Play images and video from Synology PhotoStation server

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308
  1. <?php
  2. require_once('comment.inc.php');
  3. require_once('photoutil.php');
  4. require_once('albumutil.php');
  5. require_once(SYNOPHOTO_INCLUDE_SEND_MAIL);
  6. define('PHP_CMD', '/usr/bin/php -n -d extension_dir=/lib/php/modules -d extension=syno_compiler.so -d extension=curl.so -d extension=bz2.so');
  7. class CommentAPI extends WebAPI {
  8. function __construct()
  9. {
  10. parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
  11. }
  12. protected function Process()
  13. {
  14. if (!strcasecmp($this->method, "list")) {
  15. $this->CommentList();
  16. } elseif (!strcasecmp($this->method, "create")) {
  17. $this->Create();
  18. } elseif (!strcasecmp($this->method, "delete")) {
  19. $this->Delete();
  20. }
  21. }
  22. /**
  23. * @params - $id like: photo_dir_name, video_dir_name
  24. */
  25. private function GetItemInfo($id)
  26. {
  27. $arr = explode('_', $id);
  28. if (3 !== count($arr)) {
  29. return false;
  30. }
  31. if (!in_array($arr[0], array('photo', 'video'))) {
  32. return false;
  33. }
  34. // get id
  35. $dirName = @pack('H*', $arr[1]);
  36. $fileName = @pack('H*', $arr[2]);
  37. if ('/' === $dirName) {
  38. $filePath = $fileName;
  39. } else {
  40. $filePath = $dirName.'/'.$fileName;
  41. }
  42. $realPath = SYNOPHOTO_SERVICE_REAL_DIR.'/'.$filePath;
  43. if (!csSynoPhotoMisc::CheckPathValid($realPath)) {
  44. return false;
  45. }
  46. $table = ('photo' === $arr[0]) ? 'photo_image' : 'video';
  47. if ('root' === SYNOPHOTO_ADMIN_USER) {
  48. $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $realPath);
  49. } else {
  50. $row = csSYNOPhotoDB::GetDBInstance()->GetFieldByKeyValue('id', $table, 'path', $filePath);
  51. }
  52. $data['id'] = $row['id'];
  53. $data['path'] = $realPath;
  54. $data['sharePath'] = $filePath;
  55. $data['isPhoto'] = ('photo' === $arr[0]) ? true : false;
  56. return $data;
  57. }
  58. private function GetParams_Create()
  59. {
  60. if (!isset($_REQUEST['id']) || !isset($_REQUEST['name']) || !isset($_REQUEST['comment'])) {
  61. return false;
  62. }
  63. if ('' === trim($_REQUEST['name']) || '' === trim($_REQUEST['comment'])) {
  64. return false;
  65. }
  66. // get photo, video id
  67. if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {
  68. return false;
  69. }
  70. $params['id'] = $data['id'];
  71. $params['path'] = $data['path'];
  72. $params['sharePath'] = $data['sharePath'];
  73. $params['isPhoto'] = $data['isPhoto'];
  74. if (!empty($_REQUEST['email'])) {
  75. if (false === WebAPIUtil::IsEMail($_REQUEST['email'])) {
  76. return false;
  77. }
  78. }
  79. $params['email'] = $_REQUEST['email'];
  80. $params['name'] = $_REQUEST['name'];
  81. $params['comment'] = $_REQUEST['comment'];
  82. $userType = csSYNOPhotoMisc::GetUserType();
  83. $params['userType'] = $userType;
  84. $params['validate_number'] = $_REQUEST['validate_number'];
  85. return $params;
  86. }
  87. private function GetParams_Delete()
  88. {
  89. if (!isset($_REQUEST['id']) || !isset($_REQUEST['comment_id'])) {
  90. return false;
  91. }
  92. // get photo, video id
  93. if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {
  94. return false;
  95. }
  96. $params['id'] = $data['id'];
  97. $params['path'] = $data['path'];
