home
/
plugin.image.photostation
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
Play images and video from Synology PhotoStation server
27 Ревизии
1 Клон
ИН на ревизия: c528748dc1
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от 'c528748dc1'
${ noResults }
plugin.image.photostation/PhotoStation API/webapi/shared_album.php

shared_album.php 22KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775 
  1. <?php

  2. require_once('shared_album.inc.php');

  3. require_once('photoutil.php');

  4. 

  5. class SharedAlbumAPI extends WebAPI

  6. {

  7. 	private $TableName, $PhotoTableName, $VideoTableName, $UserID;

  8. 	private $allowSortByArray = array('filename' => 'upper(name)', 'share_status' => 'share_status', 'createdate' => 'create_date');

  9. 

  10. 	function __construct()

  11. 	{

  12. 		parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);

  13. 	}

  14. 

  15. 	protected function Process()

  16. 	{

  17. 		if (!strcasecmp($this->method, "getinfo_public")) {

  18. 			$this->GetInfoPublic();

  19. 			return;

  20. 		}

  21. 		csSYNOPhotoDB::GetDBInstance()->SetSessionCache();

  22. 		csSYNOPhotoMisc::CheckSessionTimeOut(true);

  23. 

  24. 		$this->UserID = isset($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid']) ? $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] : 0;

  25. 		if ($this->UserID === 0) {

  26. 			$this->TableName = SHARED_ALBUM_ADMIN_TABLE_NAME;

  27. 			$this->PhotoTableName = SHARED_ALBUM_PHOTO_ADMIN_TABLE_NAME;

  28. 			$this->VideoTableName = SHARED_ALBUM_VIDEO_ADMIN_TABLE_NAME;

  29. 		} else {

  30. 			$this->TableName = SHARED_ALBUM_TABLE_NAME;

  31. 			$this->PhotoTableName = SHARED_ALBUM_PHOTO_TABLE_NAME;

  32. 			$this->VideoTableName = SHARED_ALBUM_VIDEO_TABLE_NAME;

  33. 		}

  34. 

  35. 		if (!strcasecmp($this->method, "list")) {

  36. 			$this->SharedAlbumList();

  37. 		} else if (!strcasecmp($this->method, "getinfo")) {

  38. 			$this->GetInfo();

  39. 		} else if (!strcasecmp($this->method, "create")) {

  40. 			$this->Create();

  41. 		} else if (!strcasecmp($this->method, "edit")) {

  42. 			$this->Edit();

  43. 		} else if (!strcasecmp($this->method, "delete")) {

  44. 			$this->Delete();

  45. 		} else if (!strcasecmp($this->method, "add_items")) {

  46. 			$this->AddItems();

  47. 		} else if (!strcasecmp($this->method, "remove_items")) {

  48. 			$this->RemoveItems();

  49. 		} else if (!strcasecmp($this->method, "edit_public_share")) {

  50. 			$this->EditPublicShare();

  51. 		} else if (!strcasecmp($this->method, "get_single_item")) {

  52. 			$this->GetSingleItem();

  53. 		} else if (!strcasecmp($this->method, "set_single_item")) {

  54. 			$this->SetSingleItem();

  55. 		}

  56. 	}

  57. 

  58. 	private function SharedAlbumList()

  59. 	{

  60. 		$ret = false;

  61. 

  62. 		if (!isset($_REQUEST['offset']) || !isset($_REQUEST['limit']) || !is_numeric($_REQUEST['offset']) || !is_numeric($_REQUEST['limit'])) {

  63. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  64. 			goto End;

  65. 		}

  66. 		$offset = $_REQUEST['offset'] + 0;

  67. 		$limit = $_REQUEST['limit'] + 0;

  68. 		$sortBy = $this->allowSortByArray['filename'];

  69. 		$sortDirection = 'ASC';

  70. 		$additional = array();

  71. 

