home
/
plugin.image.photostation
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Play images and video from Synology PhotoStation server
27 Commits
1 Branch
Tree: c528748dc1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c528748dc1'
${ noResults }
plugin.image.photostation/PhotoStation API/webapi/album.php

album.php 31KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941 
  1. <?php

  2. require_once('album.inc.php');

  3. require_once('albumutil.php');

  4. require_once '../include/SYNOPhotoEA.php';

  5. 

  6. define("PHOTO_ACTION_TMP", '/tmp/photostation_');

  7. define("PHOTO_ACTION_ALBUM_MOVE_KEY", 'SYNOPS_ALBUM_MOVE');

  8. define("PHOTO_ACTION_ALBUM_DEL_KEY", 'SYNOPS_ALBUM_DEL');

  9. 

  10. class AlbumAPI extends WebAPI {

  11. 	function __construct() {

  12. 		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);

  13. 	}

  14. 

  15. 	protected function Process() {

  16. 		if (!strcasecmp($this->method, "list")) {

  17. 			$force = "true" === $_REQUEST['force_update'] ? true : false;

  18. 

  19. 			csSYNOPhotoDB::GetDBInstance()->SetSessionCache($force);

  20. 			session_write_close();

  21. 			$this->AlbumList();

  22. 		} elseif (!strcasecmp($this->method, "getinfo")) {

  23. 			csSYNOPhotoDB::GetDBInstance()->SetSessionCache();

  24. 			session_write_close();

  25. 			$this->GetInfo();

  26. 		} else {

  27. 			csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);

  28. 			csSYNOPhotoMisc::CheckSessionTimeOut(true);

  29. 

  30. 			if (!strcasecmp($this->method, "create")) {

  31. 				$this->Create();

  32. 			} elseif (!strcasecmp($this->method, "edit")) {

  33. 				$this->Edit();

  34. 			} elseif (!strcasecmp($this->method, "delete")) {

  35. 				csSYNOPhotoDB::GetDBInstance()->ExpireSessionCache();

  36. 				session_write_close();

  37. 				$this->Delete();

  38. 			} elseif (!strcasecmp($this->method, "move")) {

  39. 				csSYNOPhotoDB::GetDBInstance()->ExpireSessionCache();

  40. 				session_write_close();

  41. 				$this->Move();

  42. 			} elseif (!strcasecmp($this->method, "arrangeitem")) {

  43. 				$this->ArrangeItem();

  44. 			} elseif (!strcasecmp($this->method, "cleararrangeitem")) {

  45. 				$this->ClearArrangeItem();

  46. 			} elseif (!strcasecmp($this->method, "cancel")) {

  47. 				session_write_close();

  48. 				$this->Cancel();

  49. 			}

  50. 		}

  51. 	}

  52. 

  53.     private function GetParams_Info() {

  54.         $params = array();

  55. 

  56.         if (!isset($_REQUEST['id']) || '' === $_REQUEST['id']) {

  57.             $params['id'] = null; // null means shared root folder

  58.         } else {

  59.             $split = explode(',', $_REQUEST['id']);

  60.             $params['id'] = array();

  61.             foreach ($split as $albumID) {

  62.                 $id = $this->DecodeItemId($albumID, 'album_');

  63.                 if (false === $id) {

  64.                     return false;

  65.                 }

  66. 				$params['id'][$albumID] = $id;

  67.             }

  68.         }

  69. 		$params['password'] = (isset($_REQUEST['password'])) ? $_REQUEST['password'] : null;

  70.         $params['additional'] = explode(',', $_REQUEST['additional']);

  71.         $params['ignore'] = explode(',', $_REQUEST['ignore']);

  72. 

  73.         return $params;

  74.     }

  75. 

  76.     private function GetParams_Create_Edit() {

  77.         $params = array();

  78. 

  79.         $params['name'] = $_REQUEST['name'];

  80.         $params['id'] = null; // null means shared root folder

  81.         if (isset($_REQUEST['id']) && '' !== $_REQUEST['id']) {

  82.             $id = $this->DecodeItemId($_REQUEST['id'], 'album_');

  83.             if (false === $id) {

  84.                 return false;

  85.             }

  86.             $params['id'] = $id;

  87.         }

  88.         $params['title'] = (isset($_REQUEST['title'])) ? $_REQUEST['title'] : null;

  89. 		$params['description'] = (isset($_REQUEST['description'])) ? $_REQUEST['description'] : null;

  90. 		$params['inheritParent'] = (isset($_REQUEST['inheritParent']) && 'true' === $_REQUEST['inheritParent']) ? true : false;

  91.         $params['sort_by'] = (isset($_REQUEST['sort_by'])) ? $_REQUEST['sort_by'] : null;

  92.         if ((null !== $params['sort_by']) && !in_array($params['sort_by'], array('filename', 'takendate', 'createdate', 'preference', 'default'))) {

  93.             return false;

  94.         }

  95.         $params['sort_direction'] = (isset($_REQUEST['sort_direction'])) ? $_REQUEST['sort_direction'] : null;

  96.         if ((null !== $params['sort_direction']) && !in_array($params['sort_direction'], array('asc', 'desc'))) {

  97.             return false;

  98.         }

  99.         $params['allow_comment'] = (isset($_REQUEST['allow_comment'])) ? $_REQUEST['allow_comment'] : null;

  100.         if ((null !== $params['allow_comment']) && !in_array($params['allow_comment'], array('true', 'false'))) {

  101.             return false;

  102.         }

  103.         $params['type'] = (isset($_REQUEST['type'])) ? $_REQUEST['type'] : null;

  104.         if ((null !== $params['type']) && !in_array($params['type'], array('public', 'private', 'password'))) {

  105.             return false;

  106.         }

  107.         $params['password'] = (isset($_REQUEST['password'])) ? $_REQUEST['password'] : null;

  108. 