  98. $params['sharePath'] = $data['sharePath'];
  99. $params['isPhoto'] = $data['isPhoto'];
  100. // get comment id
  101. $params['comment_id'] = array();
  102. $arr = explode(',', $_REQUEST['comment_id']);
  103. foreach ($arr as $comment_id) {
  104. $split = explode('comment_', $comment_id);
  105. if (2 !== count($split)) {
  106. return false;
  107. }
  108. array_push($params['comment_id'], $split[1]);
  109. }
  110. return $params;
  111. }
  112. private function GetParams_List()
  113. {
  114. if (!isset($_REQUEST['id'])) {
  115. return false;
  116. }
  117. if (false === ($data = $this->GetItemInfo($_REQUEST['id']))) {
  118. return false;
  119. }
  120. $params['id'] = $data['id'];
  121. $params['path'] = $data['path'];
  122. $params['sharePath'] = $data['sharePath'];
  123. $params['isPhoto'] = $data['isPhoto'];
  124. return $params;
  125. }
  126. private function GetCommentID($photoID, $videoPath, $name, $email, $comment, $isPhoto)
  127. {
  128. if (true === $isPhoto) {
  129. $query = "SELECT id FROM photo_comment WHERE photo_id=? AND name=? AND email=? AND comment=? ORDER BY id DESC LIMIT 1";
  130. $sqlParam = array($photoID, $name, $email, $comment);
  131. } else {
  132. $query = "SELECT id FROM video_comment WHERE path=? AND name=? AND email=? AND comment=? ORDER BY id DESC LIMIT 1";
  133. $sqlParam = array($videoPath, $name, $email, $comment);
  134. }
  135. if (false === ($db_result = PHOTO_DB_Query($query, $sqlParam))) {
  136. return false;
  137. }
  138. if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
  139. return false;
  140. }
  141. return $row['id'];
  142. }
  143. private function FormComment($data)
  144. {
  145. $comments = array();
  146. foreach ($data as $item) {
  147. $comment['id'] = 'comment_'.$item['id'];
  148. $comment['name'] = $item['name'];
  149. $comment['email'] = $item['email'];
  150. $comment['comment'] = $item['comment'];
  151. $comment['date'] = $item['date'];
  152. array_push($comments, $comment);
  153. }
  154. return $comments;
  155. }
  156. private function CommentList()
  157. {
  158. if (false === ($params = $this->GetParams_List())) {
  159. $this->SetError(WEBAPI_ERR_BAD_REQUEST);
  160. goto End;
  161. }
  162. // database query
  163. if (true === $params['isPhoto']) {
  164. $result = csSYNOPhotoDB::GetDBInstance()->GetPhotoComments($params['id']);
  165. } else {
  166. $result = csSYNOPhotoDB::GetDBInstance()->GetVideoComments($params['path']);
  167. }
  168. $comments = $this->FormComment($result);
  169. $resp['comments'] = $comments;
  170. $this->SetResponse($resp);
  171. End:
  172. return;
  173. }
  174. private function Delete()
  175. {
  176. csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
  177. csSYNOPhotoMisc::CheckSessionTimeOut(true);
  178. if (false === ($params = $this->GetParams_Delete())) {
  179. $this->SetError(WEBAPI_ERR_BAD_REQUEST);
  180. goto End;
  181. }
  182. // check album maganeable
  183. if (false === csSynoPhotoMisc::CheckAlbumManageable(dirname($params['sharePath']))) {
  184. $this->SetError(PHOTOSTATION_COMMENT_ACCESS_DENY);
  185. goto End;
  186. }
  187. // database query
  188. if (true === $params['isPhoto']) {
  189. foreach ($params['comment_id'] as $comment_id) {
  190. csSYNOPhotoDB::GetDBInstance()->DeleteComment(1, $comment_id);
  191. }
  192. } else {
  193. foreach ($params['comment_id'] as $comment_id) {
