home
/
plugin.image.photostation
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 Activity
Play images and video from Synology PhotoStation server
27 커밋
1 브렌치
브렌치: master
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
plugin.image.photostation/PhotoStation API/webapi/comment.php

comment.php 11KB
고유링크 히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308 
  1. <?php

  2. require_once('comment.inc.php');

  3. require_once('photoutil.php');

  4. require_once('albumutil.php');

  5. require_once(SYNOPHOTO_INCLUDE_SEND_MAIL);

  6. 

  7. define('PHP_CMD', '/usr/bin/php -n -d extension_dir=/lib/php/modules -d extension=syno_compiler.so -d extension=curl.so -d extension=bz2.so');

  8. 

  9. class CommentAPI extends WebAPI {

  10.     function __construct()

  11.     {

  12.         parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);

  13.     }

  14. 

  15.     protected function Process()

  16.     {

  17.         if (!strcasecmp($this->method, "list")) {

  18.             $this->CommentList();

  19.         } elseif (!strcasecmp($this->method, "create")) {

  20.             $this->Create();

  21.         } elseif (!strcasecmp($this->method, "delete")) {

  22.             $this->Delete();

  23.         }

  24.     }

  25. 

  26.     /**

  27.      *  @params - $id like: photo_dir_name, video_dir_name

  28.      */

  29.     private function GetItemInfo($id)

  30.     {

  31.         $arr = explode('_', $id);

  32.         if (3 !== count($arr)) {

  33.             return false;

  34.         }

  35.         if (!in_array($arr[0], array('photo', 'video'))) {

  36.             return false;

  37.         }

  38.         // get id

  39.         $dirName = @pack('H*', $arr[1]);

  40.         $fileName = @pack('H*', $arr[2]);

  41.         if ('/' === $dirName) {

  42.             $filePath = $fileName;

  43.         } else {

  44.             $filePath = $dirName.'/'.$fileName;

  45.         }

  46.         $realPath = SYNOPHOTO_SERVICE_REAL_DIR.'/'.$filePath;

  47. 

  48.         if (!csSynoPhotoMisc::CheckPathValid($realPath)) {

  49.             return false;

  50.         }

  51. 

  52.         $table = ('photo' === $arr[0]) ? 'photo_image' : 'video';

  53.         if ('root' === SYNOPHOTO_ADMIN_USER) {

  54.             $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $realPath);

  55.         } else {

  56.             $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $filePath);

  57.         }

  58.         $data['id'] = $row['id'];

  59.         $data['path'] = $realPath;

  60.         $data['sharePath'] = $filePath;

  61.         $data['isPhoto'] = ('photo' === $arr[0]) ? true : false;

  62.         return $data;

  63.     }

  64. 

  65.     private function GetParams_Create()

  66.     {

  67.         if (!isset($_REQUEST['id']) || !isset($_REQUEST['name']) || !isset($_REQUEST['comment'])) {

  68.             return false;

  69.         }

  70.         if ('' === trim($_REQUEST['name']) || '' === trim($_REQUEST['comment'])) {

  71.             return false;

  72.         }

  73.         // get photo, video id

  74.         if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {

  75.             return false;

  76.         }

  77.         $params['id'] = $data['id'];

  78.         $params['path'] = $data['path'];

  79.         $params['sharePath'] = $data['sharePath'];

  80.         $params['isPhoto'] = $data['isPhoto'];

  81. 

  82.         if (!empty($_REQUEST['email'])) {

  83.             if (false === WebAPIUtil::IsEMail($_REQUEST['email'])) {

  84.                 return false;

  85.             }

  86.         }

  87.         $params['email'] = $_REQUEST['email'];

  88.         $params['name'] = $_REQUEST['name'];

  89.         $params['comment'] = $_REQUEST['comment'];

  90.         $userType = csSYNOPhotoMisc::GetUserType();

  91.         $params['userType'] = $userType;

  92.         $params['validate_number'] = $_REQUEST['validate_number'];

  93.         return $params;

  94.     }

  95. 

