home
/
plugin.image.photostation
Слідкувати 1
В обрані 0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Play images and video from Synology PhotoStation server
27 Коміти
1 Гілка
Гілка: master
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'master'
${ noResults }
plugin.image.photostation/PhotoStation API/webapi/photo.php

photo.php 36KB
Постійне посилання Історія Неформатований

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187 
  1. <?PHP

  2. 

  3. require_once('photo.inc.php');

  4. require_once('albumutil.php');

  5. require_once('photoutil.php');

  6. 

  7. define("PHOTO_ACTION_TMP", '/tmp/photostation_');

  8. define("PHOTO_ACTION_MVCP_KEY", 'SYNOPS_MVCP');

  9. define("PHOTO_ACTION_DEL_KEY", 'SYNOPS_DEL');

  10. 

  11. class PhotoAPI extends WebAPI

  12. {

  13. 	function __construct()

  14. 	{

  15. 		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);

  16. 	}

  17. 

  18. 	protected function Process()

  19. 	{

  20. 		if (isset($_REQUEST['public_share_id'])) {

  21. 			csSYNOPhotoDB::GetDBInstance()->SetPublicShareSessionCache($_REQUEST['public_share_id']);

  22. 		} else if (isset($_REQUEST['filter_public_share'])) {

  23. 			csSYNOPhotoDB::GetDBInstance()->SetPublicShareSessionCache($_REQUEST['filter_public_share']);

  24. 		}

  25. 

  26. 		if (!strcasecmp($this->method, "list")) {

  27. 			$force = "true" === $_REQUEST['force_update'] ? true : false;

  28. 			csSYNOPhotoDB::GetDBInstance()->SetSessionCache($force);

  29. 			session_write_close();

  30. 			$this->ListItem();

  31. 		} else if (!strcasecmp($this->method, "listexif")) {

  32. 			session_write_close();

  33. 			$this->ListExif();

  34. 		} else if (!strcasecmp($this->method, "listfeatureditem")) {

  35. 			$force = "true" === $_REQUEST['force_update'] ? true : false;

  36. 			csSYNOPhotoDB::GetDBInstance()->SetSessionCache($force);

  37. 			session_write_close();

  38. 			$this->ListFeaturedItem();

  39. 		} else if (!strcasecmp($this->method, "listgpsgroup")) {

  40. 			session_write_close();

  41. 			$this->ListGPSGroup();

  42. 		} else if (!strcasecmp($this->method, "listgpsgroupeditem")) {

  43. 			session_write_close();

  44. 			$this->ListGPSGroupedItem();

  45. 		} else if (!strcasecmp($this->method, "getinfo")) {

  46. 			csSYNOPhotoDB::GetDBInstance()->SetSessionCache();

  47. 			session_write_close();

  48. 			$this->GetInfo();

  49. 		} else if (!strcasecmp($this->method, "getexif")) {

  50. 			session_write_close();

  51. 			$this->GetExif();

  52. 		} else {

  53. 			csSYNOPhotoDB::GetDBInstance()->SetSessionCache();

  54. 			csSYNOPhotoMisc::CheckSessionTimeOut(true);

  55. 

  56. 			if (!strcasecmp($this->method, "edit")) {

  57. 				$this->Edit();

  58. 			}

  59. 			if (!strcasecmp($this->method, "delete")) {

  60. 				session_write_close();

  61. 				$this->DeleteItem();

  62. 			}

  63. 			if (!strcasecmp($this->method, "copy")) {

  64. 				csSYNOPhotoDB::GetDBInstance()->ExpireSessionCache();

  65. 				session_write_close();

  66. 				$this->CopyItem();

  67. 			}

  68. 			if (!strcasecmp($this->method, "cancel")) {

  69. 				session_write_close();

  70. 				$this->Cancel();

  71. 			}

  72. 		}

  73. 	}

  74. 

  75. 	private function GetInfo()

  76. 	{

  77. 		$ret = false;

  78. 		$resp = array();

  79. 		/* return when lack of params */

  80. 		if (!isset($_REQUEST['id'])) {

  81. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  82. 			goto End;

  83. 		}

  84. 

  85. 		$publicShareId = NULL;

  86. 		if (isset($_REQUEST['public_share_id'])) {

  87. 			$publicShareId = $_REQUEST['public_share_id'];

  88. 			if (!SharedAlbum::CheckPublicSharePermission($publicShareId)) {

  89. 				$this->SetError(PHOTOSTATION_PHOTO_ACCESS_DENY);

  90. 				goto End;

  91. 			}

  92. 			$publicShareInfo = SharedAlbum::GetInfoByPublicShare($publicShareId);

  93. 			if (NULL === $publicShareInfo || 'valid' !== $publicShareInfo['share_status']) {

  94. 				$this->SetError(PHOTOSTATION_PHOTO_ACCESS_DENY);

  95. 				goto End;

  96. 			}

  97. 		}

  98. 

  99. 		$additional = isset($_REQUEST['additional']) ? explode(',', $_REQUEST['additional']) : array();

  100. 		$ids = explode(',', $_REQUEST['id']);

  101. 		foreach ($ids as $id_str) {

  102. 			$id_arr = explode('_', $id_str);

  103. 			if (3 !== count($id_arr) || ('photo' !== $id_arr[0] && 'video' !== $id_arr[0])) {

  104. 				continue;

  105. 			}

  106. 			$albumName = @pack('H*', $id_arr[1]);

  107. 			$fileName = @pack('H*', $id_arr[2]);

  108. 			$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . ("/" === $albumName ? "" : $albumName . "/") . $fileName;

  109. 

  110. 			if (!csSynoPhotoMisc::CheckPathValid($path)) {

  111. 				continue;

  112. 			}

  113. 

  114. 			if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName, false, $publicShareId)) {

  115. 				continue;

  116. 			}

  117. 			$filePath = ('/' === $albumName ? "" : $albumName . "/") . $fileName;

  118. 			if (NULL !== $publicShareId && !SharedAlbum::CheckSharedAlbumItemValid($filePath, $id_arr[0], $publicShareId)) {

  119. 				continue;

  120. 			}

  121. 

  122. 			if (@file_exists($path)) {

  123. 				if (false !== ($item = PhotoAPIUtil::getItemByPath($path, $additional, $id_arr[0], false))) {

  124. 					$resp[] = $item;

  125. 				}

  126. 			}

  127. 		}

  128. 		$ret = true;

  129. 		$this->SetResponse($resp);

  130. 		End:

  131. 			return $ret;

  132. 	}

  133. 

  134. 	private function GetParams_ListItem()

  135. 	{

  136. 		global $SYNOPHOTO_ALLOW_SORT_TYPE;

  137. 

  138. 		if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !isset($_REQUEST['type'])) {

  139. 			return false;

  140. 		}

  141. 		$params = array(

  142. 			'offset' => $_REQUEST['offset'] + 0,

  143. 			'limit' => $_REQUEST['limit'] + 0,

  144. 			'type' => explode(',', $_REQUEST['type']),

  145. 			'labelIds' => array()

  146. 		);

  147. 