  109.         $params['conversion'] = (isset($_REQUEST['conversion'])) ? $_REQUEST['conversion'] : null;

  110.         if ((null !== $params['conversion']) && !in_array($params['conversion'], array('true', 'false'))) {

  111.             return false;

  112.         }

  113. 

  114.         return $params;

  115.     }

  116. 

  117.     private function GetTagIdString($tags)

  118.     {

  119.         $arr = explode(',', $tags);

  120.         $idArr = array();

  121.         foreach ($arr as $tag) {

  122.             $split = explode('tag_', $tag);

  123.             if (2 !== count($split)) {

  124.                 return Error;

  125.             }

  126.             array_push($idArr, $split[1]);

  127.         }

  128.         $idString = implode(',', $idArr);

  129.     Error:

  130.         return $idString;

  131. 	}

  132. 

  133. 	private function GetAlbumString($albums) {

  134. 		$params = array();

  135. 		$idArr = array();

  136. 		$idString = '';

  137. 		$items = explode(',', $albums);

  138. 		foreach($items as $item) {

  139. 			$arr = explode('_', $item);

  140. 			if (2 !== count($arr) || 'album' !== $arr[0]) {

  141. 				return $idString;

  142. 			}

  143. 			$shareName = trim($arr[1]);

  144. 			if ('' !== $shareName) {

  145. 				$shareName = pack('H*', $arr[1]);

  146. 				array_push($params, $shareName);

  147. 			}

  148. 		}

  149. 		$albums = Album::GetBySharename($params);

  150. 		foreach ($albums as $album) {

  151. 			$id = $album['shareid'];

  152. 			array_push($idArr, $id);

  153. 		}

  154. 		$idString = implode(',', $idArr);

  155. 		return $idString;

  156. 	}

  157. 

  158. 	private function GetExifString($values, $prefix) {

  159. 		$arr = explode(',', $values);

  160. 		$idString = '';

  161. 		$idArr = array();

  162. 		foreach($arr as $value) {

  163. 			$split = explode($prefix, $value);

  164. 			if (2 !== count($split)) {

  165. 				goto Error;

  166. 			}

  167. 			array_push($idArr, $split[1]);

  168. 		}

  169. 		$idString = implode(',', $idArr);

  170. 	Error:

  171. 		return $idString;

  172. 	}

  173. 

  174.     private function GetParams_list() {

  175. 

  176.         $params = array();

  177. 

  178.         if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !isset($_REQUEST['type'])) {

  179.             // FIXME - filter type

  180.             return false;

  181.         }

  182.         $params['offset'] = $_REQUEST['offset'];

  183.         $params['limit'] = $_REQUEST['limit'];

  184.         $params['type'] = array();

  185.         $arr = explode(',', $_REQUEST['type']);

  186.         foreach ($arr as $item) {

  187.             if (!in_array($item, array('album', 'photo', 'video'))) {

  188.                 return false;

  189.             }

  190.             array_push($params['type'], $item);

  191.         }

  192. 

  193.         $params['id'] = (isset($_REQUEST['id'])) ? $_REQUEST['id'] : null; // null means shared root folder

  194. 		$params['albumName'] = '/';

  195.         if (isset($_REQUEST['id'])) {

  196.             $split = explode('_', $_REQUEST['id']);  // ex: album_id

  197.             $params['id'] = $split[1];

  198. 			$params['albumName'] = @pack('H*', $split[1]);

  199.         }

  200.         $params['password'] = (isset($_REQUEST['password'])) ? $_REQUEST['password'] : null;

  201. 

  202.         $params['ignore'] = explode(',', $_REQUEST['ignore']);

  203.         // additional operator

  204.         $params['additional'] = array();

  205.         $params['additional'] = explode(',', $_REQUEST['additional']);

  206. 

  207.         // sort operator

  208.         $params['sort_by'] = isset($_REQUEST['sort_by']) ? $_REQUEST['sort_by'] : 'preference';

  209.         if (!in_array($params['sort_by'], array('filename', 'takendate', 'createdate', 'preference', 'mtime'))) {

  210.             return false;

  211.         }

  212. 

  213.         if (!isset($_REQUEST['sort_direction'])) {

  214.             $value = csSYNOPhotoMisc::GetConfigDB("album", "thumb_sort_order", "photo_config");

  215.             $params['sort_direction'] = AlbumAPIUtil::ConvertToSortDirection($value);

  216.         } else {

  217.             $params['sort_direction'] = $_REQUEST['sort_direction'];

  218.         }

  219.         if (!in_array($params['sort_direction'], array('asc', 'desc'))) {

  220.             return false;

  221.         }

  222. 