  72. 		if (isset($_REQUEST['sort_by']) && array_key_exists($_REQUEST['sort_by'], $this->allowSortByArray)) {

  73. 			$sortBy = $this->allowSortByArray[$_REQUEST['sort_by']];

  74. 		}

  75. 		if (isset($_REQUEST['sort_direction']) && strtolower($_REQUEST['sort_direction']) === 'desc') {

  76. 			$sortDirection = 'DESC';

  77. 		}

  78. 		if (isset($_REQUEST['additional'])) {

  79. 			$additional = explode(",", $_REQUEST['additional']);

  80. 		}

  81. 

  82. 		$query = "SELECT COUNT(*) FROM " . $this->TableName . " WHERE hidden = 'f' AND ";

  83. 		$sqlParams = array();

  84. 		$this->appendUserIDCond($query, $sqlParams);

  85. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  86. 		$row = PHOTO_DB_FetchRow($db_result);

  87. 

  88. 		$total = intval($row[0]) + 1; // 1 is sharedalbum_single

  89. 

  90. 		$query = "SELECT id FROM " . $this->TableName . " WHERE hidden = 'f' AND ";

  91. 		$sqlParams = array();

  92. 		$this->appendUserIDCond($query, $sqlParams);

  93. 

  94. 		// we will add sharedalbum_single in this method,

  95. 		// so regulate the offset/limit to get correct shared_album information

  96. 		if ($offset === 0) {

  97. 			$shared_limit = $limit -1;

  98. 			$shared_offset = 0;

  99. 		} else {

  100. 			$shared_limit = $limit;

  101. 			$shared_offset = $offset - 1;

  102. 		}

  103. 		$limitOffsetString = PHOTO_DB_GetLimitOffsetString($shared_limit, $shared_offset);

  104. 		if ('share_status' === $sortBy) {

  105. 			$currentDate = 'root' === SYNOPHOTO_ADMIN_USER ? 'current_date' : "date('now')";

  106. 			$query .= "ORDER BY CASE " .

  107. 				"WHEN is_shared = 'f' THEN 0 " . // none

  108. 				"WHEN start_time IS NULL OR end_time IS NULL THEN 2 ". // valid

  109. 				"WHEN start_time > $currentDate OR end_time < $currentDate THEN 1 ". // invalid

  110. 				"ELSE 2 ". // valid

  111. 				"END $sortDirection, upper(name) ASC";

  112. 		} else {

  113. 			$query .= "ORDER BY $sortBy $sortDirection";

  114. 		}

  115. 		$query .= " $limitOffsetString";

  116. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  117. 

  118. 		$result['items'] = array();

  119. 		$i = 0;

  120. 		if ((int)$offset === 0) {

  121. 			$sharedAlbum = SharedAlbum::GetHiddenAlbumInfo(NULL, $additional);

  122. 			if ($sharedAlbum !== NULL) {

  123. 				$sharedAlbum = $this->GetInfoById(explode("_", $sharedAlbum['id'])[1], $additional);

  124. 			}

  125. 			if ($sharedAlbum !== NULL) {

  126. 				$sharedAlbum['id'] = 'sharedalbum_single';

  127. 				if (isset($sharedAlbum['additional']['public_share']['public_share_url'])) {

  128. 					unset($sharedAlbum['additional']['public_share']['public_share_url']);

  129. 				}

  130. 				$result['items'][$i] = $sharedAlbum;

  131. 				$i ++;

  132. 			}

  133. 		}

  134. 

  135. 		while(($idRow = PHOTO_DB_FetchRow($db_result))) {

  136. 			$sharedAlbum = $this->GetInfoById($idRow[0], $additional);

  137. 			if (NULL === $sharedAlbum) {

  138. 				continue;

  139. 			}

  140. 			$result['items'][$i] = $sharedAlbum;

  141. 			$i ++;

  142. 		}

  143. 

  144. 		$result['total'] = $total;

  145. 		$result['offset'] = (-1 == $limit || $offset + $limit > $total) ? $total : $offset + $limit;

  146. 

  147. 		$this->SetResponse($result);

  148. 		$ret = true;

  149. 	End:

  150. 		return $ret;

  151. 	}

  152. 