  194. csSYNOPhotoDB::GetDBInstance()->DeleteComment(2, $comment_id);
  195. }
  196. }
  197. End:
  198. return;
  199. }
  200. private function Create()
  201. {
  202. csSYNOPhotoDB::GetDBInstance()->SetSessionCache(true);
  203. if (false === ($params = $this->GetParams_Create())) {
  204. $this->SetError(WEBAPI_ERR_BAD_REQUEST);
  205. goto End;
  206. }
  207. // check album is commentable
  208. if (false === AlbumAPIUtil::IsAlbumCommentalbGlobal(true)) {
  209. $this->SetError(PHOTOSTATION_COMMENT_ACCESS_DENY);
  210. goto End;
  211. }
  212. // check validate number. guest must have correct validate number
  213. if (0 === $params['userType']) {
  214. if (null === $params['validate_number']) {
  215. $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
  216. goto End;
  217. }
  218. $validateCount = strlen($params['validate_number']);
  219. if (4 === $validateCount) {
  220. if ((string)$params['validate_number'] !== (string)$_SESSION[SYNOPHOTO_ADMIN_USER]['post_key_photo']) {
  221. $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
  222. goto End;
  223. }
  224. } elseif (12 === $validateCount) { // for DS photo+
  225. $phppath = '/var/packages/PhotoStation/target/photo_scripts/encrypted/gen_comment_validate_string.php';
  226. $cmd = PHP_CMD." {$phppath} ".escapeshellarg($params['email']).' '.escapeshellarg($params['comment']);
  227. @exec($cmd, $signature, $ret);
  228. if (0 !== $ret) {
  229. $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
  230. goto End;
  231. }
  232. if ($signature[0] !== (string)$params['validate_number']) {
  233. $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
  234. goto End;
  235. }
  236. } else {
  237. $this->SetError(PHOTOSTATION_COMMENT_VALIDATE_FAIL);
  238. goto End;
  239. }
  240. }
  241. // database query
  242. if (false === csSYNOPhotoBrowse::GetBrowseInstance()->AddNewComment($params['path'], ($params['isPhoto']) ? SYNOPHOTO_ITEM_TYPE_PHOTO : SYNOPHOTO_ITEM_TYPE_VIDEO,
  243. $params['name'], $params['email'], $params['comment'])) {
  244. $this->SetError(PHOTOSTATION_COMMENT_CREATE_FAIL);
  245. goto End;
  246. }
  247. // get inserted comment id
  248. $insertedID = $this->GetCommentID($params['id'], $params['path'], $params['name'], $params['email'], $params['comment'], $params['isPhoto']);
  249. $resp['id'] = 'comment_'.$insertedID;
  250. $this->SetResponse($resp);
  251. // Send mail to admin
  252. $path = $params['path'];
  253. $commentInfo = array();
  254. $commentInfo['name'] = $params['name'];
  255. $commentInfo['email'] = $params['email'];
  256. $commentInfo['comment'] = $params['comment'];
  257. if(isset($_POST['url'])) {
  258. $commentInfo['photoUrl'] = substr($_POST['url'], strpos($_POST['url'], '#'));
  259. $commentInfo['albumUrl'] = substr( $commentInfo['photoUrl'],
  260. 0, strrpos($commentInfo['photoUrl'], '/') );
  261. }
  262. $albumPath = substr( $params['sharePath'], 0, strrpos($params['sharePath'], '/') );
  263. if (@file_exists($path)) {
  264. if (false !== ($item = PhotoAPIUtil::getItemByPath($path, array(), ($params['isPhoto']?'photo':'video'), false))) {
  265. $commentInfo['title'] = $item['info']['title'];
  266. $commentInfo['albumTitle'] = $albumPath;
  267. SYNOPHOTO6_SEND_MAIL_SendCommentMailToAdmin(-1, -1, $commentInfo);
  268. }
  269. }
  270. End:
  271. return;
  272. }
  273. }
  274. $api = new CommentAPI();
  275. $api->Run();
  276. ?>