo['name'];
+                $additional = $this->FormAdditional($geo, $params, 'geo');
+                if (null !== $additional) {
+                    $tag['additional'] = $additional;
+                }
+                array_push($tags, $tag);
+            }
+        }
+        if (in_array('desc', $params['type'])) {
+            foreach ($result['general'] as $desc) {
+                unset($tag);
+                $tag['id'] = 'tag_'.$desc['label_id'];
+				$tag['item_tag_id'] = 'item_tag_'.$desc['id'];
+                $tag['type'] = 'desc';
+                $tag['name'] = $desc['name'];
+                $additional = $this->FormAdditional($desc, $params, 'desc');
+                if (null !== $additional) {
+                    $tag['additional'] = $additional;
+                }
+                array_push($tags, $tag);
+            }
+        }
+        return $tags;
+    }
+
+    private function PhotoTagList()
+    {
+	$tags = array();
+	if (!isset($_REQUEST['id']) || !isset($_REQUEST['type'])) {
+		$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+		goto End;
+	}
+
+        $ids = explode(',', $_REQUEST['id']);
+        foreach ($ids as $id) {
+		if (false === ($params = $this->GetParams_List($id, $_REQUEST['type']))) {
+		    $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+		    goto End;
+		}
+		if (count($ids) > 1) {
+			$tag = array();
+			$tag['photoId'] = $id;
+			$tag['tags'] = $this->GetPhotoTagList($params);
+		} else {
+			$tag = $this->GetPhotoTagList($params);
+		}
+		array_push($tags, $tag);
+	}
+
+	if (count($ids) > 1) {
+		$resp['tags'] = $tags;
+	} else {
+		$resp['tags'] = $tags[0];
+	}
+
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function GetPhotoTagList($params)
+    {
+	// database query
+        if ($params['isPhoto']) {
+            $result = ItemLabel::GetLabelByImageId($params['id']);
+        } else {
+            $result = ItemLabel::GetLabelByVideoPath($params['path']);
+        }
+
+        // form to webapi format
+        $tags = $this->FromTags($result, $params);
+
+        return $tags;
+    }
+
+    private function AddGeoDescTag($category)
+    {
+        if (false === ($params = $this->GetParams_Tag())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // check permmision
+		$albums = array();
+        foreach ($params['ids'] as $idData) {
+            $albumName = dirname($idData['sharePath']);
+			if ('.' === $albumName) {
+				$albumName = '/';
+			}
+			$albums[$albumName] = 1;
+        }
+		foreach ($albums as $name => $v) {
+            if (!csSYNOPhotoMisc::CheckAlbumManageable($name)) {
+                $this->SetError(PHOTOSTATION_PHOTO_TAG_ACCESS_DENY);
+                goto End;
+            }
+		}
+
+        // check tag exist
+        foreach ($params['tag_ids'] as $tagID) {
+            if (false === Label::CheckLabelExistById($tagID)) {
+                $this->SetError(PHOTOSTATION_PHOTO_TAG_NOT_EXIST);
+                goto End;
+            }
+        }
+
+        $failCount = 0;
+		$duplicateCount = 0;
+		$item_tag_ids = array();
+        foreach ($params['ids'] as $idData) {
+            if ($idData['isPhoto']) {
+                foreach ($params['tag_ids'] as $tagID) {
+                    if (true === ItemLabel::CheckPhotoLabelExist($tagID, $idData['id'])) {
+                        $failCount++;
+                        $duplicateCount++;
+                        continue;
+                    }
+                    if (false === ItemLabel::AddImageLabel($idData['id'], $tagID)) {
+                        $failCount++;
+                        continue;
+					}
+					$row = ItemLabel::GetByItemKeyLabelId($idData['id'], $tagID, true);
+					if (!$row) {
+						$failCount++;
+						continue;
+					}
+					$photo_label_id = $row['id'];
+					array_push($item_tag_ids, 'item_tag_'.$photo_label_id);
+					self::OutputSingleSpace();
+                }
+            } else {
+                foreach ($params['tag_ids'] as $tagID) {
+                    if (false === $this->CheckVideoExist(('root' === SYNOPHOTO_ADMIN_USER) ? $idData['path'] : $idData['sharePath'])) {
+                        $failCount++;
+                        continue;
+                    }
+
+                    if (true === ItemLabel::CheckVideoLabelExist($tagID, $idData['dbPath'])) {
+                        $failCount++;
+                        $duplicateCount++;
+                        continue;
+                    }
+                    if (false === ItemLabel::AddVideoLabel($idData['dbPath'], $tagID)) {
+                        $failCount++;
+                        continue;
+					}
+
+					$row = ItemLabel::GetByItemKeyLabelId($idData['dbPath'], $tagID, false);
+					if (!$row) {
+						$failCount++;
+						continue;
+					}
+					$photo_label_id = $row['id'];
+					array_push($item_tag_ids, 'item_tag_'.$photo_label_id);
+					self::OutputSingleSpace();
+                }
+            }
+        }
+        if ($failCount === count($params['ids']) * count($params['tag_ids'])) {
+            if (count($params['ids']) == $duplicateCount) {
+                $this->SetError(PHOTOSTATION_PHOTO_TAG_DUPLICATE);
+            } else {
+                $this->SetError(PHOTOSTATION_PHOTO_TAG_ADD_GEO_DESC_FAIL);
+            }
+            goto End;
+		}
+		$resp['item_tag_ids'] = $item_tag_ids;
+		$this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function PeopleTagConfirm()
+    {
+        if (false === ($params = $this->GetParams_PeopleTagConfirm())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // check permmision
+        $albumName = dirname($params['sharePath']);
+		if ('.' === $albumName) {
+			$albumName = '/';
+		}
+        if (!csSYNOPhotoMisc::CheckAlbumManageable($albumName)) {
+            $this->SetError(PHOTOSTATION_PHOTO_TAG_ACCESS_DENY);
+            goto End;
+        }
+
+        // check tag exist
+        if (false === Label::CheckLabelExistById($params['tag_id'])) {
+            $this->SetError(PHOTOSTATION_PHOTO_TAG_NOT_EXIST);
+            goto End;
+        }
+
+        // update confirm
+        if (false === ItemLabel::UpdateLabelStatus($params['id'], $params['tag_id'], $params['confirm'])) {
+            $this->SetError(PHOTOSTATION_PHOTO_TAG_PEOPLE_TAG_CONFIRM_FAIL);
+            goto End;
+        }
+    End:
+        return;
+    }
+
+    private function AddPeopleTag()
+    {
+        if (false === ($params = $this->GetParams_PeopleTag())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // check permmision
+        $albumName = dirname($params['sharePath']);
+		if ('.' === $albumName) {
+			$albumName = '/';
+		}
+        if (!csSYNOPhotoMisc::CheckAlbumManageable($albumName)) {
+            $this->SetError(PHOTOSTATION_PHOTO_TAG_ACCESS_DENY);
+            goto End;
+        }
+
+        // check tag exist
+        if (false === Label::CheckLabelExistById($params['tag_id'])) {
+            $this->SetError(PHOTOSTATION_PHOTO_TAG_NOT_EXIST);
+            goto End;
+        }
+
+        // tag can't duplicate in the same photo
+        if (true === ItemLabel::CheckPhotoLabelExist($params['tag_id'], $params['id'])) {
+            $this->SetError(PHOTOSTATION_PHOTO_TAG_DUPLICATE);
+            goto End;
+        }
+
+        // add people tag
+        $info_new = json_encode(
+            array(
+                'x' => $params['x'],
+                'y' => $params['y'],
+                'width' => $params['width'],
+                'height' => $params['height']
+            )
+        );
+        if (false === ItemLabel::AddPeopleLabel($params['id'], $params['tag_id'], $info_new)) {
+            $this->SetError(PHOTOSTATION_PHOTO_TAG_ADD_PEOPLE_FAIL);
+            goto End;
+		}
+
+		$item_tag_ids = array();
+		$row = ItemLabel::GetByItemKeyLabelId($params['id'], $params['tag_id'], true);
+		if (!$row) {
+			goto End;
+		}
+		$photo_label_id = $row['id'];
+		array_push($item_tag_ids, 'item_tag_'.$photo_label_id);
+		$resp['item_tag_ids'] = $item_tag_ids;
+		$this->SetResponse($resp);
+
+		// perform face detect for tag area
+        if ('on' === csSYNOPhotoMisc::GetConfigDB("photo", "enable_face_recognition", "photo_config")) {
+            $cmd = sprintf("%s -T %s %s", SYNOPHOTO_FACE_RECOG_TOOL, $photo_label_id, escapeshellarg($params['path']));
+            @exec($cmd);
+		}
+    End:
+        return;
+    }
+
+    private function Delete()
+    {
+        if (false === ($params = $this->GetParams_Delete())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // check permmision
+        foreach ($params['ids'] as $idData) {
+            $albumName = dirname($idData['sharePath']);
+			if ('.' === $albumName) {
+				$albumName = '/';
+			}
+            if (!csSYNOPhotoMisc::CheckAlbumManageable($albumName)) {
+                $this->SetError(PHOTOSTATION_PHOTO_TAG_ACCESS_DENY);
+                goto End;
+            }
+        }
+
+        foreach ($params['ids'] as $idData) {
+            if (!empty($params['item_tag_ids'])) {
+                foreach ($params['item_tag_ids'] as $photoTagID) {
+                    ItemLabel::DeleteAllById($photoTagID, $idData['isPhoto']);
+                    self::OutputSingleSpace();
+                }
+            }
+
+            if (!empty($params['tag_ids'])) {
+				ItemLabel::DeleteByLabelIdItemId($params['tag_ids'], $idData['isPhoto'] ? $idData['id'] : $idData['dbPath'], $idData['isPhoto']);
+				self::OutputSingleSpace();
+            }
+		}
+
+		// Delete non-used label
+		if (!empty($params['tag_ids'])) {
+			$label_ids = array();
+			foreach ($params['tag_ids'] as $tagID) {
+				$count = ItemLabel::GetCountByLabelId($tagID);
+				if ($count === 0) {
+					$label_ids[] = $tagID;
+				}
+			}
+			Label::DeleteByIds($label_ids);
+		}
+
+    End:
+        return;
+    }
+}
+
+$api = new PhotoTagAPI();
+$api->Run();
+
+
+?>

PhotoStation API/webapi/photoutil.php

@@ -0,0 +1,146 @@
+<?php
+require_once('albumutil.php');
+
+class PhotoAPIUtil {
+	static function getLabelIDConstraint($idList)
+	{
+		$ret = '';
+		$ids = explode(',', $idList);
+		$isFirst = true;
+		foreach ($ids as $id) {
+			$arr = explode('_', $id);
+			if ('tag' !== $arr[0] || !is_numeric($arr[1])) {
+				continue;
+			}
+			if (!$isFirst) {
+				$ret .= " OR ";
+			}
+			$ret .= "label_id = $arr[1]";
+			$isFirst = false;
+		}
+		return $ret;
+	}
+
+	static function getItemByPath($fullpath, $additional, $type, $getRealPath)
+	{
+		if ($getRealPath) {
+			if (false === csSYNOPhotoMisc::CheckPathValid($fullpath = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $fullpath)) {
+				return false;
+			}
+		}
+
+		$dbPath = substr($fullpath, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PREFIX));
+		$sharename = substr(pathinfo($dbPath, PATHINFO_DIRNAME), strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+
+		if (in_array($sharename, array('.', ''))) {
+			$sharename = '/';
+		}
+
+		$path = $fullpath;
+
+		$needExif = in_array('photo_exif', $additional);
+		$needCodec = in_array('video_codec', $additional);
+		$needQuality = in_array('video_quality', $additional);
+		$needThumbSize = in_array('thumb_size', $additional);
+
+		$item = null;
+		if ('photo' === $type) {
+			$items = File::GetPhotoByDBPath(array($dbPath));
+			$row = $items[$dbPath];
+			if (!$row) {
+				return false;
+			}
+
+			$obj = null;
+			$obj['name'] = $row['name'];
+			$obj['title'] = $row['title'];
+			$obj['createdate'] = $row['create_time'];
+			$obj['size'] = (int)$row['size'];
+			$obj['takendate'] = $row['timetaken'];
+			$obj['resolutionx'] = (int)$row['resolutionx'];
+			$obj['resolutiony'] = (int)$row['resolutiony'];
+			$obj['description'] = $row['description'];
+			$obj['rotated'] = (0 === (int)$row['version'] %2) ? false : true;
+			$obj['rotate_version'] = (int)$row['version'];
+
+			/* set photo exif if required */
+			if ($needExif) {
+				$addObj = null;
+				$addObj['takendate'] = $row['timetaken'];
+				$addObj['camera'] = $row['camera_make'];
+				$addObj['camera_model'] = $row['camera_model'];
+				$addObj['exposure'] = $row['exposure'];
+				$addObj['aperture'] = $row['aperture'];
+				$addObj['iso'] = (int)$row['iso'];
+				$addObj['gps'] = json_decode($row['gps'], true);
+				$addObj['version'] = $row['version'];
+				$addObj['focal_length'] = $row['focal_length_v2'];
+				$addObj['lens'] = $row['lens_v2'];
+				$addObj['flash'] = $row['flash_v2'];
+				$item['additional']['photo_exif'] = $addObj;
+			}
+
+			$orig_resolutionx = $row['resolutionx'];
+			$orig_resolutiony = $row['resolutiony'];
+			$blThumbRotated = (0 === (int)$row['version'] %2) ? false : true;
+
+		} elseif ('video' === $type) {
+			$items = File::GetVideoByDBPath(array($dbPath));
+			$row = $items[$dbPath];
+			if (false === $row) {
+				return false;
+			}
+			$title_desc = csSYNOPhotoDB::GetDBInstance()->GetVideoCustomizedTitleDescription($dbPath);
+
+			$obj = null;
+			$obj['name'] = basename($path);
+			$obj['createdate'] = $row['date'];
+			$obj['takendate'] = $row['mdate'];
+			$obj['size'] = (int)$row['filesize'];
+			$obj['title'] = empty($title_desc['title']) ? $row['title'] : $title_desc['title'];
+			$obj['description'] = $title_desc['description'];
+			$obj['duration'] = (int)$row['duration'];
+			$obj['gps'] = json_decode($row['gps']);
+
+			/* set video codec if required */
+			if ($needCodec) {
+				$addObj = null;
+				$addObj['container'] = $row['container_type'];
+				$addObj['vcodec'] = $row['video_codec'];
+				$addObj['acodec'] = $row['audio_codec'];
+				$addObj['resolutionx'] = (int)$row['resolutionx'];
+				$addObj['resolutiony'] = (int)$row['resolutiony'];
+				$addObj['frame_bitrate'] = (int)$row['frame_bitrate'];
+				$addObj['video_bitrate'] = (int)$row['video_bitrate'];
+				$addObj['audio_bitrate'] = (int)$row['audio_bitrate'];
+				$item['additional']['video_codec'] = $addObj;
+			}
+			/* set video quality if required */
+			if ($needQuality) {
+				$item['additional']['video_quality'] = AlbumAPIUtil::GetConvertedVideoInfo($dbPath);
+			}
+
+			$orig_resolutionx = $row['resolutionx'];
+			$orig_resolutiony = $row['resolutiony'];
+			$blThumbRotated = false;
+		}
+
+		$blConversion = csSYNOPhotoMisc::IsAlbumAllowConversion($sharename);
+		$thumbnail = AlbumAPIUtil::GetThumbStatus($dbPath, $needThumbSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $blConversion);
+		$item['thumbnail_status'] = $thumbnail['status'];
+		if ($needThumbSize) {
+			$item['additional']['thumb_size'] = $thumbnail['size'];
+		}
+
+        if (SYNOPHOTO_SERVICE_REAL_DIR === dirname($fullpath)) {
+            $item['id'] = $type . '_' . bin2hex('/') . '_' . bin2hex(basename($path));
+        } else {
+            $item['id'] = $type . '_' . bin2hex($sharename) . '_' . bin2hex(basename($path));
+        }
+		$item['type'] = $type;
+		$item['info'] = $obj;
+		return $item;
+	}
+}
+
+?>