  153. 	private function GetInfo()

  154. 	{

  155. 		$ret = false;

  156. 		if (!isset($_REQUEST['id'])) {

  157. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  158. 			goto End;

  159. 		}

  160. 

  161. 		$additional = array();

  162. 		if (isset($_REQUEST['additional'])) {

  163. 			$additional = explode(',', $_REQUEST['additional']);

  164. 		}

  165. 

  166. 		$ids = explode(',', $_REQUEST['id']);

  167. 		$result['shared_albums'] = array();

  168. 		$success_count = 0;

  169. 		foreach ($ids as $id) {

  170. 			$id_arr = explode("_", $id);

  171. 			if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {

  172. 				continue;

  173. 			}

  174. 			if ($id_arr[1] === 'single') {

  175. 				$sharedAlbum = SharedAlbum::GetHiddenAlbumInfo(NULL, $additional);

  176. 				$sharedAlbum['id'] = 'sharedalbum_single';

  177. 				if (isset($sharedAlbum['additional']['public_share']['public_share_url'])) {

  178. 					unset($sharedAlbum['additional']['public_share']['public_share_url']);

  179. 				}

  180. 				$result['shared_albums'][] = $sharedAlbum;

  181. 				$success_count ++;

  182. 				continue;

  183. 			}

  184. 			$sharedAlbumId = $id_arr[1];

  185. 

  186. 			if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {

  187. 				continue;

  188. 			}

  189. 

  190. 			$sharedAlbum = $this->GetInfoById($sharedAlbumId, $additional);

  191. 			if (NULL === $sharedAlbum) {

  192. 				continue;

  193. 			}

  194. 			$result['shared_albums'][] = $sharedAlbum;

  195. 			$success_count ++;

  196. 		}

  197. 

  198. 		if ($success_count === 0) {

  199. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR);

  200. 			goto End;

  201. 		}

  202. 

  203. 		$this->SetResponse($result);

  204. 		$ret = true;

  205. 	End:

  206. 		return $ret;

  207. 	}

  208. 

  209. 	private function Create()

  210. 	{

  211. 		$ret = false;

  212. 		if (!isset($_REQUEST['name'])) {

  213. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  214. 			goto End;

  215. 		}

  216. 		$name = $_REQUEST['name'];

  217. 

  218. 		$itemIds = array();

  219. 		if (isset($_REQUEST['item_id'])) {

  220. 			$itemIds = explode(",", $_REQUEST['item_id']);

  221. 		}

  222. 

  223. 		// check existence

  224. 		if (FALSE !== $this->CheckExistenceByName($name)) {

  225. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_HAS_EXISTED);

  226. 			goto End;

  227. 		}

  228. 

  229. 		$sqlParams = array();

  230. 		if ($this->UserID !== 0) {

  231. 			$query = "INSERT INTO " . $this->TableName . " (userid, name, is_shared, hidden) VALUES (?, ?, 'f', 'f')";

  232. 			$sqlParams = array($this->UserID, $name);

  233. 		} else {

  234. 			$query = "INSERT INTO " . $this->TableName . " (name, is_shared, hidden) VALUES (?, 'f', 'f')";

  235. 			$sqlParams = array($name);

  236. 		}

  237. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  238. 

  239. 		if (FALSE === ($sharedAlbumId = $this->CheckExistenceByName($name))) {

  240. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_CREATE_FAIL);

  241. 			goto End;

  242. 		}

  243. 

  244. 		foreach($itemIds as $itemId) {

  245. 			$id_arr = explode('_', $itemId);

  246. 			if (3 !== count($id_arr) || ($id_arr[0] !== 'photo' && $id_arr[0] !== 'video')) {

  247. 				continue;

  248. 			}

  249. 			$type = $id_arr[0];

  250. 

  251. 			$albumName = @pack('H*', $id_arr[1]);

  252. 			$fileName = @pack('H*', $id_arr[2]);

  253. 			if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {

  254. 				return false;

  255. 			}

  256. 			if ('/' === $albumName) {

  257. 				$filePath = $fileName;

  258. 			} else {

  259. 				$filePath = $albumName.'/'.$fileName;

  260. 			}

  261. 