  223.         // filter operator

  224.         $params['keyword'] = (isset($_REQUEST['keyword'])) ? $_REQUEST['keyword'] : null;

  225.         if (isset($_REQUEST['keyword'])) {

  226.             $default = 'all';

  227.             $params['keyword_op'] = (isset($_REQUEST['keyword_op'])) ? $_REQUEST['keyword_op'] : $default;

  228.             if (isset($params['keyword_op']) && !in_array($params['keyword_op'], array('any', 'all', 'exact'))) {

  229.                 return false;

  230.             }

  231.         }

  232.         $params['date'] = (isset($_REQUEST['date'])) ? $_REQUEST['date'] : null;

  233.         if (isset($_REQUEST['date'])) {

  234.             $default = 'taken';

  235.             $params['date_op'] = (isset($_REQUEST['date_op'])) ? $_REQUEST['date_op'] : $default;

  236.             if (isset($params['date_op']) && !in_array($params['date_op'], array('taken', 'upload', 'recently_add', 'recently_comment'))) {

  237.                 return false;

  238.             }

  239.         }

  240.         $params['people_tag'] = (isset($_REQUEST['people_tag'])) ? $_REQUEST['people_tag'] : null;

  241.         if (isset($_REQUEST['people_tag'])) {

  242.             $params['people_tag'] = $this->GetTagIdString($_REQUEST['people_tag']);

  243.             $default = 'all';

  244.             $params['people_tag_op'] = (isset($_REQUEST['people_tag_op'])) ? $_REQUEST['people_tag_op'] : $default;

  245.             if (isset($params['people_tag_op']) && !in_array($params['people_tag_op'], array('all', 'any'))) {

  246.                 return false;

  247.             }

  248.         }

  249.         $params['geo_tag'] = (isset($_REQUEST['geo_tag'])) ? $_REQUEST['geo_tag'] : null;

  250.         if (isset($_REQUEST['geo_tag'])) {

  251.             $params['geo_tag'] = $this->GetTagIdString($_REQUEST['geo_tag']);

  252.             $default = 'all';

  253.             $params['geo_tag_op'] = (isset($_REQUEST['geo_tag_op'])) ? $_REQUEST['geo_tag_op'] : $default;

  254.             if (isset($params['geo_tag_op']) && !in_array($params['geo_tag_op'], array('all', 'any'))) {

  255.                 return false;

  256.             }

  257.         }

  258.         $params['desc_tag'] = (isset($_REQUEST['desc_tag'])) ? $_REQUEST['desc_tag'] : null;

  259.         if (isset($_REQUEST['desc_tag'])) {

  260.             $params['desc_tag'] = $this->GetTagIdString($_REQUEST['desc_tag']);

  261.             $default = 'all';

  262.             $params['desc_tag_op'] = (isset($_REQUEST['desc_tag_op'])) ? $_REQUEST['desc_tag_op'] : $default;

  263.             if (isset($params['desc_tag_op']) && !in_array($params['desc_tag_op'], array('all', 'any'))) {

  264.                 return false;

  265.             }

  266. 		}

  267. 		$params['albums'] = (isset($_REQUEST['albums'])) ? $_REQUEST['albums'] : null;

  268. 		if (isset($_REQUEST['albums'])) {

  269. 			$params['albums'] = $this->GetAlbumString($_REQUEST['albums']);

  270. 		}

  271. 		foreach(SmartAlbum::$exif2IdPrefix as $label => $value) {

  272. 			if (isset($_REQUEST[$label])) {

  273. 				$op = $label.'_op';

  274. 				$params[$label] = $this->GetExifString($_REQUEST[$label], $value.'_');

  275. 				$defaultOp = 'any';

  276. 				$params[$op] = (isset($_REQUEST[$op])) ? $_REQUEST[$op] : $default;

  277. 				if (isset($params[$op]) && 'any' !== $params[$op]) {

  278. 					return false;

  279. 				}

  280. 			}

  281. 		}

  282. 

  283.         return $params;

  284.     }

  285. 

  286. 	private function GetParams_ArrangeItem()

  287. 	{

  288. 		if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !isset($_REQUEST['item_id'])) {

  289. 			return false;

  290. 		}

  291. 

  292. 		$params = array();

  293. 		$params['id'] =  (isset($_REQUEST['id'])) ? $_REQUEST['id'] : null; // null means shared root folder

  294. 		if (null !== $params['id'] && '' !== $params['id']) {

  295. 			$split = explode('_', $params['id']);  // ex: 'album_id'

  296. 			if (2 !== count($split)) {

  297. 				return false;

  298. 			}

  299. 			if ('album' !== $split[0]) {

  300. 				return false;

  301. 			}

  302. 			$params['albumName'] = @pack('H*', $split[1]);

  303. 		} else {

  304. 			$params['albumName'] = '/';

  305. 		}

  306. 

  307. 		$params['offset'] = $_REQUEST['offset'];

  308. 		$params['limit'] = $_REQUEST['limit'];

  309. 

  310. 		$params['item_id'] = array();

  311. 		$params['item_name'] = array();

  312. 		$items = explode(',', $_REQUEST['item_id']);

  313. 		// item must be photo or video, and make sure album must be ahead of photo and video

  314. 		foreach ($items as $item) {

  315. 			$arr = explode('_', $item);

  316. 			if (!in_array($arr[0], array('album', 'photo', 'video'))) {

  317. 				return false;

  318. 			}

  319. 			if ('photo' === $arr[0] || 'video' === $arr[0]) {

  320. 				$filename = @pack('H*', $arr[2]);

  321. 				array_push($params['item_name'], $filename);

  322. 			} elseif ('album' === $arr[0]) {

  323. 				$foldername = @pack('H*', $arr[1]);

  324. 				array_push($params['item_name'], basename($foldername).SYNOPHOTO_USER_SORT_ALBUM_SYMBOL);

  325. 			}

  326. 		}

  327. 		$params['item_id'] = $items;

  328. 

  329. 		return $params;

  330. 	}

  331. 