  148. 		foreach ($params['type'] as $_) {

  149. 			if (!in_array($_, array('photo', 'video'))) {

  150. 				return false;

  151. 			}

  152. 		}

  153. 

  154. 		$options_params = array(

  155. 			// key => default value

  156. 			'sort_by' => 'filename',

  157. 			'sort_direction' => 'asc',

  158. 			'filter_smart' => '',

  159. 			'filter_tag' => '',

  160. 			'filter_album' => '',

  161. 			'filter_shared_album' => '',

  162. 			'filter_public_share' => '',

  163. 			'item_id' => '',

  164. 			'additional' => array(),

  165. 			'gps' => false

  166. 		);

  167. 

  168. 		foreach ($options_params as $k => $v) {

  169. 			if (!isset($_REQUEST[$k])) {

  170. 				$params[$k] = $v;

  171. 				continue;

  172. 			}

  173. 			if ('sort_by' === $k) {

  174. 				if (in_array($_REQUEST[$k], $SYNOPHOTO_ALLOW_SORT_TYPE)) {

  175. 					$params[$k] = $_REQUEST[$k];

  176. 				} else {

  177. 					$params[$k] = 'filename';

  178. 				}

  179. 			} else if ('sort_direction' === $k) {

  180. 				$params[$k] = 'desc' === $_REQUEST[$k] ? 'desc' : 'asc';

  181. 			} else if ('additional' === $k) {

  182. 				$params[$k] = explode(',', $_REQUEST[$k]);

  183. 			} else if ('gps' === $k) {

  184. 				$params[$k] = 'true' === $_REQUEST[$k];

  185. 			} else if ('filter_tag' === $k) {

  186. 				$temps = explode(",", $_REQUEST['filter_tag']);

  187. 				$ids = array();

  188. 				foreach ($temps as $tagId) {

  189. 					if (SYNOPHOTO_UNCONFIRM_TAG_ID === $tagId) {

  190. 						$ids[] = SYNOPHOTO_UNCONFIRM_TAG_ID;

  191. 					} else {

  192. 						$arrs = explode("tag_", $tagId);

  193. 						$ids[] = $arrs[1] + 0;

  194. 					}

  195. 				}

  196. 				$params['labelIds'] = $ids;

  197. 			} else {

  198. 				$params[$k] = $_REQUEST[$k];

  199. 			}

  200. 		}

  201. 

  202. 		// compatible with [time] [time1,time2] [time1,] [,time2]

  203. 		if (isset($_REQUEST['taken_date'])) {

  204. 			$taken_dates = explode(',' , trim($_REQUEST['taken_date']));

  205. 			if (1 === count($taken_dates)) {

  206. 				if ($taken_dates[0]) {

  207. 					$taken_date = date_create($taken_dates[0]);

  208. 					if ($taken_date) {

  209. 						$date_begin = $taken_date;

  210. 					}

  211. 				}

  212. 				$params['date_end'] = $params['date_begin'] = $date_begin->format('Y-m-d');

  213. 			} else {

  214. 				if ($taken_dates[0]) {

  215. 					$taken_date = date_create($taken_dates[0]);

  216. 					if ($taken_date) {

  217. 						$date_begin = $taken_date;

  218. 					}

  219. 				}

  220. 				if ($taken_dates[1]) {

  221. 					$taken_date_end = date_create($taken_dates[1]);

  222. 					if ($taken_date_end) {

  223. 						$date_end = $taken_date_end;

  224. 					}

  225. 				}

  226. 				if ($date_begin && $date_end) {

  227. 					if ($date_begin > $date_end) {

  228. 						list($params['date_begin'], $params['date_end']) = array($date_end->format('Y-m-d'), $date_begin->format('Y-m-d'));

  229. 					} else {

  230. 						list($params['date_begin'], $params['date_end']) = array($date_begin->format('Y-m-d'), $date_end->format('Y-m-d'));

  231. 					}

  232. 				} else if ($date_begin) {

  233. 					$params['date_begin'] = $date_begin->format('Y-m-d');

  234. 				} else if ($date_end) {

  235. 					$params['date_end'] = $date_end->format('Y-m-d');

  236. 				} else {

  237. 					return false;

  238. 				}

  239. 			}

  240. 		}

  241. 		return $params;

  242. 	}

  243. 

  244. 	private function ListItem()

  245. 	{

  246. 		$ret = false;

  247. 		$resp = array();

  248. 		$items = array();

  249. 		/* return when lack of params */

  250. 		$params = $this->GetParams_ListItem();

  251. 		if (!$params) {

  252. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  253. 			goto End;

  254. 		}

  255. 		$hasPhoto = in_array('photo', $params['type']);

  256. 		$hasVideo = in_array('video', $params['type']);

  257. 

  258. 		// create the variable which name is the same as the key of params

  259. 		foreach ($params as $k => $v) {

  260. 			${$k} = $v;

  261. 		}

  262. 

  263. 		if ('' !== $filter_album) {

  264. 			$arr = explode('_', $filter_album);

  265. 			if ('album' !== $arr[0]) {

  266. 				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  267. 				goto End;

  268. 			}

  269. 			$albumName = empty($arr[1]) ? '/' : @pack('H*', $arr[1]);

  270. 			$sharename = $albumName;

  271. 			/* users may have no access right to root album but can access layer one album

  272. 			 * (Setting: Set photos and videos stored at the root folder of Photo Station as public)*/

  273. 			if ($albumName !== "/" && !csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {

  274. 				$this->SetError(PHOTOSTATION_PHOTO_ACCESS_DENY);

  275. 				goto End;

  276. 			}

  277. 			$albumPath = SYNOPHOTO_SERVICE_REAL_DIR . ("/" === $albumName ? "" : "/" . $albumName);

  278. 			if (false === csSynoPhotoMisc::CheckPathValid($albumPath)) {

  279. 				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  280. 				goto End;

  281. 			}

  282. 

  283. 			$personalAlbumPath = @pack('H*', $arr[1]);

  284. 		} else {

  285. 			$albumPath = SYNOPHOTO_SERVICE_REAL_DIR;

  286. 			$sharename = '/';

  287. 			$personalAlbumPath = '';

  288. 		}

  289. 

  290. 		if ('root' !== SYNOPHOTO_ADMIN_USER) { //personal photo station

  291. 			if ('' !== $filter_album && '' !== $personalAlbumPath) {

  292. 				$escPath = "$personalAlbumPath/%";

  293. 			} else {

  294. 				$escPath = "$personalAlbumPath%";

  295. 			}

  296. 		} else {

  297. 			$escPath = "$albumPath/%";

  298. 		}

  299. 

  300. 		$getRealPath = ('root' === SYNOPHOTO_ADMIN_USER) ? false : true;

  301. 