  262. 			$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);

  263. 			if (FALSE === $dbId) {

  264. 				continue;

  265. 			}

  266. 			$this->AddItemQuery($type, $sharedAlbumId, $dbId);

  267. 		}

  268. 

  269. 		$result['id'] = 'sharedalbum_'.$sharedAlbumId;

  270. 		$this->SetResponse($result);

  271. 		$ret = true;

  272. 	End:

  273. 		return $ret;

  274. 	}

  275. 

  276. 	private function Edit()

  277. 	{

  278. 		$ret = false;

  279. 		if (!isset($_REQUEST['id']) || !isset($_REQUEST['name'])) {

  280. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  281. 			goto End;

  282. 		}

  283. 		$id_arr = explode("_", $_REQUEST['id']);

  284. 		if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {

  285. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  286. 			goto End;

  287. 		}

  288. 		$sharedAlbumId = $id_arr[1];

  289. 		$name = $_REQUEST['name'];

  290. 

  291. 		if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {

  292. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS);

  293. 			goto End;

  294. 		}

  295. 

  296. 		if (FALSE !== $this->CheckExistenceByName($name, $sharedAlbumId)) {

  297. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_HAS_EXISTED);

  298. 			goto End;

  299. 		}

  300. 

  301. 		$sqlParams = array($name, $sharedAlbumId);

  302. 		$query = "UPDATE " . $this->TableName . " SET name = ? WHERE id = ? AND ";

  303. 		$this->appendUserIDCond($query, $sqlParams);

  304. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  305. 

  306. 		$ret = true;

  307. 	End:

  308. 		return $ret;

  309. 	}

  310. 

  311. 	private function Delete()

  312. 	{

  313. 		$ret = false;

  314. 		if (!isset($_REQUEST['id'])) {

  315. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  316. 			goto End;

  317. 		}

  318. 		$ids = explode(",", $_REQUEST['id']);

  319. 

  320. 		$success_count = 0;

  321. 		foreach ($ids as $id) {

  322. 			$id_arr = explode("_", $id);

  323. 			if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {

  324. 				continue;

  325. 			}

  326. 			$sharedAlbumId = $id_arr[1];

  327. 

  328. 			if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {

  329. 				continue;

  330. 			}

  331. 

  332. 			$sqlParams = array($sharedAlbumId);

  333. 			$query = "DELETE FROM " . $this->TableName . " WHERE id = ? AND ";

  334. 			$this->appendUserIDCond($query, $sqlParams);

  335. 			$db_result = PHOTO_DB_Query($query, $sqlParams);

  336. 			$success_count ++;

  337. 		}

  338. 		if ($success_count === 0) {

  339. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_DELETE_FAIL);

  340. 			goto End;

  341. 		}

  342. 

  343. 		$ret = true;

  344. 	End:

  345. 		return $ret;

  346. 	}

  347. 

  348. 	private function AddItems()

  349. 	{

  350. 		$ret = false;

  351. 		if (!isset($_REQUEST['id']) || !isset($_REQUEST['item_id'])) {

  352. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  353. 			goto End;

  354. 		}

  355. 		$id_arr = explode("_", $_REQUEST['id']);

  356. 		if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {

  357. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  358. 			goto End;

  359. 		}

  360. 		$sharedAlbumId = $id_arr[1];

  361. 		$itemIds = explode(",", $_REQUEST['item_id']);

  362. 

  363. 		if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {

  364. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS);

  365. 			goto End;

  366. 		}

  367. 

  368. 		foreach($itemIds as $itemId) {

  369. 			$id_arr = explode('_', $itemId);

  370. 			if (3 !== count($id_arr) || ($id_arr[0] !== 'photo' && $id_arr[0] !== 'video')) {

  371. 				continue;

  372. 			}

  373. 			$type = $id_arr[0];

  374. 

  375. 			$albumName = @pack('H*', $id_arr[1]);

  376. 			$fileName = @pack('H*', $id_arr[2]);

  377. 			if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {

  378. 				return false;

  379. 			}

  380. 			if ('/' === $albumName) {

  381. 				$filePath = $fileName;

  382. 			} else {

  383. 				$filePath = $albumName.'/'.$fileName;

  384. 			}

  385. 