  332. 	private function GetParams_ClearArrangeItem()

  333. 	{

  334. 		$params = array();

  335. 		$params['id'] =  (isset($_REQUEST['id'])) ? $_REQUEST['id'] : null; // null means shared root folder

  336. 		if (null !== $params['id'] && '' !== $params['id']) {

  337. 			$split = explode('_', $params['id']);  // ex: 'album_id'

  338. 			if (2 !== count($split)) {

  339. 				return false;

  340. 			}

  341. 			if ('album' !== $split[0]) {

  342. 				return false;

  343. 			}

  344. 			$params['albumName'] = @pack('H*', $split[1]);

  345. 		} else {

  346. 			$params['albumName'] = '/';

  347. 		}

  348. 

  349. 		return $params;

  350. 	}

  351. 

  352.     private function ConvertSmartCondition($params) {

  353. 

  354.         $matchPattern = array('id', 'keyword', 'keyword_op', 'date', 'date_op', 'people_tag', 'people_tag_op', 'geo_tag', 'geo_tag_op', 'desc_tag', 'desc_tag_op', 'albums');

  355.         $formatPattern = array('dir', 'k', 'k_op', 'd', 'd_op', 'pt', 'pt_op', 'gt', 'gt_op', 'dt', 'dt_op', 'albums');

  356.         $condition = array();

  357.         foreach($matchPattern as $field) {

  358.             if (isset($params[$field])) {

  359.                 $index = array_keys($matchPattern, $field);

  360.                 $condition[$formatPattern[$index[0]]] = $params[$field];

  361.             }

  362. 		}

  363. 		foreach(SmartAlbum::$exif2IdPrefix as $label => $value) {

  364. 			if (isset($params[$label])) {

  365. 				$condition[$label] = $params[$label];

  366. 				$op = $label.'_op';

  367. 				$condition[$op] = $params[$op];

  368. 			}

  369. 		}

  370.         return $condition;

  371.     }

  372. 

  373.     private function CheckRootSharedFolder($sharePath) {

  374.         if ('' === $sharePath) {

  375.             return true;

  376.         }

  377.         return false;

  378.     }

  379. 

  380.     private function CheckAlbumAccessRight($sharePath, $password) {

  381.         $ret = WEBAPI_ERR_NONE;

  382.         // admin

  383.         if (isset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'])) {

  384.             return WEBAPI_ERR_NONE;

  385.         }

  386. 

  387.         // not root share folder

  388.         if (!$this->CheckRootSharedFolder($sharePath)) {

  389.             $albumInfo = csSYNOPhotoDB::GetDBInstance()->GetAlbum($sharePath);

  390.             if (empty($albumInfo['password'])) {

  391.                 // Check accessible

  392.                 if (!csSYNOPhotoMisc::CheckAlbumAccessible($sharePath)) {

  393.                     $ret = PHOTOSTATION_ALBUM_NO_ACCESS_RIGHT;

  394.                 }

  395.             } else {

  396.                 if (!isset($_SESSION[SYNOPHOTO_ADMIN_USER]['password_pass_album'][$sharePath])) {

  397.                     if ((md5($password) !== $albumInfo['password'])) {

  398.                         $ret = PHOTOSTATION_ALBUM_PASSWORD_ERROR;

  399.                     } else {

  400. 						csSYNOPhotoMisc::PhotoSessionStart();

  401.                         $_SESSION[SYNOPHOTO_ADMIN_USER]['password_pass_album'][$sharePath] = md5($password);

  402.                         session_write_close();

  403.                     }

  404.                 }

  405.             }

  406.         }

  407.         return $ret;

  408.     }

  409. 

  410.     private function FormItems($itemList, $params) {

  411.         $items = array();

  412.         $allowComment = AlbumAPIUtil::IsAlbumCommentalbGlobal();

  413.         $showAlbumHit = AlbumAPIUtil::IsShowAlbumHit();

  414.         $needThumbSize = in_array('thumb_size', $params['additional']);

  415.         $types = array(0 => 'album', 1 => 'photo', 2 => 'video');

  416.         $conversionDirs = array();

  417. 		$decorator = array(

  418. 			'album' => 'Decorator::AlbumFormula',

  419. 			'photo'	=> 'Decorator::PhotoFormula',

  420. 			'video'	=> 'Decorator::VideoFormula'

  421. 		);

  422.         foreach($itemList['items'] as $item_node) {

  423. 			$type = $types[$item_node['itemType']];

  424. 			$func = $decorator[$type];

  425. 

  426. 			$item = array();

  427. 			if ($func) {

  428. 				$item = call_user_func($func, $item_node, array(

  429. 					'allowComment'	=> $allowComment,

  430. 					'showAlbumHit'	=> $showAlbumHit,

  431. 					'param'			=> $params,

  432. 					'needThumbSize'	=> $needThumbSize

  433. 				));

  434. 			}

  435. 

  436.             $items[] = $item;

  437.         }

  438. 

  439.         return $items;

  440.     }

  441. 

  442.     private function GetAlbumShareName($value) {

  443.         if (empty($value)) {

  444.             return false;

  445.         }

  446. 

  447.         $shareNameList = array();

  448.         $albumIDs = explode(',', $value);

  449.         foreach ($albumIDs as $albumID) {

  450.             $arr = explode('album_', $albumID);

  451.             if (2 !== count($arr)) {

  452.                 return false;

  453.             }

  454.             $albumName = trim(@pack('H*', $arr[1]));

  455.             if (!$albumName || '/' === $albumName) {

  456.                 return false;

  457.             }

  458.             array_push($shareNameList, $albumName);

  459.         }

  460.         return $shareNameList;

  461.     }

  462. 