  302. 		$total = 0;

  303.         /* unconfirmed people tag */

  304.         if ($hasPhoto && in_array(SYNOPHOTO_UNCONFIRM_TAG_ID, $params['labelIds'])) {

  305.             $list = AlbumAPIUtil::GetUnConfirmItemList($limit, $offset);

  306.             foreach ($list as $key => $value) {

  307.                 if (false !== ($item = PhotoAPIUtil::getItemByPath($key, $additional, 'photo', false))) {

  308.                     $items[] = $item;

  309.                 }

  310.             }

  311. 			$total = intval($list['total']);

  312. 		} elseif ('' !== $filter_shared_album || '' !== $filter_public_share) {

  313. 			// check permission

  314. 			$publicShareId = '' !== $filter_public_share ? $filter_public_share : NULL;

  315. 			if (!SharedAlbum::CheckPublicSharePermission($publicShareId)) {

  316. 				$this->SetError(PHOTOSTATION_PHOTO_ACCESS_DENY);

  317. 				goto End;

  318. 			}

  319. 

  320. 			$dbPath = NULL;

  321. 			$blSingleItem = false;

  322. 			if ('' !== $filter_shared_album) {

  323. 				// filter by shared album id, check userid in session own this shared album

  324. 				$id_arr = explode("_", $filter_shared_album);

  325. 				if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {

  326. 					$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  327. 					goto End;

  328. 				}

  329. 				if ($id_arr[1] === 'single') {

  330. 					$sharedAlbum = SharedAlbum::GetHiddenAlbumInfo();

  331. 					$blSingleItem = true;

  332. 					$id_arr[1] = explode("_", $sharedAlbum['id'])[1];

  333. 				} else {

  334. 					$sharedAlbum = SharedAlbum::GetInfoById($id_arr[1], array('public_share'));

  335. 				}

  336. 				if ($sharedAlbum === NULL) {

  337. 					$this->SetError(PHOTOSTATION_PHOTO_ACCESS_DENY);

  338. 					goto End;

  339. 				}

  340. 

  341. 				$userid = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid']) ? $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] : 0;

  342. 				$sharedAlbumId = $id_arr[1];

  343. 				$shareStatus = $sharedAlbum['additional']['public_share']['share_status'];

  344. 				// for generating public share url

  345. 				// equal to publicShareId, avoid GetAccessibleAlbumQueryConditionWithExcludeFormat use wrong session data

  346. 				$publicShareLink = $sharedAlbum['additional']['public_share']['shareid'];

  347. 			} else if ('' !== $filter_public_share) {

  348. 				// filter by public share link, check public share is existent and valid

  349. 				$publicShareInfo = SharedAlbum::GetInfoByPublicShare($publicShareId);

  350. 				if (NULL === $publicShareInfo || 'valid' !== $publicShareInfo['share_status']) {

  351. 					$this->SetError(PHOTOSTATION_PHOTO_ACCESS_DENY);

  352. 					goto End;

  353. 				}

  354. 				$sharedAlbumId = (int)$publicShareInfo['id'];

  355. 				$userid = (int)$publicShareInfo['userid'];

  356. 				$publicShareLink = $publicShareId;

  357. 				$shareStatus = $publicShareInfo['share_status'];

  358. 				if ('' !== $item_id) {

  359. 					$id_arr = explode("_", $item_id);

  360. 					$type = $id_arr[0];

  361. 					if (count($id_arr) !== 3 || ($type !== 'photo' && $type !== 'video')) {

  362. 						$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  363. 						goto End;

  364. 					}

  365. 					$albumName = @pack('H*', $id_arr[1]);

  366. 					$fileName = @pack('H*', $id_arr[2]);

  367. 					$filePath = ('/' === $albumName ? "" : $albumName . "/") . $fileName;

  368. 					$dbPath = SYNOPHOTO_SERVICE_REAL_DIR_PATH . $filePath;

  369. 				}

  370. 			}

  371. 

  372. 			$albumCondition = csSYNOPhotoMisc::GetAccessibleAlbumQueryConditionWithExcludeFormat('A', $publicShareId);

  373. 			if (!$albumCondition['albumCond']) {

  374. 				$this->SetError(PHOTOSTATION_PHOTO_ACCESS_DENY);

  375. 				goto End;

  376. 			}

  377. 

  378. 			$PublicSharePhotoTable = SHARED_ALBUM_PHOTO_TABLE_NAME;

  379. 			$PublicShareVideoTable = SHARED_ALBUM_VIDEO_TABLE_NAME;

  380. 			if (0 === $userid) {

  381. 				$PublicSharePhotoTable = SHARED_ALBUM_PHOTO_ADMIN_TABLE_NAME;

  382. 				$PublicShareVideoTable = SHARED_ALBUM_VIDEO_ADMIN_TABLE_NAME;

  383. 			}

  384. 

  385. 			$sqlParam = array();

  386. 			$photoQuery = '';

  387. 			if ($hasPhoto) {

  388. 				$photoQuery = "SELECT  A.path as path, A.name as filename, A.timetaken as takendate, A.create_time as createdate, 'photo' as type FROM photo_image A, $PublicSharePhotoTable B WHERE A.id = B.photoid AND B.collectionid = ?";

  389. 				$sqlParam[] = $sharedAlbumId;

  390. 				if ($dbPath !== NULL) {

  391. 					$photoQuery .= " AND A.path = ?";

  392. 					$sqlParam[] = $dbPath;

  393. 				}

  394. 

  395. 				$photoQuery .= " AND {$albumCondition['albumCond']} ";

  396. 				$sqlParam = array_merge($sqlParam, $albumCondition['sqlParam']);

  397. 			}

  398. 

  399. 			$videoQuery = '';

  400. 			if ($hasVideo) {

  401. 				$videoQuery = "SELECT  A.path as path, A.title as filename, A.mdate as takendate, A.date as createdate, 'video' as type FROM video A, $PublicShareVideoTable B WHERE A.id = B.videoid AND B.collectionid = ?";

  402. 				$sqlParam[] = $sharedAlbumId;

  403. 				if ($dbPath !== NULL) {

  404. 					$videoQuery .= " AND A.path = ?";

  405. 					$sqlParam[] = $dbPath;

  406. 				}

  407. 				$videoQuery .= " AND {$albumCondition['albumCond']} ";

  408. 				$sqlParam = array_merge($sqlParam, $albumCondition['sqlParam']);

  409. 			}

  410. 

  411. 			$limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $offset);

  412. 

  413. 			if ('' !== $photoQuery && '' !== $videoQuery) {

  414. 				$query = "$photoQuery UNION $videoQuery ORDER BY $sort_by $sort_direction $limitOffsetString";

  415. 				$queryCount = "SELECT COUNT(*) FROM ($photoQuery UNION $videoQuery) AS totalCount";

  416. 			} elseif ('' === $photoQuery) {

  417. 				$query = "$videoQuery ORDER BY $sort_by $sort_direction $limitOffsetString";

  418. 				$queryCount = "SELECT COUNT(*) FROM ($videoQuery) AS totalCount";

  419. 			} else {

  420. 				$query = "$photoQuery ORDER BY $sort_by $sort_direction $limitOffsetString";

  421. 				$queryCount = "SELECT COUNT(*) FROM ($photoQuery) AS totalCount";

  422. 			}

  423. 