  386. 			$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);

  387. 			if (FALSE === $dbId) {

  388. 				continue;

  389. 			}

  390. 			$this->AddItemQuery($type, $sharedAlbumId, $dbId);

  391. 		}

  392. 

  393. 		$ret = true;

  394. 	End:

  395. 		return $ret;

  396. 	}

  397. 

  398. 	private function RemoveItems()

  399. 	{

  400. 		$ret = false;

  401. 		if (!isset($_REQUEST['id']) || !isset($_REQUEST['item_id'])) {

  402. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  403. 			goto End;

  404. 		}

  405. 		$id_arr = explode("_", $_REQUEST['id']);

  406. 		if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {

  407. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  408. 			goto End;

  409. 		}

  410. 		if ($id_arr[1] === 'single') {

  411. 			$sharedAlbum = SharedAlbum::GetHiddenAlbumInfo();

  412. 			$id_arr[1] = explode("_", $sharedAlbum['id'])[1];

  413. 		}

  414. 		$sharedAlbumId = $id_arr[1];

  415. 		$itemIds = explode(",", $_REQUEST['item_id']);

  416. 

  417. 		if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {

  418. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS);

  419. 			goto End;

  420. 		}

  421. 

  422. 		foreach($itemIds as $itemId) {

  423. 			$id_arr = explode('_', $itemId);

  424. 			if (3 !== count($id_arr) || ($id_arr[0] !== 'photo' && $id_arr[0] !== 'video')) {

  425. 				continue;

  426. 			}

  427. 			$type = $id_arr[0];

  428. 

  429. 			$albumName = @pack('H*', $id_arr[1]);

  430. 			$fileName = @pack('H*', $id_arr[2]);

  431. 			if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {

  432. 				return false;

  433. 			}

  434. 			if ('/' === $albumName) {

  435. 				$filePath = $fileName;

  436. 			} else {

  437. 				$filePath = $albumName.'/'.$fileName;

  438. 			}

  439. 

  440. 			$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);

  441. 			if (FALSE === $dbId) {

  442. 				continue;

  443. 			}

  444. 			$this->DeleteItemQuery($type, $sharedAlbumId, $dbId);

  445. 		}

  446. 

  447. 		$ret = true;

  448. 	End:

  449. 		return $ret;

  450. 	}

  451. 

  452. 	private function GetInfoPublic()

  453. 	{

  454. 		$ret = false;

  455. 		if (!isset($_REQUEST['public_share_id'])) {

  456. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  457. 			goto End;

  458. 		}

  459. 

  460. 		$sharedAlbum = SharedAlbum::GetInfoByPublicShare($_REQUEST['public_share_id']);

  461. 		if (NULL === $sharedAlbum) {

  462. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR);

  463. 			goto End;

  464. 		}

  465. 		if ('valid' !== $sharedAlbum['share_status']) {

  466. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);

  467. 			goto End;

  468. 		}

  469. 		$result['shared_album'] = $sharedAlbum;

  470. 		$this->SetResponse($result);

  471. 

  472. 		$ret = true;

  473. 	End:

  474. 		return $ret;

  475. 	}

  476. 

  477. 	private function validateDate($date) {

  478. 		$d = DateTime::createFromFormat('Y-m-d', $date);

  479. 		return $d && $d->format('Y-m-d') == $date;

  480. 	}

  481. 

  482. 	private function EditPublicShare()

  483. 	{

  484. 		$ret = false;

  485. 		if (!SharedAlbum::CheckPublicSharePermission()) {

  486. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);

  487. 			goto End;

  488. 		}

  489. 

  490. 		if (!isset($_REQUEST['id']) || !isset($_REQUEST['is_shared'])) {

  491. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  492. 			goto End;

  493. 		}

  494. 		$id_arr = explode("_", $_REQUEST['id']);

  495. 		if (2 !== count($id_arr) || 'sharedalbum' != $id_arr[0]) {

  496. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  497. 			goto End;

  498. 		}

  499. 		$sharedAlbumId = $id_arr[1];

  500. 		$isShared = $_REQUEST['is_shared'] === 'true';

  501. 