  463.     private function GetInfo() {

  464.         // Get and check params

  465.         $params = array();

  466.         $params = $this->GetParams_Info();

  467.         if (!$params) {

  468.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  469.             goto End;

  470.         }

  471.         $needThumbSize = in_array('thumb_size', $params['additional']);

  472.         $items = array();

  473.         if (null === $params['id']) {

  474.             $item = AlbumAPIUtil::GetRootAlbumInfo($params);

  475.             array_push($items, $item);

  476.         } else {

  477.             $allowComment = AlbumAPIUtil::IsAlbumCommentalbGlobal();

  478.             $showHits = AlbumAPIUtil::IsShowAlbumHit();

  479.             $albums = Album::GetBySharename(array_values($params['id']));

  480.             foreach ($params['id'] as $id => $shareName) {

  481. 				$item = Decorator::AlbumFormula($albums[$shareName], array(

  482. 						'allowComment' => $allowComment,

  483. 						'showAlbumHit' => $showHits,

  484. 						'needThumbSize' => $needThumbSize,

  485. 						'param' => $params

  486. 					));

  487.                 array_push($items, $item);

  488.             }

  489.         }

  490. 

  491.         $resp['items'] = $items;

  492.         $this->SetResponse($resp);

  493.     End:

  494.         return;

  495.     }

  496. 

  497.     private function AlbumList() {

  498.         // Get and check params

  499.         $params = array();

  500.         $params = $this->GetParams_list();

  501.         if (!$params) {

  502.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  503.             goto End;

  504.         }

  505.         $sharePath = @pack('H*', $params['id']);

  506.         // Check access right

  507.         if (WEBAPI_ERR_NONE != ($error_code = $this->CheckAlbumAccessRight($sharePath, $params['password']))) {

  508.             $this->SetError($error_code);

  509.             goto End;

  510.         }

  511. 

  512. 		$hasExifCond = false;

  513. 		foreach(SmartAlbum::$exif2IdPrefix as $label => $value) {

  514. 			if (isset($params[$label])) {

  515. 				$hasExifCond = true;

  516. 				break;

  517. 			}

  518. 		}

  519. 		// search operator

  520.         $itemsSort = array();

  521. 		if (isset($params['keyword']) || isset($params['date']) || isset($params['people_tag']) || isset($params['geo_tag']) || isset($params['desc_tag'])

  522. 			|| isset($params['albums']) || $hasExifCond) {

  523. 			$smart_condition = $this->ConvertSmartCondition($params);

  524. 			$itemList = csSYNOPhotoBrowse::GetBrowseInstance()->GetSearchThumbList_new($smart_condition, $params['offset'], $params['limit']);

  525.             // filter type

  526.             $filterItems = AlbumAPIUtil::FilterByType($itemList['items'], $params['type']);

  527. 			$total = $itemList['itemCount'];

  528.             // FIXME - sorting for search operator

  529.             $itemsSort['items'] = $filterItems;

  530.         } else {

  531. 			// album operator

  532. 			csSYNOPhotoMisc::PhotoSessionStart();

  533. 			$_SESSION[SYNOPHOTO_ADMIN_USER]['album_thumb_sort_by'] = $params['sort_by'];

  534. 			$_SESSION[SYNOPHOTO_ADMIN_USER]['album_thumb_sort_order'] = $params['sort_direction'];

  535.             if (isset($params['id'])) {

  536.                 csSYNOPhotoAlbum::GetAlbumInstance()->AddHitTimes($sharePath);

  537.             }

  538. 			session_write_close();

  539.             $itemsSort = array();

  540.             $itemsSort = csSYNOPhotoBrowse::GetBrowseInstance()->GetThumbList_New(isset($params['id']) ? $sharePath : '/', (int)$params['offset'], (int)$params['limit'], $params['sort_by'], $params['sort_direction'], !in_array('album', $params['type']), !in_array('video', $params['type']), !in_array('photo', $params['type']));

  541.             $total = $itemsSort['itemCount'];

  542.         }

  543. 

  544.         $resp = array();

  545.         $resp['total'] = $total;

  546.         $offset = (0 > (int)$params['limit']) ? $resp['total'] : $params['offset'] + $params['limit'];

  547.         $resp['offset'] = ($offset > $resp['total']) ?  $resp['total'] : $offset;

  548.         $resp['items'] = $this->FormItems($itemsSort, $params);

  549.         $this->SetResponse($resp);

  550. 

  551.     End:

  552.         return;

  553.     }

  554. 

  555.     private function Create() {

  556.         if (!isset($_REQUEST['name'])) {

  557.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  558.             goto End;

  559.         }

  560. 

  561.         // name can't include [.] start or [\/:*?<>|]

  562.         if (preg_match('/[\\\\\/:\*\?<>\|]/', $_REQUEST['name'], $matches) || preg_match('/^\./', $_REQUEST['name'], $matches)) {

  563.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  564.             goto End;

  565.         }

  566. 

  567.         // Get and check params

  568.         $params = array();

  569.         $params = $this->GetParams_Create_Edit();

  570.         if (!$params) {

  571.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  572.             goto End;

  573.         }

  574. 

  575.         // get parent share name

  576. 		$parentShareName = null === $params['id'] ? '' : $params['id'];

  577. 