  424. 			$db_result = PHOTO_DB_Query($query, $sqlParam);

  425. 			$serverHost = csSYNOPhotoMisc::GetServerHost(true);

  426. 			while ($row = PHOTO_DB_FetchRow($db_result)) {

  427. 				if (false !== ($item = PhotoAPIUtil::getItemByPath($row['path'], $additional, $row['type'], $getRealPath))) {

  428. 					if ($shareStatus === 'valid') {

  429. 						$item['public_share_url'] = $serverHost . SYNOPHOTO_URL_PREFIX . '/photo/share/' . $publicShareLink . ($blSingleItem ? '/' : '#!List/') . $item['id'];

  430. 					}

  431. 					$items[] = File::FormatDBData($item);

  432. 				}

  433. 			}

  434. 			$db_result = PHOTO_DB_Query($queryCount, $sqlParam);

  435. 			$row = PHOTO_DB_FetchRow($db_result);

  436. 			$total = intval($row[0]);

  437. 		} elseif ('' === $filter_smart) {

  438. 			/* filter by albumname and tag */

  439. 			$itemObjs = File::ListItems($hasPhoto, $hasVideo, array(

  440. 				'sharename' => $sharename,

  441. 				'labels'	=> $params['labelIds'],

  442. 				'date_begin'	=> $params['date_begin'],

  443. 				'date_end'		=> $params['date_end'],

  444. 				'gps'			=> $params['gps']

  445. 			), $sort_by, $sort_direction, 0 > $limit ? NULL : $limit, $offset >= 0 ? $offset : NULL);

  446. 

  447. 			$formularExtraParam = array(

  448. 				'needThumbSize'	=> in_array('thumb_size', $params['additional']),

  449. 				'param'	=> $params

  450. 			);

  451. 

  452. 			$total = $itemObjs['total'];

  453. 			$items = array();

  454. 			foreach ($itemObjs['items'] as $obj) {

  455. 				if ('photo' === $obj['type']) {

  456. 					$items[] = Decorator::PhotoFormula($obj, $formularExtraParam);

  457. 				} else if ('video' === $obj['type']) {

  458. 					$items[] = Decorator::VideoFormula($obj, $formularExtraParam);

  459. 				}

  460. 			}

  461. 		} else {

  462. 			/* for smart album */

  463. 			$arr = explode('_', $filter_smart);

  464. 			if ('smart' !== $arr[0]) {

  465. 				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  466. 				goto End;

  467. 			}

  468. 			$albumName = @pack('H*', $arr[1]);

  469. 			$data = array(

  470. 				"name" => $albumName,

  471. 				"offset" => $offset,

  472. 				"limit" => $limit,

  473. 				'date_begin' => $params['date_begin'],

  474. 				'date_end'	 => $params['date_end']

  475. 			);

  476. 			$smart = json_decode(SmartAlbum::GetSmartAlbumInstance()->ListItem(json_encode($data), $sort_by, $sort_direction), true);

  477. 			if (!$smart['success']) {

  478. 				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  479. 				goto End;

  480. 			}

  481. 			$itemLists = $smart['data']['itemList'];

  482. 			$gpsTotal = 0;

  483. 

  484. 			$idx = $offset;

  485. 			foreach ($itemLists as $row) {

  486. 				if (!in_array($row['type'], $params['type'])) {

  487. 					continue;

  488. 				}

  489. 

  490. 				if (false !== ($item = PhotoAPIUtil::getItemByPath($row['path'], $additional, $row['type'], false))) {

  491. 					$item['pos'] = $idx++;

  492. 					if ($gps) {

  493. 						// special filter for map view

  494. 						if (null !== $item['additional']['photo_exif']['gps']) {

  495. 							$gpsTotal++;

  496. 							$items[] = $item;

  497. 						}

  498. 					} else {

  499. 						$items[] = $item;

  500. 					}

  501. 				}

  502. 			}

  503. 			$total = $gps ? $gpsTotal : $smart['data']['total'];

  504. 		}

  505. 

  506. 		/* set return data */

  507. 		$resp['total'] = $total;

  508. 		$resp['offset'] = (-1 == $limit || $offset + $limit > $total) ? $total : $offset + $limit;

  509. 		$resp['items'] = $items;

  510. 		$this->SetResponse($resp);

  511. 		$ret = true;

  512. 		End:

  513. 			return $ret;

  514. 	}

  515. 

  516. 	private function GetParams_ListFeaturedItem ()

  517. 	{

  518. 		$params = array();

  519. 

  520. 		if (!isset($_REQUEST['taken_date']) || !isset($_REQUEST['count'])) {

  521. 			return false;

  522. 		}

  523. 		if (!isset($_REQUEST['filter_smart']) && !isset($_REQUEST['filter_album']) && !isset($_REQUEST['filter_tag'])) {

  524. 			return false;

  525. 		}

  526. 

  527. 		$listType = false;

  528. 		if (isset($_REQUEST['filter_album'])) {

  529. 			if ($_REQUEST['filter_album']) {

  530. 				$sharename = $this->DecodeItemId($_REQUEST['filter_album'], "album_");

  531. 			} else {

  532. 				$sharename = "/";

  533. 			}

  534. 			if (!$sharename) {

  535. 				return false;

  536. 			}

  537. 			$params['sharename'] = $sharename;

  538. 			$listType = "album";

  539. 		} else if (isset($_REQUEST['filter_tag'])) {

  540. 			$temps = explode(",", $_REQUEST['filter_tag']);

  541. 			$ids = array();

  542. 			foreach ($temps as $tagId) {

  543. 				if (SYNOPHOTO_UNCONFIRM_TAG_ID === $tagId) {

  544. 					$ids[] = SYNOPHOTO_UNCONFIRM_TAG_ID;

  545. 				} else {

  546. 					$arrs = explode("tag_", $tagId);

  547. 					$ids[] = $arrs[1] + 0;

  548. 				}

  549. 			}

  550. 			$params['labelIds'] = $ids;

  551. 			$listType = "label";

  552. 		} else if (isset($_REQUEST['filter_smart'])) {

  553. 			$smart = $this->DecodeItemId($_REQUEST['filter_smart'], "smart_");

  554. 			$params['smart'] = $smart;

  555. 			$listType = "smart";

  556. 		}

  557. 

  558. 		if (false === $listType) {

  559. 			return false;

  560. 		}

  561. 		$params['listType'] = $listType;

  562. 