  502. 		if (FALSE === $this->CheckExistenceById($sharedAlbumId)) {

  503. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_NOT_EXISTS);

  504. 			goto End;

  505. 		}

  506. 

  507. 		$start_time = NULL;

  508. 		$end_time = NULL;

  509. 		if (isset($_REQUEST['start_time']) && isset($_REQUEST['end_time']) && $this->validateDate($_REQUEST['start_time']) && $this->validateDate($_REQUEST['end_time'])) {

  510. 			$start_time = $_REQUEST['start_time'];

  511. 			$end_time = $_REQUEST['end_time'];

  512. 			$startDate = new DateTime($start_time);

  513. 			$endDate = new DateTime($end_time);

  514. 			if ($startDate > $endDate) {

  515. 				$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  516. 				goto End;

  517. 			}

  518. 		}

  519. 

  520. 		if (NULL === ($shareLink = $this->GetShareLinkById($sharedAlbumId)) && $isShared) {

  521. 			do {

  522. 				$shareLink = SharedAlbum::GetRandomString();

  523. 			} while (SharedAlbum::CheckExistenceBySharelink($shareLink));

  524. 		}

  525. 

  526. 		$sqlParams = array(

  527. 			$isShared ? 't' : 'f',

  528. 			$shareLink,

  529. 			$start_time,

  530. 			$end_time,

  531. 			$sharedAlbumId

  532. 		);

  533. 		$query = "UPDATE " . $this->TableName . " SET is_shared = ?, sharelink = ?, start_time = ?, end_time = ? WHERE id = ? AND ";

  534. 		$this->appendUserIDCond($query, $sqlParams);

  535. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  536. 

  537. 		$info = $this->GetInfoById($sharedAlbumId, array('public_share'));

  538. 		if ($info === NULL) {

  539. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR);

  540. 			goto End;

  541. 		}

  542. 		$this->SetResponse($info['additional']['public_share']);

  543. 		$ret = true;

  544. 	End:

  545. 		return $ret;

  546. 	}

  547. 

  548. 	private function GetSingleItem()

  549. 	{

  550. 		$ret = false;

  551. 		if (!SharedAlbum::CheckPublicSharePermission()) {

  552. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);

  553. 			goto End;

  554. 		}

  555. 

  556. 		if (!isset($_REQUEST['item_id'])) {

  557. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  558. 			goto End;

  559. 		}

  560. 		$id_arr = explode("_", $_REQUEST['item_id']);

  561. 		if (3 !== count($id_arr) || ('photo' !== $id_arr[0] && 'video' !== $id_arr[0])) {

  562. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  563. 			goto End;

  564. 		}

  565. 		$type = $id_arr[0];

  566. 

  567. 		$albumName = @pack('H*', $id_arr[1]);

  568. 		$fileName = @pack('H*', $id_arr[2]);

  569. 		if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {

  570. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);

  571. 			goto End;

  572. 		}

  573. 

  574. 		$hiddenAlbum = SharedAlbum::GetHiddenAlbumInfo();

  575. 		if ($hiddenAlbum === NULL) {

  576. 			$result['is_shared'] = false;

  577. 		} else {

  578. 			$collectionid = explode("_", $hiddenAlbum['id'])[1];

  579. 			$table = ('photo' === $type) ? $this->PhotoTableName : $this->VideoTableName;

  580. 