PhotoStation API/webapi/psutils.lua

@@ -0,0 +1,758 @@
+--[[----------------------------------------------------------------------------
+
+PSPhotoStationUtils.lua
+This file is part of Photo StatLr - Lightroom plugin.
+Copyright(c) 2017, Martin Messmer
+
+Photo Station utilities:
+	- getErrorMsg
+
+	- getAlbumId
+	- getPhotoId
+
+	- isSharedAlbumPublic
+	- getSharedAlbumId
+	- getSharedAlbumShareId
+
+	- getAlbumUrl
+	- getPhotoUrl
+
+	- getPhotoInfo
+
+	- createAndAddPhotoTag
+	- createAndAddPhotoTagList
+
+	- createAndAddPhotosToSharedAlbum
+	- removePhotosFromSharedAlbumIfExists
+
+	- deleteEmptyAlbumAndParents
+
+	- rating2Stars
+
+Photo StatLr is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Photo StatLr is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with Photo StatLr.  If not, see <http://www.gnu.org/licenses/>.
+
+]]
+--------------------------------------------------------------------------------
+
+-- Lightroom API
+local LrFileUtils = import 'LrFileUtils'
+local LrPathUtils = import 'LrPathUtils'
+local LrHttp = import 'LrHttp'
+local LrDate = import 'LrDate'
+
+require "PSUtilities"
+
+--====== local functions =====================================================--
+
+local PSAPIerrorMsgs = {
+	[0]   = 'No error',
+	[100] = 'Unknown error',
+    [101] = 'No parameter of API, method or version',		-- PS 6.6: no such directory
+    [102] = 'The requested API does not exist',
+    [103] = 'The requested method does not exist',
+    [104] = 'The requested version does not support the functionality',
+    [105] = 'The logged in session does not have permission',
+    [106] = 'Session timeout',
+    [107] = 'Session interrupted by duplicate login',
+	[400] = 'Invalid parameter',
+	[401] = 'Unknown error of file operation',
+	[402] = 'System is too busy',
+	[403] = 'Invalid user does this file operation',
+	[404] = 'Invalid group does this file operation',
+	[405] = 'Invalid user and group does this file operation',
+	[406] = 'Can�t get user/group information from the account server',
+	[407] = 'Operation not permitted',
+	[408] = 'No such file or directory',
+	[409] = 'Non-supported file system',
+	[410] = 'Failed to connect internet-based file system (ex: CIFS)',
+	[411] = 'Read-only file system',
+	[412] = 'Filename too long in the non-encrypted file system',
+	[413] = 'Filename too long in the encrypted file system',
+	[414] = 'File already exists',
+	[415] = 'Disk quota exceeded',
+	[416] = 'No space left on device',
+	[417] = 'Input/output error',
+	[418] = 'Illegal name or path',
+	[419] = 'Illegal file name',
+	[420] = 'Illegal file name on FAT filesystem',
+	[421] = 'Device or resource busy',
+	[467] = 'No such tag',
+	[468] = 'Duplicate tag',
+	[470] = 'No such file',
+	[555] = 'No such shared album',
+	[599] = 'No such task of the file operation',
+	[1001]  = 'Http error: no response body, no response header',
+	[1002]  = 'Http error: no response data, no errorcode in response header',
+	[1003]  = 'Http error: No JSON response data',
+	[12007] = 'Http error: cannotFindHost',
+	[12029] = 'Http error: cannotConnectToHost',
+	[12038] = 'Http error: serverCertificateHasUnknownRoot',
+}
+
+-- ========================================== Album Content cache ==============================================
+-- the Album Content cache holds Album contents for the least recently read albums
+
+local albumContentCache = {}
+local albumContentCacheTimeout = 60	-- 60 seconds cache time
+
+---------------------------------------------------------------------------------------------------------
+-- albumContentCacheCleanup: remove old entries from cache
+local function albumContentCacheCleanup()
+	for i = #albumContentCache, 1, -1 do
+		local cachedAlbum = albumContentCache[i]
+		if cachedAlbum.validUntil < LrDate.currentTime() then
+			writeLogfile(3, string.format("albumContentCacheCleanup(); removing %s\n", cachedAlbum.albumPath))
+			table.remove(albumContentCache, i)
+		end
+	end
+end
+
+---------------------------------------------------------------------------------------------------------
+-- albumContentCacheList: returns all photos/videos and optionally albums in a given album via album cache
+-- returns
+--		albumItems:		table of photo infos, if success, otherwise nil
+--		errorcode:		errorcode, if not success
+local function albumContentCacheList(h, dstDir, listItems)
+	albumContentCacheCleanup()
+
+	for i = 1, #albumContentCache do
+		local cachedAlbum = albumContentCache[i]
+		if cachedAlbum.albumPath == dstDir then
+			return cachedAlbum.albumItems
+		end
+	end
+
+	-- not found in cache: get it from Photo Station
+	local albumItems, errorCode = PSPhotoStationAPI.listAlbum(h, dstDir, listItems)
+	if not albumItems then
+		if 	errorCode ~= 408  	-- no such file or dir
+		and errorCode ~= 417	-- no such dir for non-administrative users , see GitHub issue 17
+		and errorCode ~= 101	-- no such dir in PS 6.6
+		then
+			writeLogfile(2, string.format('albumContentCacheList: Error on listAlbum: %d\n', errorCode))
+		   	return nil, errorCode
+		end
+		albumItems = {} -- avoid re-requesting non-existing album
+	end
+
+	local cacheEntry = {}
+	cacheEntry.albumPath = dstDir
+	cacheEntry.albumItems = albumItems
+	cacheEntry.validUntil = LrDate.currentTime() + albumContentCacheTimeout
+	table.insert(albumContentCache, 1, cacheEntry)
+
+	writeLogfile(3, string.format("albumContentCacheList(%s): added to cache with %d items\n", dstDir, #albumItems))
+
+	return albumItems
+end
+
+-- ==================================== Shared Album content cache ==============================================
+-- the Shared Album content cache holds Shared Album contents for the least recently read albums
+
+local sharedAlbumContentCache = {}
+local sharedAlbumContentCacheTimeout = 60	-- 60 seconds cache time
+
+---------------------------------------------------------------------------------------------------------
+-- sharedAlbumContentCacheCleanup: remove old entries from cache
+local function sharedAlbumContentCacheCleanup()
+	for i = #sharedAlbumContentCache, 1, -1 do
+		local cachedAlbum = sharedAlbumContentCache[i]
+		if cachedAlbum.validUntil < LrDate.currentTime() then
+			writeLogfile(3, string.format("sharedAlbumContentCacheCleanup(); removing %s\n", cachedAlbum.albumPath))
+			table.remove(sharedAlbumContentCache, i)
+		end
+	end
+end
+
+---------------------------------------------------------------------------------------------------------
+-- sharedAlbumContentCacheList: returns all photos/videos and optionally albums in a given album via album cache
+-- returns
+--		albumItems:		table of photo infos, if success, otherwise nil
+--		errorcode:		errorcode, if not success
+local function sharedAlbumContentCacheList(h, dstDir, listItems)
+	sharedAlbumContentCacheCleanup()
+
+	for i = 1, #sharedAlbumContentCache do
+		local cachedAlbum = sharedAlbumContentCache[i]
+		if cachedAlbum.albumPath == dstDir then
+			return cachedAlbum.albumItems
+		end
+	end
+
+	-- not found in cache: get it from Photo Station
+	local albumItems, errorCode = PSPhotoStationAPI.listSharedAlbum(h, dstDir, listItems)
+	if not albumItems then
+		if 	errorCode ~= 408  	-- no such file or dir
+		and errorCode ~= 417	-- no such dir for non-administrative users , see GitHub issue 17
+		and errorCode ~= 101	-- no such dir in PS 6.6
+		then
+			writeLogfile(2, string.format('sharedAlbumContentCacheList: Error on listSharedAlbum: %d\n', errorCode))
+		   	return nil, errorCode
+		end
+		albumItems = {} -- avoid re-requesting non-existing album
+	end
+
+	local cacheEntry = {}
+	cacheEntry.albumPath = dstDir
+	cacheEntry.albumItems = albumItems
+	cacheEntry.validUntil = LrDate.currentTime() + sharedAlbumContentCacheTimeout
+	table.insert(sharedAlbumContentCache, 1, cacheEntry)
+
+	writeLogfile(3, string.format("sharedAlbumContentCacheList(%s): added to cache with %d items\n", dstDir, #albumItems))
+
+	return albumItems
+end
+
+-- ===================================== Shared Albums cache ==============================================
+-- the Shared Album List cache holds the list of shared album infos
+
+local sharedAlbumsCache 				= {}
+local sharedAlbumsCacheTimeout 		= 60	-- 60 seconds cache time
+local sharedAlbumsCacheValidUntil
+
+---------------------------------------------------------------------------------------------------------
+-- sharedAlbumsCacheCleanup: cleanup cache if cache is too old
+local function sharedAlbumsCacheCleanup()
+	if ifnil(sharedAlbumsCacheValidUntil, LrDate.currentTime()) <= LrDate.currentTime() then
+		sharedAlbumsCache = {}
+	end
+	return true
+end
+
+---------------------------------------------------------------------------------------------------------
+-- sharedAlbumsCacheUpdate(h)
+local function sharedAlbumsCacheUpdate(h)
+	writeLogfile(3, string.format('sharedAlbumsCacheUpdate().\n'))
+	sharedAlbumsCache = PSPhotoStationAPI.getSharedAlbums(h)
+	sharedAlbumsCacheValidUntil = LrDate.currentTime() + sharedAlbumsCacheTimeout
+	return sharedAlbumsCache
+end
+
+---------------------------------------------------------------------------------------------------------
+-- sharedAlbumsCacheFind(h, name)
+local function sharedAlbumsCacheFind(h, name)
+	sharedAlbumsCacheCleanup()
+	if (#sharedAlbumsCache == 0) and not sharedAlbumsCacheUpdate(h) then
+		return nil
+	end
+
+	for i = 1, #sharedAlbumsCache do
+		if sharedAlbumsCache[i].name == name then
+			writeLogfile(4, string.format('sharedAlbumsCacheFind(%s) found  %s.\n', name, sharedAlbumsCache[i].id))
+			return sharedAlbumsCache[i]
+		end
+	end
+
+	writeLogfile(4, string.format('sharedAlbumsCacheFind(%s) not found.\n', name))
+	return nil
+end
+
+-- ======================================= tagMapping ==============================================
+-- the tagMapping holds the list of tag name / tag id mappings
+
+local tagMapping = {
+	['desc']	= {},
+	['person']	= {},
+	['geo']		= {},
+}
+
+---------------------------------------------------------------------------------------------------------
+-- tagMappingUpdate(h, type)
+local function tagMappingUpdate(h, type)
+	writeLogfile(3, string.format('tagMappingUpdate(%s).\n', type))
+	tagMapping[type] = PSPhotoStationAPI.getTags(h, type)
+	return tagMapping[type]
+end
+
+---------------------------------------------------------------------------------------------------------
+-- tagMappingFind(h, type, name)
+local function tagMappingFind(h, type, name)
+	local tagsOfType = tagMapping[type]
+
+	if (#tagsOfType == 0) and not tagMappingUpdate(h, type) then
+		return nil
+	end
+	tagsOfType = tagMapping[type]
+
+	for i = 1, #tagsOfType do
+		if tagsOfType[i].name == name then
+			writeLogfile(3, string.format('tagMappingFind(%s, %s) found  %s.\n', type, name, tagsOfType[i].id))
+			return tagsOfType[i].id
+		end
+	end
+
+	writeLogfile(3, string.format('tagMappingFind(%s, %s) not found.\n', type, name))
+	return nil
+end
+
+--================================= global functions ====================================================--
+
+PSPhotoStationUtils = {}
+
+---------------------------------------------------------------------------------------------------------
+-- getErrorMsg(errorCode)
+-- translates errorCode to ErrorMsg
+function PSPhotoStationUtils.getErrorMsg(errorCode)
+	if PSAPIerrorMsgs[errorCode] == nil then
+		-- we don't have a documented  message for that code
+		return string.format("ErrorCode: %d", errorCode)
+	end
+	return PSAPIerrorMsgs[errorCode]
+end
+
+
+--[[
+PSPhotoStationUtils.getAlbumId(albumPath)
+	returns the AlbumId of a given Album path (not leading and trailing slashes) in Photo Station
+	AlbumId looks like:
+	album_<AlbumPathInHex>
+	E.g. Album Path:
+		Albums-->Test/2007
+	yields AlbumId:
+		album_546573742f32303037
+]]
+function PSPhotoStationUtils.getAlbumId(albumPath)
+	local i
+	local albumId = 'album_'
+
+	if ifnil(albumPath, '') == '' then return '' end
+
+	for i = 1, string.len(albumPath) do
+		albumId = albumId .. string.format('%x', string.byte(albumPath,i))
+	end
+
+--	writeLogfile(4, string.format("getAlbumId(%s) returns %s\n", albumPath, albumId))
+
+	return albumId
+end
+
+--[[
+getPhotoId(photoPath, isVideo)
+	returns the PhotoId of a given photo path in Photo Station
+	PhotoId looks like:
+		photo_<AlbumPathInHex>_<PhotoPathInHex> or
+		video_<AlbumPathInHex>_<PhotoPathInHex> or
+	E.g. Photo Path:
+		Albums --> Test/2007/2007_08_13_IMG_7415.JPG
+	yields PhotoId:
+		photo_546573742f32303037_323030375f30385f31335f494d475f373431352e4a5047
+]]
+function PSPhotoStationUtils.getPhotoId(photoPath, isVideo)
+	local i
+	local photoDir, photoFilename = string.match(photoPath , '(.*)\/([^\/]+)')
+	if not photoDir then
+		photoDir = '/'
+		photoFilename = photoPath
+	end
+	local albumSubId = ''
+	local photoSubId = ''
+	local photoId = iif(isVideo, 'video_', 'photo_')
+
+	for i = 1, string.len(photoDir) do
+		albumSubId = albumSubId .. string.format('%x', string.byte(photoDir,i))
+	end
+
+	for i = 1, string.len(photoFilename) do
+		photoSubId = photoSubId .. string.format('%x', string.byte(photoFilename,i))
+	end
+
+	photoId = photoId .. albumSubId .. '_' .. photoSubId
+
+--	writeLogfile(4, string.format("getPhotoId(%s) returns %s\n", photoPath, photoId))
+
+	return photoId
+end
+
+---------------------------------------------------------------------------------------------------------
+-- PSPhotoStationUtils.getSharedAlbumId(h, sharedAlbumName)
+-- 	returns the shareId of a given SharedAlbum using the Shared Album cache
+function PSPhotoStationUtils.getSharedAlbumId(h, sharedAlbumName)
+	local sharedAlbumInfo = sharedAlbumsCacheFind(h, sharedAlbumName)
+
+	if not sharedAlbumInfo then
+		writeLogfile(3, string.format('getSharedAlbumId(%s): Shared Album not found.\n', sharedAlbumName))
+		return nil
+	end
+
+	return sharedAlbumInfo.id
+end
+
+---------------------------------------------------------------------------------------------------------
+-- PSPhotoStationUtils.isSharedAlbumPublic(h, sharedAlbumName)
+--  returns the public flage of a given SharedAlbum using the Shared Album cache
+function PSPhotoStationUtils.isSharedAlbumPublic(h, sharedAlbumName)
+	local sharedAlbumInfo = sharedAlbumsCacheFind(h, sharedAlbumName)
+
+	if not sharedAlbumInfo then
+		writeLogfile(3, string.format('isSharedAlbumPublic(%s): Shared album not found.\n', sharedAlbumName))
+		return false
+	end
+	if not sharedAlbumInfo.additional or not sharedAlbumInfo.additional.public_share or sharedAlbumInfo.additional.public_share.share_status ~= 'valid' then
+		return false
+	end
+
+	return true
+end
+
+---------------------------------------------------------------------------------------------------------
+-- PSPhotoStationUtils.getSharedAlbumShareId(h, sharedAlbumName)
+-- 	returns the shareId of a given SharedAlbum using the Shared Album cache
+function PSPhotoStationUtils.getSharedAlbumShareId(h, sharedAlbumName)
+	local sharedAlbumInfo = sharedAlbumsCacheFind(h, sharedAlbumName)
+
+	if not sharedAlbumInfo then
+		writeLogfile(3, string.format('getSharedAlbumShareId(%s): Shared Album not found.\n', sharedAlbumName))
+		return nil
+	end
+
+	return sharedAlbumInfo.additional.public_share.shareid
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getAlbumUrl(h, albumPath)
+--	returns the URL of an album in the Photo Station
+--	URL of an album in PS is:
+--		http(s)://<PS-Server>/<PSBasedir>/#!Albums/<AlbumId_1rstLevelDir>/<AlbumId_1rstLevelAndSecondLevelDir>/.../AlbumId_1rstToLastLevelDir>
+--	E.g. Album Path:
+--		Server: http://diskstation; Standard Photo Station; Album Breadcrumb: Albums/Test/2007
+--	yields PS Photo-URL:
+--		http://diskstation/photo/#!Albums/album_54657374/album_546573742f32303037
+function PSPhotoStationUtils.getAlbumUrl(h, albumPath)
+	local i
+	local albumUrl
+	local subDirPath = ''
+	local subDirUrl  = ''
+
+	local albumDirname = split(albumPath, '/')
+
+	albumUrl = h.serverUrl .. h.psAlbumRoot
+
+	for i = 1, #albumDirname do
+		if i > 1 then
+			subDirPath = subDirPath .. '/'
+		end
+		subDirPath = subDirPath .. albumDirname[i]
+		subDirUrl = PSPhotoStationUtils.getAlbumId(subDirPath)
+		albumUrl = albumUrl .. '/' .. subDirUrl
+	end
+
+	writeLogfile(3, string.format("getAlbumUrl(%s, %s) returns %s\n", h.serverUrl .. h.psAlbumRoot, albumPath, albumUrl))
+
+	return albumUrl
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getPhotoUrl(h, photoPath, isVideo)
+--	returns the URL of a photo/video in the Photo Station
+--	URL of a photo in PS is:
+--		http(s)://<PS-Server>/<PSBasedir>/#!Albums/<AlbumId_1rstLevelDir>/<AlbumId_1rstLevelAndSecondLevelDir>/.../AlbumId_1rstToLastLevelDir>/<PhotoId>
+--	E.g. Photo Path:
+--		Server: http://diskstation; Standard Photo Station; Photo Breadcrumb: Albums/Test/2007/2007_08_13_IMG_7415.JPG
+--	yields PS Photo-URL:
+--		http://diskstation/photo/#!Albums/album_54657374/album_546573742f32303037/photo_546573742f32303037_323030375f30385f31335f494d475f373431352e4a5047
+function PSPhotoStationUtils.getPhotoUrl(h, photoPath, isVideo)
+	local i
+	local subDirPath = ''
+	local subDirUrl  = ''
+	local photoUrl
+
+	local albumDir, _ = string.match(photoPath, '(.+)\/([^\/]+)')
+
+	local albumDirname = split(albumDir, '/')
+	if not albumDirname then albumDirname = {} end
+
+	photoUrl = h.serverUrl .. h.psAlbumRoot
+
+	for i = 1, #albumDirname do
+		if i > 1 then
+			subDirPath = subDirPath .. '/'
+		end
+		subDirPath = subDirPath .. albumDirname[i]
+		subDirUrl = PSPhotoStationUtils.getAlbumId(subDirPath)
+		photoUrl = photoUrl .. '/' .. subDirUrl
+	end
+
+	photoUrl = photoUrl .. '/' .. PSPhotoStationUtils.getPhotoId(photoPath, isVideo)
+
+	writeLogfile(3, string.format("getPhotoUrl(%s, %s) returns %s\n", h.serverUrl .. h.psAlbumRoot, photoPath, photoUrl))
+
+	return photoUrl
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getPhotoInfo (h, dstFilename, isVideo, useCache)
+-- return photo infos for a given remote filename
+-- returns:
+-- 		photoInfos				if remote photo was found
+-- 		nil,		nil			if remote photo was not found
+-- 		nil,		errorCode	on error
+function PSPhotoStationUtils.getPhotoInfo(h, dstFilename, isVideo, useCache)
+	local dstAlbum = ifnil(string.match(dstFilename , '(.*)\/[^\/]+'), '/')
+	local photoInfos, errorCode
+	if useCache then
+		photoInfos, errorCode=  albumContentCacheList(h, dstAlbum, 'photo,video')
+	else
+		photoInfos, errorCode=  PSPhotoStationAPI.listAlbum(h, dstAlbum, 'photo,video')
+	end
+
+	if not photoInfos then return nil, errorCode end
+
+	local photoId = PSPhotoStationUtils.getPhotoId(dstFilename, isVideo)
+	for i = 1, #photoInfos do
+		if photoInfos[i].id == photoId then
+			writeLogfile(3, string.format('getPhotoInfo(%s, useCache %s) found infos.\n', dstFilename, useCache))
+			return photoInfos[i]
+		end
+	end
+
+	writeLogfile(3, string.format('getPhotoInfo(%s, useCache %s) found no infos.\n', dstFilename, useCache))
+	return nil, nil
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getSharedPhotoInfo (h, sharedAlbumName, dstFilename, isVideo, useCache)
+-- return photo infos for a photo in a shared album
+-- returns:
+-- 		photoInfos				if remote photo was found
+-- 		nil,					if remote photo was not found
+-- 		nil,		errorCode	on error
+function PSPhotoStationUtils.getSharedPhotoInfo(h, sharedAlbumName, dstFilename, isVideo, useCache)
+	local photoInfos, errorCode
+	if useCache then
+		photoInfos, errorCode=  sharedAlbumContentCacheList(h, sharedAlbumName, 'photo,video')
+	else
+		photoInfos, errorCode=  PSPhotoStationAPI.listSharedAlbum(h, sharedAlbumName, 'photo,video')
+	end
+
+	if not photoInfos then return nil, errorCode end
+
+	local photoId = PSPhotoStationUtils.getPhotoId(dstFilename, isVideo)
+	for i = 1, #photoInfos do
+		if photoInfos[i].id == photoId then
+			writeLogfile(3, string.format('getSharedPhotoInfo(%s, %s, useCache %s) found infos.\n', sharedAlbumName, dstFilename, useCache))
+			return photoInfos[i]
+		end
+	end
+
+	writeLogfile(3, string.format('getSharedPhotoInfo(%s %s, useCache %s) found no infos.\n', sharedAlbumName, dstFilename, useCache))
+	return nil
+end
+
+---------------------------------------------------------------------------------------------------------
+-- getSharedPhotoPublicUrl (h, sharedAlbumName, dstFilename, isVideo)
+-- returns the public share url of a shared photo
+function PSPhotoStationUtils.getSharedPhotoPublicUrl(h, sharedAlbumName, dstFilename, isVideo)
+	local photoInfos, errorCode = PSPhotoStationUtils.getSharedPhotoInfo(h, sharedAlbumName, dstFilename, isVideo, true)
+
+	if not photoInfos then return nil, errorCode end
+
+	return photoInfos.public_share_url
+end
+
+---------------------------------------------------------------------------------------------------------
+-- createAndAddPhotoTag (h, dstFilename, isVideo, type, name)
+-- create and add a new tag (desc,people,geo) to a photo
+function PSPhotoStationUtils.createAndAddPhotoTag(h, dstFilename, isVideo, type, name)
+	local tagId = tagMappingFind(h, type, name)
+	if not tagId then
+		tagId = PSPhotoStationAPI.createTag(h, type, name)
+		tagMappingUpdate(h, type)
+	end
+
+
+	if not tagId then return false end
+
+	local photoTagIds, errorCode = PSPhotoStationAPI.addPhotoTag(h, dstFilename, isVideo, type, tagId)
+
+	if not photoTagIds and errorCode == 467 then
+		-- tag was deleted, cache wasn't up to date
+		tagId = PSPhotoStationAPI.createTag(h, type, name)
+		tagMappingUpdate(h, type)
+	 	photoTagIds, errorCode = PSPhotoStationAPI.addPhotoTag(h, dstFilename, isVideo, type, tagId)
+	end
+
+	-- errorCode 468: duplicate tag (tag already there)
+	if not photoTagIds and errorCode ~= 468 then return false end
+
+	writeLogfile(3, string.format('createAndAddPhotoTag(%s, %s, %s) returns OK.\n', dstFilename, type, name))
+	return true
+end
+
+---------------------------------------------------------------------------------------------------------
+-- createAndAddPhotoTagList (h, dstFilename, isVideo, type, tagList)
+-- create and add a list of new tags (general,people,geo) to a photo
+function PSPhotoStationUtils.createAndAddPhotoTagList(h, dstFilename, isVideo, type, tagList)
+
+	for i = 1, #tagList do
+		if not PSPhotoStationUtils.createAndAddPhotoTag(h, dstFilename, isVideo, type, tagList[i]) then
+			return false
+		end
+	end
+
+	writeLogfile(3, string.format('createAndAddPhotoTagList(%s) returns OK.\n', dstFilename))
+	return true
+end
+
+---------------------------------------------------------------------------------------------------------
+-- createAndAddPhotosToSharedAlbum(h, sharedAlbumName, mkSharedAlbumAdvanced, mkSharedAlbumPublic, sharedAlbumPassword, photos)
+-- create a Shared Album and add a list of photos to it
+-- returns success and share-link (if public)
+function PSPhotoStationUtils.createAndAddPhotosToSharedAlbum(h, sharedAlbumName, mkSharedAlbumAdvanced, mkSharedAlbumPublic, sharedAlbumPassword, photos)
+	local sharedAlbumInfo = sharedAlbumsCacheFind(h, sharedAlbumName)
+	local isNewSharedAlbum
+	local sharedAlbumAttributes = {}
+	local shareResult
+
+	if not sharedAlbumInfo then
+		if not PSPhotoStationAPI.createSharedAlbum(h, sharedAlbumName) then return false end
+		sharedAlbumsCacheUpdate(h)
+		sharedAlbumInfo = sharedAlbumsCacheFind(h, sharedAlbumName)
+		isNewSharedAlbum = true
+	end
+
+	local success, errorCode = PSPhotoStationAPI.addPhotosToSharedAlbum(h, sharedAlbumName, photos)
+
+	if not success and errorCode == 555 then
+		-- shared album was deleted, mapping wasn't up to date
+		if not PSPhotoStationAPI.createSharedAlbum(h, sharedAlbumName) then return false end
+		sharedAlbumsCacheUpdate(h)
+		sharedAlbumInfo = sharedAlbumsCacheFind(h, sharedAlbumName)
+		isNewSharedAlbum = true
+	 	success, errorCode = PSPhotoStationAPI.addPhotosToSharedAlbum(h, sharedAlbumName, photos)
+	end
+
+	if not success then return false end
+
+	sharedAlbumAttributes.is_shared = mkSharedAlbumPublic
+
+	--preserve old share start/time end restriction if album was and will be public
+	if		mkSharedAlbumPublic
+		and not isNewSharedAlbum
+		and sharedAlbumInfo
+		and sharedAlbumInfo.additional
+		and sharedAlbumInfo.additional.public_share
+		and sharedAlbumInfo.additional.public_share.share_status == 'valid'
+	then
+		sharedAlbumAttributes.start_time 	= sharedAlbumInfo.additional.public_share.start_time
+		sharedAlbumAttributes.end_time 		= sharedAlbumInfo.additional.public_share.end_time
+	end
+
+	if mkSharedAlbumAdvanced then
+		sharedAlbumAttributes.is_advanced = true
+
+		if sharedAlbumPassword then
+			sharedAlbumAttributes.enable_password = true
+			sharedAlbumAttributes.password = sharedAlbumPassword
+		else
+			sharedAlbumAttributes.enable_password = false
+		end
+
+		if isNewSharedAlbum then
+    		-- a lot of default parameters ...
+    		sharedAlbumAttributes.enable_marquee_tool	= true
+    		sharedAlbumAttributes.enable_comment 		= true
+    		sharedAlbumAttributes.enable_color_label	= true
+    		sharedAlbumAttributes.color_label_1 		= "red"
+    		sharedAlbumAttributes.color_label_2 		= "orange"
+    		sharedAlbumAttributes.color_label_3 		= "lime green"
+    		sharedAlbumAttributes.color_label_4 		= "aqua green"
+    		sharedAlbumAttributes.color_label_5 		= "blue"
+    		sharedAlbumAttributes.color_label_6 		= "purple"
+		else
+			--preserve old advcanced settings for already existing Shared Albums
+			if sharedAlbumInfo and sharedAlbumInfo.additional and sharedAlbumInfo.additional.public_share and sharedAlbumInfo.additional.public_share.advanced_info then
+				local advancedInfo = sharedAlbumInfo.additional.public_share.advanced_info
+
+        		sharedAlbumAttributes.enable_marquee_tool	= advancedInfo.enable_marquee_tool
+        		sharedAlbumAttributes.enable_comment 		= advancedInfo.enable_comment
+        		sharedAlbumAttributes.enable_color_label 	= advancedInfo.enable_color_label
+        		sharedAlbumAttributes.color_label_1 		= advancedInfo.color_label_1
+        		sharedAlbumAttributes.color_label_2 		= advancedInfo.color_label_2
+        		sharedAlbumAttributes.color_label_3 		= advancedInfo.color_label_3
+        		sharedAlbumAttributes.color_label_4 		= advancedInfo.color_label_4
+        		sharedAlbumAttributes.color_label_5 		= advancedInfo.color_label_5
+        		sharedAlbumAttributes.color_label_6 		= advancedInfo.color_label_6
+			end
+		end
+	end
+
+	shareResult = PSPhotoStationAPI.editSharedAlbum(h, sharedAlbumName, sharedAlbumAttributes)
+
+	if not shareResult then return false end
+
+	writeLogfile(3, string.format('createAndAddPhotosToSharedAlbum(%s, %s, %s, pw: %s, %d photos) returns OK.\n', sharedAlbumName, iif(mkSharedAlbumAdvanced, 'advanced', 'old'), iif(mkSharedAlbumPublic, 'public', 'private'), iif(sharedAlbumPassword, 'w/ passwd', 'w/o passwd'), #photos))
+	return true, shareResult.public_share_url
+end
+
+---------------------------------------------------------------------------------------------------------
+-- removePhotosFromSharedAlbumIfExists(h, sharedAlbumName, photos)
+-- remove a list of photos from a Shared Album
+-- ignore error if Shared Album doesn't exist
+function PSPhotoStationUtils.removePhotosFromSharedAlbumIfExists(h, sharedAlbumName, photos)
+	local sharedAlbumInfo = sharedAlbumsCacheFind(h, sharedAlbumName)
+
+	if not sharedAlbumInfo then
+		writeLogfile(3, string.format('removePhotosFromSharedAlbumIfExists(%s, %d photos): Shared album not found, returning OK.\n', sharedAlbumName, #photos))
+		return true
+	end
+
+	local success, errorCode = PSPhotoStationAPI.removePhotosFromSharedAlbum(h, sharedAlbumName, photos)
+
+	if not success and errorCode == 555 then
+		-- shared album was deleted, mapping wasn't up to date
+		sharedAlbumsCacheUpdate(h)
+		writeLogfile(3, string.format('removePhotosFromSharedAlbumIfExists(%s, %d photos): Shared album already deleted, returning OK.\n', sharedAlbumName, #photos))
+		return true
+	end
+
+	if not success then return false end
+
+	writeLogfile(3, string.format('removePhotosFromSharedAlbumIfExists(%s, %d photos) returns OK.\n', sharedAlbumName, #photos))
+	return true
+end
+
+---------------------------------------------------------------------------------------------------------
+-- deleteEmptyAlbumAndParents(h, albumPath)
+-- delete an album and all its parents as long as they are empty
+-- return count of deleted albums
+function PSPhotoStationUtils.deleteEmptyAlbumAndParents(h, albumPath)
+	local nDeletedAlbums = 0
+	local currentAlbumPath
+
+	currentAlbumPath = albumPath
+	while currentAlbumPath do
+		local photoInfos, errorCode =  PSPhotoStationAPI.listAlbum(h, currentAlbumPath, 'photo,video,album')
+
+    	-- if not existing or not empty or delete fails, we are ready
+    	if 		not photoInfos
+    		or 	#photoInfos > 0
+    		or not PSPhotoStationAPI.deleteAlbum (h, currentAlbumPath)
+    	then
+    		writeLogfile(3, string.format('deleteEmptyAlbumAndParents(%s) not deleted.\n', currentAlbumPath))
+    		return nDeletedAlbums
+    	end
+
+   		writeLogfile(2, string.format('deleteEmptyAlbumAndParents(%s) was empty: deleted.\n', currentAlbumPath))
+		nDeletedAlbums = nDeletedAlbums + 1
+		currentAlbumPath = string.match(currentAlbumPath , '(.+)\/[^\/]+')
+	end
+
+	return nDeletedAlbums
+end
+
+---------------------------------------------------------------------------------------------------------
+-- rating2Stars (h, dstFilename, isVideo, field, value)
+function PSPhotoStationUtils.rating2Stars(rating)
+	return string.rep ('*', rating)
+end

PhotoStation API/webapi/query.conf.php

@@ -0,0 +1,3 @@
+<?php
+/* Copyright (c) 2000-2012 Synology Inc. All rights reserved. */
+	define('QUERY_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');

PhotoStation API/webapi/query.inc.php

@@ -0,0 +1,8 @@
+<?php
+/* Copyright (c) 2000-2012 Synology Inc. All rights reserved. */
+	require_once('query.conf.php');
+	require_once(QUERY_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+	require_once(SZ_WEBAPI_CLASS_PATH);
+
+	define('SZ_QUERY_API_DESCRIPTION', 'Query.api');
+	define('SZ_QUERY_API_DESCRIPTION_PATH', SZ_WEBAPI_API_DESCRIPTION_DIR.'/'.SZ_QUERY_API_DESCRIPTION);

PhotoStation API/webapi/query.php

@@ -0,0 +1,88 @@
+<?php
+/* Copyright (c) 2000-2012 Synology Inc. All rights reserved. */
+require_once 'query.inc.php';
+
+class QueryAPI extends WebAPI
+{
+	public function __construct()
+	{
+		parent::__construct(SZ_QUERY_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		if (!strcasecmp($this->method, "query")) {
+			$this->Query();
+		}
+	}
+
+	public static function CheckAPIDescription($apiDesc)
+	{
+		if (!is_string($apiDesc[SZK_API_PATH]) || !is_int($apiDesc[SZK_API_MIN_VERSION]) || !is_int($apiDesc[SZK_API_MAX_VERSION])) {
+			return false;
+		}
+
+		return true;
+	}
+
+	public static function GetAPIDescriptions()
+	{
+		$allApiDescs = array();
+		$apiFiles = glob(CONF_API_DESCRIPTION_DIR.'/*.api', GLOB_MARK);
+		foreach ($apiFiles as $file) {
+			$jsonString = file_get_contents($file);
+			$apiDescs = json_decode($jsonString, true);
+			foreach ($apiDescs as $apiName => $apiDesc) {
+				if (!self::CheckAPIDescription($apiDesc)) {
+					WebAPIUtil::Log("API desc error. api=$apiName, desc=$apiDesc");
+					continue;
+				}
+
+				$allApiDescs[$apiName][SZK_API_PATH] = $apiDesc[SZK_API_PATH];
+				$allApiDescs[$apiName][SZK_API_MIN_VERSION] = $apiDesc[SZK_API_MIN_VERSION];
+				$allApiDescs[$apiName][SZK_API_MAX_VERSION] = $apiDesc[SZK_API_MAX_VERSION];
+			}
+		}
+
+		return $allApiDescs;
+	}
+
+	public function Query()
+	{
+		$allApiDescs = self::GetAPIDescriptions();
+		$queryedApiDescs = array();
+
+		if (!isset($_REQUEST['query']) || !strcasecmp($_REQUEST['query'], 'all')) {
+			$this->SetResponse($allApiDescs);
+			return;
+		}
+
+		$queries = WebAPIUtil::ParseToArray($_REQUEST['query'], ",");
+		foreach ($queries as $query) {
+			$isPrefix = (0 === substr_compare($query, '.', -1, 1)); // end with '.'
+			if ($isPrefix) {
+				foreach ($allApiDescs as $apiName => $apiDesc) {
+					if (!strncmp($apiName, $query, strlen($query))) {
+						$queryedApiDescs[$apiName] = $apiDesc;
+					}
+				}
+			} else {
+				if (isset($allApiDescs[$query])) {
+					$queryedApiDescs[$query] = $allApiDescs[$query];
+				}
+			}
+		}
+
+		if (empty($queryedApiDescs)) {
+			// convert empty array to empty object for json output
+			$queryedApiDescs = json_decode('{}');
+		}
+
+		$this->SetResponse($queryedApiDescs);
+
+		return;
+	}
+}
+
+$api = new QueryAPI();
+$api->Run();

PhotoStation API/webapi/rotate.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('ROTATE_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/rotate.inc.php

@@ -0,0 +1,8 @@
+<?php
+    require_once('rotate.conf.php');
+    require_once("../include/photo/rotate_pic.php");
+    require_once("../include/syno_conf.php");
+
+    require_once(ROTATE_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/rotate.php

@@ -0,0 +1,88 @@
+<?php
+
+require_once('rotate.inc.php');
+
+class RotateAPI extends WebAPI {
+    function __construct()
+    {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process()
+    {
+        csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
+
+        csSYNOPhotoMisc::CheckSessionTimeOut(true);
+
+        if (!strcasecmp($this->method, "set")) {
+            $this->Set();
+        }
+    }
+
+    private function GetParams_Set()
+    {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['rotate'])) {
+            return false;
+        }
+        if (!is_numeric($_REQUEST['rotate'])) {
+            return false;
+        }
+        if (!in_array($_REQUEST['rotate'], array('90', '180', '270'))) {
+            return false;
+        }
+        $params['rotate'] = (int)$_REQUEST['rotate'];
+
+        $arr = explode(',', $_REQUEST['id']);
+        $params['ids'] = array();
+        foreach ($arr as $item) {
+            unset($id);
+            $split = explode('_', $item);
+            if (3 !== count($split)) {
+                return false;
+            }
+            if (!in_array($split[0], array('photo'))) {
+                return false;
+            }
+            $dirName = @pack('H*', $split[1]);
+            $fileName = @pack('H*', $split[2]);
+            $filePath = SYNOPHOTO_SERVICE_REAL_DIR . "/" . ("/" === $dirName ? "" : $dirName . "/") . $fileName;
+            if (!csSYNOPhotoMisc::CheckPathValid($filePath)) {
+                return false;
+            }
+            $id['fullPath'] = $filePath;
+            $id['albumName'] = $dirName;
+            array_push($params['ids'], $id);
+        }
+        return $params;
+    }
+
+    private function Set()
+    {
+        if (false === ($params = $this->GetParams_Set())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        // check album maganeable
+        foreach ($params['ids'] as $item) {
+            if (false === csSynoPhotoMisc::CheckAlbumManageable($item['albumName'])) {
+                $this->SetError(PHOTOSTATION_ROTATE_ACCESS_DENY);
+                goto End;
+            }
+        }
+        // rotate
+        foreach ($params['ids'] as $item) {
+            $retJson = SYNOPHOTO_ROTATE_PIC_DoRotation($params['rotate'], $item['fullPath']);
+            $ret = json_decode($retJson, true);
+            if (false === $ret['success']) {
+                $this->SetError(PHOTOSTATION_ROTATE_SET_FAIL);
+                goto End;
+            }
+        }
+    End:
+        return;
+    }
+}
+
+$api = new RotateAPI();
+$api->Run();
+?>

PhotoStation API/webapi/sdk/WebAPI.inc.php

@@ -0,0 +1,28 @@
+<?php
+/* Copyright (c) 2000-2012 Synology Inc. All rights reserved. */
+	
+	define('SZK_PARAM_API',	'api');
+	define('SZK_PARAM_METHOD', 'method');
+	define('SZK_PARAM_VERSION',	'version');
+
+	define('SZK_API_PATH',	'path');
+	define('SZK_API_MIN_VERSION', 'minVersion');
+	define('SZK_API_MAX_VERSION', 'maxVersion');
+	define('SZK_API_METHODS', 'methods');
+	
+	define('SZK_RESP_SUCCESS', 'success');
+	define('SZK_RESP_DATA', 'data');
+	define('SZK_RESP_ERROR', 'error');
+	define('SZK_RESP_ERROR_CODE', 'code');
+	
+	define('WEBAPI_ERR_NONE', 0);
+	define('WEBAPI_ERR_UNKNOWN', 100);
+	define('WEBAPI_ERR_BAD_REQUEST', 101);
+	define('WEBAPI_ERR_NO_SUCH_API', 102);
+	define('WEBAPI_ERR_NO_SUCH_METHOD', 103);
+	define('WEBAPI_ERR_NOT_SUPPORTED_VERSION', 104);
+	define('WEBAPI_ERR_NO_PERMISSION', 105);
+	define('WEBAPI_ERR_SESSION_TIMEOUT', 106);
+	define('WEBAPI_ERR_SESSION_INTERRUPT', 107);
+	define('WEBAPI_ERR_CUSTOMIZED_MIN', 400);
+?>