  96.     private function GetParams_Delete()

  97.     {

  98.         if (!isset($_REQUEST['id']) || !isset($_REQUEST['comment_id'])) {

  99.             return false;

  100.         }

  101.         // get photo, video id

  102.         if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {

  103.             return false;

  104.         }

  105.         $params['id'] = $data['id'];

  106.         $params['path'] = $data['path'];

  107.         $params['sharePath'] = $data['sharePath'];

  108.         $params['isPhoto'] = $data['isPhoto'];

  109. 

  110.         // get comment id

  111.         $params['comment_id'] = array();

  112.         $arr = explode(',', $_REQUEST['comment_id']);

  113.         foreach ($arr as $comment_id) {

  114.             $split = explode('comment_', $comment_id);

  115.             if (2 !== count($split)) {

  116.                 return false;

  117.             }

  118.             array_push($params['comment_id'], $split[1]);

  119.         }

  120.         return $params;

  121.     }

  122. 

  123.     private function GetParams_List()

  124.     {

  125.         if (!isset($_REQUEST['id'])) {

  126.             return false;

  127.         }

  128.         if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {

  129.             return false;

  130.         }

  131.         $params['id'] = $data['id'];

  132.         $params['path'] = $data['path'];

  133.         $params['sharePath'] = $data['sharePath'];

  134.         $params['isPhoto'] = $data['isPhoto'];

  135.         return $params;

  136.     }

  137. 

  138.     private function GetCommentID($photoID, $videoPath, $name, $email, $comment, $isPhoto)

  139.     {

  140.         if (true === $isPhoto) {

  141.             $query = "SELECT id FROM photo_comment WHERE photo_id=? AND name=? AND email=? AND comment=? ORDER BY id DESC LIMIT 1";

  142.             $sqlParam = array($photoID, $name, $email, $comment);

  143.         } else {

  144.             $query = "SELECT id FROM video_comment WHERE path=? AND name=? AND email=? AND comment=? ORDER BY id DESC LIMIT 1";

  145.             $sqlParam = array($videoPath, $name, $email, $comment);

  146.         }

  147. 

  148.         if (false === ($db_result = PHOTO_DB_Query($query, $sqlParam))) {

  149.             return false;

  150.         }

  151.         if (false === ($row = PHOTO_DB_FetchRow($db_result))) {

  152.             return false;

  153.         }

  154.         return $row['id'];

  155.     }

  156. 

  157.     private function FormComment($data)

  158.     {

  159.         $comments = array();

  160.         foreach ($data as $item) {

  161.             $comment['id'] = 'comment_'.$item['id'];

  162.             $comment['name'] = $item['name'];

  163.             $comment['email'] = $item['email'];

  164.             $comment['comment'] = $item['comment'];

  165.             $comment['date'] = $item['date'];

  166.             array_push($comments, $comment);

  167.         }

  168.         return $comments;

  169.     }

  170. 

  171.     private function CommentList()

  172.     {

  173.         if (false === ($params = $this->GetParams_List())) {

  174.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  175.             goto End;

  176.         }

  177.         // database query

  178.         if (true === $params['isPhoto']) {

  179.             $result = csSYNOPhotoDB::GetDBInstance()->GetPhotoComments($params['id']);

  180.         } else {

  181.             $result = csSYNOPhotoDB::GetDBInstance()->GetVideoComments($params['path']);

  182.         }

  183.         $comments = $this->FormComment($result);

  184.         

  185.         $resp['comments'] = $comments;

  186.         $this->SetResponse($resp);

  187.     End:

  188.         return;

  189.     }

  190. 

  191.     private function Delete()

  192.     {

  193.         csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);

  194. 

  195.         csSYNOPhotoMisc::CheckSessionTimeOut(true);

  196. 

  197.         if (false === ($params = $this->GetParams_Delete())) {

  198.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  199.             goto End;

  200.         }

  201.         // check album maganeable

  202.         if (false === csSynoPhotoMisc::CheckAlbumManageable(dirname($params['sharePath']))) {

  203.             $this->SetError(PHOTOSTATION_COMMENT_ACCESS_DENY);

  204.             goto End;

  205.         }

  206.         // database query

  207.         if (true === $params['isPhoto']) {

  208.             foreach ($params['comment_id'] as $comment_id) {

  209.                 csSYNOPhotoDB::GetDBInstance()->DeleteComment(1, $comment_id);

  210.             }

  211.         } else {

  212.             foreach ($params['comment_id'] as $comment_id) {

  213.                 csSYNOPhotoDB::GetDBInstance()->DeleteComment(2, $comment_id);

  214.             }

  215.         }

  216.     End:

  217.         return;

  218.     }

  219. 