  581. 			if ('/' === $albumName) {

  582. 				$filePath = $fileName;

  583. 			} else {

  584. 				$filePath = $albumName.'/'.$fileName;

  585. 			}

  586. 			$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);

  587. 			if (FALSE === $dbId) {

  588. 				$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  589. 				goto End;

  590. 			}

  591. 			$query = "SELECT COUNT(*) FROM " . $table . " WHERE collectionid = ? AND {$type}id = ?";

  592. 			$sqlParams = array($collectionid, $dbId);

  593. 			$db_result = PHOTO_DB_Query($query, $sqlParams);

  594. 			$row = PHOTO_DB_FetchRow($db_result);

  595. 			if (1 !== (int)$row[0]) {

  596. 				$result['is_shared'] = false;

  597. 			} else {

  598. 				$result['is_shared'] = true;

  599. 				$result['public_share_url'] = csSYNOPhotoMisc::GetServerHost(true) . SYNOPHOTO_URL_PREFIX . '/photo/share/' . $hiddenAlbum['additional']['public_share']['shareid'] . '/' . $_REQUEST['item_id'];

  600. 			}

  601. 		}

  602. 

  603. 		$this->SetResponse($result);

  604. 		$ret = true;

  605. 	End:

  606. 		return $ret;

  607. 	}

  608. 

  609. 	private function SetSingleItem()

  610. 	{

  611. 		$ret = false;

  612. 		if (!SharedAlbum::CheckPublicSharePermission()) {

  613. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);

  614. 			goto End;

  615. 		}

  616. 

  617. 		if (!isset($_REQUEST['item_id']) || !isset($_REQUEST['enable'])) {

  618. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  619. 			goto End;

  620. 		}

  621. 		$id_arr = explode("_", $_REQUEST['item_id']);

  622. 		if (3 !== count($id_arr) || ('photo' !== $id_arr[0] && 'video' !== $id_arr[0])) {

  623. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  624. 			goto End;

  625. 		}

  626. 		$type = $id_arr[0];

  627. 

  628. 		$albumName = @pack('H*', $id_arr[1]);

  629. 		$fileName = @pack('H*', $id_arr[2]);

  630. 		if (!csSYNOPhotoMisc::CheckAlbumAccessible($albumName)) {

  631. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_ACCESS_DENY);

  632. 			goto End;

  633. 		}

  634. 

  635. 		$hiddenAlbum = SharedAlbum::GetHiddenAlbumInfo();

  636. 		if ($hiddenAlbum === NULL) {

  637. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_GET_INFO_ERROR);

  638. 			goto End;

  639. 		}

  640. 

  641. 		if ('/' === $albumName) {

  642. 			$filePath = $fileName;

  643. 		} else {

  644. 			$filePath = $albumName.'/'.$fileName;

  645. 		}

  646. 		$dbId = csSYNOPhotoMisc::GetPhotoVideoDBId($filePath, $type);

  647. 		if (FALSE === $dbId) {

  648. 			$this->SetError(PHOTOSTATION_SHARED_ALBUM_BAD_PARAMS);

  649. 			goto End;

  650. 		}

  651. 

  652. 		$collectionid = explode("_", $hiddenAlbum['id'])[1];

  653. 		$sqlParams = array($collectionid, $dbId);

  654. 		if ($_REQUEST['enable'] === "true") {

  655. 			$this->AddItemQuery($type, $collectionid, $dbId);

  656. 			$result['is_shared'] = true;

  657. 			$result['public_share_url'] = csSYNOPhotoMisc::GetServerHost(true) . SYNOPHOTO_URL_PREFIX . '/photo/share/' . $hiddenAlbum['additional']['public_share']['shareid'] . '/' . $_REQUEST['item_id'];

  658. 		} else {

  659. 			$this->DeleteItemQuery($type, $collectionid, $dbId);

  660. 			$result['is_shared'] = false;

  661. 		}

  662. 

  663. 		$this->SetResponse($result);

  664. 		$ret = true;

  665. 	End:

  666. 		return $ret;

  667. 	}

  668. 

  669. 	/**

  670. 	 * @return id if exist, FALSE otherwise

  671. 	 */

  672. 	private function CheckExistenceByName($name, $filter_id = -1)

  673. 	{

  674. 		$sqlParams = array($name, $filter_id);

  675. 		$query = "SELECT COUNT(*) FROM " . $this->TableName . " WHERE name = ? AND id <> ? AND hidden = 'f' AND ";

  676. 		$this->appendUserIDCond($query, $sqlParams);

  677. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  678. 		$row = PHOTO_DB_FetchRow($db_result);

  679. 		if (1 !== (int)$row[0]) {

  680. 			return FALSE;

  681. 		}

  682. 