PhotoStation API/webapi/sdk/WebAPI.php

@@ -0,0 +1,188 @@
+<?php
+/* Copyright (c) 2000-2012 Synology Inc. All rights reserved. */
+require_once('WebAPI.inc.php');
+require_once('WebAPIUtil.php');
+
+abstract class WebAPI {
+	private $apiDesc;
+	private $resp;
+	private $error;
+	private $headerSent = false;
+
+	protected $api;
+	protected $method;
+	protected $version;
+	protected $idPrefix;
+	
+	function __construct($apiDescFilePath) {
+		if (!file_exists($apiDescFilePath)) {
+			WebAPIUtil::Log("api desc not found. path=$apiDescFilePath", basename(__FILE__), __LINE__);
+			$this->apiDesc = NULL;
+			goto End;
+		}
+
+		$jsonString = file_get_contents($apiDescFilePath);
+		$this->apiDesc = json_decode($jsonString, true);
+	End:
+		return;
+	}
+	
+	private function CheckRequestParam($api, $method, $version) {
+		$ret = false;
+		$apiDesc = $this->apiDesc[$api];
+		$minVersion = 0;
+		$maxVersion = 0;
+
+		if (NULL === $apiDesc) {
+			$this->SetError(WEBAPI_ERR_NO_SUCH_API);
+			goto End;
+		}
+
+		if (!is_int($version) && !ctype_digit($version)) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		if (!isset($apiDesc[SZK_API_MIN_VERSION]) || !isset($apiDesc[SZK_API_MAX_VERSION])) {
+			WebAPIUtil::Log("Bad API desc. api=$api", basename(__FILE__), __LINE__);
+			$this->SetError(WEBAPI_ERR_NO_SUCH_API);
+			goto End;
+		}
+
+		$minVersion = $apiDesc[SZK_API_MIN_VERSION];
+		$maxVersion = $apiDesc[SZK_API_MAX_VERSION];
+
+		if ($version < $minVersion || $maxVersion < $version) {
+			$this->SetError(WEBAPI_ERR_NOT_SUPPORTED_VERSION);
+			goto End;
+		}
+
+		if (!in_array($method, $apiDesc[SZK_API_METHODS][$version])) {
+			$this->SetError(WEBAPI_ERR_NO_SUCH_METHOD);
+			goto End;
+		}
+
+		$this->api = $api;
+		$this->method = $method;
+		$this->version = $version;
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	protected function OutputSingleSpace() {
+		// this function is for connection abort detection
+		// PHP will not detect that the user has aborted the connection until an attempt is made to send information to the client.
+		// http://www.php.net/manual/en/function.ignore-user-abort.php
+		if (!$this->headerSent) {
+			$this->headerSent = true;
+			header('Content-type: text/plain; charset=utf-8');
+		}
+		echo ' ';
+		ob_flush();
+		flush();
+	}
+	
+	private function OutputResponse() {
+		$resp = array();
+		
+		if (WEBAPI_ERR_NONE != $this->error) {
+			$resp[SZK_RESP_SUCCESS] = false;
+			$resp[SZK_RESP_ERROR][SZK_RESP_ERROR_CODE] = $this->error;
+			goto End;
+		}
+
+		$resp[SZK_RESP_SUCCESS] = true;
+		if (!is_null($this->resp)) {
+			$resp[SZK_RESP_DATA] = $this->resp;
+		}
+	End:
+		if (!$this->headerSent) {
+			$this->headerSent = true;
+			header('Content-type: text/plain; charset=utf-8');
+		}
+		echo(json_encode($resp));
+		//echo json_encode($resp, JSON_UNESCAPED_UNICODE);
+
+		// transform from unicode back to utf8                   
+		//echo preg_replace("#\\\u([0-9a-f]{4}+)#ie", "iconv('UCS-2', 'UTF-8', pack('H4', '\\1'))", json_encode($resp));
+	}
+
+	private function CheckSessionTimeout() {
+		$timeout = false;
+		if (isset($_REQUEST['ps_username']) && $_REQUEST['ps_username'] !== "") {
+			if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'])) {
+				if ($_REQUEST['ps_username'] !== $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user']) {
+					$timeout = true;
+				}
+			} else {
+				if (!isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']) || !($_REQUEST['ps_username'] === 'admin' && SYNOPHOTO_ADMIN_USER === 'root' || $_REQUEST['ps_username'] === substr(SYNOPHOTO_ADMIN_USER, 1))) {
+					$timeout = true;
+				}
+			}
+		}
+		return $timeout;
+	}
+
+	protected function CheckPermission() {
+    	return true;
+    }
+
+	abstract protected function Process();
+
+	protected function EncodeItemId($id, $prefix = '') {
+		$idPrefix = $prefix ? $prefix : $this->idPrefix;
+		return $idPrefix.bin2hex($id);
+	}
+
+	protected function DecodeItemId($id, $prefix = '')
+	{
+		$idPrefix = $prefix ? $prefix : $this->idPrefix;
+		$arr = explode($idPrefix, $id);
+		if (2 !== count($arr)) {
+			return false;
+		}
+		return @pack('H*', $arr[1]);
+	}
+	
+	protected function SetResponse($resp) {
+		$this->resp = $resp;
+		$this->error = WEBAPI_ERR_NONE;
+	}
+	
+	protected function SetError($error) {
+		$this->resp = NULL;
+		$this->error = $error;
+	}
+   
+	public function Run() {
+		if (!isset($_REQUEST[SZK_PARAM_API]) || !isset($_REQUEST[SZK_PARAM_METHOD]) || !isset($_REQUEST[SZK_PARAM_VERSION])) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+		if ($this->CheckSessionTimeout()) {
+			header('x-request-error: error_timeout');
+			goto End;
+		}
+		
+		$api = $_REQUEST[SZK_PARAM_API];
+		$method = $_REQUEST[SZK_PARAM_METHOD];
+		$version = $_REQUEST[SZK_PARAM_VERSION];
+
+		if (!$this->CheckRequestParam($api, $method, $version)) {
+			goto End;
+		}
+
+		if (!$this->CheckPermission()) {
+			goto End;
+		}
+
+		$this->Process();
+
+	End:
+		$this->OutputResponse();
+		return;
+	}
+}
+?>

PhotoStation API/webapi/sdk/WebAPIUtil.php

@@ -0,0 +1,62 @@
+<?php
+class WebAPIUtil {	
+	static function Log($text = "", $file_name = "", $line = "0") {
+		if ("" === $text) {
+			return;
+		}
+		$file_name = basename($file_name);
+		syslog(LOG_ERR, "$file_name:$line $text");
+	}
+	
+	static function ParseToArray($string, $separator) {
+		$result = array();	
+		foreach (explode($separator, $string) as $element) {
+			$trimmed = trim($element);
+			if (!empty($trimmed)) {
+				$result[] = $trimmed;
+			}
+		}
+		
+		return $result;
+	}
+	
+	static function ParseAuthKey($authkey) {
+		$auth_arr = json_decode(WebAPIUtil::Decrypt($authkey), true);
+		$ret = false;
+
+		if (null === $auth_arr) {
+			goto End;
+		}
+		
+		if (!isset($auth_arr['myds_id']) || !isset($auth_arr['app_id']) || !isset($auth_arr['time'])) {
+			goto End;
+		}
+		
+		$ret = $auth_arr;
+		
+	End:
+		return $ret;
+	}
+	
+	static function Encrypt($str) {
+		// Charlie temp - wait to implement
+		
+		return base64_encode($str);
+	}
+	
+	static function Decrypt($str) {
+		// Charlie temp - wait to implement
+		
+		return base64_decode($str);
+	}
+
+	static function IsEMail($email) {
+		$pattern = '/^[a-zA-Z0-9_&%!#+-\.]+@([a-zA-Z0-9_&%!#+-\.]+)$/';
+		if (preg_match($pattern, $email)) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+}
+?>

PhotoStation API/webapi/shared_album.conf.php

@@ -0,0 +1,3 @@
+<?php
+define('SHARED_ALBUM_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/shared_album.inc.php

@@ -0,0 +1,7 @@
+<?php
+	require_once('shared_album.conf.php');
+	require_once('../include/syno_conf.php');
+
+	require_once(SHARED_ALBUM_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+	require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/shared_album.php

@@ -0,0 +1,775 @@
+<?php
+require_once('shared_album.inc.php');
+require_once('photoutil.php');
+
+class SharedAlbumAPI extends WebAPI
+{
+	private $TableName, $PhotoTableName, $VideoTableName, $UserID;
+	private $allowSortByArray = array('filename' => 'upper(name)', 'share_status' => 'share_status', 'createdate' => 'create_date');
+
+	function __construct()
+	{
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		if (!strcasecmp($this->method, "getinfo_public")) {
+			$this->GetInfoPublic();
+			return;
+		}
+		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+		csSYNOPhotoMisc::CheckSessionTimeOut(true);
+
+		$this->UserID = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid']) ? $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] : 0;
+		if ($this->UserID === 0) {
+			$this->TableName = SHARED_ALBUM_ADMIN_TABLE_NAME;
+			$this->PhotoTableName = SHARED_ALBUM_PHOTO_ADMIN_TABLE_NAME;
+			$this->VideoTableName = SHARED_ALBUM_VIDEO_ADMIN_TABLE_NAME;
+		} else {
+			$this->TableName = SHARED_ALBUM_TABLE_NAME;
+			$this->PhotoTableName = SHARED_ALBUM_PHOTO_TABLE_NAME;
+			$this->VideoTableName = SHARED_ALBUM_VIDEO_TABLE_NAME;
+		}
+
+		if (!strcasecmp($this->method, "list")) {
+			$this->SharedAlbumList();
+		} else if (!strcasecmp($this->method, "getinfo")) {
+			$this->GetInfo();
+		} else if (!strcasecmp($this->method, "create")) {
+			$this->Create();
+		} else if (!strcasecmp($this->method, "edit")) {
+			$this->Edit();
+		} else if (!strcasecmp($this->method, "delete")) {
+			$this->Delete();
+		} else if (!strcasecmp($this->method, "add_items")) {
+			$this->AddItems();
+		} else if (!strcasecmp($this->method, "remove_items")) {
+			$this->RemoveItems();
+		} else if (!strcasecmp($this->method, "edit_public_share")) {
+			$this->EditPublicShare();
+		} else if (!strcasecmp($this->method, "get_single_item")) {
+			$this->GetSingleItem();
+		} else if (!strcasecmp($this->method, "set_single_item")) {
+			$this->SetSingleItem();
+		}
+	}
+
+	private function SharedAlbumList()
+	{
+		$ret = false;
+
+		if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !is_numeric($_REQUEST['offset']) || !is_numeric($_REQUEST['limit'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$offset = $_REQUEST['offset'] + 0;
+		$limit = $_REQUEST['limit'] + 0;
+		$sortBy = $this->allowSortByArray['filename'];
+		$sortDirection = 'ASC';
+		$additional = array();
+
+		if (isset($_REQUEST['sort_by']) && array_key_exists($_REQUEST['sort_by'], $this->allowSortByArray)) {
+			$sortBy = $this->allowSortByArray[$_REQUEST['sort_by']];
+		}
+		if (isset($_REQUEST['sort_direction']) && strtolower($_REQUEST['sort_direction']) === 'desc') {
+			$sortDirection = 'DESC';
+		}
+		if (isset($_REQUEST['additional'])) {
+			$additional = explode(",", $_REQUEST['additional']);
+		}
+
+		$query = "SELECT COUNT(*) FROM " . $this->TableName . " WHERE hidden = 'f' AND ";
+		$sqlParams = array();
+		$this->appendUserIDCond($query, $sqlParams);
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+		$row = PHOTO_DB_FetchRow($db_result);
+
+		$total = intval($row[0]) + 1; // 1 is sharedalbum_single
+
+		$query = "SELECT id FROM " . $this->TableName . " WHERE hidden = 'f' AND ";
+		$sqlParams = array();
+		$this->appendUserIDCond($query, $sqlParams);
+
+		// we will add sharedalbum_single in this method,
+		// so regulate the offset/limit to get correct shared_album information
+		if ($offset === 0) {
+			$shared_limit = $limit -1;
+			$shared_offset = 0;
+		} else {
+			$shared_limit = $limit;
+			$shared_offset = $offset - 1;
+		}
+		$limitOffsetString = PHOTO_DB_GetLimitOffsetString($shared_limit, $shared_offset);
+		if ('share_status' === $sortBy) {
+			$currentDate = 'root' === SYNOPHOTO_ADMIN_USER ? 'current_date' : "date('now')";
+			$query .= "ORDER BY CASE " .
+				"WHEN is_shared = 'f' THEN 0 " . // none
+				"WHEN start_time IS NULL OR end_time IS NULL THEN 2 ". // valid
+				"WHEN start_time > $currentDate OR end_time < $currentDate THEN 1 ". // invalid
+				"ELSE 2 ". // valid
+				"END $sortDirection, upper(name) ASC";
+		} else {
+			$query .= "ORDER BY $sortBy $sortDirection";
+		}
+		$query .= " $limitOffsetString";
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+
+		$result['items'] = array();
+		$i = 0;
+		if ((int)$offset === 0) {
+			$sharedAlbum = SharedAlbum::GetHiddenAlbumInfo(NULL, $additional);
+			if ($sharedAlbum !== NULL) {
+				$sharedAlbum = $this->GetInfoById(explode("_", $sharedAlbum['id'])[1], $additional);
+			}
+			if ($sharedAlbum !== NULL) {
+				$sharedAlbum['id'] = 'sharedalbum_single';
+				if (isset($sharedAlbum['additional']['public_share']['public_share_url'])) {
+					unset($sharedAlbum['additional']['public_share']['public_share_url']);
+				}
+				$result['items'][$i] = $sharedAlbum;
+				$i ++;
+			}
+		}
+
+		while(($idRow = PHOTO_DB_FetchRow($db_result))) {
+			$sharedAlbum = $this->GetInfoById($idRow[0], $additional);
+			if (NULL === $sharedAlbum) {
+				continue;
+			}
+			$result['items'][$i] = $sharedAlbum;
+			$i ++;
+		}
+
+		$result['total'] = $total;
+		$result['offset'] = (-1 == $limit || $offset + $limit > $total) ? $total : $offset + $limit;
+
+		$this->SetResponse($result);
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function GetInfo()
+	{
+		$ret = false;
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+
+		$additional = array();
+		if (isset($_REQUEST['additional'])) {
+			$additional = explode(',', $_REQUEST['additional']);
+		}
+
+		$ids = explode(',', $_REQUEST['id']);
+		$result['shared_albums'] = array();
+		$success_count = 0;
+		foreach ($ids as $id) {
+			$id_arr = explode("_", $id);
+			if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {
+				continue;
+			}
+			if ($id_arr[1] === 'single') {
+				$sharedAlbum = SharedAlbum::GetHiddenAlbumInfo(NULL, $additional);
+				$sharedAlbum['id'] = 'sharedalbum_single';
+				if (isset($sharedAlbum['additional']['public_share']['public_share_url'])) {
+					unset($sharedAlbum['additional']['public_share']['public_share_url']);
+				}
+				$result['shared_albums'][] = $sharedAlbum;
+				$success_count ++;
+				continue;
+			}
+			$sharedAlbumId = $id_arr[1];
+
+			if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {
+				continue;
+			}
+
+			$sharedAlbum = $this->GetInfoById($sharedAlbumId, $additional);
+			if (NULL === $sharedAlbum) {
+				continue;
+			}
+			$result['shared_albums'][] = $sharedAlbum;
+			$success_count ++;
+		}
+
+		if ($success_count === 0) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR);
+			goto End;
+		}
+
+		$this->SetResponse($result);
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function Create()
+	{
+		$ret = false;
+		if (!isset($_REQUEST['name'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$name = $_REQUEST['name'];
+
+		$itemIds = array();
+		if (isset($_REQUEST['item_id'])) {
+			$itemIds = explode(",", $_REQUEST['item_id']);
+		}
+
+		// check existence
+		if (FALSE !== $this->CheckExistenceByName($name)) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_HAS_EXISTED);
+			goto End;
+		}
+
+		$sqlParams = array();
+		if ($this->UserID !== 0) {
+			$query = "INSERT INTO " . $this->TableName . " (userid, name, is_shared, hidden) VALUES (?, ?, 'f', 'f')";
+			$sqlParams = array($this->UserID, $name);
+		} else {
+			$query = "INSERT INTO " . $this->TableName . " (name, is_shared, hidden) VALUES (?, 'f', 'f')";
+			$sqlParams = array($name);
+		}
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+
+		if (FALSE === ($sharedAlbumId = $this->CheckExistenceByName($name))) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_CREATE_FAIL);
+			goto End;
+		}
+
+		foreach($itemIds as $itemId) {
+			$id_arr = explode('_', $itemId);
+			if (3 !== count($id_arr) || ($id_arr[0] !== 'photo' && $id_arr[0] !== 'video')) {
+				continue;
+			}
+			$type = $id_arr[0];
+
+			$albumName = @pack('H*', $id_arr[1]);
+			$fileName = @pack('H*', $id_arr[2]);
+			if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {
+				return false;
+			}
+			if ('/' === $albumName) {
+				$filePath = $fileName;
+			} else {
+				$filePath = $albumName.'/'.$fileName;
+			}
+
+			$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);
+			if (FALSE === $dbId) {
+				continue;
+			}
+			$this->AddItemQuery($type, $sharedAlbumId, $dbId);
+		}
+
+		$result['id'] = 'sharedalbum_'.$sharedAlbumId;
+		$this->SetResponse($result);
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function Edit()
+	{
+		$ret = false;
+		if (!isset($_REQUEST['id']) || !isset($_REQUEST['name'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$id_arr = explode("_", $_REQUEST['id']);
+		if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$sharedAlbumId = $id_arr[1];
+		$name = $_REQUEST['name'];
+
+		if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS);
+			goto End;
+		}
+
+		if (FALSE !== $this->CheckExistenceByName($name, $sharedAlbumId)) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_HAS_EXISTED);
+			goto End;
+		}
+
+		$sqlParams = array($name, $sharedAlbumId);
+		$query = "UPDATE " . $this->TableName . " SET name = ? WHERE id = ? AND ";
+		$this->appendUserIDCond($query, $sqlParams);
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function Delete()
+	{
+		$ret = false;
+		if (!isset($_REQUEST['id'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$ids = explode(",", $_REQUEST['id']);
+
+		$success_count = 0;
+		foreach ($ids as $id) {
+			$id_arr = explode("_", $id);
+			if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {
+				continue;
+			}
+			$sharedAlbumId = $id_arr[1];
+
+			if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {
+				continue;
+			}
+
+			$sqlParams = array($sharedAlbumId);
+			$query = "DELETE FROM " . $this->TableName . " WHERE id = ? AND ";
+			$this->appendUserIDCond($query, $sqlParams);
+			$db_result = PHOTO_DB_Query($query, $sqlParams);
+			$success_count ++;
+		}
+		if ($success_count === 0) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_DELETE_FAIL);
+			goto End;
+		}
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function AddItems()
+	{
+		$ret = false;
+		if (!isset($_REQUEST['id']) || !isset($_REQUEST['item_id'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$id_arr = explode("_", $_REQUEST['id']);
+		if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$sharedAlbumId = $id_arr[1];
+		$itemIds = explode(",", $_REQUEST['item_id']);
+
+		if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS);
+			goto End;
+		}
+
+		foreach($itemIds as $itemId) {
+			$id_arr = explode('_', $itemId);
+			if (3 !== count($id_arr) || ($id_arr[0] !== 'photo' && $id_arr[0] !== 'video')) {
+				continue;
+			}
+			$type = $id_arr[0];
+
+			$albumName = @pack('H*', $id_arr[1]);
+			$fileName = @pack('H*', $id_arr[2]);
+			if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {
+				return false;
+			}
+			if ('/' === $albumName) {
+				$filePath = $fileName;
+			} else {
+				$filePath = $albumName.'/'.$fileName;
+			}
+
+			$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);
+			if (FALSE === $dbId) {
+				continue;
+			}
+			$this->AddItemQuery($type, $sharedAlbumId, $dbId);
+		}
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function RemoveItems()
+	{
+		$ret = false;
+		if (!isset($_REQUEST['id']) || !isset($_REQUEST['item_id'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$id_arr = explode("_", $_REQUEST['id']);
+		if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		if ($id_arr[1] === 'single') {
+			$sharedAlbum = SharedAlbum::GetHiddenAlbumInfo();
+			$id_arr[1] = explode("_", $sharedAlbum['id'])[1];
+		}
+		$sharedAlbumId = $id_arr[1];
+		$itemIds = explode(",", $_REQUEST['item_id']);
+
+		if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS);
+			goto End;
+		}
+
+		foreach($itemIds as $itemId) {
+			$id_arr = explode('_', $itemId);
+			if (3 !== count($id_arr) || ($id_arr[0] !== 'photo' && $id_arr[0] !== 'video')) {
+				continue;
+			}
+			$type = $id_arr[0];
+
+			$albumName = @pack('H*', $id_arr[1]);
+			$fileName = @pack('H*', $id_arr[2]);
+			if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {
+				return false;
+			}
+			if ('/' === $albumName) {
+				$filePath = $fileName;
+			} else {
+				$filePath = $albumName.'/'.$fileName;
+			}
+
+			$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);
+			if (FALSE === $dbId) {
+				continue;
+			}
+			$this->DeleteItemQuery($type, $sharedAlbumId, $dbId);
+		}
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function GetInfoPublic()
+	{
+		$ret = false;
+		if (!isset($_REQUEST['public_share_id'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+
+		$sharedAlbum = SharedAlbum::GetInfoByPublicShare($_REQUEST['public_share_id']);
+		if (NULL === $sharedAlbum) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR);
+			goto End;
+		}
+		if ('valid' !== $sharedAlbum['share_status']) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);
+			goto End;
+		}
+		$result['shared_album'] = $sharedAlbum;
+		$this->SetResponse($result);
+
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function validateDate($date) {
+		$d = DateTime::createFromFormat('Y-m-d', $date);
+		return $d && $d->format('Y-m-d') == $date;
+	}
+
+	private function EditPublicShare()
+	{
+		$ret = false;
+		if (!SharedAlbum::CheckPublicSharePermission()) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);
+			goto End;
+		}
+
+		if (!isset($_REQUEST['id']) || !isset($_REQUEST['is_shared'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$id_arr = explode("_", $_REQUEST['id']);
+		if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$sharedAlbumId = $id_arr[1];
+		$isShared = $_REQUEST['is_shared'] === 'true';
+
+		if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS);
+			goto End;
+		}
+
+		$start_time = NULL;
+		$end_time = NULL;
+		if (isset($_REQUEST['start_time']) && isset($_REQUEST['end_time']) && $this->validateDate($_REQUEST['start_time']) && $this->validateDate($_REQUEST['end_time'])) {
+			$start_time = $_REQUEST['start_time'];
+			$end_time = $_REQUEST['end_time'];
+			$startDate = new DateTime($start_time);
+			$endDate = new DateTime($end_time);
+			if ($startDate > $endDate) {
+				$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+				goto End;
+			}
+		}
+
+		if (NULL === ($shareLink = $this->GetShareLinkById($sharedAlbumId)) && $isShared) {
+			do {
+				$shareLink = SharedAlbum::GetRandomString();
+			} while (SharedAlbum::CheckExistenceBySharelink($shareLink));
+		}
+
+		$sqlParams = array(
+			$isShared ? 't' : 'f',
+			$shareLink,
+			$start_time,
+			$end_time,
+			$sharedAlbumId
+		);
+		$query = "UPDATE " . $this->TableName . " SET is_shared = ?, sharelink = ?, start_time = ?, end_time = ? WHERE id = ? AND ";
+		$this->appendUserIDCond($query, $sqlParams);
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+
+		$info = $this->GetInfoById($sharedAlbumId, array('public_share'));
+		if ($info === NULL) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR);
+			goto End;
+		}
+		$this->SetResponse($info['additional']['public_share']);
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function GetSingleItem()
+	{
+		$ret = false;
+		if (!SharedAlbum::CheckPublicSharePermission()) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);
+			goto End;
+		}
+
+		if (!isset($_REQUEST['item_id'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$id_arr = explode("_", $_REQUEST['item_id']);
+		if (3 !== count($id_arr) || ('photo' !== $id_arr[0] && 'video' !== $id_arr[0])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$type = $id_arr[0];
+
+		$albumName = @pack('H*', $id_arr[1]);
+		$fileName = @pack('H*', $id_arr[2]);
+		if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);
+			goto End;
+		}
+
+		$hiddenAlbum = SharedAlbum::GetHiddenAlbumInfo();
+		if ($hiddenAlbum === NULL) {
+			$result['is_shared'] = false;
+		} else {
+			$collectionid = explode("_", $hiddenAlbum['id'])[1];
+			$table = ('photo' === $type) ? $this->PhotoTableName : $this->VideoTableName;
+
+			if ('/' === $albumName) {
+				$filePath = $fileName;
+			} else {
+				$filePath = $albumName.'/'.$fileName;
+			}
+			$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);
+			if (FALSE === $dbId) {
+				$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+				goto End;
+			}
+			$query = "SELECT COUNT(*) FROM " . $table . " WHERE collectionid = ? AND {$type}id = ?";
+			$sqlParams = array($collectionid, $dbId);
+			$db_result = PHOTO_DB_Query($query, $sqlParams);
+			$row = PHOTO_DB_FetchRow($db_result);
+			if (1 !== (int)$row[0]) {
+				$result['is_shared'] = false;
+			} else {
+				$result['is_shared'] = true;
+				$result['public_share_url'] = csSYNOPhotoMisc::GetServerHost(true) . SYNOPHOTO_URL_PREFIX . '/photo/share/' . $hiddenAlbum['additional']['public_share']['shareid'] . '/' . $_REQUEST['item_id'];
+			}
+		}
+
+		$this->SetResponse($result);
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	private function SetSingleItem()
+	{
+		$ret = false;
+		if (!SharedAlbum::CheckPublicSharePermission()) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);
+			goto End;
+		}
+
+		if (!isset($_REQUEST['item_id']) || !isset($_REQUEST['enable'])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$id_arr = explode("_", $_REQUEST['item_id']);
+		if (3 !== count($id_arr) || ('photo' !== $id_arr[0] && 'video' !== $id_arr[0])) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+		$type = $id_arr[0];
+
+		$albumName = @pack('H*', $id_arr[1]);
+		$fileName = @pack('H*', $id_arr[2]);
+		if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);
+			goto End;
+		}
+
+		$hiddenAlbum = SharedAlbum::GetHiddenAlbumInfo();
+		if ($hiddenAlbum === NULL) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR);
+			goto End;
+		}
+
+		if ('/' === $albumName) {
+			$filePath = $fileName;
+		} else {
+			$filePath = $albumName.'/'.$fileName;
+		}
+		$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);
+		if (FALSE === $dbId) {
+			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);
+			goto End;
+		}
+
+		$collectionid = explode("_", $hiddenAlbum['id'])[1];
+		$sqlParams = array($collectionid, $dbId);
+		if ($_REQUEST['enable'] === "true") {
+			$this->AddItemQuery($type, $collectionid, $dbId);
+			$result['is_shared'] = true;
+			$result['public_share_url'] = csSYNOPhotoMisc::GetServerHost(true) . SYNOPHOTO_URL_PREFIX . '/photo/share/' . $hiddenAlbum['additional']['public_share']['shareid'] . '/' . $_REQUEST['item_id'];
+		} else {
+			$this->DeleteItemQuery($type, $collectionid, $dbId);
+			$result['is_shared'] = false;
+		}
+
+		$this->SetResponse($result);
+		$ret = true;
+	End:
+		return $ret;
+	}
+
+	/**
+	 * @return id if exist, FALSE otherwise
+	 */
+	private function CheckExistenceByName($name, $filter_id = -1)
+	{
+		$sqlParams = array($name, $filter_id);
+		$query = "SELECT COUNT(*) FROM " . $this->TableName . " WHERE name = ? AND id <> ? AND hidden = 'f' AND ";
+		$this->appendUserIDCond($query, $sqlParams);
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+		$row = PHOTO_DB_FetchRow($db_result);
+		if (1 !== (int)$row[0]) {
+			return FALSE;
+		}
+
+		$sqlParams = array($name);
+		$query = "SELECT id FROM " . $this->TableName . " WHERE name = ? AND hidden = 'f' AND ";
+		$this->appendUserIDCond($query, $sqlParams);
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+		$row = PHOTO_DB_FetchRow($db_result);
+		return $row[0];
+	}
+
+	private function CheckExistenceById($id)
+	{
+		$sqlParams = array($id);
+		$query = "SELECT COUNT(*) FROM " . $this->TableName . " WHERE id = ? AND ";
+		$this->appendUserIDCond($query, $sqlParams);
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+		$row = PHOTO_DB_FetchRow($db_result);
+		if (1 === (int)$row[0]) {
+			return TRUE;
+		}
+
+		return FALSE;
+	}
+
+	private function GetInfoById($sharedAlbumId, $additional = array()) {
+		$sharedAlbum = SharedAlbum::GetInfoById($sharedAlbumId, $additional);
+
+		if ($sharedAlbum === NULL) {
+			return NULL;
+		}
+
+		$thumbSize['preview']['resolutionx'] = 0;
+		$thumbSize['preview']['resolutiony'] = 0;
+		$thumbSize['small']['resolutionx'] = 0;
+		$thumbSize['small']['resolutiony'] = 0;
+		$thumbSize['large']['resolutionx'] = 0;
+		$thumbSize['large']['resolutiony'] = 0;
+		$thubmSize['sig'] = "";
+		$cover = SharedAlbum::GetSharedAlbumCover($sharedAlbumId);
+		$getRealPath = ('root' === SYNOPHOTO_ADMIN_USER) ? false : true;
+		if ($cover === NULL) {
+			$sharedAlbum['thumbnail_status'] = 'default';
+		} else if (false !== ($item = PhotoAPIUtil::getItemByPath($cover['path'], array('thumb_size'), $cover['type'], $getRealPath))) {
+			$sharedAlbum['thumbnail_status'] = $item['thumbnail_status'];
+			$thumbSize = $item['additional']['thumb_size'];
+		}
+		if (in_array("thumb_size", $additional)) {
+			$sharedAlbum['additional']['thumb_size'] = $thumbSize;
+		}
+		return $sharedAlbum;
+	}
+
+	private function AddItemQuery($type, $sharedAlbumId, $itemDBId)
+	{
+		$query = "INSERT INTO " . ($type === 'photo' ? $this->PhotoTableName : $this->VideoTableName) . " VALUES (?, ?)";
+		$db_result = PHOTO_DB_Query($query, array($sharedAlbumId, $itemDBId));
+	}
+
+	private function DeleteItemQuery($type, $sharedAlbumId, $itemDBId)
+	{
+		$query = "DELETE FROM " . ($type === 'photo' ? $this->PhotoTableName : $this->VideoTableName) . " WHERE collectionid = ? AND {$type}id = ?";
+		$db_result = PHOTO_DB_Query($query, array($sharedAlbumId, $itemDBId));
+	}
+
+	private function GetShareLinkById($sharedAlbumId)
+	{
+		$sqlParams = array($sharedAlbumId);
+		$query = "SELECT sharelink FROM " . $this->TableName . " WHERE id = ? AND";
+		$this->appendUserIDCond($query, $sqlParams);
+		$db_result = PHOTO_DB_Query($query, $sqlParams);
+		$row = PHOTO_DB_FetchRow($db_result);
+
+		if (!$row) {
+			return NULL;
+		}
+
+		return $row[0];
+	}
+
+	private function appendUserIDCond(&$sql, &$sqlParams)
+	{
+		$useridCond = " 1=1 ";
+		if ($this->UserID !== 0) {
+			$useridCond = " userid = ? ";
+			$sqlParams[] = $this->UserID;
+		}
+
+		$sql = $sql . $useridCond;
+	}
+}
+
+$api = new SharedAlbumAPI();
+$api->Run();
+
+?>