  578.         $ret = AlbumAPIUtil::SYNOPHOTO_ADMIN_AddAlbum($parentShareName, $params);

  579. 		$username = GetLoginUsername();

  580. 		$parentShareName = $parentShareName === '' ? '/' : $parentShareName;

  581. 		if (is_numeric($ret) && $ret < 0) {

  582. 			PhotoLog::Add("Failed to create album [".$_REQUEST['name']."] in [".$parentShareName."].", false, strtolower($username));

  583. 		} else {

  584. 			PhotoLog::Add("Album [".$_REQUEST['name']."] was created in [".$parentShareName."].", true, strtolower($username));

  585. 		}

  586.         if (-1 === $ret) {

  587.             $this->SetError(PHOTOSTATION_ALBUM_CREATE_FAIL);

  588.             goto End;

  589.         } elseif (-2 === $ret) {

  590.             $this->SetError(PHOTOSTATION_ALBUM_NO_UPLOAD_RIGHT);

  591.             goto End;

  592.         } elseif (-3 === $ret) {

  593.             $this->SetError(PHOTOSTATION_ALBUM_NOT_ADMIN);

  594.             goto End;

  595.         } elseif (-4 === $ret) {

  596.             $this->SetError(PHOTOSTATION_ALBUM_HAS_EXIST);

  597.             goto End;

  598.         }

  599. 

  600.         $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('sharename', 'photo_share', 'shareid', $ret);

  601.         $resp['id'] = $this->EncodeItemId($row['sharename'], "album_");

  602.         $this->SetResponse($resp);

  603.     End:

  604.         return;

  605.     }

  606. 

  607.     private function Delete() {

  608.         if (!isset($_REQUEST['id'])) {

  609.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  610.             goto End;

  611.         }

  612.         if (false === ($shareNameList = $this->GetAlbumShareName($_REQUEST['id']))) {

  613.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  614.             goto End;

  615.         }

  616. 

  617.         $cancelPath = PHOTO_ACTION_TMP.md5(PHOTO_ACTION_ALBUM_DEL_KEY.$_REQUEST['id']);

  618.         $failCount = 0;

  619.         foreach ($shareNameList as $shareName) {

  620.             self::OutputSingleSpace();

  621.             if (file_exists($cancelPath)) {

  622.                 @unlink($cancelPath);

  623.                 break;

  624.             }

  625. 

  626.             $dirName = dirname($shareName);

  627.             $dirName = ('.' === $dirName) ? '/' : $dirName;

  628.             if (!csSynoPhotoMisc::CheckAlbumManageable($dirName)) {

  629.                 $failCount++;

  630.                 continue;

  631.             }

  632. 			$result = Album::DeleteOneBySharename($shareName);

  633. 			if (!$result[0]) {

  634. 				continue;

  635. 			}

  636. 			PhotoLog::Add("Album [".$shareName."] was deleted.", true, strtolower(GetLoginUsername()));

  637.         }

  638.         if ($failCount === count($shareNameList)) {

  639.             $this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);

  640.             goto End;

  641.         }

  642.         SYNOPHOTO_LABEL_UTIL_Check_Photo_Label();

  643. 

  644.     End:

  645.         return;

  646.     }

  647. 

  648.     private function Edit() {

  649.         // Get and check params

  650.         $params = array();

  651.         $params = $this->GetParams_Create_Edit();

  652.         if (!$params || null === $params['id']) {

  653.             $this->SetError(WEBAPI_ERR_BAD_REQUEST);

  654.             goto End;

  655.         }

  656.  

  657.         $shareName = $params['id'];

  658. 

  659.         $ret = AlbumAPIUtil::SYNOPHOTO_ADMIN_UpdateAlbum($shareName, $params);

  660.         if (-1 === $ret) {

  661.             $this->SetError(PHOTOSTATION_ALBUM_EDIT_FAIL);

  662.             goto End;

  663.         } elseif (-2 === $ret) {

  664.             $this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);

  665.             goto End;

  666.         } elseif (-3 === $ret) {

  667.             $this->SetError(PHOTOSTATION_ALBUM_NOT_ADMIN);

  668.             goto End;

  669.         }

  670.     End:

  671.         return;

  672. 	}

  673. 

  674. 	private function GetParams_Move() {

  675. 		$param = array();

  676. 

  677. 		/* return when lack of params */

  678. 		if (!isset($_REQUEST['id']) || !isset($_REQUEST['sharepath']) || !isset($_REQUEST['duplicate'])) {

  679. 			return array(false, WEBAPI_ERR_BAD_REQUEST);

  680. 		}

  681. 

  682. 		/* set params */

  683. 		if (preg_match('/^album_/', $_REQUEST['sharepath'])) {

  684. 			$sharepath = trim($this->DecodeItemId($_REQUEST['sharepath'], "album_"));

  685. 		} else {

  686. 			$sharepath = trim(@pack('H*', $_REQUEST['sharepath']));

  687. 		}

  688. 		// $sharepath could be empty

  689. 		$dirpath = pathinfo($sharepath, PATHINFO_DIRNAME);

  690. 		if (!$dirpath || '.' === $dirpath) {

  691. 			$dirpath = '';

  692. 		}

  693. 

  694. 		$destDirs = array();

  695. 		$checkDestDir = $sharepath;

  696. 		while('.' !== $checkDestDir && '' !== $checkDestDir) {

  697. 			$destDirs[] = $checkDestDir;

  698. 			$checkDestDir = pathinfo($checkDestDir, PATHINFO_DIRNAME);

  699. 		}

  700. 