  563. 		// compatible with [time] [time1,time2] [time1,] [,time2]

  564. 		$taken_dates = explode(',' , trim($_REQUEST['taken_date']));

  565. 		if (1 === count($taken_dates)) {

  566. 			if ($taken_dates[0]) {

  567. 				$taken_date = date_create($taken_dates[0]);

  568. 				if ($taken_date) {

  569. 					$date_begin = $taken_date;

  570. 				}

  571. 			}

  572. 			$params['date_end'] = $params['date_begin'] = $date_begin->format('Y-m-d');

  573. 		} else {

  574. 			if ($taken_dates[0]) {

  575. 				$taken_date = date_create($taken_dates[0]);

  576. 				if ($taken_date) {

  577. 					$date_begin = $taken_date;

  578. 				}

  579. 			}

  580. 			if ($taken_dates[1]) {

  581. 				$taken_date_end = date_create($taken_dates[1]);

  582. 				if ($taken_date_end) {

  583. 					$date_end = $taken_date_end;

  584. 				}

  585. 			}

  586. 			if ($date_begin && $date_end) {

  587. 				if ($date_begin > $date_end) {

  588. 					list($params['date_begin'], $params['date_end']) = array($date_end->format('Y-m-d'), $date_begin->format('Y-m-d'));

  589. 				} else {

  590. 					list($params['date_begin'], $params['date_end']) = array($date_begin->format('Y-m-d'), $date_end->format('Y-m-d'));

  591. 				}

  592. 			} else if ($date_begin) {

  593. 				$params['date_begin'] = $date_begin->format('Y-m-d');

  594. 			} else if ($date_end) {

  595. 				$params['date_end'] = $date_end->format('Y-m-d');

  596. 			} else {

  597. 				return false;

  598. 			}

  599. 		}

  600. 

  601. 		// count = -1 means all

  602. 		$params['count'] = $_REQUEST['count'] + 0;

  603. 		$params['type'] = explode(',', $_REQUEST['type']);

  604. 		$params['additional'] = explode(',', $_REQUEST['additional']);

  605. 

  606. 		return $params;

  607. 	}

  608. 

  609. 	private function ListFeaturedItem ()

  610. 	{

  611. 		$resp = array();

  612. 		$items = array();

  613. 		/* return when lack of params */

  614. 		$params = $this->GetParams_ListFeaturedItem();

  615. 		if (!$params) {

  616. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  617. 			goto End;

  618. 		}

  619. 

  620. 		if ("album" === $params['listType']) {

  621. 			$itemObjs = File::ListFeatured($params['date_begin'], $params['date_end'], $params['sharename'], $params['count'], array(),

  622. 				in_array('photo', $params['type']), in_array('video', $params['type']));

  623. 

  624. 		} else if ("label" === $params["listType"]) {

  625. 			$itemObjs = File::ListFeatured($params['date_begin'], $params['date_end'], '/', $params['count'], $params['labelIds'],

  626. 				in_array('photo', $params['type']), in_array('video', $params['type']));

  627. 

  628. 		} else if ("smart" === $params["listType"]) {

  629. 			$smart = json_decode(SmartAlbum::GetSmartAlbumInstance()->ListItem(json_encode(array(

  630. 				'name' => $params['smart'],

  631. 				'offset' => 0,

  632. 				'limit'  => -1,

  633. 				'date_begin' => $params['date_begin'],

  634. 				'date_end'	 => $params['date_end']

  635. 			)), 'takendate', 'asc'), true);

  636. 			if (!$smart['success']) {

  637. 				$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  638. 				goto End;

  639. 			}

  640. 			$data = SmartAlbum::FilterFeatured($smart['data']['itemList'], $smart['data']['total'], $params['count']);

  641. 			$itemObjs = array(

  642. 				'items'	=> $data,

  643. 				'total'	=> $smart['data']['total']

  644. 			);

  645. 		}

  646. 

  647. 		$formularExtraParam = array(

  648. 			'needThumbSize'	=> in_array('thumb_size', $params['additional']),

  649. 			'param'	=> $params

  650. 		);

  651. 		foreach ($itemObjs['items'] as $obj) {

  652. 			if ('photo' === $obj['type']) {

  653. 				$items[] = Decorator::PhotoFormula($obj, $formularExtraParam);

  654. 			} else if ('video' === $obj['type']) {

  655. 				$items[] = Decorator::VideoFormula($obj, $formularExtraParam);

  656. 			}

  657. 		}

  658. 

  659. 		$resp['total'] = $itemObjs['total'];

  660. 		$resp['items'] = $items;

  661. 		$this->SetResponse($resp);

  662. 	End:

  663. 		return;

  664. 	}

  665. 	private function GetParams_ListGPSGroup()

  666. 	{

  667. 		$params = array();

  668. 

  669. 		if (!isset($_REQUEST['filter_smart']) && !isset($_REQUEST['filter_album']) && !isset($_REQUEST['filter_tag'])) {

  670. 			return false;

  671. 		}

  672. 

  673. 		$listType = false;

  674. 		if (isset($_REQUEST['filter_album'])) {

  675. 			if ($_REQUEST['filter_album']) {

  676. 				$sharename = $this->DecodeItemId($_REQUEST['filter_album'], "album_");

  677. 			} else {

  678. 				$sharename = "/";

  679. 			}

  680. 			if (!$sharename) {

  681. 				return false;

  682. 			}

  683. 			$params['sharename'] = $sharename;

  684. 			$listType = "album";

  685. 		} else if (isset($_REQUEST['filter_tag'])) {

  686. 			$temps = explode(",", $_REQUEST['filter_tag']);

  687. 			$ids = array();

  688. 			foreach ($temps as $tagId) {

  689. 				if (SYNOPHOTO_UNCONFIRM_TAG_ID === $tagId) {

  690. 					$ids[] = SYNOPHOTO_UNCONFIRM_TAG_ID;

  691. 				} else {

  692. 					$arrs = explode("tag_", $tagId);

  693. 					$ids[] = $arrs[1] + 0;

  694. 				}

  695. 			}

  696. 			$params['labelIds'] = $ids;

  697. 			$listType = "label";

  698. 		} else if (isset($_REQUEST['filter_smart'])) {

  699. 			$smart = $this->DecodeItemId($_REQUEST['filter_smart'], "smart_");

  700. 			$params['smart'] = $smart;

  701. 			$listType = "smart";

  702. 		}

  703. 		$params['listType'] = $listType;

  704. 

  705. 		if ($_REQUEST['bounds']) {

  706. 			$bounds = json_decode($_REQUEST['bounds'], true);

  707. 			$params['bounds'] = array(

  708. 				'sw' => array(

  709. 					'lat'	=> $bounds['sw']['lat'] + 0,

  710. 					'lng'	=> $bounds['sw']['lng'] + 0

  711. 				),

  712. 				'ne' => array(

  713. 					'lat'	=> $bounds['ne']['lat'] + 0,

  714. 					'lng'	=> $bounds['ne']['lng'] + 0

  715. 				)

  716. 			);

  717. 		}

  718. 		if ($_REQUEST['gps_idx']) {

  719. 			$params['gps_idx'] = json_decode($_REQUEST['gps_idx'], true);

  720. 			if (null === $params['gps_idx']['lat'] || null === $params['gps_idx']['lng']) {

  721. 				return false;

  722. 			}

  723. 		}

  724. 