PhotoStation API/webapi/slideshow_music.inc.php

@@ -0,0 +1,6 @@
+<?php
+	require_once("../include/syno_conf.php");
+	require_once(dirname(__FILE__).'/webapi.inc.php');
+	require_once('../include/slideshow_music.php');
+	require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/slideshow_music.php

@@ -0,0 +1,345 @@
+<?php
+ini_set("session.use_only_cookies", 0);
+set_time_limit(0);
+session_cache_limiter("must-revalidate");
+
+require_once('slideshow_music.inc.php');
+
+class SlideshowMusicAPI extends WebAPI {
+	private $operationPemission = "admin";
+	protected $idPrefix = 'slideshowmusic_';
+	private $mimeType = array(
+		'mp3' => 'audio/mpeg'
+	);
+
+	function __construct() {
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		if (!strcasecmp($this->method, "list")) {
+			$this->SlideshowMusicList();
+		} elseif (!strcasecmp($this->method, "get")) {
+			session_write_close();
+			$this->GetMusic();
+		} else if (!strcasecmp($this->method, "add")) {
+			$this->AddItem();
+		} else if (!strcasecmp($this->method, "edit")) {
+			$this->Edit();
+		} else if (!strcasecmp($this->method, "delete")) {
+			$this->Delete();
+		}
+	}
+
+	private function SlideshowMusicList()
+	{
+		$resp = array();
+
+		$params = $this->GetParams_List();
+
+		$data = SlideshowMusic::ListItem($params['offset'], $params['limit']);
+		$items = array();
+		foreach ($data['data'] as $k => $v) {
+			$v['id'] = $this->EncodeItemId($k);
+			$items[] = $v;
+		}
+		$resp['items'] = $items;
+		$resp['total'] = $data['total'];
+        $offset = (0 > (int)$params['limit']) ? $resp['total'] : $params['offset'] + $params['limit'];
+        $resp['offset'] = ($offset > $resp['total']) ?  $resp['total'] : $offset;
+		$this->SetResponse($resp);
+	}
+
+	private function GetMusic()
+	{
+		$id = $this->DecodeItemId($_REQUEST['id']);
+		if (false === $id) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		$path = SlideshowMusic::GetMusicPath($id);
+		if (!$path) {
+			$this->SetError(PHOTOSTATION_SLIDESHOWMUSIC_NO_FILE);
+			goto End;
+		}
+
+		@header("Content-Type: audio/mpeg");
+		@header("Content-Transfer-Encoding: binary");
+
+		$this->GetRangeDownload($path);
+		exit;
+
+	End:
+		return;
+	}
+
+	private function GetRangeDownload($file)
+	{
+		$fp = @fopen($file, 'rb');
+		if (false == $fp) {
+			return false;
+		}
+
+		$size   = filesize($file); // File size
+		$length = $size;		   // Content length
+		$start  = 0;			   // Start byte
+		$end	= $size - 1;	   // End byte
+		// Now that we've gotten so far without errors we send the accept range header
+		// At the moment we only support single ranges.
+		// Multiple ranges requires some more work to ensure it works correctly
+		// and comply with the spesifications: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2
+		//
+		// Multirange support annouces itself with:
+		// header('Accept-Ranges: bytes');
+		//
+		// Multirange content must be sent with multipart/byteranges mediatype,
+		// (mediatype = mimetype)
+		// as well as a boundry header to indicate the various chunks of data.
+		//
+		//header("Accept-Ranges: 0-$length");
+		header('Accept-Ranges: bytes');
+		// multipart/byteranges
+		// http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2
+		if (isset($_SERVER['HTTP_RANGE'])) {
+			$c_start = $start;
+			$c_end   = $end;
+			// Extract the range string
+			list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);
+			// Make sure the client hasn't sent us a multibyte range
+			if (strpos($range, ',') !== false) {
+
+				// (?) Shoud this be issued here, or should the first
+				// range be used? Or should the header be ignored and
+				// we output the whole content?
+				header('HTTP/1.1 416 Requested Range Not Satisfiable');
+				header("Content-Range: bytes $start-$end/$size");
+				// (?) Echo some info to the client?
+				exit;
+			}
+			// If the range starts with an '-' we start from the beginning
+			// If not, we forward the file pointer
+			// And make sure to get the end byte if spesified
+			if ($range{0} == '-') {
+
+				// The n-number of the last bytes is requested
+				$c_start = $size - substr($range, 1);
+			} else {
+
+				$range  = explode('-', $range);
+				$c_start = $range[0];
+				$c_end   = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size;
+			}
+			// Check the range and make sure it's treated according to the specs.
+			// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
+			//
+			// End bytes can not be larger than $end.
+			$c_end = ($c_end > $end) ? $end : $c_end;
+			// Validate the requested range and return an error if it's not correct.
+			if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size) {
+
+				header('HTTP/1.1 416 Requested Range Not Satisfiable');
+				header("Content-Range: bytes $start-$end/$size");
+				// (?) Echo some info to the client?
+				exit;
+			}
+			$start  = $c_start;
+			$end	= $c_end;
+			$length = $end - $start + 1; // Calculate new content length
+			header('HTTP/1.1 206 Partial Content');
+		}
+		// Notify the client the byte range we'll be outputting
+		header("Content-Range: bytes $start-$end/$size");
+		header("Content-Length: $length");
+
+
+		// Start buffered download
+		$this->OutputFileWithRange($fp, $start, $end);
+		fclose($fp);
+	}
+
+	// this function output contain $end
+	private function OutputFileWithRange($fp, $start, $end)
+	{
+		fseek($fp, $start);
+		$buffer = 1024 * 8;
+		while (!feof($fp) && ($end == -1 || ($p = ftell($fp)) <= $end)) {
+
+			if ($p + $buffer > $end && $end != -1) {
+
+				// In case we're only outputtin a chunk, make sure we don't
+				// read past the length
+				$buffer = $end - $p + 1;
+			}
+
+			echo fread($fp, $buffer);
+			flush(); // Free up memory. Otherwise large files will trigger PHP's memory limit.
+		}
+	}
+
+	private function AddItem()
+	{
+		$filename = $_FILES['file']['name'];
+		$title = $_REQUEST['title'];
+
+		if (!csSYNOPhotoMisc::IsMusicFile($filename)) {
+			$this->SetError(PHOTOSTATION_SLIDESHOWMUSIC_FILE_EXT_ERR);
+			goto End;
+		}
+		if (!isset($_FILES['file'])) {
+			$this->SetError(PHOTOSTATION_SLIDESHOWMUSIC_NO_FILE);
+			goto End;
+		}
+
+		if ($_FILES['file']['error'] > 0) { // files is not uploaded successfully by form upload
+			$this->SetError(PHOTOSTATION_SLIDESHOWMUSIC_UPLOAD_ERROR);
+			goto End;
+		}
+
+		if (SlideshowMusic::LIMIT <= SlideshowMusic::GetCount()) {
+			$this->SetError(array(PHOTOSTATION_SLIDESHOWMUSIC_EXCEED_LIMIT, SlideshowMusic::LIMIT));
+			goto End;
+		}
+
+		if (!SlideshowMusic::Add($filename, $_FILES['file']['tmp_name'], $title)) {
+			$this->SetError(PHOTOSTATION_SLIDESHOWMUSIC_SET_FAIL);
+			goto End;
+		}
+		$resp = SlideshowMusic::GetLastInsertMusic();
+		$resp['id'] = $this->EncodeItemId($resp['id']);
+		$this->SetResponse($resp);
+	End:
+		return;
+	}
+
+	private function Edit()
+	{
+		$params = $this->GetParams_Edit();
+
+		if (!$params) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		$res = SlideshowMusic::EditById($params['id'], $params['title'], $params['default']);
+
+		if (!$res) {
+			$this->SetError(PHOTOSTATION_SLIDESHOWMUSIC_SET_FAIL);
+		}
+	End:
+		return;
+	}
+
+	private function Delete()
+	{
+		$params = $this->GetParams_Delete();
+
+		if (!$params) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+		$res = SlideshowMusic::DeleteById($params['id']);
+
+		if (!$res) {
+			$this->SetError(PHOTOSTATION_SLIDESHOWMUSIC_SET_FAIL);
+		}
+	End:
+		return;
+	}
+
+	private function GetParams_List()
+	{
+		// $variable + 0 => convert to integer
+		$params = array(
+			'offset' => !isset($_REQUEST['offset']) || $_REQUEST['offset'] < 0 ? 0 : $_REQUEST['offset'] + 0,
+			'limit' => !isset($_REQUEST['limit']) || $_REQUEST['limit'] < 0 ? NULL : $_REQUEST['limit'] + 0,
+		);
+		return $params;
+	}
+
+	private function GetParams_Edit()
+	{
+		if (!isset($_REQUEST['id']) || !((isset($_REQUEST['title']) && '' !== $_REQUEST['title']) || isset($_REQUEST['default']))) {
+			return false;
+		}
+
+		$id = $this->DecodeItemId($_REQUEST['id']);
+
+		if (false === $id) {
+			return false;
+		}
+
+		$params = array(
+			'id' => $id,
+			'title'	=> $_REQUEST['title'],
+			'default' => isset($_REQUEST['default']) ? ("true" === $_REQUEST['default'] ? true : false) : NULL
+		);
+		return $params;
+	}
+
+	private function GetParams_Delete()
+	{
+		if (!isset($_REQUEST['id'])){
+			return false;
+		}
+
+		$ids = explode(',', $_REQUEST['id']);
+		$validIds= array();
+		foreach($ids as $id) {
+			$decodeId = $this->DecodeItemId($id);
+			if(false === $decodeId) {
+				continue;
+			}
+			$validIds[] = $decodeId;
+		}
+
+		if (!count($validIds)) {
+			return false;
+		}
+
+		$params = array(
+			'id' => $validIds
+		);
+		return $params;
+	}
+
+	protected function CheckPermission()
+	{
+		$res = true;
+		$check = array(
+			"add" => $this->operationPemission,
+			"edit" => $this->operationPemission,
+			"delete" => $this->operationPemission
+		);
+		if (!array_key_exists($this->method, $check)) {
+			goto End;
+		}
+
+		$funcName = "check_".$check[$this->method];
+
+		if (!method_exists($this, $funcName)) {
+			$res = false;
+			goto End;
+		}
+
+		$res = $this->$funcName();
+
+	End:
+		if (!$res) {
+			$this->SetError(PHOTOSTATION_SLIDESHOWMUSIC_ACCESS_DENY);
+		}
+		return $res;
+	}
+
+	private function check_admin()
+	{
+		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+		csSYNOPhotoMisc::CheckSessionTimeOut(true);
+		return isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+	}
+}
+$api = new SlideshowMusicAPI();
+$api->Run();
+
+?>

PhotoStation API/webapi/smart_album.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('SMART_ALBUM_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/smart_album.inc.php

@@ -0,0 +1,7 @@
+<?php
+    require_once('smart_album.conf.php');
+    require_once("../include/syno_conf.php");
+
+    require_once(SMART_ALBUM_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/smart_album.php

@@ -0,0 +1,889 @@
+<?php
+
+require_once('smart_album.inc.php');
+require_once('albumutil.php');
+
+class SmartAlbumAPI extends WebAPI {
+
+    function __construct() {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process() {
+        if (!strcasecmp($this->method, "list")) {
+			session_write_close();
+            $this->SmartAlbumList();
+        } elseif (!strcasecmp($this->method, "getinfo")) {
+			session_write_close();
+            $this->GetInfo();
+        } else {
+            csSYNOPhotoMisc::CheckSessionTimeOut();
+
+            if (!strcasecmp($this->method, "create")) {
+                $this->Create();
+            } elseif (!strcasecmp($this->method, "edit")) {
+                $this->Edit();
+            } elseif (!strcasecmp($this->method, "delete")) {
+                $this->Delete();
+            }
+        }
+	}
+
+	private function ExtractAlbumToArray($data)
+	{
+		$params = array();
+		$idArr = array();
+		$items = explode(',', $data);
+		foreach ($items as $item) {
+			$arr = explode('_', $item);
+			if (2 !== count($arr)) {
+				return $idArr;
+			}
+			if ('album' !== $arr[0]) {
+				return $idArr;
+			}
+			$sharename = trim($arr[1]);
+			if ('' != $sharename) {
+				$sharename = @pack('H*', $arr[1]);
+				array_push($params, $sharename);
+			}
+		}
+		$albums = Album::GetBySharename($params);
+		foreach ($albums as $album) {
+			$id = $album['shareid'];
+			array_push($idArr, $id);
+		}
+		return $idArr;
+	}
+
+    private function ExtractTagStringToArray($tagString)
+    {
+        $tagArr = array();
+        $arr = explode(',', $tagString);
+        foreach ($arr as $tag) {
+            $split = explode('tag_', $tag);
+            if (2 !== count($split)) {
+                return $tagArr;
+            }
+            array_push($tagArr, $split[1]);
+        }
+        return $tagArr;
+	}
+
+	private function ExtractExifStringToArray($exifString, $prefix = 'tag_')
+	{
+		$exifArr = array();
+		$arr = explode(',', $exifString);
+		foreach ($arr as $exif) {
+			$split = explode($prefix, $exif);
+			if (2 !== count($split)) {
+				return false;
+			}
+			array_push($exifArr, $split[1]);
+		}
+		return $exifArr;
+	}
+
+    private function GetParams_List() {
+        $params = array();
+        if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit'])) {
+            return false;
+        }
+        $params['offset'] = $_REQUEST['offset'];
+        $params['limit'] = $_REQUEST['limit'];
+
+        $params['sort_by'] = (isset($_REQUEST['sort_by'])) ? $_REQUEST['sort_by'] : 'title';
+        if (!in_array($params['sort_by'], array('title'))) {
+            return false;
+        }
+        $params['sort_direction'] = (isset($_REQUEST['sort_direction'])) ? $_REQUEST['sort_direction'] : 'asc';
+        if (!in_array($params['sort_direction'], array('asc', 'desc'))) {
+            return false;
+        }
+
+        // additional operator
+        $params['additional'] = array();
+        $params['additional'] = explode(',', $_REQUEST['additional']);
+
+        return $params;
+    }
+
+    /**
+     * 
+     *  @return
+     *   params object - success
+     *   -1 - bad parameter
+     *   -2 - smart album not exist
+     */
+    private function GetParams_Info() {
+        $params = array();
+        if (!isset($_REQUEST['id'])) {
+            return -1;
+        }
+        $arr = explode(',', $_REQUEST['id']);
+        $params['id'] = array();
+        foreach ($arr as $smartID) {
+            if (!$this->CheckSmartAlbumExist($smartID)) {
+                return -2;
+            }
+            $split = explode('smart_', $smartID);
+            array_push($params['id'], $split[1]);
+        }
+        // additional operator
+        $params['additional'] = array();
+        $params['additional'] = explode(',', $_REQUEST['additional']);
+
+        return $params;
+    }
+
+    /**
+     * 
+     * @return 
+     *   -1 - bad parameter
+     *   -2 - smart album not exist
+     */
+    private function GetPrams_Edit() {
+        $params = array();
+
+        if (!isset($_REQUEST['id'])) {
+            return -1;
+        }
+        // check smart album exist
+        if (!$this->CheckSmartAlbumExist($_REQUEST['id'])) {
+            return -2;
+        }
+        $arr = explode('smart_', $_REQUEST['id']);
+        if (2 !== count($arr)) {
+            return -1;
+        }
+        $params['id'] = $arr[1];
+        $smartName =  @pack('H*', $arr[1]);
+        $params['name'] = (isset($_REQUEST['name']) && '' !== $_REQUEST['name']) ? $_REQUEST['name'] : $smartName;
+        $params['orig_name'] = $smartName;
+
+        // get original smart album setting
+        $smartAlbumCond = SmartAlbum::GetSmartAlbumInstance()->GetSmartCondition($smartName);
+        // type
+        if (isset($_REQUEST['type'])) {
+            $params['type'] = $_REQUEST['type'];
+            $arr = explode(',', $params['type']);
+            $count = 0;
+            foreach ($arr as $type) {
+                if (!in_array($type, array('photo', 'video'))) {
+                    return -1;
+                }
+                $count++;
+            }
+            if (1 > $count) {
+                return -1;
+            }
+        } else {
+            $params['type'] = $smartAlbumCond['type'];
+		}
+		// albums
+		if (isset($_REQUEST['albums'])) {
+			if (empty($_REQUEST['albums'])) {
+				$params['albums'] = null;
+			} else {
+				$params['albums'] = $this->ExtractAlbumToArray($_REQUEST['albums']);
+			}
+		} else {
+			$arr = $this->ExtractAlbumToArray($smartAlbumCond['albums']);
+			$params['albums'] = empty($arr) ? null : $arr;
+		}
+		// keyword
+		if (isset($_REQUEST['keyword'])) {
+            if ('' === $_REQUEST['keyword']) {
+                $params['keyword'] = null;
+                $params['keyword_op'] = null;
+            } else {
+                $params['keyword'] = $_REQUEST['keyword'];
+                $default = isset($smartAlbumCond['keyword_op']) ? $smartAlbumCond['keyword_op'] : 'any';
+                $params['keyword_op'] = (isset($_REQUEST['keyword_op'])) ? $_REQUEST['keyword_op'] : $default;
+                if (isset($params['keyword_op']) && !in_array($params['keyword_op'], array('any', 'all', 'exact'))) {
+                    return -1;
+                }
+            }
+        } else {
+            $params['keyword'] = $smartAlbumCond['keyword'];
+            $params['keyword_op'] = $smartAlbumCond['keyword_op'];
+        }
+        // date
+        if (isset($_REQUEST['date'])) {
+            if (empty($_REQUEST['date'])) {
+                $params['date'] = null;
+                $params['date_op'] = null;
+            } else {
+                $default = isset($smartAlbumCond['date_op']) ? $smartAlbumCond['date_op'] : 'taken';
+                $params['date_op'] = (isset($_REQUEST['date_op'])) ? $_REQUEST['date_op'] : $default;
+				if (in_array($params['date_op'], array('recently_add', 'recently_comment'))) {
+					$params['date'] = $_REQUEST['date'];
+
+				} else if (in_array($params['date_op'], array('taken', 'upload'))) {
+					$dates = explode(',', $_REQUEST['date']);
+					try {
+						if ($dates[0]) {
+							$date1 = new DateTime($dates[0]);
+						}
+						if ($dates[1]) {
+							$date2 = new DateTime($dates[1]);
+						}
+					} catch (Exception $e) {
+						return -1;
+					}
+					if (($date1 && $date2 && $date2 < $date1) || (!$date1 && !$date2)) {
+						return -1;
+					}
+					$params['date'] = ($date1 ? $date1->format('Y-m-d') : "").",".($date2 ? $date2->format("Y-m-d") : "");
+				} else {
+					return -1;
+				}
+            }
+        } else {
+            $params['date'] = $smartAlbumCond['date'];
+            $params['date_op'] = $smartAlbumCond['date_op'];
+        }
+        // peopel_tag
+        if (isset($_REQUEST['people_tag'])) {
+            if (empty($_REQUEST['people_tag'])) {
+                $params['people_tag'] = null;
+                $params['people_tag_op'] = null;
+            } else {
+                // get people_tag
+                $params['people_tag'] = $this->ExtractTagStringToArray($_REQUEST['people_tag']);
+                // get people_tag_op
+                $default = isset($smartAlbumCond['people_tag_op']) ? $smartAlbumCond['people_tag_op'] : 'all';
+                $params['people_tag_op'] = (isset($_REQUEST['people_tag_op'])) ? $_REQUEST['people_tag_op'] : $default;
+                if (isset($params['people_tag_op']) && !in_array($params['people_tag_op'], array('all', 'any'))) {
+                    return -1;
+                }
+            }
+        } else {
+            $arr = $this->ExtractTagStringToArray($smartAlbumCond['people_tag']);
+            $params['people_tag'] = empty($arr) ? null : $arr;
+            $params['people_tag_op'] = $smartAlbumCond['people_tag_op'];
+        }
+        // geo_tag
+        if (isset($_REQUEST['geo_tag'])) {
+            if (empty($_REQUEST['geo_tag'])) {
+                $params['geo_tag'] = null;
+                $params['geo_tag_op'] = null;
+            } else {
+                // get geo_tag
+                $params['geo_tag'] = $this->ExtractTagStringToArray($_REQUEST['geo_tag']);
+                // get geo_tag_op
+                $default = isset($smartAlbumCond['geo_tag_op']) ? $smartAlbumCond['geo_tag_op'] : 'all';
+                $params['geo_tag_op'] = (isset($_REQUEST['geo_tag_op'])) ? $_REQUEST['geo_tag_op'] : $default;
+                if (isset($params['geo_tag_op']) && !in_array($params['geo_tag_op'], array('all', 'any'))) {
+                    return -1;
+                }
+            }
+        } else {
+            $arr = $this->ExtractTagStringToArray($smartAlbumCond['geo_tag']);
+            $params['geo_tag'] = empty($arr) ? null : $arr;
+            $params['geo_tag_op'] = $smartAlbumCond['geo_tag_op'];
+        }
+        // desc_tag
+        if (isset($_REQUEST['desc_tag'])) {
+            if (empty($_REQUEST['desc_tag'])) {
+                $params['desc_tag'] = null;
+                $params['desc_tag_op'] = null;
+            } else {
+                // get desc_tag
+                $params['desc_tag'] = $this->ExtractTagStringToArray($_REQUEST['desc_tag']);
+                // get desc_tag_op
+                $default = isset($smartAlbumCond['desc_tag_op']) ? $smartAlbumCond['desc_tag_op'] : 'all';
+                $params['desc_tag_op'] = (isset($_REQUEST['desc_tag_op'])) ? $_REQUEST['desc_tag_op'] : $default;
+                if (isset($params['desc_tag_op']) && !in_array($params['desc_tag_op'], array('all', 'any'))) {
+                    return -1;
+                }
+            }
+        } else {
+            $arr = $this->ExtractTagStringToArray($smartAlbumCond['desc_tag']);
+            $params['desc_tag'] = empty($arr) ? null : $arr;
+            $params['desc_tag_op'] = $smartAlbumCond['desc_tag_op'];
+		}
+
+		foreach(SmartAlbum::$exif2IdPrefix as $label => $prefix) {
+			$exifParam = $this->GetExifParams_Edit($label, $prefix.'_');
+			if (-1 === $exifParam['success']) {
+				return -1;
+			} else {
+				$params[$label] = $exifParam['label'];
+				$params[$label.'_op'] = $exifParam['op'];
+			}
+		}
+
+		if ((null === $params['keyword'] || '' === $params['keyword']) && empty($params['date']) && empty($params['people_tag']) && empty($params['geo_tag'])
+			&& empty($params['desc_tag']) && empty($params['albums']) && empty($params['camera']) && empty($params['model']) && empty($params['exposure']) && empty($params['aperture'])
+			&& empty($params['iso']) && empty($params['focal']) && empty($params['lens']) && empty($params['flash'])) {
+            return -1;
+        }
+        return $params;
+	}
+
+	private function GetExifParams_Edit($label, $prefix) {
+		$ret['success'] = true;
+		$op = $label."_op";
+		if (isset($_REQUEST[$label])) {
+			if (empty($_REQUEST[$label])) {
+				$ret['label'] = null;
+				$ret['op'] = null;
+			} else {
+				$ret['label'] = array();
+				$ret['label'] = $this->ExtractExifStringToArray($_REQUEST[$label], $prefix);
+				$defalt = isset($smartAlbumCond[$op]) ? $smartAlbumCond[$op] : 'any';
+				$ret['op'] = (isset($_REQUEST[$op])) ? $_REQUEST[$op] : $default;
+				if (isset($ret['op']) && 'any' !== $ret['op']) {
+					$ret['success'] = false;
+				}
+			}
+		} else {
+			$arr = $this->ExtractExifStringToArray($smartAlbumCond[$lable]);
+			$ret['label'] = empty($arr) ? null : $arr;
+			$ret['op'] = $smartAlbumCond[$op];
+		}
+		return $ret;
+	}
+
+    private function GetParams_Create() {
+        $params = array();
+
+        if (!isset($_REQUEST['name']) || !isset($_REQUEST['type'])) {
+            return false;
+        }
+        $params['name'] = $_REQUEST['name'];
+        // type
+        $params['type'] = $_REQUEST['type'];
+        $arr = explode(',', $params['type']);
+        $count = 0;
+        foreach ($arr as $type) {
+            if (!in_array($type, array('photo', 'video'))) {
+                return false;
+            }
+            $count++;
+        }
+        if (1 > $count) {
+            return false;
+		}
+
+		$albums = (isset($_REQUEST['albums'])) ? $_REQUEST['albums'] : null;
+		if (!empty($_REQUEST['albums'])) {
+			$params['albums'] = $this->ExtractAlbumToArray($albums);
+		}
+
+        $params['keyword'] = (isset($_REQUEST['keyword'])) ? $_REQUEST['keyword'] : null;
+        if (!empty($_REQUEST['keyword']) || '0' === $_REQUEST['keyword']) {
+            $default = 'all';
+            $params['keyword_op'] = (isset($_REQUEST['keyword_op'])) ? $_REQUEST['keyword_op'] : $default;
+            if (isset($params['keyword_op']) && !in_array($params['keyword_op'], array('any', 'all', 'exact'))) {
+                return false;
+            }
+        }
+        $params['date'] = (isset($_REQUEST['date'])) ? $_REQUEST['date'] : null;
+        if (!empty($_REQUEST['date'])) {
+            $default = 'taken';
+            $params['date_op'] = (isset($_REQUEST['date_op'])) ? $_REQUEST['date_op'] : $default;
+            if (isset($params['date_op']) && !in_array($params['date_op'], array('taken', 'upload', 'recently_add', 'recently_comment'))) {
+                return false;
+            }
+        }
+        $people_tags = (isset($_REQUEST['people_tag'])) ? $_REQUEST['people_tag'] : null;
+        if (!empty($_REQUEST['people_tag'])) {
+            // get people_tag
+            $params['people_tag'] = array();
+            $params['people_tag'] = $this->ExtractTagStringToArray($people_tags);
+            // get people_tag_op
+            $default = 'all';
+            $params['people_tag_op'] = (isset($_REQUEST['people_tag_op'])) ? $_REQUEST['people_tag_op'] : $default;
+            if (isset($params['people_tag_op']) && !in_array($params['people_tag_op'], array('all', 'any'))) {
+                return false;
+            }
+        }
+        $geo_tags = (isset($_REQUEST['geo_tag'])) ? $_REQUEST['geo_tag'] : null;
+        if (!empty($_REQUEST['geo_tag'])) {
+            // get geo_tag
+            $params['geo_tag'] = array();
+            $params['geo_tag'] = $this->ExtractTagStringToArray($geo_tags);
+            // get geo_tag_op
+            $default = 'all';
+            $params['geo_tag_op'] = (isset($_REQUEST['geo_tag_op'])) ? $_REQUEST['geo_tag_op'] : $default;
+            if (isset($params['geo_tag_op']) && !in_array($params['geo_tag_op'], array('all', 'any'))) {
+                return false;
+            }
+        }
+        $desc_tags = (isset($_REQUEST['desc_tag'])) ? $_REQUEST['desc_tag'] : null;
+        if (!empty($_REQUEST['desc_tag'])) {
+            // get desc_tag
+            $params['desc_tag'] = array();
+            $params['desc_tag'] = $this->ExtractTagStringToArray($desc_tags);
+            // get desc_tag_op
+            $default = 'all';
+            $params['desc_tag_op'] = (isset($_REQUEST['desc_tag_op'])) ? $_REQUEST['desc_tag_op'] : $default;
+            if (isset($params['desc_tag_op']) && !in_array($params['desc_tag_op'], array('all', 'any'))) {
+                return false;
+            }
+		}
+		foreach(SmartAlbum::$exif2IdPrefix as $label => $prefix) {
+			$value = (isset($_REQUEST[$label])) ? $_REQUEST[$label] : null;
+			$op = $label.'_op';
+			if (!empty($_REQUEST[$label])) {
+				$params[$label] = $this->ExtractExifStringToArray($value, $prefix.'_');
+				$default = 'any';
+				$params[$op] = (isset($_REQUEST[$op])) ? $_REQUEST[$op] : $default;
+				if (isset($params[$op]) && 'any' !== $params[$op]) {
+					return false;
+				}
+			}
+		}
+
+		if ((null === $params['keyword'] || '' === $params['keyword']) && empty($params['albums']) && empty($params['date']) && empty($params['people_tag'])
+			&& empty($params['geo_tag']) && empty($params['desc_tag']) && empty($params['camera']) && empty($params['model'])
+			&& empty($params['exposure']) && empty($params['aperture']) && empty($params['iso']) && empty($params['focal'])
+			&& empty($params['lens']) && empty($params['flash'])) {
+            return false;
+        }
+
+		return $params;
+	}
+
+    /**
+     * 
+     * @param 
+     *  $tagIDs - array
+     *  $type - 0 means people tag
+     *          1 means geo tag
+     *          2 means desc tag
+     */
+    private function CheckTagExist($tagIDs, $type) {
+        if (!is_array($tagIDs)) {
+            return false;
+        }
+        foreach ($tagIDs as $id) {
+            $query = "SELECT count(id) FROM photo_label WHERE id={$id} AND category={$type}";
+            $db_result = PHOTO_DB_Query($query);
+            $row = PHOTO_DB_FetchRow($db_result);
+            if (1 !== (int)$row[0]) {
+                return false;
+            }
+        }
+
+        return true;
+	}
+	private function CheckExifExist($exifNames, $columnName) {
+		if (!is_array($exifNames)) {
+			return false;
+		}
+		foreach($exifNames as $exifName) {
+			if ('flash_v2' == $columnName) {
+				$exifName = str_replace('#', ',', $exifName);
+			}
+			$query = "SELECT count(". $columnName .") FROM photo_image WHERE ". $columnName ."=?";
+			$db_result = PHOTO_DB_Query($query, array($exifName));
+			$row = PHOTO_DB_FetchRow($db_result);
+			if (1 > (int)$row[0]) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+    /**
+     * 
+     * @param 
+     *  $smartID - ex: smart_id 
+     */
+    private function CheckSmartAlbumExist($smartID) {
+        $arr = explode('smart_', $smartID);
+        if (2 !== count($arr)) {
+            return false;
+        }
+        $smartName = @pack('H*', $arr[1]);
+        $result = SmartAlbum::GetSmartAlbumInstance()->ReadSmartAlbumFile();
+        if (!isset($result['smart_albums'][$smartName])) {
+            return false;
+        }
+        return true;
+    }
+
+	private function ConvertToSmartExifCondition($data, $label, $op){
+		$rule_set['field'] = $label;
+		$rule_set['operator'] = $data[$op];
+		$strings = implode(',', $data[$label]);
+		$rule_set['value'] = $strings;
+		return $rule_set;
+	}
+
+    private function ConvertToSmartCondition($data) {
+        $rule_sets = array();
+        $rule_sets[0] = array();
+
+        $ret['orig_name'] = $data['orig_name'];
+        $ret['name'] = $data['name'];
+        $ret['desc'] = '';
+        $ret['show_photo'] = strstr($data['type'], 'photo') ? true : false;
+        $ret['show_video'] = strstr($data['type'], 'video') ? true : false;
+
+		if (isset($data['albums'])) {
+			$rule_set['field'] = 'albums';
+			$rule_set['operator'] = 'any';
+			$albumString = implode(',', $data['albums']);
+			$rule_set['value'] = $albumString;
+			array_push($rule_sets[0], $rule_set);
+		}
+        if (isset($data['keyword']) && isset($data['keyword_op'])) {
+            $rule_set['field'] = 'keyword';
+            $rule_set['operator'] = $data['keyword_op'];
+            $rule_set['value'] = $data['keyword'];
+            array_push($rule_sets[0], $rule_set);
+        }
+        if (isset($data['date']) && isset($data['date_op'])) {
+            $rule_set['field'] = 'date';
+            $rule_set['operator'] = $data['date_op'];
+            $rule_set['value'] = $data['date'];
+            array_push($rule_sets[0], $rule_set);
+        }
+        if (isset($data['people_tag']) && isset($data['people_tag_op'])) {
+            $rule_set['field'] = 'people';
+            $rule_set['operator'] = $data['people_tag_op'];
+            $peopleString = implode(',', $data['people_tag']);
+            $rule_set['value'] = $peopleString;
+            array_push($rule_sets[0], $rule_set);
+        }
+        if (isset($data['geo_tag']) && isset($data['geo_tag_op'])) {
+            $rule_set['field'] = 'geo';
+            $rule_set['operator'] = $data['geo_tag_op'];
+            $geoString = implode(',', $data['geo_tag']);
+            $rule_set['value'] = $geoString;
+            array_push($rule_sets[0], $rule_set);
+        }
+        if (isset($data['desc_tag']) && isset($data['desc_tag_op'])) {
+            $rule_set['field'] = 'desc';
+            $rule_set['operator'] = $data['desc_tag_op'];
+            $descString = implode(',', $data['desc_tag']);
+            $rule_set['value'] = $descString;
+            array_push($rule_sets[0], $rule_set);
+		}
+		foreach(SmartAlbum::$exif2IdPrefix as $label => $prefix) {
+			$op = $label.'_op';
+			if (isset($data[$label]) && isset($data[$op])) {
+				$rule_set = $this->ConvertToSmartExifCondition($data, $label, $op);
+				array_push($rule_sets[0], $rule_set);
+			}
+		}
+
+		$ret['rule_sets'] = $rule_sets;
+        return json_encode($ret);
+	}
+
+    private function FormSmartAlbums($smartNames = false, $params = array()) {
+        $smartAlbumList = SmartAlbum::GetSmartAlbumInstance()->ReadSmartAlbumFile();
+        $smartAlbumArr = array();
+
+        if (empty($smartAlbumList) || !is_array($smartAlbumList['smart_albums'])) {
+            return $smartAlbumArr;
+        }
+		$smartAlbums = $smartAlbumList['smart_albums'];
+		if (false != $smartNames) {
+			foreach($smartNames as $name) {
+				if ($smartAlbums[$name]) {
+					$list[$name] = $smartAlbums[$name];
+				}
+			}
+		} else {
+			$list = $smartAlbums;
+		}
+
+		$needThumbSize = in_array('thumb_size', $params['additional']);
+        foreach ($list as $key => $item) {
+            $item['name'] = (string)$key;
+			$smartAlbum = Decorator::SmartFormula($item, array(
+				'param'=> $params,
+				'needThumbSize' => $needThumbSize
+			));
+			if (-1 === $smartAlbum) {
+				continue;
+			}
+            $smartAlbumArr[] = $smartAlbum;
+        }
+        return $smartAlbumArr;
+    }
+
+    private function SortTitle_ASC($a, $b) {
+        if (strtoupper($a['name']) == strtoupper($b['name'])) {
+            return 0;
+        }
+        return (strtoupper($a['name']) < strtoupper($b['name'])) ? -1 : 1;
+    }
+
+    private function SortTitle_DESC($a, $b) {
+        if (strtoupper($a['name']) == strtoupper($b['name'])) {
+            return 0;
+        }
+        return (strtoupper($a['name']) > strtoupper($b['name'])) ? -1 : 1;
+    }
+
+    private function SortItem($smartAlbums, $sortBy, $sortDirection, $offset, $limit) {
+        if ('title' ===$sortBy) {
+            if ('asc' === $sortDirection) {
+                usort($smartAlbums, 'self::SortTitle_ASC');
+            } else {
+                usort($smartAlbums, 'self::SortTitle_DESC');
+            }
+        }
+        $cutItemSort = array();
+        if (0 > (int)$limit) {
+            // array_slice() will reorder and reset the numeric array indices by default.
+            // Preserve_keys are set to TRUE to solve bug#2195.
+            $cutItemsSort = array_slice($smartAlbums, $offset, NULL, true);
+        } else {
+            $cutItemsSort = array_slice($smartAlbums, $offset, $limit, true);
+        }
+        return $cutItemsSort;
+    }
+
+    private function SmartAlbumList() {
+        // Get and check params
+        $params = array();
+        $params = $this->GetParams_List();
+        if (!$params) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+		$resp = array(
+			'total' => 0,
+			'offset' => 0,
+			'smart_albums'=> array()
+		);
+		$smartAlbumList = SmartAlbum::GetSmartAlbumInstance()->ReadSmartAlbumFile();
+		if (empty($smartAlbumList) || !is_array($smartAlbumList['smart_albums'])) {
+			goto End;
+		}
+		$smartAlbums = $smartAlbumList['smart_albums'];
+
+		$selectedAlbums = array();
+		if ('title' == $params['sort_by']) {
+			if ('asc' === $params['sort_direction']) {
+				ksort($smartAlbums);
+			} else {
+				krsort($smartAlbums);
+			}
+
+			if (0 > (int)$limit) {
+				// array_slice() will reorder and reset the numeric array indices by default.
+				// Preserve_keys are set to TRUE to solve bug#2195.
+				$selectedAlbums = array_slice($smartAlbums, $params['offset'], NULL, true);
+			} else {
+				$selectedAlbums = array_slice($smartAlbums, $params['offset'], $params['limit'], true);
+			}
+		}
+
+		if (count($selectedAlbums)) {
+			$albumNames = array_keys($selectedAlbums);
+		} else {
+			$albumNames = false;
+		}
+
+        // Get and form to webapi format
+        $smart_albums = array();
+        $smart_albums = $this->FormSmartAlbums($albumNames, $params);
+        $total = count($smart_albums);
+
+        // sort and set offset, limit
+		$smartSort = $smart_albums;
+		$smartSort = $this->SortItem($smart_albums, $params['sort_by'], $params['sort_direction'], $params['offset'], $params['limit']);
+        $resp['total'] = $total;
+        $offset = (0 > $params['limit']) ? $resp['total'] : $params['offset'] + $params['limit'];
+        $resp['offset'] = ($offset > $total) ?  $total : $offset;
+        $resp['smart_albums'] = $smartSort;
+    End:
+        $this->SetResponse($resp);
+        return;
+    }
+
+    private function GetInfo() {
+        // Get and check params
+        $params = array();
+        $params = $this->GetParams_Info();
+        if (-1 === $params) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        } elseif (-2 === $params) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_NOT_EXIST);
+            goto End;
+        }
+
+        // Get and form to webapi format
+        $smartNames = array();
+        foreach ($params['id'] as $id) {
+            $smartName = @pack('H*', $id);
+            array_push($smartNames, $smartName);
+        }
+        $smart_albums = $this->FormSmartAlbums($smartNames, $params);
+
+        $resp['smart_albums'] = $smart_albums;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Create() {
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (false === $isAdmin) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_ACCESS_DENY);
+            goto End;
+        }
+
+        // check parameter
+		if (false === ($params = $this->GetParams_Create())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // check tag_id exist
+        if (is_array($params['people_tag']) && !$this->CheckTagExist($params['people_tag'], 0)) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST);
+            goto End;
+        }
+        if (is_array($params['geo_tag']) && !$this->CheckTagExist($params['geo_tag'], 1)) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST);
+            goto End;
+        }
+        if (is_array($params['desc_tag']) && !$this->CheckTagExist($params['desc_tag'], 2)) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST);
+            goto End;
+		}
+		foreach(SmartAlbum::$exif2Column as $label => $column) {
+			if (is_array($params[$label]) && !$this->CheckExifExist($params[$label], $column)) {
+				$this->SetError(PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST);
+				goto End;
+			}
+		}
+
+        // add smart album
+        $jsonRuleData = $this->ConvertToSmartCondition($params);
+        $jsonRet = SmartAlbum::GetSmartAlbumInstance()->AddSmartAlbum($jsonRuleData);
+        $ret = json_decode($jsonRet, true);
+        if (false === $ret['success']) {
+	    if ($ret["error"]["code"] == 103) {
+		$this->SetError(PHOTOSTATION_SMARTALBUM_CREATE_FAIL_EXIST);
+	    } else {
+                $this->SetError(PHOTOSTATION_SMARTALBUM_CREATE_FAIL);
+	    }
+            goto End;
+        }
+
+        $resp['id'] = 'smart_'.bin2hex($params['name']);
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Edit() {
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (false === $isAdmin) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_ACCESS_DENY);
+            goto End;
+        }
+        // get parameter
+        $params = $this->GetPrams_Edit();
+        if (-1 === $params) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        } elseif (-2 === $params) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_NOT_EXIST);
+            goto End;
+        }
+
+        // check tag_id exist
+        if (is_array($params['people_tag']) && !$this->CheckTagExist($params['people_tag'], 0)) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST);
+            goto End;
+        }
+        if (is_array($params['geo_tag']) && !$this->CheckTagExist($params['geo_tag'], 1)) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST);
+            goto End;
+        }
+        if (is_array($params['desc_tag']) && !$this->CheckTagExist($params['desc_tag'], 2)) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST);
+            goto End;
+        }
+		foreach(SmartAlbum::$exif2Column as $label => $column) {
+			if (is_array($params[$label]) && !$this->CheckExifExist($params[$label], $column)) {
+				$this->SetError(PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST);
+				goto End;
+			}
+		}
+
+        // edit smart album
+        $jsonRuleData = $this->ConvertToSmartCondition($params);
+        $jsonRet = SmartAlbum::GetSmartAlbumInstance()->EditSmartAlbum($jsonRuleData);
+        $ret = json_decode($jsonRet, true);
+        if (empty($ret) || false === $ret['success']) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_EDIT_FAIL);
+            goto End;
+        }
+
+        // category hook
+        if ($params['name'] !== $params['orig_name']) {
+            $newID = bin2hex($params['name']);
+            $query = "UPDATE category_items SET smart_id='{$newID}' WHERE smart_id='{$params['id']}'";
+            if (false === PHOTO_DB_Query($query)) {
+                $this->SetError(PHOTOSTATION_SMARTALBUM_EDIT_FAIL);
+                goto End;
+            }
+        }
+
+        $resp['id'] = 'smart_'.bin2hex($params['name']);
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+    
+    private function Delete() {
+        $isAdmin = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+        if (false === $isAdmin) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_ACCESS_DENY);
+            goto End;
+        }
+        // Get and check params
+        $params = $this->GetParams_Info();
+        if (-1 === $params) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        } elseif (-2 === $params) {
+            $this->SetError(PHOTOSTATION_SMARTALBUM_NOT_EXIST);
+            goto End;
+        }
+
+        // get smart album names
+        $smartNames = array();
+        foreach ($params['id'] as $id) {
+            $smartName = @pack('H*', $id);
+            array_push($smartNames, $smartName);
+        }
+
+        // delete
+        foreach ($smartNames as $smartName) {
+            $data['name'] = $smartName;
+            $jsonData = json_encode($data);
+            SmartAlbum::GetSmartAlbumInstance()->DeleteSmartAlbum($jsonData);
+
+            // category hook
+            $id = bin2hex($smartName);
+            $query = "DELETE FROM category_items WHERE smart_id='{$id}'";
+            PHOTO_DB_Query($query);
+        }
+
+
+
+    End:
+        return;
+    }
+}
+
+$api = new SmartAlbumAPI();
+$api->Run();
+
+?>