  701. 		$requestIds = explode(',', $_REQUEST['id']);

  702. 		$ids = array();

  703. 		foreach($requestIds as $idStr) {

  704. 			$id_arr = explode('_', $idStr);

  705. 			$albumName = trim(@pack('H*', $id_arr[1]));

  706. 			if (!$albumName || '/' === $albumName) {

  707. 				return array(false, WEBAPI_ERR_BAD_REQUEST);

  708. 			}

  709. 

  710. 			$sourceDir = pathinfo($albumName, PATHINFO_DIRNAME);

  711. 			if ('.' === $sourceDir) {

  712. 				$sourceDir = '';

  713. 			}

  714. 			// dir(source) === dest

  715. 			if ($sharepath === $sourceDir) {

  716. 				return array(false, PHOTOSTATION_ALBUM_SELECT_CONFLICT);

  717. 			}

  718. 			// dest's parent !== dest

  719. 			if (in_array($albumName, $destDirs)) {

  720. 				return array(false, PHOTOSTATION_ALBUM_SELECT_CONFLICT);

  721. 			}

  722. 			$ids[] = $albumName;

  723. 		}

  724. 

  725. 		$param['destShareName'] = $sharepath;

  726. 		$param['isOverwrite'] = 'overwrite' === $_REQUEST['duplicate'] ? true : false;

  727. 		$param['id'] = $ids;

  728. 		return array(true, $param);

  729. 	}

  730. 

  731. 	private function Move() {

  732. 		$ret = false;

  733. 		$param_res = $this->GetParams_Move();

  734. 		if (!$param_res[0]) {

  735. 			$this->SetError($param_res[1]);

  736. 			goto End;

  737. 		}

  738. 		$param = $param_res[1];

  739. 

  740. 		if ('' !== $param['destShareName']) {

  741. 			$destPath = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $param['destShareName'];

  742. 		} else {

  743. 			$destPath = SYNOPHOTO_SERVICE_REAL_DIR . "/";

  744. 		}

  745. 

  746. 		if (!csSynoPhotoMisc::CheckPathValid($destPath)) {

  747. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  748. 			goto End;

  749. 		}

  750. 

  751. 		if (!csSynoPhotoMisc::CheckAlbumUploadable('' == $param['destShareName'] ? '/' : $param['destShareName'])) {

  752. 			$this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);

  753. 			goto End;

  754. 		}

  755. 

  756. 		$destShareData = array();

  757. 		$destShareData['shareid'] = -1;

  758. 

  759. 		if ($_REQUEST['sharepath'] == '') {

  760. 			$destShareData['sharename'] = '';

  761. 			$albums = Album::GetBySharename(array('/'), true);

  762. 			$row = $albums['/'];

  763. 		} else {

  764. 			$destShareData['sharename'] = $param['destShareName'];

  765. 			$albums = Album::GetBySharename(array($destShareData['sharename']), true);

  766. 			$row = $albums[$destShareData['sharename']];

  767. 		}

  768. 

  769. 		if($row) {

  770. 			$destShareData['shareid'] = $row['shareid'];

  771. 			$destShareData['public'] = $row['public'];

  772. 			$destShareData['password'] = $row['password'];

  773. 			$destShareData['comment'] = $row['comment'];

  774. 		}

  775. 

  776. 		$cancelPath = PHOTO_ACTION_TMP.md5(PHOTO_ACTION_ALBUM_MOVE_KEY.$_REQUEST['id']);

  777. 		$skip = array();

  778. 		foreach ($param['id'] as $albumName) {

  779. 			self::OutputSingleSpace();

  780. 			if (file_exists($cancelPath)) {

  781. 				@unlink($cancelPath);

  782. 				break;

  783. 			}

  784. 

  785. 			$path = SYNOPHOTO_SERVICE_REAL_DIR . "/" . $albumName;

  786. 			if (!csSynoPhotoMisc::CheckPathValid($path)) {

  787. 				continue;

  788. 			}

  789. 			$ret = SYNOPHOTO_ADMIN_MoveOneAlbum($destShareData, $albumName, $param['isOverwrite']);

  790. 			// skip this album

  791. 			if (1 === $ret) {

  792. 				$skip[] = $this->EncodeItemId($albumName, "album_");

  793. 			}

  794. 		}

  795. 		$ret = true;

  796. 

  797. 		$resp = array(

  798. 			'skip' => $skip

  799. 		);

  800. 

  801.         $this->SetResponse($resp);

  802. 

  803. 		End:

  804. 			return $ret;

  805. 	}

  806. 

  807. 	private function ArrangeItem()

  808. 	{

  809. 		if (false === ($params = $this->GetParams_ArrangeItem())) {

  810. 			$this->SetError(WEBAPI_ERR_BAD_REQUEST);

  811. 			goto End;

  812. 		}

  813. 

  814. 		// chack permission

  815. 		if (!csSynoPhotoMisc::CheckAlbumManageable($params['albumName'])) {

  816. 			$this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);

  817. 			goto End;

  818. 		}

  819. 

  820. 		// get sort_by and sort_direction

  821. 		$sort_by = $_SESSION[SYNOPHOTO_ADMIN_USER]['album_thumb_sort_by'];

  822. 		if (empty($sort_by)) {

  823. 			$value = csSYNOPhotoMisc::GetConfigDB("album", "thumb_sort_type", "photo_config");

  824. 			$sort_by = AlbumAPIUtil::ConvertToSortName($value);

  825. 		}

  826. 		$sort_direction = $_SESSION[SYNOPHOTO_ADMIN_USER]['album_thumb_sort_order'];

  827. 		if (empty($sort_direction)) {

  828. 			$value = csSYNOPhotoMisc::GetConfigDB("album", "thumb_sort_order", "photo_config");

  829. 			$sort_direction = AlbumAPIUtil::ConvertToSortDirection($value);

  830. 		}

  831. 