  725. 		if ($_REQUEST['limit']) {

  726. 			$params['limit'] = $_REQUEST['limit'] + 0;

  727. 		}

  728. 		if ($_REQUEST['offset']) {

  729. 			$params['offset'] = $_REQUEST['offset'] + 0;

  730. 		}

  731. 

  732. 		$params['zoom'] = $_REQUEST['zoom'] ? (int)$_REQUEST['zoom'] : 5;

  733. 		$params['type'] = explode(',', $_REQUEST['type']);

  734. 		$params['additional'] = explode(',', $_REQUEST['additional']);

  735. 

  736. 		return $params;

  737. 	}

  738. 

  739. 	private function ListGPSGroup ()

  740. 	{

  741. 		$resp = array();

  742. 		$items = array();

  743. 		/* return when lack of params */

  744. 		$params = $this->GetParams_ListGPSGroup();

  745. 		if (!$params) {

  746. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  747. 			goto End;

  748. 		}

  749. 

  750. 		if ("album" === $params['listType']) {

  751. 			$itemObjs = File::ListGPSGroup($params['sharename'], array(), $params['bounds'], $params['zoom'], in_array('photo', $params['type']), false);

  752. 

  753. 		} else if ("label" === $params["listType"]) {

  754. 			$itemObjs = File::ListGPSGroup('/', $params['labelIds'], $params['bounds'], $params['zoom'], in_array('photo', $params['type']), false);

  755. 

  756. 		} else if ("smart" === $params["listType"]) {

  757. 			$itemObjs = SmartAlbum::GetSmartAlbumInstance()->ListGPSGroup($params['smart'], $params['bounds'], $params['zoom']);

  758. 		}

  759. 

  760. 		$formularExtraParam = array(

  761. 			'needThumbSize'	=> in_array('thumb_size', $params['additional']),

  762. 			'param'	=> $params

  763. 		);

  764. 		$output = array();

  765. 		foreach ($itemObjs['groups'] as $group) {

  766. 			$item = Decorator::PhotoFormula($group['item'], $formularExtraParam);

  767. 			$groupItem = array(

  768. 				'count'	=> $group['count'],

  769. 				'item'	=> $item,

  770. 				'gps_idx'	=> $group['gps_idx']

  771. 			);

  772. 			$output[] = $groupItem;

  773. 		}

  774. 

  775. 		$resp['total'] = $itemObjs['total'];

  776. 		$resp['items'] = $output;

  777. 		$this->SetResponse($resp);

  778. 	End:

  779. 		return;

  780. 	}

  781. 

  782. 	private function ListGPSGroupedItem ()

  783. 	{

  784. 		$params = $this->GetParams_ListGPSGroup();

  785. 		if (!$params) {

  786. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  787. 			goto End;

  788. 		}

  789. 		if ("album" === $params['listType']) {

  790. 			$itemObjs = File::ListGPSGroupedItems($params['sharename'], array(), $params['gps_idx'], $params['zoom'], $params['limit'], $params['offset']);

  791. 

  792. 		} else if ("label" === $params["listType"]) {

  793. 			$itemObjs = File::ListGPSGroupedItems('/', $params['labelIds'], $params['gps_idx'], $params['zoom'], $params['limit'], $params['offset']);

  794. 

  795. 		} else if ("smart" === $params["listType"]) {

  796. 			$itemObjs = SmartAlbum::GetSmartAlbumInstance()->ListGPSGroupedItem($params['smart'], $params['gps_idx'], $params['zoom'], $params['limit'], $params['offset']);

  797. 		}

  798. 		$formularExtraParam = array(

  799. 			'needThumbSize'	=> in_array('thumb_size', $params['additional']),

  800. 			'param'	=> $params

  801. 		);

  802. 		$output = array();

  803. 		foreach ($itemObjs['items'] as $item) {

  804. 			$item = Decorator::PhotoFormula($item, $formularExtraParam);

  805. 			$output[] = $item;

  806. 		}

  807. 

  808. 		$resp['total'] = $itemObjs['total'];

  809. 		$resp['items'] = $output;

  810. 		$this->SetResponse($resp);

  811. 	End:

  812. 		return;

  813. 	}

  814. 

  815. 	private function ListExif()

  816. 	{

  817. 		$resp = array();

  818. 		if (!isset($_REQUEST['type'])) {

  819. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  820. 			goto End;

  821. 		}

  822. 		$map = array(

  823. 			"focal_length" => "focal_length_v2",

  824. 			"flash"	=> "flash_v2",

  825. 			"lens"	=> "lens_v2"

  826. 		);

  827. 		$column = $type = $_REQUEST['type'];

  828. 

  829. 		if (array_key_exists($type, $map)) {

  830. 			$column = $map[$type];

  831. 		}

  832. 

  833. 		$results = csSYNOPhotoDB::GetDBInstance()->getExifList($column);

  834. 		if (false === $results) {

  835. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  836. 			goto End;

  837. 		}

  838. 

  839. 		$items = array();

  840. 		foreach ($results as $result) {

  841. 			if ('flash' === $type) {

  842. 				$item['id'] = $type.'_'.str_replace(',', '#', $result);

  843. 			} else {

  844. 				$item['id'] = $type.'_'.$result;

  845. 			}

  846. 			$item['name'] = $result;

  847. 			$item['type'] = 'exif';

  848. 			$item['tag_type'] = $type;

  849. 			$items[] = $item;

  850. 		}

  851. 

  852. 		$resp['total'] = count($results);

  853. 		$resp['tags'] = $items;

  854. 		$this->SetResponse($resp);

  855. 

  856. 	End:

  857. 		return;

  858. 	}

  859. 

  860. 	private function GetExif()

  861. 	{

  862. 		$resp = array();

  863. 		if (!isset($_REQUEST['id'])) {

  864. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  865. 			goto End;

  866. 		}

  867. 		$id_arr = explode('_', $_REQUEST['id']);

  868. 		if ('photo' !== $id_arr[0]) {

  869. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  870. 			goto End;

  871. 		}

  872. 		$albumName = @pack('H*', $id_arr[1]);

  873. 		$fileName = @pack('H*', $id_arr[2]);

  874. 		$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . ("/" === $albumName ? "" : $albumName . "/") . $fileName;

  875. 		if (!csSynoPhotoMisc::CheckPathValid($path)) {

  876. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  877. 			goto End;

  878. 		}

  879. 