PhotoStation API/webapi/tag.conf.php

@@ -0,0 +1,3 @@
+<?php
+    define('TAG_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__).'/webapi.inc.php');
+?>

PhotoStation API/webapi/tag.inc.php

@@ -0,0 +1,9 @@
+<?php
+    require_once('tag.conf.php');
+    require_once("../include/syno_conf.php");
+    require_once("../include/label.php");
+    require_once("../include/item_label.php");
+
+    require_once(TAG_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+    require_once(SZ_WEBAPI_CLASS_PATH);
+?>

PhotoStation API/webapi/tag.php

@@ -0,0 +1,586 @@
+<?php
+
+require_once('tag.inc.php');
+require_once('albumutil.php');
+
+define('PHP_CMD', '/usr/bin/php -n -d extension_dir=/lib/php/modules -d extension=syno_compiler.so -d extension=curl.so -d extension=bz2.so');
+
+class TagAPI extends WebAPI {
+    function __construct() {
+        parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+    }
+
+    protected function Process()
+    {
+        if (!strcasecmp($this->method, "list")) {
+            $this->TagList();
+        } elseif (!strcasecmp($this->method, "getinfo")) {
+            $this->GetInfo();
+        } else {
+            csSYNOPhotoMisc::CheckSessionTimeOut(true);
+
+            if (!strcasecmp($this->method, "create")) {
+                 $this->Create();
+            } else if (!strcasecmp($this->method, "searchplace")) {
+                $this->SearchPlace();
+            } else {
+                csSYNOPhotoMisc::CheckSessionTimeOut();
+
+                if (!strcasecmp($this->method, "edit")) {
+                    $this->Edit();
+                } elseif (!strcasecmp($this->method, "delete")) {
+                    $this->Delete();
+				} elseif (!strcasecmp($this->method, "delete_unconfirmed_tag")) {
+					$this->DeleteUnconfirmedTag();
+				}
+            }
+        }
+    }
+
+	private function GetParams_SearchPlace()
+	{
+		if (!isset($_REQUEST['query']) || !isset($_REQUEST['location'])) {
+			return false;
+		}
+		$params = array();
+		$params['query'] = $_REQUEST['query'];
+		$params['location'] = $_REQUEST['location'];
+		$params['radius'] = (isset($_REQUEST['radius'])) ? $_REQUEST['radius'] : '500';
+		$params['format'] = $_REQUEST['format'] === 'true';
+		return $params;
+	}
+
+    private function GetParams_Edit()
+    {
+        if (!isset($_REQUEST['id']) || !isset($_REQUEST['name'])) {
+            return false;
+        }
+        $arr = explode('tag_', $_REQUEST['id']);
+        if (2 !== count($arr)) {
+            return false;
+        }
+        $params['id'] = (int) $arr[1];
+        $params['name'] = $_REQUEST['name'];
+
+        // for geo tag
+        $params['place_id'] = (isset($_REQUEST['place_id'])) ? $_REQUEST['place_id'] : null;
+        $params['reference'] = (isset($_REQUEST['reference'])) ? $_REQUEST['reference'] : null;
+        $params['lat'] = (isset($_REQUEST['lat'])) ? $_REQUEST['lat'] : null;
+        $params['lng'] = (isset($_REQUEST['lng'])) ? $_REQUEST['lng'] : null;
+        $params['address'] = (isset($_REQUEST['address'])) ? $_REQUEST['address'] : null;
+        return $params;
+    }
+
+    private function GetParams_Create()
+    {
+        if (!isset($_REQUEST['name']) || !isset($_REQUEST['type'])) {
+            return false;
+        }
+        $params['name'] = $_REQUEST['name'];
+        $params['type'] = $_REQUEST['type'];
+        if (!in_array($params['type'], array('people', 'geo', 'desc'))) {
+            return false;
+        }
+
+        // for geo tag
+        if ('geo' === $params['type']) {
+            $params['place_id'] = (isset($_REQUEST['place_id'])) ? $_REQUEST['place_id'] : null;
+            $params['reference'] = (isset($_REQUEST['reference'])) ? $_REQUEST['reference'] : null;
+            $params['lat'] = (isset($_REQUEST['lat'])) ? $_REQUEST['lat'] : null;
+            $params['lng'] = (isset($_REQUEST['lng'])) ? $_REQUEST['lng'] : null;
+            $params['address'] = (isset($_REQUEST['address'])) ? $_REQUEST['address'] : null;
+        }
+        return $params;
+    }
+
+    private function GetParams_Info()
+    {
+        if (!isset($_REQUEST['id'])) {
+            return false;
+        }
+        $params['id'] = array();
+        $arr = explode(',', $_REQUEST['id']);
+        foreach ($arr as $item) {
+            $split = explode('tag_', $item);
+            if (2 !== count($split)) {
+                return false;
+            }
+            $params['id'][] = (int) $split[1];
+        }
+
+        $params['thumbnail_status'] = isset($_REQUEST['thumbnail_status']) ? $_REQUEST['thumbnail_status'] : 'false';
+        if (!in_array($params['thumbnail_status'], array('true', 'false'))) {
+            return false;
+        }
+
+        $params['additional'] = explode(',', $_REQUEST['additional']);
+        return $params;
+    }
+
+    private function GetParams_List()
+    {
+        if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !isset($_REQUEST['type'])) {
+            return false;
+        }
+        if (!is_numeric($_REQUEST['offset']) || !is_numeric($_REQUEST['limit'])) {
+            return false;
+        }
+        $params['offset'] = (int)$_REQUEST['offset'];
+        $params['limit'] = (int)$_REQUEST['limit'];
+        $params['type'] = explode(',', $_REQUEST['type']);
+        foreach ($params['type'] as $type) {
+            if (!in_array($type, array('people', 'geo', 'desc'))) {
+                return false;
+            }
+        }
+
+        $params['thumbnail_status'] = isset($_REQUEST['thumbnail_status']) ? $_REQUEST['thumbnail_status'] : 'false';
+        if (!in_array($params['thumbnail_status'], array('true', 'false'))) {
+            return false;
+        }
+
+        $params['sort_by'] = (isset($_REQUEST['sort_by'])) ? $_REQUEST['sort_by'] : 'title';
+        if ((null !== $params['sort_by']) && !in_array($params['sort_by'], array('title'))) {
+            return false;
+        }
+        $params['sort_direction'] = (isset($_REQUEST['sort_direction'])) ? $_REQUEST['sort_direction'] : 'asc';
+        if ((null !== $params['sort_direction']) && !in_array($params['sort_direction'], array('asc', 'desc'))) {
+            return false;
+        }
+
+        $params['unconfirm_people_tag'] = isset($_REQUEST['unconfirm_people_tag']) ? $_REQUEST['unconfirm_people_tag'] : 'false';
+        if (!in_array($params['unconfirm_people_tag'], array('true', 'false'))) {
+            return false;
+        }
+
+        $params['additional'] = explode(',', $_REQUEST['additional']);
+
+        return $params;
+    }
+
+    private function CategoryNameToNum($name)
+    {
+        if (!isset($name)) {
+            return false;
+        }
+        switch ($name) {
+        case 'people':
+            $codeNum = Label::PEOPLE;
+            break;
+        case 'geo':
+            $codeNum = Label::GEO;
+            break;
+        case 'desc':
+            $codeNum = Label::DESC;
+            break;
+        default:
+            return false;
+            break;
+        }
+        return $codeNum;
+    }
+
+    private function FormListTags($data, $params)
+    {
+		$extraConfig = array(
+			'needThumbSize'	=> in_array('thumb_size', $params['additional']),
+			'param'			=> $params
+		);
+
+        $tags = array();
+        foreach ($data as $key => $value) {
+            // 0 - people tag; 1 - geo tag; 2 - desc tag
+            if (Label::PEOPLE === $key && !in_array('people', $params['type'])) {
+                continue;
+            }
+            if (Label::GEO === $key && !in_array('geo', $params['type'])) {
+                continue;
+            }
+            if (Label::DESC === $key && !in_array('desc', $params['type'])) {
+                continue;
+            }
+            foreach ($data[$key] as $item) {
+				$tag = Decorator::TagFormula($item, $extraConfig);
+                $tags[] = $tag;
+            }
+        }
+        return $tags;
+    }
+
+    private function FormInfoTags($data, $params)
+    {
+        $tags = array();
+		$extraConfig = array(
+			'needThumbSize'	=> in_array('thumb_size', $params['additional']),
+			'param'			=> $params
+		);
+        foreach ($data as $item) {
+			$tag = Decorator::TagFormula($item, $extraConfig);
+			$tags[] = $tag;
+        }
+        return $tags;
+    }
+
+    private function AddUnConfirmTag($list, $params, &$tags)
+    {
+        $needThumbSize = in_array('thumb_size', $params['additional']);
+
+        $arr = array();
+        $unConfirmTag['id'] = SYNOPHOTO_UNCONFIRM_TAG_ID;
+        $unConfirmTag['type'] = 'tag';
+        $unConfirmTag['tag_type'] = 'people';
+        $unConfirmTag['name'] = '';
+
+		$coverPath = '';
+        if (is_array($list)) {
+            $pathList = array_keys($list);
+			$coverPath = $pathList[0];
+        }
+        $blConversion = csSYNOPhotoMisc::IsAlbumAllowConversion(dirname($coverPath));
+        list($orig_resolutionx, $orig_resolutiony, $blThumbRotated) = AlbumAPIUtil::GetCoverResolutionRotation($coverPath);
+        AlbumAPIUtil::FillThumbStatus($unConfirmTag, $coverPath, $needThumbSize, $orig_resolutionx, $orig_resolutiony, $blThumbRotated, $blConversion);
+
+        array_push($arr, $unConfirmTag);
+        array_splice($tags, 0, 0, $arr);
+    }
+
+    private function SortTags($sortBy, $sortDirection, &$sortTags)
+    {
+        if ('title' === $sortBy) {
+            if ('asc' === $sortDirection) {
+                return;
+            } else {
+                $sortTags = array_reverse($sortTags);
+            }
+        }
+    }
+
+    private function TagList()
+    {
+        if (false === ($params = $this->GetParams_List())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        // get category type number  - people(0), geo(1), desc(2)
+        $types = array();
+        foreach ($params['type'] as $type) {
+            if (false === ($num = $this->CategoryNameToNum($type))) {
+                $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+                goto End;
+            }
+            array_push($types, $num);
+        }
+        // database query
+        $result = Label::GetByCategoryPermission($types, isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']));
+		$totalTags = $this->FormListTags($result, $params);
+        
+        // sorting
+        $this->SortTags($params['sort_by'], $params['sort_direction'], $totalTags);
+
+        // add people unconfirm tag
+        if (in_array('people', $params['type']) && 'true' === $params['unconfirm_people_tag']) {
+            $list = AlbumAPIUtil::GetUnConfirmItemList();
+            if (0 < (int)$list['total']) {
+                $this->AddUnConfirmTag($list, $params, $totalTags);
+            }
+        }
+        $total = count($totalTags);
+
+        // set offset and limit
+        if (0 > $params['limit']) {
+            $tags = array_slice($totalTags, $params['offset']);
+        } else {
+            $tags = array_slice($totalTags, $params['offset'], $params['limit']);
+        }
+
+        $resp['total'] = (int)$total;
+        $offset = (0 > $params['limit']) ? $resp['total'] : $params['offset'] + $params['limit'];
+        $resp['offset'] = ($offset > $total) ?  (int)$total : (int)$offset;
+        $resp['tags'] = $tags;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function GetInfo()
+    {
+        if (false === ($params = $this->GetParams_Info())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // database query
+        if (false === ($result = Label::GetByIds($params['id']))) {
+            $this->SetError(PHOTOSTATION_TAG_GETINFO_FAIL);
+            goto End;
+        }
+        // form to webapi format
+        $tags = $this->FormInfoTags($result, $params);
+
+        $resp['tags'] = $tags;
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Create()
+    {
+        if (false === ($params = $this->GetParams_Create())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+        // add label parameter
+        $label['name'] = $params['name'];
+        $label['category'] = $this->CategoryNameToNum($params['type']);
+        $label['info'] = '';
+        if ('geo' === $params['type']) {
+			$info['placeId'] = '';
+            if (null !== $params['place_id']) {
+                $info['placeId'] = $params['place_id'];
+            }
+            if (null !== $params['reference']) {
+                $info['reference'] = $params['reference'];
+            }
+            if (null !== $params['lat']) {
+                $info['lat'] = $params['lat'];
+            }
+            if (null !== $params['lng']) {
+                $info['lng'] = $params['lng'];
+            }
+            if (null !== $params['address']) {
+                $info['address'] = $params['address'];
+            }
+            if (!empty($info)) {
+                $json = json_encode($info);
+                $label['info'] = $json;
+            }
+        }
+
+        $blCreateNewTag = false;
+        if ('geo' === $params['type']) {
+            // (name, place_id) as primary key in geo tag
+            if (false === ($row = Label::GetGeoLabelByNamePlaceId($label['name'], $info['placeId']))) {
+                $blCreateNewTag = true;
+            }
+        } elseif ('people' === $params['type'] || 'desc' === $params['type']) {
+            // (name, category) as primary key in people, desc tag
+            if (false === ($row = Label::GetByNameCategory($label['name'], $label['category']))) {
+                $blCreateNewTag = true;
+            }
+        }
+        if ($blCreateNewTag) {
+            // database query
+            if (false === ($lastinsertId = Label::Add($label['name'], $label['category'], $label['info']))) {
+                $this->SetError(PHOTOSTATION_TAG_CREATE_FAIL);
+                goto End;
+            }
+            $row = array('id' => $lastinsertId);
+        }
+
+        $resp['id'] = 'tag_'.$row['id'];
+        $this->SetResponse($resp);
+    End:
+        return;
+    }
+
+    private function Edit()
+    {
+        if (false === ($params = $this->GetParams_Edit())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        // get original label
+		$id = $params['id'];
+        if (false === ($label_objs = Label::GetByIds(array($id)))) {
+            $this->SetError(PHOTOSTATION_TAG_EDIT_FAIL);
+            goto End;
+        }
+		$result = $label_objs[$id];
+        $origLabel = json_decode($result['info'], true);
+        $type = $result['category'];
+        // add label parameter
+        $label['info'] = '';
+        if (Label::GEO === $type) {
+            $info['placeId'] = (null !== $params['place_id']) ? $params['place_id'] : $origLabel['placeId'];
+            $info['reference'] = (null !== $params['reference']) ? $params['reference'] : $origLabel['reference'];
+            $info['lat'] = (null !== $params['lat']) ? $params['lat'] : $origLabel['lat'];
+            $info['lng'] = (null !== $params['lng']) ? $params['lng'] : $origLabel['lng'];
+            $info['address'] = (null !== $params['address']) ? $params['address'] : $origLabel['address'];
+            if ('' === $info['placeId'] || null === $info['placeId']) {
+                unset($info['placeId']);
+            }
+            if ('' === $info['reference'] || null === $info['reference']) {
+                unset($info['reference']);
+            }
+            if ('' === $info['lat'] || null === $info['lat']) {
+                unset($info['lat']);
+            }
+            if ('' === $info['lng'] || null === $info['lng']) {
+                unset($info['lng']);
+            }
+            if ('' === $info['address'] || null === $info['address']) {
+                unset($info['address']);
+            }
+            $label['info'] = json_encode($info);
+        }
+
+        // check tag exist
+        if (Label::isDuplicated($params['id'], $params['name'], $info['placeId'], $type)) {
+            $this->SetError(PHOTOSTATION_TAG_HAS_EXIST);
+            goto End;
+        }
+
+        // database query
+        if (0 === Label::EditById($params['id'], $params['name'], $label['info'])) {
+            $this->SetError(PHOTOSTATION_TAG_EDIT_FAIL);
+            goto End;
+        }
+
+        // update metadata
+        if (Label::GEO !== $type) {
+            $image_label_objs = ItemLabel::GetPhotoLabelByLabelIds(array($params['id']));
+            foreach ($image_label_objs as $objs) {
+                self::OutputSingleSpace();
+                ItemLabel::UpdatePhotoMetadata($objs['image_id'], $result['category']);
+            }
+        }
+
+    End:
+        return;
+    }
+
+    private function Delete()
+    {
+        if (false === ($params = $this->GetParams_Info())) {
+            $this->SetError(WEBAPI_ERR_BAD_REQUEST);
+            goto End;
+        }
+
+        foreach ($params['id'] as $id) {
+            // To avoid cgi timeout, have to delete label one by one
+            // Label::DeleteAllByIds support delete multilabels
+            self::OutputSingleSpace();
+            Label::DeleteAllByIds(array($id));
+        }
+    End:
+        return;
+    }
+
+	private function DeleteUnconfirmedTag()
+	{
+		$unconfirmedLabelId = ItemLabel::GetUnconfirmedLabelId();
+		Label::DeleteAllByIds($unconfirmedLabelId, false);
+	}
+
+	private function SearchPlace()
+	{
+		if (false === ($params = $this->GetParams_SearchPlace())) {
+			$this->SetError(WEBAPI_ERR_BAD_REQUEST);
+			goto End;
+		}
+
+		$query = escapeshellarg($params['query']);
+		$location = escapeshellarg($params['location']);
+		$radius = escapeshellarg($params['radius']);
+		$language = escapeshellarg($_SESSION[SYNOPHOTO_ADMIN_USER]['lang']);
+
+		$phppath = '/var/packages/PhotoStation/target/photo_scripts/encrypted/tag_place_search.php';
+
+		$cmd = PHP_CMD." $phppath -q $query -l $location -r $radius -n $language";
+
+
+		@exec($cmd, $output, $ret);
+		if (0 !== $ret) {
+			$this->SetError(PHOTOSTATION_TAG_SEARCH_FAIL);
+			goto End;
+		}
+
+		$json = json_decode(implode('', $output), true);
+
+		$searchPlaces = array();
+		$existPlace = array();
+
+		if (is_array($json['results'])) {
+			foreach ($json['results'] as $place) {
+				$item = array();
+				$item['address'] = $place['formatted_address'];
+				$item['gps'] = $place['geometry']['location'];
+				$item['placeId'] = $place['id'];
+				$item['name'] = $place['name'];
+				$item['tagId'] = -1;
+				$item['type'] = 'search';
+				$searchPlaces[] = $item;
+			}
+		}
+		$existPlace = Label::SearchGeoLabel($params['query']);
+
+		if ($params['format']) {
+			for($i=0; $i < count($existPlace); ++$i) {
+				$existPlace[$i]['type'] = 'db';
+			}
+			$resp = array_merge($existPlace, $searchPlaces);
+		} else {
+			$resp['existPlaces'] = $existPlace;
+			$resp['searchPlaces'] = $searchPlaces;
+		}
+
+		$this->SetResponse($resp);
+	End:
+		return;
+	}
+
+	protected function CheckPermission()
+	{
+		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+
+		$res = true;
+		$check = array(
+			"edit" => "admin",
+			"delete" => "admin",
+			"delete_unconfirmed_tag" => "admin",
+			"create" => "manage",
+			"searchplace" => "manage"
+		);
+		if (!array_key_exists($this->method, $check)) {
+			goto End;
+		}
+
+		$funcName = "check_".$check[$this->method];
+
+		if (!method_exists($this, $funcName)) {
+			$res = false;
+			goto End;
+		}
+
+		$res = $this->$funcName();
+
+	End:
+		if (!$res) {
+			$this->SetError(PHOTOSTATION_TAG_ACCESS_DENY);
+		}
+		return $res;
+	}
+
+	private function check_admin()
+	{
+		return isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
+	}
+
+	private function check_manage()
+	{
+		if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {
+			return true;
+		}
+		if (0 < count($_SESSION[SYNOPHOTO_ADMIN_USER]['manageable_album'])) {
+			return true;
+		}
+		return false;
+	}
+}
+
+$api = new TagAPI();
+$api->Run();
+
+
+?>