  832. 		// get original path list

  833. 		$pathList = csSYNOPhotoBrowse::GetBrowseInstance()->GetList_new($params['albumName'], 0, -1, $sort_by, $sort_direction, false, false, false);

  834. 		$totalCount = $pathList['totalCount'];

  835. 

  836. 		// adjust offset and limit

  837. 		$offset = $params['offset'];

  838. 		$limit = (-1 === (int)$params['limit']) ? (int)$totalCount : (int)$params['limit'];

  839. 		if ($offset >= $totalCount || $limit != count($params['item_name'])) {

  840. 			$this->SetError(WEBAPI_ERR_BAD_REQUEST);

  841. 			goto End;

  842. 		}

  843. 

  844. 		// get original name list

  845. 		$nameList = array();

  846. 		foreach ($pathList['list'] as $path => $itemType) {

  847. 			$name = (SYNOPHOTO_ITEM_TYPE_ALBUM === $itemType) ? basename($path).SYNOPHOTO_USER_SORT_ALBUM_SYMBOL : basename($path);

  848. 			$nameList[] = $name;

  849. 		}

  850. 

  851. 		// get sort name list

  852. 		array_splice($nameList, $offset, $limit, $params['item_name']);

  853. 		$sortNameList = $nameList;

  854. 

  855. 		// make sure album must be ahead of photo and video

  856. 		$blHavePhotoVideoItem = false;

  857. 		$blPhotoVideoAheadAlbum = false;

  858. 		foreach ($sortNameList as $name) {

  859. 			if ('/' === $name[strlen($name)-1]) {

  860. 				if ($blHavePhotoVideoItem) {

  861. 					$blPhotoVideoAheadAlbum = true;

  862. 					break;

  863. 				}

  864. 			} else {

  865. 				$blHavePhotoVideoItem = true;

  866. 			}

  867. 		}

  868. 		if ($blPhotoVideoAheadAlbum) {

  869. 			$this->SetError(WEBAPI_ERR_BAD_REQUEST);

  870. 			goto End;

  871. 		}

  872. 

  873. 		// seve to conf

  874. 		$data['type'] = AlbumAPIUtil::ConvertToSortCode('preference');

  875. 		$data['list'] = $sortNameList;

  876. 		csSYNOPhotoAlbum::GetAlbumInstance()->SaveAlbumThumbSortType($params['albumName'], $data);

  877. 

  878. 	End:

  879. 		return;

  880. 	}

  881. 

  882. 	private function ClearArrangeItem()

  883. 	{

  884. 		if (false === ($params = $this->GetParams_ClearArrangeItem())) {

  885. 			$this->SetError(WEBAPI_ERR_BAD_REQUEST);

  886. 			goto End;

  887. 		}

  888. 

  889. 		$albumName = $params['albumName'];

  890. 

  891. 		// chack permission

  892. 		if (!csSynoPhotoMisc::CheckAlbumManageable($albumName)) {

  893. 			$this->SetError(PHOTOSTATION_ALBUM_NO_MANAGE_RIGHT);

  894. 			goto End;

  895. 		}

  896. 

  897. 		//remove sort file directly in PS6

  898. 		if ('/' === $albumName) {

  899. 			$fullDirPath = SYNOPHOTO_SERVICE_REAL_DIR;

  900. 			$sortFile = $fullDirPath . '/' . SYNOPhotoEA::SYNO_EA_DIR . '/' . SYNOPhotoEA::getFilename(SYNOPhotoEA::FILE_ALBUM_SORT);

  901. 		} else {

  902. 			$fullDirPath = sprintf("%s/%s", SYNOPHOTO_SERVICE_REAL_DIR, $albumName);

  903. 			if (false === SYNOPhotoEA::checkFilePath($fullDirPath, SYNOPhotoEA::FILE_ALBUM_SORT, $sortFile)) {

  904. 				goto End;

  905. 			}

  906. 		}

  907. 

  908. 		@unlink($sortFile);

  909. 

  910. 	End:

  911. 		return;

  912. 	}

  913. 

  914. 	private function Cancel()

  915. 	{

  916. 		$ret = false;

  917. 		$resp = array();

  918. 		/* return when lack of params */

  919. 		if (!isset($_REQUEST['id']) || !isset($_REQUEST['action'])) {

  920. 			$this->SetError(PHOTOSTATION_PHOTO_BAD_PARAMS);

  921. 			goto End;

  922. 		}

  923. 

  924. 		if ('mvcp' === $_REQUEST['action']) {

  925. 			$key = PHOTO_ACTION_ALBUM_MOVE_KEY;

  926. 		} else if ('delete' === $_REQUEST['action']) {

  927. 			$key = PHOTO_ACTION_ALBUM_DEL_KEY;

  928. 		}

  929. 		$filePath = PHOTO_ACTION_TMP.md5($key.$_REQUEST['id']);

  930. 		@file_put_contents($filePath, "");

  931. 		$ret = true;

  932. 	End:

  933. 		return $ret;

  934. 	}

  935. }

  936. 

  937. $api = new AlbumAPI();

  938. $api->Run();

  939. 

  940. 

  941. ?>