  880. 		$command = "/usr/syno/bin/exiv2 -pa " . escapeshellarg($path);

  881. 		$commandTagLabel = "/usr/syno/bin/exiv2 -Pl " . escapeshellarg($path);

  882. 		@exec($command, $outputs, $retval);

  883. 		@exec($commandTagLabel, $outputsTagLabel, $retvalTagLabel);

  884. 		$tagLableCount = count($outputsTagLabel);

  885. 		$items = array();

  886. 		foreach ($outputs as $i => $output) {

  887. 			unset($item);

  888. 			$nonEmptyString = 0;

  889. 			$data = explode(" ", $output);

  890. 			$item['label'] = ($tagLableCount > $i) ? $outputsTagLabel[$i] : 'Unknown';

  891. 			foreach ($data as $datum) {

  892. 				if("" !== $datum) {

  893. 					if (3 <= $nonEmptyString) {

  894. 						//Last is the value of the tag

  895. 						$item['value'] = ($item['value']) ? $item['value'] . " " . $datum : $datum;

  896. 					}

  897. 					$nonEmptyString ++;

  898. 				}

  899. 				//check utf-8

  900. 				$value = iconv('UTF-8', 'UTF-8//IGNORE', $item['value']);

  901. 				$item['value'] = ($value) ? $value : '';

  902. 			}

  903. 			$items[] = $item;

  904. 		}

  905. 

  906. 		$resp = array();

  907. 		$resp['total'] = count($items);

  908. 		$resp['exifs'] = $items;

  909. 		$this->SetResponse($resp);

  910. 	End:

  911. 		return;

  912. 	}

  913. 

  914. 	private function Edit()

  915. 	{

  916. 		$ret = false;

  917. 		$resp = array();

  918. 		/* return when lack of params */

  919. 		if (!isset($_REQUEST['id'])) {

  920. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  921. 			goto End;

  922. 		}

  923. 

  924. 		/* set optional params */

  925. 		$title = isset($_REQUEST['title']) ? $_REQUEST['title'] : '';

  926. 		$description = isset($_REQUEST['description']) ? $_REQUEST['description'] : '';

  927. 

  928. 		/* update records */

  929. 		$ids = explode(',', $_REQUEST['id']);

  930. 		foreach ($ids as $idStr) {

  931. 			self::OutputSingleSpace();

  932. 			$id_arr = explode('_', $idStr);

  933. 			$albumName = @pack('H*', $id_arr[1]);

  934. 			$fileName = @pack('H*', $id_arr[2]);

  935. 			$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . ("/" === $albumName ? "" : $albumName . "/") . $fileName;

  936. 

  937. 			if (!csSynoPhotoMisc::CheckPathValid($path)) {

  938. 				continue;

  939. 			}

  940. 

  941. 			if (!csSYNOPhotoMisc::CheckAlbumManageable($albumName)) {

  942. 				continue;

  943. 			}

  944. 			if (isset($_REQUEST['title']) || isset($_REQUEST['description'])) {

  945. 				$dbPath = $this->GetDbPath($path);

  946. 				if ('photo' === $id_arr[0]) {

  947. 					$require_update = false;

  948. 					$query = "UPDATE photo_image SET ";

  949. 					$queryParam = array();

  950. 					if (isset($_REQUEST['title'])) {

  951. 						$query .= "title = ? ";

  952. 						$queryParam[] = $_REQUEST['title'];

  953. 						$require_update = true;

  954. 					}

  955. 					if (isset($_REQUEST['description'])) {

  956. 						if ($require_update) {

  957. 							$query .= ", ";

  958. 						}

  959. 						$query .= "description = ? ";

  960. 						$queryParam[] = $_REQUEST['description'];

  961. 						$require_update = true;

  962. 

  963. 						$description = str_replace('"', '\"', $_REQUEST['description']);

  964. 

  965. 						File::UpdateDescriptionMetadata($path, $description);

  966. 					}

  967. 					$query .= "WHERE path = ?";

  968. 					$queryParam[] = $dbPath;

  969. 					PHOTO_DB_Query($query, $queryParam);

  970. 				} elseif ('video' === $id_arr[0]) {

  971. 					$require_update = false;

  972. 					$query = "UPDATE video_desc SET ";

  973. 					$queryParam = array();

  974. 					if (isset($_REQUEST['title'])) {

  975. 						$query .= "title = ? ";

  976. 						$queryParam[] = $_REQUEST['title'];

  977. 						$require_update = true;

  978. 					}

  979. 					if (isset($_REQUEST['description'])) {

  980. 						if ($require_update) {

  981. 							$query .= ", ";

  982. 						}

  983. 						$query .= "description = ? ";

  984. 						$queryParam[] = $_REQUEST['description'];

  985. 					}

  986. 					$query .= "WHERE path = ?";

  987. 					$queryParam[] = $dbPath;

  988. 

  989. 					$db_result = PHOTO_DB_Query($query, $queryParam);

  990. 					if (false === ($row = PHOTO_DB_FetchRow($db_result))) {

  991. 						$query = "INSERT INTO video_desc (path, title, description) VALUES (?, ?, ?)";

  992. 						$sqlParam = array($dbPath, $title, $description);

  993. 						PHOTO_DB_Query($query, $sqlParam);

  994. 					}

  995. 				}

  996. 			}

  997. 			if (isset($_REQUEST['gps_lat']) && isset($_REQUEST['gps_lng'])) {

  998. 				if (is_numeric($_REQUEST['gps_lat']) && is_numeric($_REQUEST['gps_lng'])) {

  999. 					SYNOPHOTO_GPS_UTIL_SetGPSLatLng($path, $_REQUEST['gps_lat'], $_REQUEST['gps_lng']);

  1000. 				}

  1001. 			}

  1002. 		}

  1003. 		$ret = true;

  1004. 		End:

  1005. 			return $ret;

  1006. 	}

  1007. 

  1008. 	private function DeleteItem()

  1009. 	{

  1010. 		$ret = false;

  1011. 		/* return when lack of params */

  1012. 		if (!isset($_REQUEST['id'])) {

  1013. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  1014. 			goto End;

  1015. 		}

  1016. 

  1017. 		$cancelPath = PHOTO_ACTION_TMP.md5(PHOTO_ACTION_DEL_KEY.$_REQUEST['id']);

  1018. 		/* delete records */

  1019. 		$ids = explode(',', $_REQUEST['id']);

  1020. 		foreach ($ids as $idStr) {

  1021. 			self::OutputSingleSpace();

  1022. 			if (file_exists($cancelPath)) {

  1023. 				@unlink($cancelPath);

  1024. 				break;

  1025. 			}

  1026. 

  1027. 			$id_arr = explode('_', $idStr);

  1028. 			$albumName = trim(@pack('H*', $id_arr[1]));

  1029. 			$fileName = trim(@pack('H*', $id_arr[2]));

  1030. 

  1031. 			if (!$albumName || !$fileName || $fileName == '/') {

  1032. 				continue;

  1033. 			}

  1034. 

  1035. 			if (!csSYNOPhotoMisc::CheckAlbumManageable($albumName)) {

  1036. 				continue;

  1037. 			}

  1038. 			$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . ("/" === $albumName ? "" : $albumName . "/") . $fileName;

  1039. 			if (!csSynoPhotoMisc::CheckPathValid($path)) {

  1040. 				continue;

  1041. 			}

  1042. 			$isPhoto = 'photo' === $id_arr[0] ? true : false;

  1043. 			SYNOPHOTO_ADMIN_DeleteItemByPath($path, $isPhoto);

  1044. 			SYNOPHOTO_LABEL_UTIL_Check_Photo_Label();

  1045. 			PhotoLog::Add("File [".$fileName."] was deleted from album [".$albumName."].", true, strtolower(GetLoginUsername()));

  1046. 