PhotoStation API/webapi/thumb.conf.php

@@ -0,0 +1,4 @@
+<?php
+	define('THUMB_CONF_WEBAPI_SERVICE_INCLUDE_PATH', dirname(__FILE__) . '/webapi.inc.php');
+	$SYNOPHOTO_ALLOW_ID_TYPE = array('photo', 'video', 'album', 'smart', 'virtual', 'tag', 'defaultsmart', 'sharedalbum', 'publicshare');
+	$SYNOPHOTO_ID_TYPE_LEN = array('photo' => 3, 'video' => 3, 'album' => 2, 'smart' => 2, 'virtual'=> 2, 'tag' => 2, 'defaultsmart' => 2, 'sharedalbum' => 2, 'publicshare' => 2);

PhotoStation API/webapi/thumb.inc.php

@@ -0,0 +1,6 @@
+<?php
+	require_once('thumb.conf.php');
+	require_once("../include/syno_defines.php");
+
+	require_once(THUMB_CONF_WEBAPI_SERVICE_INCLUDE_PATH);
+	require_once(SZ_WEBAPI_CLASS_PATH);

PhotoStation API/webapi/thumb.php

@@ -0,0 +1,518 @@
+<?PHP
+
+set_time_limit(0);
+session_cache_limiter("must-revalidate");
+
+//workaround for locale-awared function "basename()" in DSM 5.0 env (#bug 2037)
+setlocale(LC_CTYPE, "en_US.UTF-8");
+
+require_once('thumb.inc.php');
+require_once '../include/SYNOPhotoEA.php';
+require_once('../include/photo/synophoto_csPhotoMisc.php');
+require_once '../include/shared_album.php';
+require_once('../include/photo/synophoto_csPhotoDB.php');
+require_once '../include/album.php';
+
+class ThumbAPI extends WebAPI
+{
+	function __construct()
+	{
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		csSYNOPhotoMisc::PhotoSessionStart();
+		if ('' == SYNOPHOTO_URL_PREFIX && csSYNOPhotoMisc::checkDsmAccountEnabled()) {
+			define('PHOTO_ACCESS_RIGHT_TABLE', 'photo_access_right_for_dsm_account');
+			define('PHOTO_UPLOAD_RIGHT_TABLE', 'photo_upload_right_for_dsm_account');
+			define('PHOTO_MANAGE_RIGHT_TABLE', 'photo_manage_right_for_dsm_account');
+			define('PHOTO_GROUP_PERMISSION_TABLE', 'photo_group_permission_for_dsm_account');
+			define('SHARED_ALBUM_TABLE_NAME', 'photo_personal_collection_for_dsm_account');
+			define('SHARED_ALBUM_PHOTO_TABLE_NAME', 'photo_personal_collection_photo_for_dsm_account');
+			define('SHARED_ALBUM_VIDEO_TABLE_NAME', 'photo_personal_collection_video_for_dsm_account');
+		} else {
+			define('PHOTO_ACCESS_RIGHT_TABLE', 'photo_access_right');
+			define('PHOTO_UPLOAD_RIGHT_TABLE', 'photo_upload_right');
+			define('PHOTO_MANAGE_RIGHT_TABLE', 'photo_manage_right');
+			define('PHOTO_GROUP_PERMISSION_TABLE', 'photo_group_permission');
+			define('PHOTO_USER_TABLE', 'photo_user');
+			define('PHOTO_USER_GROUP_TABLE', 'photo_user_group');
+			define('PHOTO_GROUP_TABLE', 'photo_group');
+			define('SHARED_ALBUM_TABLE_NAME', 'photo_personal_collection');
+			define('SHARED_ALBUM_PHOTO_TABLE_NAME', 'photo_personal_collection_photo');
+			define('SHARED_ALBUM_VIDEO_TABLE_NAME', 'photo_personal_collection_video');
+		}
+		define('SHARED_ALBUM_ADMIN_TABLE_NAME', 'photo_personal_collection_for_admin');
+		define('SHARED_ALBUM_PHOTO_ADMIN_TABLE_NAME', 'photo_personal_collection_photo_for_admin');
+		define('SHARED_ALBUM_VIDEO_ADMIN_TABLE_NAME', 'photo_personal_collection_video_for_admin');
+
+		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+		if (isset($_REQUEST['public_share_id'])) {
+			csSYNOPhotoDB::GetDBInstance()->SetPublicShareSessionCache($_REQUEST['public_share_id']);
+		} else if (isset($_REQUEST['id']) && 0 === strpos($_REQUEST['id'], 'publicshare_')) {
+			$id = $_REQUEST['id'];
+			$id_arr = explode('_', $id);
+			csSYNOPhotoDB::GetDBInstance()->SetPublicShareSessionCache($id_arr[1]);
+		}
+		session_write_close();
+		if (!strcasecmp($this->method, "get")) {
+			$this->Get();
+		} else if (!strcasecmp($this->method, "get_dsm_thumb")) {
+			$this->GetDSMThumb();
+		}
+	}
+
+	private function Get()
+	{
+		global $SYNOPHOTO_ALLOW_ID_TYPE;
+		global $SYNOPHOTO_ID_TYPE_LEN;
+		$ret = false;
+
+		// return when lack of params
+		if (!isset($_REQUEST['id']) || !isset($_REQUEST['size'])) {
+			$this->SetError(PHOTOSTATION_THUMB_BAD_PARAMS);
+			goto End;
+		}
+
+		// check params
+		$id = $_REQUEST['id'];
+		$id_arr = explode('_', $id);
+		if ($id_arr[0] !== 'photo' && $id_arr[0] !== 'video') {
+			// require albumutil.php before variable $type is assigned
+			// due to "include/photo/album_util.php" will read variable $type and lead to check timeout
+			require_once('albumutil.php');
+
+			session_write_close();
+		}
+
+		$type = $id_arr[0];
+		if (!in_array($type, $SYNOPHOTO_ALLOW_ID_TYPE)) {
+			$this->SetError(PHOTOSTATION_THUMB_BAD_PARAMS);
+			goto End;
+		}
+		if (count($id_arr) !== $SYNOPHOTO_ID_TYPE_LEN[$type]) {
+			$this->SetError(PHOTOSTATION_THUMB_BAD_PARAMS);
+			goto End;
+		}
+		$size = $_REQUEST['size'];
+		if ('small' !== $size && 'large' !== $size && 'preview' !== $size) {
+			$this->SetError(PHOTOSTATION_THUMB_BAD_PARAMS);
+			goto End;
+		}
+
+		$publicShareId = NULL;
+		if (isset($_REQUEST['public_share_id']) || $id_arr[0] === 'publicshare') {
+			$publicShareId = isset($_REQUEST['public_share_id']) ? $_REQUEST['public_share_id'] : $id_arr[1];
+			if (!SharedAlbum::CheckPublicSharePermission($publicShareId)) {
+				$this->SetError(PHOTOSTATION_THUMB_ACCESS_DENY);
+				goto End;
+			}
+			$publicShareInfo = SharedAlbum::GetInfoByPublicShare($publicShareId);
+			if (NULL === $publicShareInfo || 'valid' !== $publicShareInfo['share_status']) {
+				$this->SetError(PHOTOSTATION_THUMB_ACCESS_DENY);
+				goto End;
+			}
+		}
+		if ($publicShareId !== NULL && ($type === 'photo' || $type === 'video')) {
+			$albumName = @pack('H*', $id_arr[1]);
+			$fileName = @pack('H*', $id_arr[2]);
+			if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName, false, $publicShareId)) {
+				$this->SetError(PHOTOSTATION_THUMB_ACCESS_DENY);
+				goto End;
+			}
+			$filePath = ('/' === $albumName ? "" : $albumName . "/") . $fileName;
+			if (!SharedAlbum::CheckSharedAlbumItemValid($filePath, $type, $publicShareId)) {
+				$this->SetError(PHOTOSTATION_THUMB_ACCESS_DENY);
+				goto End;
+			}
+		}
+
+		// start to construct thumbnail path from the given id
+		$dir = '';
+		$sharename = '';
+		$fileName = '';
+		$albumName = '';
+		$url = '';
+		$path = '';
+		$isPublic = false;
+		if (SYNOPHOTO_UNCONFIRM_TAG_ID === $id) {
+			$list = AlbumAPIUtil::GetUnConfirmItemList(1, 0);
+			$keys = array_keys($list);
+			$fullPath = $keys[0];
+			$dir = dirname($fullPath);
+			$albumName = substr($dir, strlen(SYNOPHOTO_SERVICE_REAL_DIR.'/'));
+			$fileName = basename($fullPath);
+			$sharename = $albumName;
+		} else if ('photo' === $type || 'video' === $type) {
+			$sharename = $albumName = @pack('H*', $id_arr[1]);
+			$dir = SYNOPHOTO_SERVICE_REAL_DIR . ('/' === $albumName ? "" : "/" . $albumName);
+			$fileName = @pack('H*', $id_arr[2]);
+		} elseif ('smart' === $type) {
+			$albumName = @pack('H*', $id_arr[1]);
+			$album = SmartAlbum::GetSmartAlbumInstance()->GetCoverOfSmartAlbumByName($albumName);
+			if (!$album['success']) {
+				$this->SetError(PHOTOSTATION_THUMB_ACCESS_DENY);
+				goto End;
+			}
+			$cover_path = $album['cover']['path'];
+			if ('' !== $cover_path) {
+				$dir = substr($cover_path, 0, strrpos($cover_path, '/'));
+				$fileName = basename($cover_path);
+			} else {
+				$path = SYNO_PKG_DIR . "/target" . SYNOPHOTO_IMG_EMPTY_HIGH_QUALITY;
+			}
+			$isPublic = true;
+		} else if ('sharedalbum' === $type || 'publicshare' === $type) {
+			if ('sharedalbum' === $type) {
+				if ($id_arr[1] === 'single') {
+					$sharedAlbum = SharedAlbum::GetHiddenAlbumInfo();
+					if ($sharedAlbum !== NULL) {
+						$id_arr[1] = explode("_", $sharedAlbum['id'])[1];
+					}
+				}
+				$cover = SharedAlbum::GetSharedAlbumCover($id_arr[1]);
+			} else {
+				$cover = SharedAlbum::GetSharedAlbumCover(NULL, $id_arr[1]);
+			}
+			if (NULL === $cover) {
+				$this->SetError(PHOTOSTATION_THUMB_ACCESS_DENY);
+				goto End;
+			}
+			$path_parts = pathinfo($cover['path']);
+			$fileName = $path_parts['basename'];
+			$sharename = substr($path_parts['dirname'], strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+			$dir = $path_parts['dirname'];
+			if ('root' === SYNOPHOTO_ADMIN_USER) {
+				if ($dir === SYNOPHOTO_SERVICE_REAL_DIR) {
+					$albumName = '/';
+				} else {
+					$albumName = substr($dir, strlen(SYNOPHOTO_SERVICE_REAL_DIR) + 1);
+				}
+			} else {
+				$albumName = "." === $dir ? "/" : $dir;
+				$dir = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $dir;
+			}
+			if (empty($albumName) || empty($fileName)) {
+				$this->SetError(PHOTOSTATION_THUMB_NO_COVER);
+				goto End;
+			}
+		} else {
+			if ('album' === $type) {
+				$albumName = @pack('H*', $id_arr[1]);
+				$album = csSYNOPhotoAlbum::GetAlbumInstance()->GetAlbumCover($albumName);
+			} elseif ('virtual' === $type) {
+				$isPublic = true;
+				$album = csSYNOPhotoBrowse::GetBrowseInstance()->GetVirtualAlbumThumb($id_arr[1]);
+			} elseif ('tag' === $type) {
+				$isPublic = true;
+				$album = csSYNOPhotoAlbum::GetAlbumInstance()->GetLabelAlbumCover($id_arr[1]);
+            } elseif ('defaultsmart' === $type) {
+                $index = 0;
+                if ('people' === $id_arr[1]) {
+                    $index = 0;
+                } elseif ('geo' === $id_arr[1]) {
+                    $index = 1;
+                } elseif ('desc' === $id_arr[1]) {
+                    $index = 2;
+                }
+                $isPublic = true;
+                $categoryArr = array();
+                array_push($categoryArr, $index);
+                $result = SYNOPHOTO_LABEL_UTIL_GetAllLabel(false, $categoryArr);
+                $album = csSYNOPhotoAlbum::GetAlbumInstance()->GetLabelAlbumCover($result[$index][0]['id']);
+            }
+			$url = $album['bigCover']['src'];
+
+			if (!empty($album['coverPath'])) {
+				// extract cover info from coverPath
+				$relativePath = substr($album['coverPath'], strlen(SYNOPHOTO_SERVICE_REAL_DIR_PATH));
+				$path_parts = pathinfo($relativePath);
+				$fileName = $path_parts['basename'];
+				$albumName = $path_parts['dirname'];
+				if (in_array($albumName, array('.', ''), true)) {
+					$albumName = '/';
+				}
+				$dir = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $albumName;
+			} else {
+				$albumName = @pack('H*', substr($url, strpos($url, 'dir=') + 4, strpos($url, '&name') - strpos($url, 'dir=') - 4));
+				$fileName = @pack('H*', substr($url, strpos($url, 'name=') + 5, strpos($url, '&type') - strpos($url, 'name=') - 5));
+				$dir = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $albumName;
+			}
+
+			if ("" === $albumName || empty($fileName)) {
+				$this->SetError(PHOTOSTATION_THUMB_NO_COVER);
+				goto End;
+			}
+		}
+
+		// check access right
+		if (!$isPublic && !csSYNOPhotoMisc::CheckAlbumAccessible($albumName, false, $publicShareId)) {
+			$this->SetError(PHOTOSTATION_THUMB_ACCESS_DENY);
+			goto End;
+		}
+
+		// construct corresonding thumbnail path
+		$hasSmall = $hasLarge = true;
+		$blConversion = csSYNOPhotoMisc::IsAlbumAllowConversion($sharename);
+		if ('' === $path) {
+			if ('small' === $size) {
+				$hasSmall = SYNOPhotoEA::checkFilePathByDirFile($dir, $fileName, SYNOPhotoEA::FILE_THUMB_M, $path);
+			}
+			if ('large' === $size) {
+				$hasLarge = SYNOPhotoEA::checkFilePathByDirFile($dir, $fileName, SYNOPhotoEA::FILE_THUMB_XL, $path);
+				if (!$hasLarge) {
+					$hasLarge = SYNOPhotoEA::checkFilePathByDirFile($dir, $fileName, SYNOPhotoEA::FILE_THUMB_LARGE_PREVIEW, $path);
+				}
+			}
+			if ('preview' === $size || (!$blConversion && !$hasSmall)) {
+				SYNOPhotoEA::checkFilePathByDirFile($dir, $fileName, SYNOPhotoEA::FILE_THUMB_PREVIEW, $path);
+			}
+			if (!$blConversion && !$hasLarge && in_array(strtolower(pathinfo($fileName, PATHINFO_EXTENSION)), array('jpeg', 'bmp', 'png', 'jpg', 'jpe'))) {
+				$path = "$dir/$fileName";
+			}
+		}
+
+		// set mime type, default is jpeg
+		$mime = 'image/jpeg';
+		preg_match('/\.([^\.]*?)$/', $fileName, $matches);
+		$extension = strtolower($matches[1]);
+		// special case for gif, return original file
+		if ('gif' === $extension) {
+			$path = $dir . "/" . $fileName;
+			$mime = 'image/gif';
+		}
+
+		if (!file_exists($path)) {
+			$this->SetError(PHOTOSTATION_THUMB_FILE_NOT_EXISTS);
+			goto End;
+		}
+
+		@header("Cache-Control: max-age=".(3600*24*7));
+
+		// check last-modified value
+		$lastModified = $this->GetLastModified($path);
+		if ($lastModified) {
+			if ($this->CheckLastModified($lastModified)) {
+				@header("HTTP/1.1 304 Not Modified");
+				return;
+			} else {
+				@header("Last-Modified: " . $lastModified);
+			}
+		}
+
+		// output binary
+		@header("Content-Type: $mime");
+		$filename = $fileName;
+
+		// Windows Phone WebHttpReponse cannot accept non-ascii character in response header
+		// Replace non-ascii character with '_'
+		if (preg_match("/Windows Phone OS/i", $_SERVER['HTTP_USER_AGENT'])) {
+			$filename = preg_replace('/[^(\x20-\x7F)]*/', '_', $filename);
+		}
+		@header('Content-Disposition: inline; filename="'.addslashes($filename).'"');
+
+		$this->SYNOPHOTO_CONVERT_Rrange_Download($path);
+		exit;
+
+		End:
+			return $ret;
+	}
+
+	private function GetPhotoMimeType($path)
+	{
+		$SYNOPHOTO_THUMB_MIME = array(
+			'jpg' => 'image/jpeg',
+			'jpeg' => 'image/jpeg',
+			'jpe' => 'image/jpeg',
+			'bmp' => 'image/bmp',
+			'gif' => 'image/gif',
+			'png' => 'image/png'
+		);
+
+		$path = strtolower($path);
+		$path_parts = pathinfo($path);
+		$extension = $path_parts['extension'];
+		if (array_key_exists($extension, $SYNOPHOTO_THUMB_MIME)) {
+			return $SYNOPHOTO_PICASA_MIME[$extension];
+		}
+		return null;
+	}
+
+	private function GetLoginUsername() {
+		if (!isset($_SESSION[SYNOPHOTO_ADMIN_USER]) || (!isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']) && !isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user']))) {
+			return "Guest";
+		}
+		$username = 'admin';
+		if (SYNOPHOTO_ADMIN_USER !== "root") {
+			$username = substr(SYNOPHOTO_ADMIN_USER, 1);
+		}
+		if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'])) {
+			$username = $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'];
+			if (!isset($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) || $_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account'] != '1') {
+				$username = "Guest";
+			}
+		}
+		return $username;
+	}
+
+	private function GetDSMThumb()
+	{
+		$ret = false;
+
+		// return when lack of params
+		$id = $this->DecodeItemId($_REQUEST['id'], 'dsmshare_');
+		if (false === $id) {
+			$this->SetError(PHOTOSTATION_THUMB_BAD_PARAMS);
+			goto End;
+		}
+
+		$command = "/usr/syno/bin/synophoto_extract_preview ".escapeshellarg(urldecode($id))." --stdout ".escapeshellarg($this->GetLoginUsername());
+		$output = @shell_exec($command);
+
+		if (($pos = strpos($output, "\n")) === false) {
+			//output default image
+			$imagefp = fopen("../photo_new/images/Window/image_default_photo_dark.png", "rb");
+			@header("Content-Type: image/png");
+			@header('Content-Disposition: inline; filename="image_default_photo_dark.png"');
+			fpassthru($imagefp);
+			exit;
+		}
+		$thumbPath = substr($output, 0, $pos);
+		$mime = $this->GetPhotoMimeType($thumbPath);
+		@header("Cache-Control: public, max-age=86400");
+		@header("Content-Type: $mime");
+		@header('Content-Disposition: inline; filename="'.addslashes($fileName).'"');
+		echo substr($output, $pos+1);
+		//echo $thumbName;
+		exit;
+	End:
+		return $ret;
+	}
+
+	private function GetLastModified($thumbPath)
+	{
+		$filest = @stat($thumbPath);
+
+		if ($filest !== false) {
+			$lastModified = gmdate('D, d M Y H:i:s', $filest[9]) . ' GMT';
+			return $lastModified;
+		} else {
+			return false;
+		}
+	}
+
+	private function CheckLastModified($lastModified)
+	{
+		if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
+			$ims = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
+			if ($ims === $lastModified) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	private function SYNOPHOTO_CONVERT_Rrange_Download($file)
+	{
+		$fp = @fopen($file, 'rb');
+		if (FALSE == $fp) {
+			return FALSE;
+		}
+
+		$size   = filesize($file); // File size
+		$length = $size;		   // Content length
+		$start  = 0;			   // Start byte
+		$end	= $size - 1;	   // End byte
+		// Now that we've gotten so far without errors we send the accept range header
+		// At the moment we only support single ranges.
+		// Multiple ranges requires some more work to ensure it works correctly
+		// and comply with the spesifications: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2
+		//
+		// Multirange support annouces itself with:
+		// header('Accept-Ranges: bytes');
+		//
+		// Multirange content must be sent with multipart/byteranges mediatype,
+		// (mediatype = mimetype)
+		// as well as a boundry header to indicate the various chunks of data.
+		//
+		//header("Accept-Ranges: 0-$length");
+		header('Accept-Ranges: bytes');
+		// multipart/byteranges
+		// http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2
+		if (isset($_SERVER['HTTP_RANGE'])) {
+			$c_start = $start;
+			$c_end   = $end;
+			// Extract the range string
+			list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);
+			// Make sure the client hasn't sent us a multibyte range
+			if (strpos($range, ',') !== false) {
+
+				// (?) Shoud this be issued here, or should the first
+				// range be used? Or should the header be ignored and
+				// we output the whole content?
+				header('HTTP/1.1 416 Requested Range Not Satisfiable');
+				header("Content-Range: bytes $start-$end/$size");
+				// (?) Echo some info to the client?
+				exit;
+			}
+			// If the range starts with an '-' we start from the beginning
+			// If not, we forward the file pointer
+			// And make sure to get the end byte if spesified
+			if ($range{0} == '-') {
+
+				// The n-number of the last bytes is requested
+				$c_start = $size - substr($range, 1);
+			}
+			else {
+
+				$range  = explode('-', $range);
+				$c_start = $range[0];
+				$c_end   = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size;
+			}
+			// Check the range and make sure it's treated according to the specs.
+			// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
+			//
+			// End bytes can not be larger than $end.
+			$c_end = ($c_end > $end) ? $end : $c_end;
+			// Validate the requested range and return an error if it's not correct.
+			if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size) {
+
+				header('HTTP/1.1 416 Requested Range Not Satisfiable');
+				header("Content-Range: bytes $start-$end/$size");
+				// (?) Echo some info to the client?
+				exit;
+			}
+			$start  = $c_start;
+			$end	= $c_end;
+			$length = $end - $start + 1; // Calculate new content length
+			fseek($fp, $start);
+			header('HTTP/1.1 206 Partial Content');
+		}
+		// Notify the client the byte range we'll be outputting
+		if (preg_match("/Windows Mobile/i", $_SERVER['HTTP_USER_AGENT'])) {
+			header("Content-Range: bytes $start-$end/$size");
+		}
+		header("Content-Length: $length");
+
+		// Start buffered download
+		$buffer = 1024 * 8;
+		while(!feof($fp) && ($p = ftell($fp)) <= $end) {
+
+			if ($p + $buffer > $end) {
+
+				// In case we're only outputtin a chunk, make sure we don't
+				// read past the length
+				$buffer = $end - $p + 1;
+			}
+
+			echo fread($fp, $buffer);
+			flush(); // Free up memory. Otherwise large files will trigger PHP's memory limit.
+		}
+		fclose($fp);
+	}
+}
+
+$api = new ThumbAPI();
+$api->Run();