  220.     private function Create()

  221.     {

  222.         csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);

  223. 

  224.         if (false === ($params = $this->GetParams_Create())) {

  225.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  226.             goto End;

  227.         }

  228. 

  229.         // check album is commentable

  230.         if (false === AlbumAPIUtil::IsAlbumCommentalbGlobal(true)) {

  231.             $this->SetError(PHOTOSTATION_COMMENT_ACCESS_DENY);

  232.             goto End;

  233.         }

  234. 

  235.         // check validate number. guest must have correct validate number

  236.         if (0 === $params['userType']) {

  237.             if (null === $params['validate_number']) {

  238.                 $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);

  239.                 goto End;

  240.             }

  241. 

  242.             $validateCount = strlen($params['validate_number']);

  243.             if (4 === $validateCount) {

  244.                 if ((string)$params['validate_number'] !== (string)$_SESSION[SYNOPHOTO_ADMIN_USER]['post_key_photo']) {

  245.                     $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);

  246.                     goto End;

  247.                 }

  248.             } elseif (12 === $validateCount) { // for DS photo+

  249.                 $phppath = '/var/packages/PhotoStation/target/photo_scripts/encrypted/gen_comment_validate_string.php';

  250.                 $cmd = PHP_CMD." {$phppath} ".escapeshellarg($params['email']).' '.escapeshellarg($params['comment']);

  251.                 @exec($cmd, $signature, $ret);

  252.                 if (0 !== $ret) {

  253.                     $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);

  254.                     goto End;

  255.                 }

  256.                 if ($signature[0] !== (string)$params['validate_number']) {

  257.                     $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);

  258.                     goto End;

  259.                 }

  260.             } else {

  261.                 $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);

  262.                 goto End;

  263.             }

  264.         }

  265. 

  266.         // database query

  267.         if (false === csSYNOPhotoBrowse::GetBrowseInstance()->AddNewComment($params['path'], ($params['isPhoto']) ? SYNOPHOTO_ITEM_TYPE_PHOTO : SYNOPHOTO_ITEM_TYPE_VIDEO,

  268.                                                               $params['name'], $params['email'], $params['comment'])) {

  269.                 $this->SetError(PHOTOSTATION_COMMENT_CREATE_FAIL);

  270.                 goto End;

  271.         }

  272. 

  273.         // get inserted comment id

  274.         $insertedID = $this->GetCommentID($params['id'], $params['path'], $params['name'], $params['email'], $params['comment'], $params['isPhoto']);

  275. 

  276.         $resp['id'] = 'comment_'.$insertedID;

  277.         $this->SetResponse($resp);

  278. 

  279. 		// Send mail to admin

  280. 		$path = $params['path'];

  281. 		$commentInfo = array();

  282. 		$commentInfo['name'] = $params['name'];

  283. 		$commentInfo['email'] = $params['email'];

  284. 		$commentInfo['comment'] = $params['comment'];

  285. 		if(isset($_POST['url'])) {

  286. 			$commentInfo['photoUrl'] = substr($_POST['url'], strpos($_POST['url'], '#'));

  287. 			$commentInfo['albumUrl'] = substr( $commentInfo['photoUrl'],

  288. 				0, strrpos($commentInfo['photoUrl'], '/') );

  289. 		}

  290. 		$albumPath = substr( $params['sharePath'], 0, strrpos($params['sharePath'], '/') );

  291. 		if (@file_exists($path)) {

  292. 			if (false !== ($item = PhotoAPIUtil::getItemByPath($path, array(), ($params['isPhoto']?'photo':'video'), false))) {

  293. 				$commentInfo['title'] = $item['info']['title'];

  294. 				$commentInfo['albumTitle'] = $albumPath;

  295. 				SYNOPHOTO6_SEND_MAIL_SendCommentMailToAdmin(-1, -1, $commentInfo);

  296. 			}

  297. 		}

  298. 

  299.     End:

  300.         return;

  301.     }

  302. }

  303. 

  304. $api = new CommentAPI();

  305. $api->Run();

  306. ?>

  307.