  1047. 		}

  1048. 

  1049. 		$ret = true;

  1050. 		End:

  1051. 			return $ret;

  1052. 	}

  1053. 

  1054. 	private function CopyItem()

  1055. 	{

  1056. 		$ret = false;

  1057. 		$resp = array();

  1058. 		/* return when lack of params */

  1059. 		if (!isset($_REQUEST['id']) || !isset($_REQUEST['sharepath']) || !isset($_REQUEST['mode']) || !isset($_REQUEST['duplicate'])) {

  1060. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  1061. 			goto End;

  1062. 		}

  1063. 

  1064. 		/* set params */

  1065. 		if (preg_match('/^album_/', $_REQUEST['sharepath'])) {

  1066. 			$ids = explode('_', $_REQUEST['sharepath']);

  1067. 			$destShareName = @pack('H*', $ids[1]);

  1068. 		} else {

  1069. 			$destShareName = @pack('H*', $_REQUEST['sharepath']);

  1070. 		}

  1071. 		$destPath = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $destShareName;

  1072. 		if (!csSynoPhotoMisc::CheckPathValid($destPath)) {

  1073. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  1074. 			goto End;

  1075. 		}

  1076. 		$mode = $_REQUEST['mode'];

  1077. 		if ('copy' !== $mode && 'move' !== $mode) {

  1078. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  1079. 			goto End;

  1080. 		}

  1081. 

  1082. 		if (!csSYNOPhotoMisc::CheckAlbumUploadable('' == $destShareName ? '/' : $destShareName)) {

  1083. 			$this->SetError(PHOTOSTATION_PHOTO_ACCESS_DENY);

  1084. 			goto End;

  1085. 		}

  1086. 		$dirpath = $destShareName ? $destShareName : '/';

  1087. 

  1088. 		$ids = explode(',', $_REQUEST['id']);

  1089. 		$items = array();

  1090. 		foreach ($ids as $idStr) {

  1091. 			$id_arr = explode('_', $idStr);

  1092. 			$albumName = @pack('H*', $id_arr[1]);

  1093. 			$fileName = @pack('H*', $id_arr[2]);

  1094. 			if ($albumName === $dirpath) {

  1095. 				$this->SetError(PHOTOSTATION_PHOTO_SELECT_CONFLICT);

  1096. 				goto End;

  1097. 			}

  1098. 			$item = array(

  1099. 				'albumName' => $albumName,

  1100. 				'fileName' => $fileName,

  1101. 				'type' => $id_arr[0]

  1102. 			);

  1103. 			$items[] = $item;

  1104. 		}

  1105. 

  1106. 		$dup = 'rename' === $_REQUEST['duplicate'] ? 2 : ('ignore' === $_REQUEST['duplicate'] ? 0 : 1);

  1107. 

  1108. 		$cancelPath = PHOTO_ACTION_TMP.md5(PHOTO_ACTION_MVCP_KEY.$_REQUEST['id']);

  1109. 		foreach($items as $item) {

  1110. 			self::OutputSingleSpace();

  1111. 			if (file_exists($cancelPath)) {

  1112. 				@unlink($cancelPath);

  1113. 				break;

  1114. 			}

  1115. 

  1116. 			$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . ("/" === $item['albumName'] ? "" : $item['albumName'] . "/") . $item['fileName'];

  1117. 			if (!csSynoPhotoMisc::CheckPathValid($path)) {

  1118. 				continue;

  1119. 			}

  1120. 

  1121. 			if (!csSYNOPhotoMisc::CheckAlbumManageable($item['albumName'])) {

  1122. 				continue;

  1123. 			}

  1124. 

  1125. 			$dbPath = $this->GetDbPath($path);

  1126. 			/* get item id first */

  1127. 			if ('photo' === $item['type']) {

  1128. 				$query = "SELECT id FROM photo_image WHERE path = ?";

  1129. 			} elseif ('video' === $item['type']) {

  1130. 				$query = "SELECT id FROM video WHERE path = ?";

  1131. 			}

  1132. 			$db_result = PHOTO_DB_Query($query, array($dbPath));

  1133. 			if ($row = PHOTO_DB_FetchRow($db_result)) {

  1134. 				$id = $row['id'];

  1135. 				if ('copy' === $mode) {

  1136. 					if ('photo' === $item['type']) {

  1137. 						SYNOPHOTO_ADMIN_CopyOnePhoto($destShareName, $id, $dup);

  1138. 						@exec("/usr/syno/bin/synomkthumb -a " . escapeshellarg($destPath));

  1139. 					} elseif ('video' === $item['type']) {

  1140. 						SYNOPHOTO_ADMIN_CopyOneVideo($destShareName, $id, $dup);

  1141. 					}

  1142. 				} elseif ('move' === $mode) {

  1143. 					if ('photo' === $item['type']) {

  1144. 						SYNOPHOTO_ADMIN_MoveOnePhoto($destShareName, $id, $dup);

  1145. 						@exec("/usr/syno/bin/synomkthumb -a " . escapeshellarg($destPath));

  1146. 					} elseif ('video' === $item['type']) {

  1147. 						SYNOPHOTO_ADMIN_MoveOneVideo($destShareName, $id, $dup);

  1148. 					}

  1149. 				}

  1150. 			}

  1151. 		}

  1152. 

  1153. 		$ret = true;

  1154. 		End:

  1155. 			return $ret;

  1156. 	}

  1157. 

  1158. 	private function Cancel()

  1159. 	{

  1160. 		$ret = false;

  1161. 		$resp = array();

  1162. 		/* return when lack of params */

  1163. 		if (!isset($_REQUEST['id']) || !isset($_REQUEST['action'])) {

  1164. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  1165. 			goto End;

  1166. 		}

  1167. 

  1168. 		if ('mvcp' === $_REQUEST['action']) {

  1169. 			$key = PHOTO_ACTION_MVCP_KEY;

  1170. 		} else if ('delete' === $_REQUEST['action']) {

  1171. 			$key = PHOTO_ACTION_DEL_KEY;

  1172. 		}

  1173. 		$filePath = PHOTO_ACTION_TMP.md5($key.$_REQUEST['id']);

  1174. 		@file_put_contents($filePath, "");

  1175. 		$ret = true;

  1176. 	End:

  1177. 		return $ret;

  1178. 	}

  1179. 

  1180. 	private function GetDbPath($path)

  1181. 	{

  1182. 		return substr($path, strlen(SYNOPHOTO_SERVICE_REAL_DIR_PREFIX));

  1183. 	}

  1184. }

  1185. 

  1186. $api = new PhotoAPI();

  1187. $api->Run();