PhotoStation API/webapi/timeline.php

@@ -0,0 +1,221 @@
+<?PHP
+
+require_once('photo.inc.php');
+require_once('photoutil.php');
+require_once('albumutil.php');
+
+class TimelineAPI extends WebAPI
+{
+	function __construct()
+	{
+		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
+	}
+
+	protected function Process()
+	{
+		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();
+		if (!strcasecmp($this->method, "getindex")) {
+			$this->GetIndex();
+		}
+	}
+
+	private function GetIndex()
+	{
+		$ret = false;
+		$resp = array();
+		$dates = array();
+		$datesCount = array();
+		$year_index = array();
+		$month_index = array();
+
+		/* required params setting */
+		$type = $_REQUEST['type'];
+		if (!strstr($type, 'photo') && !strstr($type, 'video')) {
+			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);
+			goto End;
+		}
+		$filter_smart = isset($_REQUEST['filter_smart']) ? $_REQUEST['filter_smart'] : '';
+		$filter_tag = isset($_REQUEST['filter_tag']) ? $_REQUEST['filter_tag'] : '';
+		$filter_album = isset($_REQUEST['filter_album']) ? $_REQUEST['filter_album'] : '';
+		$sort_direction = 'asc' === $_REQUEST['sort_direction'] ? 'asc' : 'desc';
+
+		if ('' !== $filter_album) {
+			$arr = explode('_', $filter_album);
+			if ('album' !== $arr[0]) {
+				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);
+				goto End;
+			}
+			if (!csSynoPhotoMisc::CheckPathValid($albumPath = SYNOPHOTO_SERVICE_REAL_DIR . "/" . @pack('H*', $arr[1]))) {
+				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);
+				goto End;
+			}
+			$personalAlbumPath = @pack('H*', $arr[1]);
+		} else {
+			$albumPath = SYNOPHOTO_SERVICE_REAL_DIR;
+			$personalAlbumPath = '';
+		}
+
+		if ('root' !== SYNOPHOTO_ADMIN_USER) { //personal photo station
+			if ('' !== $filter_album) {
+				$escPath = $personalAlbumPath . '/%';
+			} else {
+				$escPath = $personalAlbumPath . '%';
+			}
+		} else {
+			$escPath = $albumPath . '/%';
+		}
+
+		if ('' === $filter_smart) {
+			/* filter by albumname and tag */
+			$sqlParam = array();
+			$photoQuery = '';
+
+			$albumCondition = csSYNOPhotoMisc::GetAccessibleAlbumQueryConditionWithExcludeFormat();
+			if (!$albumCondition['albumCond']) {
+				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);
+				goto End;
+			}
+
+			if (strstr($type, 'photo')) {
+				$photoQuery .= "SELECT p.timetaken as date ";
+				$photoQuery .= "FROM photo_image as p ";
+				$photoQuery .= "WHERE p.path LIKE ? ";
+				$sqlParam[] = $escPath;
+
+				if ('' !== $filter_tag) {
+					$photoQuery .= "AND p.id IN (SELECT photo_image_label.image_id FROM photo_image_label LEFT JOIN photo_image ON photo_image_label.image_id = photo_image.id ";
+					$photoQuery .= "WHERE (" . PhotoAPIUtil::getLabelIDConstraint($filter_tag) . ")) ";
+				}
+
+				$photoQuery .= "AND {$albumCondition['albumCond']} ";
+				$sqlParam = array_merge($sqlParam, $albumCondition['sqlParam']);
+			}
+			$videoQuery = '';
+			if (strstr($type, 'video')) {
+				$videoQuery = "SELECT v.mdate as date ";
+				$videoQuery .= "FROM video v ";
+				$videoQuery .= "WHERE v.path LIKE ? ";
+				$sqlParam[] = $escPath;
+
+				if ('' !== $filter_tag) {
+					$videoQuery .= "AND v.path IN (SELECT video_path FROM photo_video_label LEFT JOIN video ON photo_video_label.video_path = video.path ";
+					$videoQuery .= "WHERE (" . PhotoAPIUtil::getLabelIDConstraint($filter_tag) . "))";
+				}
+
+				$videoQuery .= "AND {$albumCondition['albumCond']} ";
+				$sqlParam = array_merge($sqlParam, $albumCondition['sqlParam']);
+			}
+
+			if ('' !== $photoQuery && '' !== $videoQuery) {
+				$query = "SELECT date(g.date) as date, COUNT(*) AS count from ($photoQuery UNION ALL $videoQuery) as g";
+			} elseif ('' === $photoQuery) {
+				$query = "SELECT date(g.date) as date, COUNT(*) AS count from ($videoQuery) as g";
+			} else {
+				$query = "SELECT date(g.date) as date, COUNT(*) AS count from ($photoQuery) as g";
+			}
+
+			$query .= " GROUP BY date(g.date) ORDER BY date(g.date) desc";
+			$db_result = PHOTO_DB_Query($query, $sqlParam);
+			while ($row = PHOTO_DB_FetchRow($db_result)) {
+				if (strlen($row["date"]) < 10) {
+					$date = '1970-01-01';
+				} else {
+					$date = $row["date"];
+				}
+				if (FALSE == in_array($date, $dates)) {
+					$dates[] = $date;
+				}
+				$datesCount[$date] = intval($row["count"]);
+			}
+		} else {
+			/* for smart album */
+			$arr = explode('_', $filter_smart);
+			if ('smart' !== $arr[0]) {
+				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);
+				goto End;
+			}
+			$albumName = @pack('H*', $arr[1]);
+			$data = array(
+				"name" => $albumName,
+				"offset" => 0,
+				"limit" => -1
+			);
+			$smart = json_decode(SmartAlbum::GetSmartAlbumInstance()->ListItem(json_encode($data), 'takendate', 'desc'), true);
+			if (!$smart['success']) {
+				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);
+				goto End;
+			}
+			$itemLists = $smart['data']['itemList'];
+
+			foreach ($itemLists as $row) {
+				if (!strstr($type, $row['type'])) {
+					continue;
+				}
+				if (false !== ($item = PhotoAPIUtil::getItemByPath($row['path'], array(), $row['type'], false))) {
+					$takentime = $item['info']['takendate'];
+					$date = substr($takentime, 0, 10);
+					if (strlen($date) < 10) {
+						$date = '1970-01-01';
+					}
+					if (FALSE == in_array($date, $dates)) {
+						$dates[] = $date;
+					}
+					if (!isset($datesCount[$date])) {
+						$datesCount[$date] = 0;
+					}
+					$datesCount[$date]++;
+				}
+			}
+		}
+
+		$sorted_dates = array();
+		if ('asc' === $sort_direction) {
+			$unknownDate = false;
+			asort($dates);
+			foreach ($dates as $date) {
+				if ($date !== '1970-01-01') {
+					$sorted_dates[] = $date;
+				} else {
+					$unknownDate = true;
+				}
+			}
+			if ($unknownDate) {
+				$sorted_dates[] = '1970-01-01';
+			}
+		} else {
+			arsort($dates);
+			foreach ($dates as $date) {
+				$sorted_dates[] = $date;
+			}
+		}
+		$dates = $sorted_dates;
+
+		$objs = array();
+		for ($i=0; $i<count($dates); $i++) {
+			$item = array();
+			$item['date'] = $dates[$i];
+			$item['year'] = substr($dates[$i], 0, 4);
+			$item['month'] = substr($dates[$i], 5, 2);
+			$item['day'] = substr($dates[$i], 8, 2);
+			$item['index'] = $i;
+			$item['count'] = $datesCount[$dates[$i]];
+			$objs[] = $item;
+		}
+
+		// set return data
+		$resp['total'] = count($dates);
+		$resp['date'] = $dates;
+		$resp['date_objs'] = $objs;
+
+		$this->SetResponse($resp);
+
+
+		$ret = true;
+		End:
+			return $ret;
+	}
+
+}
+
+$api = new TimelineAPI();
+$api->Run();

PhotoStation API/webapi/webapi.conf.php

@@ -0,0 +1,6 @@
+<?php
+
+    define('CONF_WEBAPI_SERVICE_PATH', '/var/packages/PhotoStation/target/photo/webapi');
+    define('CONF_API_DESCRIPTION_DIR', CONF_WEBAPI_SERVICE_PATH);
+
+?>

PhotoStation API/webapi/webapi.inc.php

@@ -0,0 +1,142 @@
+<?php
+    require_once('webapi.conf.php');
+	require_once('formulautil.php');
+
+    define('SZ_WEBAPI_SDK_DIR',     CONF_WEBAPI_SERVICE_PATH.'/sdk');
+    define('SZ_WEBAPI_CLASS_PATH',  SZ_WEBAPI_SDK_DIR.'/WebAPI.php');
+    define('SZ_WEBAPI_API_DESCRIPTION_DIR', CONF_WEBAPI_SERVICE_PATH);
+    define('SZ_API_DESCRIPTION', 'PhotoStation.api');
+    define('SZ_WEBAPI_API_DESCRIPTION_PATH', SZ_WEBAPI_API_DESCRIPTION_DIR.'/'.SZ_API_DESCRIPTION);
+
+    // SYNO.PhotoStation.Info (401-405)
+
+    // SYNO.PhotoStation.Auth (406-415)
+    define('PHOTOSTATION_AUTH_LOGIN_NOPRIVILEGE', 406);
+    define('PHOTOSTATION_AUTH_LOGIN_ERROR', 407);
+    define('PHOTOSTATION_AUTH_LOGIN_DISABLE_ACCOUNT', 408);
+    define('PHOTOSTATION_AUTH_LOGIN_GUEST_ERROR', 409);
+
+    // SYNO.PhotoStaion.Album (416-425)
+    define('PHOTOSTATION_ALBUM_PASSWORD_ERROR', 416);
+    define('PHOTOSTATION_ALBUM_NO_ACCESS_RIGHT', 417);
+    define('PHOTOSTATION_ALBUM_NO_UPLOAD_RIGHT', 418);
+    define('PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT', 419);
+    define('PHOTOSTATION_ALBUM_NOT_ADMIN', 420);
+    define('PHOTOSTATION_ALBUM_HAS_EXIST', 421);
+    define('PHOTOSTATION_ALBUM_CREATE_FAIL', 422);
+    define('PHOTOSTATION_ALBUM_EDIT_FAIL', 423);
+    define('PHOTOSTATION_ALBUM_DELETE_FAIL', 424);
+    define('PHOTOSTATION_ALBUM_SELECT_CONFLICT', 425);
+
+    // SYNO.PhotoStation.Permission (426-435)
+    define('PHOTOSTATION_PERMISSION_BAD_PARAMS', 426);
+    define('PHOTOSTATION_PERMISSION_ACCESS_DENY', 427);
+
+    // SYNO.PhotoStation.Tag (436-445)
+    define('PHOTOSTATION_TAG_LIST_FAIL', 436);
+    define('PHOTOSTATION_TAG_GETINFO_FAIL', 437);
+    define('PHOTOSTATION_TAG_CREATE_FAIL', 438);
+    define('PHOTOSTATION_TAG_EDIT_FAIL', 439);
+    define('PHOTOSTATION_TAG_ACCESS_DENY', 440);
+    define('PHOTOSTATION_TAG_HAS_EXIST', 441);
+    define('PHOTOSTATION_TAG_SEARCH_FAIL', 442);
+
+    // SYNO.PhotoStation.SmartAlbum (446-455)
+    define('PHOTOSTATION_SMARTALBUM_CREATE_FAIL', 446);
+    define('PHOTOSTATION_SMARTALBUM_EDIT_FAIL', 447);
+    define('PHOTOSTATION_SMARTALBUM_ACCESS_DENY', 448);
+    define('PHOTOSTATION_SMARTALBUM_NOT_EXIST', 449);
+    define('PHOTOSTATION_SMARTALBUM_TAG_NOT_EXIST', 450);
+    define('PHOTOSTATION_SMARTALBUM_CREATE_FAIL_EXIST', 451);
+
+    // SYNO.PhotoStation.Photo (456-465)
+    define('PHOTOSTATION_PHOTO_BAD_PARAMS', 456);
+    define('PHOTOSTATION_PHOTO_ACCESS_DENY', 457);
+    define('PHOTOSTATION_PHOTO_SELECT_CONFLICT', 458);
+
+    // SYNO.PhotoStation.PhotoTag (466-475)
+    define('PHOTOSTATION_PHOTO_TAG_ACCESS_DENY', 466);
+    define('PHOTOSTATION_PHOTO_TAG_NOT_EXIST', 467);
+    define('PHOTOSTATION_PHOTO_TAG_DUPLICATE', 468);
+    define('PHOTOSTATION_PHOTO_TAG_VIDEO_NOT_EXIST', 469);
+    define('PHOTOSTATION_PHOTO_TAG_ADD_GEO_DESC_FAIL', 470);
+    define('PHOTOSTATION_PHOTO_TAG_ADD_PEOPLE_FAIL', 471);
+    define('PHOTOSTATION_PHOTO_TAG_DELETE_FAIL', 472);
+    define('PHOTOSTATION_PHOTO_TAG_PEOPLE_TAG_CONFIRM_FAIL', 473);
+
+    // SYNO.PhotoStation.Category (476-490)
+    define('PHOTOSTATION_CATEGORY_ACCESS_DENY', 476);
+    define('PHOTOSTATION_CATEGORY_WRONG_ID_FORMAT', 477);
+    define('PHOTOSTATION_CATEGORY_GETINFO_FAIL', 478);
+    define('PHOTOSTATION_CATEGORY_CREATE_FAIL', 479);
+    define('PHOTOSTATION_CATEGORY_DELETE_FAIL', 480);
+    define('PHOTOSTATION_CATEGORY_EDIT_FAIL', 481);
+    define('PHOTOSTATION_CATEGORY_ARRANGE_FAIL', 482);
+    define('PHOTOSTATION_CATEGORY_ADD_ITEM_FAIL', 483);
+    define('PHOTOSTATION_CATEGORY_LIST_ITEM_FAIL', 484);
+    define('PHOTOSTATION_CATEGORY_REMOVE_ITEM_FAIL', 485);
+    define('PHOTOSTATION_CATEGORY_ARRANGE_ITEM_FAIL', 486);
+    define('PHOTOSTATION_CATEGORY_DUPLICATE', 487);
+
+    // SYNO.PhotoStation.Comment (491-495)
+    define('PHOTOSTATION_COMMENT_VALIDATE_FAIL', 491);
+    define('PHOTOSTATION_COMMENT_ACCESS_DENY', 492);
+    define('PHOTOSTATION_COMMENT_CREATE_FAIL', 493);
+
+    // SYNO.PhotoStation.Thumb (496-505)
+    define('PHOTOSTATION_THUMB_BAD_PARAMS', 501);
+    define('PHOTOSTATION_THUMB_ACCESS_DENY', 502);
+    define('PHOTOSTATION_THUMB_NO_COVER', 503);
+    define('PHOTOSTATION_THUMB_FILE_NOT_EXISTS', 504);
+
+    // SYNO.PhotoStation.Download (506-515)
+    define('PHOTOSTATION_DOWNLOAD_BAD_PARAMS', 506);
+    define('PHOTOSTATION_DOWNLOAD_ACCESS_DENY', 507);
+    define('PHOTOSTATION_DOWNLOAD_CHDIR_ERROR', 508);
+
+    // SYNO.PhotoStation.File (516-525)
+    define('PHOTOSTATION_FILE_BAD_PARAMS', 516);
+    define('PHOTOSTATION_FILE_ACCESS_DENY', 517);
+    define('PHOTOSTATION_FILE_FILE_EXT_ERR', 518);
+    define('PHOTOSTATION_FILE_DIR_NOT_EXISTS', 519);
+    define('PHOTOSTATION_FILE_UPLOAD_ERROR', 520);
+    define('PHOTOSTATION_FILE_NO_FILE', 521);
+
+    // SYNO.PhotoStation.Cover (526-530)
+    define('PHOTOSTATION_COVER_ACCESS_DENY', 526);
+    define('PHOTOSTATION_COVER_ALBUM_NOT_EXIST', 527);
+    define('PHOTOSTATION_COVER_PHOTO_VIDEO_NOT_EXIST', 528);
+    define('PHOTOSTATION_COVER_PHOTO_VIDEO_NOT_IN_ALBUM', 529);
+    define('PHOTOSTATION_COVER_SET_FAIL', 530);
+
+    // SYNO.PhotoStation.Rotate (531-535)
+    define('PHOTOSTATION_ROTATE_ACCESS_DENY', 531);
+    define('PHOTOSTATION_ROTATE_SET_FAIL', 532);
+
+    // SYNO.PhotoStation.SlideshowMusic (536-545)
+    define('PHOTOSTATION_SLIDESHOWMUSIC_ACCESS_DENY', 536);
+    define('PHOTOSTATION_SLIDESHOWMUSIC_SET_FAIL', 537);
+    define('PHOTOSTATION_SLIDESHOWMUSIC_FILE_EXT_ERR', 538);
+    define('PHOTOSTATION_SLIDESHOWMUSIC_UPLOAD_ERROR', 539);
+    define('PHOTOSTATION_SLIDESHOWMUSIC_NO_FILE', 540);
+    define('PHOTOSTATION_SLIDESHOWMUSIC_EXCEED_LIMIT', 541);
+
+    // SYNO.PhotoStation.DsmShare (546-550)
+    define('PHOTOSTATION_DSMSHARE_UPLOAD_ERROR', 546);
+    define('PHOTOSTATION_DSMSHARE_ACCESS_DENY', 547);
+
+    // SYNO.PhotoStation.SharedAlbum (551-560)
+    define('PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY', 551);
+    define('PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS', 552);
+    define('PHOTOSTATION_SHARED_ALBUM_HAS_EXISTED', 553);
+    define('PHOTOSTATION_SHARED_ALBUM_CREATE_FAIL', 554);
+    define('PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS', 555);
+    define('PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR', 556);
+    define('PHOTOSTATION_SHARED_ALBUM_LIST_ERROR', 557);
+
+    // SYNO.PhotoStation.Log (561-565)
+    define('PHOTOSTATION_LOG_ACCESS_DENY', 561);
+
+    // SYNO.PhotoStation.PATH (566-570)
+    define('PHOTOSTATION_PATH_ACCESS_DENY', 566);
+?>

addon.py

@@ -82,6 +82,8 @@ def main():
         items = []
         for f in content["items"]:
             label = f["info"]["title"]
+            if not label:
+                continue
             label2 = f["additional"]["file_location"] if "file_location" in f["additional"] else ""
             type = f["type"]
             oid2 = f["id"]
@@ -226,6 +228,7 @@ def main():
 
 def get_view_mode(vm):
     modes = {
+        #"skin.estuary.isl"
         "skin.estuary": {
             "None": None,
             "List": 50,
@@ -237,7 +240,32 @@ def get_view_mode(vm):
             "Wall": 500,
             "Banner": 501,
             "FanArt": 502
-        }
+        },
+        "skin.estuary.isl": {
+            "None": None,
+            "List": 50,
+            "Poster": 51,
+            "IconWall":52 ,
+            "Shift": 53,
+            "InfoWall": 54,
+            "WideList": 55,
+            "Wall": 500,
+            "Banner": 501,
+            "FanArt": 502
+        },
+        "skin.estuary.is": {
+            "None": None,
+            "List": 50,
+            "Poster": 51,
+            "IconWall":52 ,
+            "Shift": 53,
+            "InfoWall": 54,
+            "WideList": 55,
+            "Wall": 500,
+            "Banner": 501,
+            "FanArt": 502
+        },
+
     }
     skin = xbmc.getSkinDir()
     if skin in modes and vm in modes[skin]:

addon.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<addon version="0.1.16" id="plugin.image.photostation" name="PhotoStation" provider-name="ivars777"  >
+<addon version="0.1.17" id="plugin.image.photostation" name="PhotoStation" provider-name="ivars777"  >
   <requires>
     <import addon="xbmc.python" version="2.1.0"/>
     <import addon="script.module.requests" />

kmake.bat

@@ -18,15 +18,6 @@ set CP=\MinGW\msys\1.0\bin\cp.exe
 set ZIP=
 rem set ZIP=\Program Files (x86)\Gow\bin\zip.exe
 
-
-:=== Pull content submodule ===
-pushd resources\lib\content
-git commit -a -m labojumi
-git checkout .
-git pull
-popd
-
-
 :=== Create package zip file ===
 if exist "%pack_name%" rm -r -f "%pack_name%"
 mkdir "%pack_name%""
@@ -38,10 +29,6 @@ readme.md
 changelog.md
 addon.xml
 addon.py
-context_menu.py
-context_download.py
-downloadqueue.py
-service.py
 icon.png
 kodiswift\*.py
 resources\__init__.py
@@ -49,53 +36,9 @@ resources\settings.xml
 resources\icon.png
 resources\language\English\*
 resources\lib\__init__.py
-resources\lib\content\__init__.py
-resources\lib\content\ContentSources.py
-resources\lib\content\playstreamproxy.py
-resources\lib\content\Downloader.py
-resources\lib\content\resolver.py
-resources\lib\content\util.py
-resources\lib\content\run.py
-resources\lib\content\file.py
-resources\lib\content\demjson.py
-resources\lib\content\ordereddict.py
-resources\lib\content\sources\__init__.py
-resources\lib\content\sources\SourceBase.py
-resources\lib\content\sources\cinemalive.py
-resources\lib\content\sources\config.py
-resources\lib\content\sources\euronews.py
-resources\lib\content\sources\filmix.py
-resources\lib\content\sources\filmon.py
-resources\lib\content\sources\iplayer.py
-resources\lib\content\sources\movieplace.py
-resources\lib\content\sources\ltc.py
-resources\lib\content\sources\mtgplay.py
-resources\lib\content\sources\xtv.py
-resources\lib\content\sources\replay.py
-resources\lib\content\sources\lmt.py
-resources\lib\content\sources\serialguru.py
-resources\lib\content\sources\tvdom.py
-resources\lib\content\sources\ustvnow.py
-resources\lib\content\sources\viaplay.py
-resources\lib\content\sources\filmas.py
-resources\lib\content\sources\tvplay.py
-resources\lib\content\sources\enigma2.py
-resources\lib\content\sources\YouTubeVideoUrl.py
-resources\lib\content\sources\jsinterp.py
-resources\lib\content\sources\swfinterp.py
-resources\lib\content\sources\streams.cfg
-resources\lib\content\resolvers\__init__.py
-resources\lib\content\resolvers\aadecode.py
-resources\lib\content\resolvers\hqqresolver.py
-resources\lib\content\resolvers\openload3.py
-resources\lib\content\resolvers\hdgo.py
-resources\lib\content\resolvers\kapnob.py
-resources\lib\content\resolvers\kodik.py
-resources\lib\content\resolvers\cloudsany.py
-resources\lib\content\resolvers\youtuberesolver.py
+resources\lib\photostation_api.py
 ) do echo f| xcopy %%f %pack_name%\%%f
-
-xcopy /y /q resources\lib\content\picons\* %pack_name%\resources\picons\
+pause
 
 echo Creating %release_dir%%pack_name%-%ver%.zip
 if exist  %release_dir%%pack_name%-%ver%.zip rm %release_dir%%pack_name%-%ver%.zip
@@ -107,6 +50,7 @@ if ()==(%1%) (
 )
 :=== Add to git ===
 echo Adding to git
+echo git add %release_dir%%pack_name%-%ver%.zip
 git add %release_dir%%pack_name%-%ver%.zip
 git commit -m %ver%
 git tag -d %ver%

make_links.bat

@@ -0,0 +1,6 @@
+mklink /h resources\lib\ContentSources.py \Data\Programming\enigma2\PlayStream2\ContentSources.py
+mklink /h resources\lib\util.py \Data\Programming\enigma2\PlayStream2\util.py
+mklink /h resources\lib\resolver.py \Data\Programming\enigma2\PlayStream2\resolver.py
+mklink /h resources\lib\demjson.py \Data\Programming\enigma2\PlayStream2\demjson.py
+mklink /j resources\lib\sources \Data\Programming\enigma2\PlayStream2\sources
+mklink /j resources\lib\resolvers \Data\Programming\enigma2\PlayStream2\resolvers

picture_infotags.txt

@@ -0,0 +1,60 @@
+"filename": SLIbESHOW_FILE_NAME;
+"path": SLIDESHOW_FILE_PATH;
+"filesize": SLIDESHOW_FILE_SIZE;
+"filedate": SLIDESHOW_FILE_DATE;
+"slideindex": SLIDESHOW_INDEX;
+"resolution": SLIDESHOW_RESOLUTION;
+"slidecomment": SLIDESHOW_COMMENT;
+"colour": SLIDESHOW_COLOUR;
+"process": SLIDESHOW_PROCESS;
+"exiftime": SLIDESHOW_EXIF_DATE_TIME;
+"exifdate": SLIDESHOW_EXIF_DATE;
+"longexiftime": SLIDESHOW_EXIF_LONG_DATE_TIME;
+"longexifdate": SLIDESHOW_EXIF_LONG_DATE;
+"exifdescription": SLIDESHOW_EXIF_DESCRIPTION;
+"cameramake": SLIDESHOW_EXIF_CAMERA_MAKE;
+"cameramodel": SLIDESHOW_EXIF_CAMERA_MODEL;
+"exifcomment": SLIDESHOW_EXIF_COMMENT;
+"exifsoftware": SLIDESHOW_EXIF_SOFTWARE;
+"aperture": SLIDESHOW_EXIF_APERTURE;
+"focallength": SLIDESHOW_EXIF_FOCAL_LENGTH;
+"focusdistance": SLIDESHOW_EXIF_FOCUS_DIST;
+"exposure": SLIDESHOW_EXIF_EXPOSURE;
+"exposuretime": SLIDESHOW_EXIF_EXPOSURE_TIME;
+"exposurebias": SLIDESHOW_EXIF_EXPOSURE_BIAS;
+"exposuremode": SLIDESHOW_EXIF_EXPOSURE_MODE;
+"flashused": SLIDESHOW_EXIF_FLASH_USED;
+"whitebalance": SLIDESHOW_EXIF_WHITE_BALANCE;
+"lightsource": SLIDESHOW_EXIF_LIGHT_SOURCE;
+"meteringmode": SLIDESHOW_EXIF_METERING_MODE;
+"isoequivalence": SLIDESHOW_EXIF_ISO_EQUIV;
+"digitalzoom": SLIDESHOW_EXIF_DIGITAL_ZOOM;
+"ccdwidth": SLIDESHOW_EXIF_CCD_WIDTH;
+"orientation": SLIDESHOW_EXIF_ORIENTATION;
+"supplementalcategories": SLIDESHOW_IPTC_SUP_CATEGORIES;
+"keywords": SLIDESHOW_IPTC_KEYWORDS;
+"caption": SLIDESHOW_IPTC_CAPTION;
+"author": SLIDESHOW_IPTC_AUTHOR;
+"headline": SLIDESHOW_IPTC_HEADLINE;
+"specialinstructions": SLIDESHOW_IPTC_SPEC_INSTR;
+"category": SLIDESHOW_IPTC_CATEGORY;
+"byline": SLIDESHOW_IPTC_BYLINE;
+"bylinetitle": SLIDESHOW_IPTC_BYLINE_TITLE;
+"credit": SLIDESHOW_IPTC_CREDIT;
+"source": SLIDESHOW_IPTC_SOURCE;
+"copyrightnotice": SLIDESHOW_IPTC_COPYRIGHT_NOTICE;
+"objectname": SLIDESHOW_IPTC_OBJECT_NAME;
+"city": SLIDESHOW_IPTC_CITY;
+"state": SLIDESHOW_IPTC_STATE;
+"country": SLIDESHOW_IPTC_COUNTRY;
+"transmissionreference": SLIDESHOW_IPTC_TX_REFERENCE;
+"iptcdate": SLIDESHOW_IPTC_DATE;
+"urgency": SLIDESHOW_IPTC_URGENCY;
+"countrycode": SLIDESHOW_IPTC_COUNTRY_CODE;
+"referenceservice": SLIDESHOW_IPTC_REF_SERVICE;
+"latitude": SLIDESHOW_EXIF_GPS_LATITUDE;
+"longitude": SLIDESHOW_EXIF_GPS_LONGITUDE;
+"altitude": SLIDESHOW_EXIF_GPS_ALTITUDE;
+"timecreated": SLIDESHOW_IPTC_TIMECREATED;
+"sublocation": SLIDESHOW_IPTC_SUBLOCATION;
+"imagetype": SLIDESHOW_IPTC_IMAGETYPE;

project.wpr

@@ -1,7 +1,7 @@
 #!wing
-#!version=6.0
+#!version=7.0
 ##################################################################
-# Wing IDE project file                                          #
+# Wing project file                                              #
 ##################################################################
 [project attributes]
 debug.named-entry-points = (1,
@@ -52,7 +52,11 @@ proj.launch-config = {loc('../../../../Python27/Lib/site-packages/xbmcswift2/plu
                                        (u'run interactive',
         ''))}
 [user attributes]
-debug.breakpoints = {loc('addon.py'): {185L: (0,
+debug.breakpoints = {loc('addon.py'): {187L: (0,
+        None,
+        1,
+        0),
+                                       307L: (0,
         None,
         1,
         0)},
@@ -112,11 +116,11 @@ debug.breakpoints = {loc('addon.py'): {185L: (0,
             None,
             1,
             0)},
-                     loc('unknown:<untitled> #1'): {10: (0,
+                     loc('unknown:<untitled> #2'): {2: (0,
         None,
         1,
         0)},
-                     loc('unknown:<untitled> #2'): {2: (0,
+                     loc('unknown:<untitled> #1'): {10: (0,
         None,
         1,
         0)}}
@@ -191,7 +195,7 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                  'current_pages': [0,
                                    1],
                  'full-screen': False,
-                 'notebook_display': 'tabs only',
+                 'notebook_display': 'normal',
                  'notebook_percent': 0.2797173732335827,
                  'override_title': None,
                  'pagelist': [('project',
@@ -200,7 +204,7 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                                {'tree-state': {'file-sort-method': 'by name',
         'list-files-first': 0,
         'tree-states': {'deep': {'expanded-nodes': [(0,),
-        (15,)],
+        (23,)],
                                  'selected-nodes': [],
                                  'top-node': (0,)}},
         'tree-style': 'deep'}}),
@@ -607,18 +611,18 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
         'top-node': [('generic attribute',
                       loc('../../../Python27/Lib/site-packages/win32com/client/dynamic.py'),
                       'ALL_INVOKE_TYPES')]},
-        loc('unknown:<untitled> #5'): {'expanded-nodes': [],
+        loc('unknown:<untitled> #3'): {'expanded-nodes': [],
                                        'selected-nodes': [],
                                        'top-node': None},
-        loc('unknown:<untitled> #4'): {'column-widths': [1.0],
-                                       'expanded-nodes': [],
+        loc('unknown:<untitled> #4'): {'expanded-nodes': [],
                                        'selected-nodes': [],
                                        'top-node': None},
-        loc('unknown:<untitled> #3'): {'column-widths': [1.0],
+        loc('unknown:<untitled> #5'): {'column-widths': [1.0],
                                        'expanded-nodes': [],
                                        'selected-nodes': [],
                                        'top-node': None},
-        loc('unknown:<untitled> #6'): {'expanded-nodes': [],
+        loc('unknown:<untitled> #6'): {'column-widths': [1.0],
+                                       'expanded-nodes': [],
                                        'selected-nodes': [],
                                        'top-node': None}},
                                 'browse_mode': u'Current Module',
@@ -645,8 +649,8 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                                None)],
                  'primary_view_state': {'area': 'wide',
         'constraint': None,
-        'current_pages': [3,
-                          1],
+        'current_pages': [2,
+                          2],
         'notebook_display': 'normal',
         'notebook_percent': 0.40883534136546185,
         'override_title': None,
@@ -677,7 +681,7 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                                        'fRegexFlags': 42,
                                        'fReplaceText': '',
                                        'fReverse': False,
-                                       'fSearchText': u'page',
+                                       'fSearchText': u'ps',
                                        'fStartPos': 0,
                                        'fStyle': 'text',
                                        'fWholeWords': False,
@@ -747,14 +751,19 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
         -1,
         -1),
                        'attrib-starts': [],
-                       'first-line': 0L,
+                       'code-line': '',
+                       'first-line': 35L,
                        'folded-linenos': [],
-                       'history': {None: ['data2\n']},
+                       'history': {None: ['server\n',
+        'self.url\n',
+        'ps\n',
+        'print url\n',
+        'f\n']},
                        'launch-id': None,
-                       'sel-line': 2L,
-                       'sel-line-start': 224L,
-                       'selection_end': 224L,
-                       'selection_start': 224L,
+                       'sel-line': 42L,
+                       'sel-line-start': 2433L,
+                       'selection_end': 2433L,
+                       'selection_start': 2433L,
                        'zoom': 0L}),
                      ('debug-watch',
                       'wide',
@@ -770,7 +779,7 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                                        ('eval',
         u'items')],
                        'tree-state': {'expanded-nodes': [],
-                                      'selected-nodes': [(4,)],
+                                      'selected-nodes': [],
                                       'top-node': (0,)}}),
                      ('messages',
                       'wide',
@@ -783,6 +792,7 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
         -1,
         -1),
                        'attrib-starts': [],
+                       'code-line': '',
                        'first-line': 0L,
                        'folded-linenos': [],
                        'history': {},
@@ -804,231 +814,264 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                        'toolbox-tree-sel': ''})],
         'primary_view_state': {'editor_states': ('horizontal',
         1.0,
-        ({'bookmarks': ([[loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 43L,
-                           'folded-linenos': [228L],
-                           'sel-line': 53L,
-                           'sel-line-start': 1807L,
-                           'selection_end': 1819L,
-                           'selection_start': 1815L,
+        ({'bookmarks': ([[loc('resources/language/English/strings.xml'),
+                          {'attrib-starts': [],
+                           'first-line': 15L,
+                           'folded-linenos': [],
+                           'sel-line': 21L,
+                           'sel-line-start': 785L,
+                           'selection_end': 785L,
+                           'selection_start': 785L,
                            'zoom': 0L},
-                          1531953967.755],
-                         [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 43L,
-                           'folded-linenos': [228L],
-                           'sel-line': 55L,
-                           'sel-line-start': 1834L,
-                           'selection_end': 1846L,
-                           'selection_start': 1842L,
+                          1549830249.336],
+                         [loc('kodiswift/plugin.py'),
+                          {'attrib-starts': [('Plugin',
+        27),
+        ('Plugin._parse_request',
+         341)],
+                           'first-line': 0L,
+                           'folded-linenos': [],
+                           'sel-line': 356L,
+                           'sel-line-start': 13246L,
+                           'selection_end': 13246L,
+                           'selection_start': 13246L,
                            'zoom': 0L},
-                          1531953968.128],
+                          1549830253.958],
                          [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 43L,
+                          {'attrib-starts': [('play_video',
+        300)],
+                           'first-line': 0L,
                            'folded-linenos': [228L],
-                           'sel-line': 55L,
-                           'sel-line-start': 1834L,
-                           'selection_end': 1861L,
-                           'selection_start': 1857L,
+                           'sel-line': 306L,
+                           'sel-line-start': 12264L,
+                           'selection_end': 12264L,
+                           'selection_start': 12264L,
                            'zoom': 0L},
-                          1531953968.496],
-                         [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 66L,
-                           'folded-linenos': [228L],
-                           'sel-line': 75L,
-                           'sel-line-start': 2620L,
-                           'selection_end': 2634L,
-                           'selection_start': 2628L,
+                          1549830256.066],
+                         [loc('resources/settings.xml'),
+                          {'attrib-starts': [],
+                           'first-line': 0L,
+                           'folded-linenos': [],
+                           'sel-line': 13L,
+                           'sel-line-start': 1171L,
+                           'selection_end': 1171L,
+                           'selection_start': 1171L,
                            'zoom': 0L},
-                          1531953988.159],
-                         [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 66L,
-                           'folded-linenos': [228L],
-                           'sel-line': 75L,
-                           'sel-line-start': 2620L,
-                           'selection_end': 2646L,
-                           'selection_start': 2642L,
+                          1549830257.499],
+                         [loc('changelog.md'),
+                          {'attrib-starts': [],
+                           'first-line': 0L,
+                           'folded-linenos': [],
+                           'sel-line': 0L,
+                           'sel-line-start': 0L,
+                           'selection_end': 7L,
+                           'selection_start': 7L,
                            'zoom': 0L},
-                          1531953988.55],
-                         [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 66L,
-                           'folded-linenos': [228L],
-                           'sel-line': 75L,
-                           'sel-line-start': 2620L,
-                           'selection_end': 2668L,
-                           'selection_start': 2664L,
+                          1549830258.499],
+                         [loc('resources/lib/photostation_api.py'),
+                          {'attrib-starts': [('PhotoStationAPI|0|',
+        7),
+        ('PhotoStationAPI|0|.get_album_info|0|',
+         90)],
+                           'code-line': '\r\n',
+                           'first-line': 92L,
+                           'folded-linenos': [],
+                           'sel-line': 94L,
+                           'sel-line-start': 4404L,
+                           'selection_end': 4404L,
+                           'selection_start': 4404L,
                            'zoom': 0L},
-                          1531953988.847],
+                          1555261277.383],
                          [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 66L,
+                          {'attrib-starts': [],
+                           'code-line': 'import os,os.path,sys, urllib, urlp'\
+        'arse\n',
+                           'first-line': 0L,
                            'folded-linenos': [228L],
-                           'sel-line': 75L,
-                           'sel-line-start': 2620L,
-                           'selection_end': 2680L,
-                           'selection_start': 2676L,
+                           'sel-line': 5L,
+                           'sel-line-start': 68L,
+                           'selection_end': 85L,
+                           'selection_start': 85L,
                            'zoom': 0L},
-                          1531953989.142],
+                          1555261621.157],
                          [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 66L,
+                          {'attrib-starts': [],
+                           'code-line': 'page_size = plugin.get_setting("pag'\
+        'e_size", str)\n',
+                           'first-line': 67L,
                            'folded-linenos': [228L],
-                           'sel-line': 76L,
-                           'sel-line-start': 2686L,
-                           'selection_end': 2712L,
-                           'selection_start': 2708L,
+                           'sel-line': 18L,
+                           'sel-line-start': 561L,
+                           'selection_end': 561L,
+                           'selection_start': 561L,
                            'zoom': 0L},
-                          1531953989.451],
+                          1555261732.821],
                          [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 66L,
+                          {'attrib-starts': [],
+                           'code-line': '    ps.login(user, password)\n',
+                           'first-line': 22L,
                            'folded-linenos': [228L],
-                           'sel-line': 76L,
-                           'sel-line-start': 2686L,
-                           'selection_end': 2733L,
-                           'selection_start': 2729L,
+                           'sel-line': 30L,
+                           'sel-line-start': 1110L,
+                           'selection_end': 1110L,
+                           'selection_start': 1110L,
                            'zoom': 0L},
-                          1531953989.779],
-                         [loc('addon.py'),
-                          {'attrib-starts': [('main',
-        37)],
-                           'first-line': 153L,
-                           'folded-linenos': [228L],
-                           'sel-line': 165L,
-                           'sel-line-start': 7294L,
-                           'selection_end': 7309L,
-                           'selection_start': 7305L,
+                          1555261785.976],
+                         [loc('resources/lib/photostation_api.py'),
+                          {'attrib-starts': [('PhotoStationAPI|0|',
+        7),
+        ('PhotoStationAPI|0|._call2|0|',
+         189)],
+                           'code-line': '            r = requests.get(url,he'\
+        'aders=self.headers)\r\n',
+                           'first-line': 195L,
+                           'folded-linenos': [],
+                           'sel-line': 200L,
+                           'sel-line-start': 9743L,
+                           'selection_end': 9743L,
+                           'selection_start': 9743L,
                            'zoom': 0L},
-                          1531953991.372],
+                          1555261915.377],
                          [loc('addon.py'),
                           {'attrib-starts': [],
-                           'first-line': 310L,
+                           'code-line': 'ps = photostation_api.PhotoStationA'\
+        'PI("http://home.blue.lv/photo")\n',
+                           'first-line': 17L,
                            'folded-linenos': [228L],
-                           'sel-line': 321L,
-                           'sel-line-start': 12716L,
-                           'selection_end': 12716L,
-                           'selection_start': 12716L,
+                           'sel-line': 28L,
+                           'sel-line-start': 1038L,
+                           'selection_end': 1038L,
+                           'selection_start': 1038L,
                            'zoom': 0L},
-                          1531954130.795],
-                         [loc('kodiswift/plugin.py'),
-                          {'attrib-starts': [('Plugin',
-        27),
-        ('Plugin._parse_request',
-         341)],
-                           'first-line': 347L,
-                           'folded-linenos': [],
-                           'sel-line': 356L,
-                           'sel-line-start': 13246L,
-                           'selection_end': 13246L,
-                           'selection_start': 13246L,
-                           'zoom': 0L},
-                          1531954225.148],
-                         [loc('kodiswift/request.py'),
-                          {'attrib-starts': [('Request',
-        20),
-        ('Request.__init__',
-         22)],
-                           'first-line': 16L,
+                          1555261927.98],
+                         [loc('resources/lib/photostation_api.py'),
+                          {'attrib-starts': [('PhotoStationAPI|0|',
+        7),
+        ('PhotoStationAPI|0|._call2|0|',
+         189)],
+                           'code-line': '            r = requests.get(url,he'\
+        'aders=self.headers)\r\n',
+                           'first-line': 195L,
                            'folded-linenos': [],
-                           'sel-line': 37L,
-                           'sel-line-start': 1056L,
-                           'selection_end': 1056L,
-                           'selection_start': 1056L,
+                           'sel-line': 200L,
+                           'sel-line-start': 9743L,
+                           'selection_end': 9743L,
+                           'selection_start': 9743L,
                            'zoom': 0L},
-                          1531954245.475],
+                          1555262034.05],
                          [loc('addon.py'),
-                          {'attrib-starts': [],
-                           'first-line': 309L,
+                          {'attrib-starts': [('main|0|',
+        37)],
+                           'code-line': '                    "plotline":f["a'\
+        'dditional"]["file_location"] + "\\n" + label2 if "file_location" in'\
+        ' f["additional"] else "",\n',
+                           'first-line': 94L,
                            'folded-linenos': [228L],
-                           'sel-line': 321L,
-                           'sel-line-start': 12716L,
-                           'selection_end': 12716L,
-                           'selection_start': 12716L,
+                           'sel-line': 105L,
+                           'sel-line-start': 4307L,
+                           'selection_end': 4307L,
+                           'selection_start': 4307L,
                            'zoom': 0L},
-                          1531954266.378],
-                         [loc('kodiswift/plugin.py'),
-                          {'attrib-starts': [('Plugin',
-        27),
-        ('Plugin._parse_request',
-         341)],
-                           'first-line': 342L,
+                          1555262042.934],
+                         [loc('resources/lib/photostation_api.py'),
+                          {'attrib-starts': [('PhotoStationAPI|0|',
+        7),
+        ('PhotoStationAPI|0|._call2|0|',
+         189)],
+                           'code-line': '            r = requests.get(url,he'\
+        'aders=self.headers)\r\n',
+                           'first-line': 180L,
                            'folded-linenos': [],
-                           'sel-line': 352L,
-                           'sel-line-start': 13112L,
-                           'selection_end': 13143L,
-                           'selection_start': 13143L,
+                           'sel-line': 200L,
+                           'sel-line-start': 9743L,
+                           'selection_end': 9743L,
+                           'selection_start': 9743L,
                            'zoom': 0L},
-                          1531954319.585],
+                          1555262047.625],
                          [loc('addon.py'),
-                          {'attrib-starts': [],
-                           'first-line': 309L,
+                          {'attrib-starts': [('main|0|',
+        37)],
+                           'code-line': '                    "plotline":f["a'\
+        'dditional"]["file_location"] + "\\n" + label2 if "file_location" in'\
+        ' f["additional"] else "",\n',
+                           'first-line': 94L,
                            'folded-linenos': [228L],
-                           'sel-line': 321L,
-                           'sel-line-start': 12716L,
-                           'selection_end': 12716L,
-                           'selection_start': 12716L,
+                           'sel-line': 105L,
+                           'sel-line-start': 4307L,
+                           'selection_end': 4307L,
+                           'selection_start': 4307L,
                            'zoom': 0L},
-                          1531954326.398],
-                         [loc('kodiswift/plugin.py'),
-                          {'attrib-starts': [('Plugin',
-        27),
-        ('Plugin._parse_request',
-         341)],
-                           'first-line': 347L,
+                          1555262048.261],
+                         [loc('resources/lib/photostation_api.py'),
+                          {'attrib-starts': [('PhotoStationAPI|0|',
+        7),
+        ('PhotoStationAPI|0|._call2|0|',
+         189)],
+                           'code-line': '            r = requests.get(url,he'\
+        'aders=self.headers)\r\n',
+                           'first-line': 180L,
                            'folded-linenos': [],
-                           'sel-line': 356L,
-                           'sel-line-start': 13246L,
-                           'selection_end': 13246L,
-                           'selection_start': 13246L,
+                           'sel-line': 200L,
+                           'sel-line-start': 9743L,
+                           'selection_end': 9743L,
+                           'selection_start': 9743L,
+                           'zoom': 0L},
+                          1555262052.669],
+                         [loc('../../../../Users/user/AppData/Roaming/Kodi/addons/plugin.image.photostation/addon.py'),
+                          {'attrib-starts': [],
+                           'code-line': '',
+                           'first-line': 0L,
+                           'folded-linenos': [],
+                           'sel-line': 0L,
+                           'sel-line-start': 0L,
+                           'selection_end': 0L,
+                           'selection_start': 0L,
                            'zoom': 0L},
-                          1531954347.816],
-                         [loc('kodiswift/request.py'),
-                          {'attrib-starts': [('Request',
-        20),
-        ('Request.__init__',
-         22)],
-                           'first-line': 33L,
+                          1555262053.808],
+                         [loc('resources/lib/photostation_api.py'),
+                          {'attrib-starts': [('PhotoStationAPI|0|',
+        7),
+        ('PhotoStationAPI|0|._call2|0|',
+         189)],
+                           'code-line': '            r = requests.get(url,he'\
+        'aders=self.headers)\r\n',
+                           'first-line': 190L,
                            'folded-linenos': [],
-                           'sel-line': 45L,
-                           'sel-line-start': 1422L,
-                           'selection_end': 1422L,
-                           'selection_start': 1422L,
+                           'sel-line': 200L,
+                           'sel-line-start': 9743L,
+                           'selection_end': 9743L,
+                           'selection_start': 9743L,
                            'zoom': 0L},
-                          1531954379.77],
+                          1555262110.581],
                          [loc('addon.py'),
-                          {'attrib-starts': [],
-                           'first-line': 9L,
-                           'folded-linenos': [228L],
-                           'sel-line': 14L,
-                           'sel-line-start': 384L,
-                           'selection_end': 384L,
-                           'selection_start': 384L,
+                          {'attrib-starts': [('main|0|',
+        37)],
+                           'code-line': '            content = ps.get_album_'\
+        'list(oid, offset=offset, limit=limit, sort_by=sorting, sort_directi'\
+        'on=order )\n',
+                           'first-line': 72L,
+                           'folded-linenos': [],
+                           'sel-line': 80L,
+                           'sel-line-start': 2831L,
+                           'selection_end': 2831L,
+                           'selection_start': 2831L,
                            'zoom': 0L},
-                          1531954540.55],
-                         [loc('addon.xml'),
-                          {'attrib-starts': [],
-                           'first-line': 0L,
+                          1555262284.715],
+                         [loc('resources/lib/photostation_api.py'),
+                          {'attrib-starts': [('PhotoStationAPI|0|',
+        7),
+        ('PhotoStationAPI|0|.get_album_list|0|',
+         32)],
+                           'code-line': '        return self._call2("album.p'\
+        'hp",data)\r\n',
+                           'first-line': 35L,
                            'folded-linenos': [],
-                           'sel-line': 1L,
-                           'sel-line-start': 57L,
-                           'selection_end': 79L,
-                           'selection_start': 79L,
+                           'sel-line': 40L,
+                           'sel-line-start': 1786L,
+                           'selection_end': 1786L,
+                           'selection_start': 1786L,
                            'zoom': 0L},
-                          1549828587.4]],
+                          1555262367.881]],
                         20),
           'current-loc': loc('addon.py'),
           'editor-state-list': [(loc('addon.xml'),
@@ -1040,27 +1083,19 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                                   'selection_end': 79L,
                                   'selection_start': 79L,
                                   'zoom': 0L}),
-                                (loc('addon.py'),
-                                 {'attrib-starts': [('play_video',
-        300)],
-                                  'first-line': 297L,
-                                  'folded-linenos': [228L],
-                                  'sel-line': 306L,
-                                  'sel-line-start': 12264L,
-                                  'selection_end': 12264L,
-                                  'selection_start': 12264L,
-                                  'zoom': 0L}),
                                 (loc('resources/lib/photostation_api.py'),
-                                 {'attrib-starts': [('PhotoStationAPI',
+                                 {'attrib-starts': [('PhotoStationAPI|0|',
         7),
-        ('PhotoStationAPI.get_category_list',
-         98)],
-                                  'first-line': 92L,
+        ('PhotoStationAPI|0|.get_album_list|0|',
+         32)],
+                                  'code-line': '        return self._call2("'\
+        'album.php",data)\r\n',
+                                  'first-line': 35L,
                                   'folded-linenos': [],
-                                  'sel-line': 104L,
-                                  'sel-line-start': 5012L,
-                                  'selection_end': 5012L,
-                                  'selection_start': 5012L,
+                                  'sel-line': 40L,
+                                  'sel-line-start': 1786L,
+                                  'selection_end': 1786L,
+                                  'selection_start': 1786L,
                                   'zoom': 0L}),
                                 (loc('changelog.md'),
                                  {'attrib-starts': [],
@@ -1073,6 +1108,8 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                                   'zoom': 0L}),
                                 (loc('resources/settings.xml'),
                                  {'attrib-starts': [],
+                                  'code-line': '        <setting label="5000'\
+        '8" id="repeat" type="bool" default="false" />\r\n',
                                   'first-line': 0L,
                                   'folded-linenos': [],
                                   'sel-line': 13L,
@@ -1080,83 +1117,26 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                                   'selection_end': 1171L,
                                   'selection_start': 1171L,
                                   'zoom': 0L}),
-                                (loc('kodiswift/listitem.py'),
-                                 {'attrib-starts': [],
-                                  'first-line': 0L,
-                                  'folded-linenos': [],
-                                  'sel-line': 0L,
-                                  'sel-line-start': 0L,
-                                  'selection_end': 28L,
-                                  'selection_start': 0L,
-                                  'zoom': 0L}),
-                                (loc('kodiswift/xbmcmixin.py'),
-                                 {'attrib-starts': [('XBMCMixin',
-        21),
-        ('XBMCMixin._listitemify',
-         531)],
-                                  'first-line': 532L,
-                                  'folded-linenos': [],
-                                  'sel-line': 543L,
-                                  'sel-line-start': 23072L,
-                                  'selection_end': 23119L,
-                                  'selection_start': 23110L,
-                                  'zoom': 0L}),
-                                (loc('kodiswift/mockxbmc/xbmcgui.py'),
-                                 {'attrib-starts': [('ListItem',
-        4),
-        ('ListItem.__init__',
-         5)],
-                                  'first-line': 45L,
-                                  'folded-linenos': [],
-                                  'sel-line': 6L,
-                                  'sel-line-start': 162L,
-                                  'selection_end': 211L,
-                                  'selection_start': 211L,
-                                  'zoom': 0L}),
-                                (loc('kodiswift/cli/app.py'),
-                                 {'attrib-starts': [('interactive',
-        171)],
-                                  'first-line': 183L,
-                                  'folded-linenos': [],
-                                  'sel-line': 184L,
-                                  'sel-line-start': 5990L,
-                                  'selection_end': 6010L,
-                                  'selection_start': 6010L,
-                                  'zoom': 0L}),
-                                (loc('resources/language/English/strings.xml'),
-                                 {'attrib-starts': [],
-                                  'first-line': 15L,
-                                  'folded-linenos': [],
-                                  'sel-line': 21L,
-                                  'sel-line-start': 785L,
-                                  'selection_end': 785L,
-                                  'selection_start': 785L,
-                                  'zoom': 0L}),
-                                (loc('kodiswift/plugin.py'),
-                                 {'attrib-starts': [('Plugin',
-        27),
-        ('Plugin._parse_request',
-         341)],
-                                  'first-line': 347L,
+                                (loc('addon.py'),
+                                 {'attrib-starts': [('main|0|',
+        37)],
+                                  'code-line': '            content = ps.get'\
+        '_album_list(oid, offset=offset, limit=limit, sort_by=sorting, sort_'\
+        'direction=order )\n',
+                                  'first-line': 73L,
                                   'folded-linenos': [],
-                                  'sel-line': 356L,
-                                  'sel-line-start': 13246L,
-                                  'selection_end': 13246L,
-                                  'selection_start': 13246L,
+                                  'sel-line': 80L,
+                                  'sel-line-start': 2831L,
+                                  'selection_end': 2831L,
+                                  'selection_start': 2831L,
                                   'zoom': 0L})],
-          'has-focus': False,
+          'has-focus': True,
           'locked': False},
          [loc('addon.xml'),
-          loc('addon.py'),
           loc('resources/lib/photostation_api.py'),
           loc('changelog.md'),
           loc('resources/settings.xml'),
-          loc('kodiswift/listitem.py'),
-          loc('kodiswift/xbmcmixin.py'),
-          loc('kodiswift/mockxbmc/xbmcgui.py'),
-          loc('kodiswift/cli/app.py'),
-          loc('resources/language/English/strings.xml'),
-          loc('kodiswift/plugin.py')]),
+          loc('addon.py')]),
         ({'bookmarks': ([[loc('iubx2.py'),
                           {'attrib-starts': [('main',
         42)],
@@ -1357,6 +1337,8 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
                                  {}),
                                 (loc('resources/settings.xml'),
                                  {'attrib-starts': [],
+                                  'code-line': '<?xml version="1.0" encoding'\
+        '="UTF-8" standalone="yes"?>\r\n',
                                   'first-line': 0L,
                                   'folded-linenos': [],
                                   'sel-line': 0L,
@@ -1395,14 +1377,8 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
           loc('../../../../Python27/Lib/site-packages/kodiswift/listitem.py')])),
                                'open_files': [u'addon.xml',
         u'changelog.md',
-        u'kodiswift/cli/app.py',
-        u'kodiswift/listitem.py',
-        u'kodiswift/mockxbmc/xbmcgui.py',
-        u'kodiswift/plugin.py',
-        u'kodiswift/xbmcmixin.py',
-        u'resources/language/English/strings.xml',
-        u'resources/lib/photostation_api.py',
         u'resources/settings.xml',
+        u'resources/lib/photostation_api.py',
         u'addon.py',
         u'../../../../Python27/Lib/site-packages/kodiswift/listitem.py',
         u'../../../../Python27/Lib/site-packages/xbmcswift2/mockxbmc/xbmcgui.py',
@@ -1412,28 +1388,30 @@ guimgr.overall-gui-state = {'windowing-policy': 'combined-window',
         u'resources/settings.xml',
         u'settings.xml']},
         'saved_notebook_display': None,
-        'split_percents': {0: 0.3710232158211522},
+        'split_percents': {0: 0.43594153052450557},
         'splits': 2,
         'tab_location': 'top',
+        'traversal_pos': ((1,
+                           2),
+                          1555262480.568),
         'user_data': {}},
                  'saved_notebook_display': None,
                  'split_percents': {0: 0.5},
                  'splits': 2,
                  'tab_location': 'left',
+                 'traversal_pos': ((-1,
+                                    -1),
+                                   0),
                  'user_data': {}},
         'window-alloc': (167,
                          0,
                          2441,
                          1462)}]}
 guimgr.recent-documents = [loc('addon.py'),
-                           loc('resources/settings.xml'),
-                           loc('addon.xml'),
-                           loc('kodiswift/plugin.py'),
                            loc('resources/lib/photostation_api.py'),
+                           loc('resources/settings.xml'),
                            loc('changelog.md'),
-                           loc('kodiswift/xbmcmixin.py'),
-                           loc('resources/language/English/strings.xml'),
-                           loc('kodiswift/listitem.py')]
+                           loc('addon.xml')]
 guimgr.visual-state = {loc('../../../../Python27/Lib/site-packages/kodiswift/listitem.py'): {'a'\
         'ttrib-starts': [],
         'first-line': 0L,
@@ -1523,14 +1501,17 @@ guimgr.visual-state = {loc('../../../../Python27/Lib/site-packages/kodiswift/lis
         'sel-line-start': 20L,
         'selection_end': 40L,
         'selection_start': 40L},
-                       loc('addon.py'): {'attrib-starts': [('main',
-        23)],
-        'first-line': 92L,
-        'folded-linenos': [],
+                       loc('addon.py'): {'attrib-starts': [('main|0|',
+        37)],
+        'code-line': '                    "plotline":f["additional"]["file_l'\
+                     'ocation"] + "\\n" + label2 if "file_location" in f["ad'\
+                     'ditional"] else "",\n',
+        'first-line': 94L,
+        'folded-linenos': [228L],
         'sel-line': 105L,
-        'sel-line-start': 4157L,
-        'selection_end': 4171L,
-        'selection_start': 4157L,
+        'sel-line-start': 4307L,
+        'selection_end': 4307L,
+        'selection_start': 4307L,
         'zoom': 0L},
                        loc('addon.xml'): {'attrib-starts': [],
         'first-line': 0L,
@@ -1571,6 +1552,16 @@ guimgr.visual-state = {loc('../../../../Python27/Lib/site-packages/kodiswift/lis
         'sel-line-start': 3404,
         'selection_end': 3450,
         'selection_start': 3449},
+                       loc('kodiswift/cli/app.py'): {'attrib-starts': [('int'\
+        'eractive',
+        171)],
+        'first-line': 183L,
+        'folded-linenos': [],
+        'sel-line': 184L,
+        'sel-line-start': 5990L,
+        'selection_end': 6010L,
+        'selection_start': 6010L,
+        'zoom': 0L},
                        loc('kodiswift/cli/data/resources/language/English/strings.po'): {'a'\
         'ttrib-starts': [],
         'first-line': 0L,
@@ -1580,41 +1571,49 @@ guimgr.visual-state = {loc('../../../../Python27/Lib/site-packages/kodiswift/lis
         'selection_end': 0L,
         'selection_start': 0L,
         'zoom': 0L},
-                       loc('kodiswift/listitem.py'): {'attrib-starts': [('Li'\
-        'stItem',
-        20),
-        ('ListItem.get_label2',
-         93)],
-        'first-line': 291L,
+                       loc('kodiswift/listitem.py'): {'attrib-starts': [],
+        'first-line': 0L,
         'folded-linenos': [],
-        'sel-line': 96L,
-        'sel-line-start': 2943L,
-        'selection_end': 2967L,
-        'selection_start': 2967L,
+        'sel-line': 0L,
+        'sel-line-start': 0L,
+        'selection_end': 28L,
+        'selection_start': 0L,
+        'zoom': 0L},
+                       loc('kodiswift/mockxbmc/xbmcgui.py'): {'attrib-starts': [('L'\
+        'istItem',
+        4),
+        ('ListItem.__init__',
+         5)],
+        'first-line': 45L,
+        'folded-linenos': [],
+        'sel-line': 6L,
+        'sel-line-start': 162L,
+        'selection_end': 211L,
+        'selection_start': 211L,
         'zoom': 0L},
                        loc('kodiswift/plugin.py'): {'attrib-starts': [('Plug'\
         'in',
         27),
-        ('Plugin._dispatch',
-         318)],
-        'first-line': 317L,
+        ('Plugin._parse_request',
+         341)],
+        'first-line': 0L,
         'folded-linenos': [],
-        'sel-line': 331L,
-        'sel-line-start': 12298L,
-        'selection_end': 12298L,
-        'selection_start': 12298L,
+        'sel-line': 356L,
+        'sel-line-start': 13246L,
+        'selection_end': 13246L,
+        'selection_start': 13246L,
         'zoom': 0L},
                        loc('kodiswift/xbmcmixin.py'): {'attrib-starts': [('X'\
         'BMCMixin',
         21),
-        ('XBMCMixin.finish',
-         473)],
-        'first-line': 516L,
+        ('XBMCMixin._listitemify',
+         531)],
+        'first-line': 532L,
         'folded-linenos': [],
-        'sel-line': 526L,
-        'sel-line-start': 22326L,
-        'selection_end': 22326L,
-        'selection_start': 22326L,
+        'sel-line': 543L,
+        'sel-line-start': 23072L,
+        'selection_end': 23119L,
+        'selection_start': 23110L,
         'zoom': 0L},
                        loc('plugin.image.photostation/resources/language/English/strings.xml'): {'a'\
         'ttrib-starts': [],
@@ -1661,6 +1660,15 @@ guimgr.visual-state = {loc('../../../../Python27/Lib/site-packages/kodiswift/lis
         'sel-line-start': 0L,
         'selection_end': 0L,
         'selection_start': 0L},
+                       loc('resources/language/English/strings.xml'): {'attr'\
+        'ib-starts': [],
+        'first-line': 15L,
+        'folded-linenos': [],
+        'sel-line': 21L,
+        'sel-line-start': 785L,
+        'selection_end': 785L,
+        'selection_start': 785L,
+        'zoom': 0L},
                        loc('run.py'): {'attrib-starts': [],
                                        'first-line': 0L,
                                        'folded-linenos': [],
@@ -1859,6 +1867,16 @@ guimgr.visual-state = {loc('../../../../Python27/Lib/site-packages/kodiswift/lis
         'sel-line-start': 12403,
         'selection_end': 12403,
         'selection_start': 12403},
+                       loc('../../../../Users/user/AppData/Roaming/Kodi/addons/plugin.image.photostation/addon.py'): {'a'\
+        'ttrib-starts': [],
+        'code-line': '',
+        'first-line': 0L,
+        'folded-linenos': [],
+        'sel-line': 0L,
+        'sel-line-start': 0L,
+        'selection_end': 0L,
+        'selection_start': 0L,
+        'zoom': 0L},
                        loc('x-wingide-zip://C:/Python25/Lib/site-packages/argparse-1.1-py2.5.egg//argparse.py'): {'a'\
         'ttrib-starts': [('_ActionsContainer',
                           1187),