  683. 		$sqlParams = array($name);

  684. 		$query = "SELECT id FROM " . $this->TableName . " WHERE name = ? AND hidden = 'f' AND ";

  685. 		$this->appendUserIDCond($query, $sqlParams);

  686. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  687. 		$row = PHOTO_DB_FetchRow($db_result);

  688. 		return $row[0];

  689. 	}

  690. 

  691. 	private function CheckExistenceById($id)

  692. 	{

  693. 		$sqlParams = array($id);

  694. 		$query = "SELECT COUNT(*) FROM " . $this->TableName . " WHERE id = ? AND ";

  695. 		$this->appendUserIDCond($query, $sqlParams);

  696. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  697. 		$row = PHOTO_DB_FetchRow($db_result);

  698. 		if (1 === (int)$row[0]) {

  699. 			return TRUE;

  700. 		}

  701. 

  702. 		return FALSE;

  703. 	}

  704. 

  705. 	private function GetInfoById($sharedAlbumId, $additional = array()) {

  706. 		$sharedAlbum = SharedAlbum::GetInfoById($sharedAlbumId, $additional);

  707. 

  708. 		if ($sharedAlbum === NULL) {

  709. 			return NULL;

  710. 		}

  711. 

  712. 		$thumbSize['preview']['resolutionx'] = 0;

  713. 		$thumbSize['preview']['resolutiony'] = 0;

  714. 		$thumbSize['small']['resolutionx'] = 0;

  715. 		$thumbSize['small']['resolutiony'] = 0;

  716. 		$thumbSize['large']['resolutionx'] = 0;

  717. 		$thumbSize['large']['resolutiony'] = 0;

  718. 		$thubmSize['sig'] = "";

  719. 		$cover = SharedAlbum::GetSharedAlbumCover($sharedAlbumId);

  720. 		$getRealPath = ('root' === SYNOPHOTO_ADMIN_USER) ? false : true;

  721. 		if ($cover === NULL) {

  722. 			$sharedAlbum['thumbnail_status'] = 'default';

  723. 		} else if (false !== ($item = PhotoAPIUtil::getItemByPath($cover['path'], array('thumb_size'), $cover['type'], $getRealPath))) {

  724. 			$sharedAlbum['thumbnail_status'] = $item['thumbnail_status'];

  725. 			$thumbSize = $item['additional']['thumb_size'];

  726. 		}

  727. 		if (in_array("thumb_size", $additional)) {

  728. 			$sharedAlbum['additional']['thumb_size'] = $thumbSize;

  729. 		}

  730. 		return $sharedAlbum;

  731. 	}

  732. 

  733. 	private function AddItemQuery($type, $sharedAlbumId, $itemDBId)

  734. 	{

  735. 		$query = "INSERT INTO " . ($type === 'photo' ? $this->PhotoTableName : $this->VideoTableName) . " VALUES (?, ?)";

  736. 		$db_result = PHOTO_DB_Query($query, array($sharedAlbumId, $itemDBId));

  737. 	}

  738. 

  739. 	private function DeleteItemQuery($type, $sharedAlbumId, $itemDBId)

  740. 	{

  741. 		$query = "DELETE FROM " . ($type === 'photo' ? $this->PhotoTableName : $this->VideoTableName) . " WHERE collectionid = ? AND {$type}id = ?";

  742. 		$db_result = PHOTO_DB_Query($query, array($sharedAlbumId, $itemDBId));

  743. 	}

  744. 

  745. 	private function GetShareLinkById($sharedAlbumId)

  746. 	{

  747. 		$sqlParams = array($sharedAlbumId);

  748. 		$query = "SELECT sharelink FROM " . $this->TableName . " WHERE id = ? AND";

  749. 		$this->appendUserIDCond($query, $sqlParams);

  750. 		$db_result = PHOTO_DB_Query($query, $sqlParams);

  751. 		$row = PHOTO_DB_FetchRow($db_result);

  752. 

  753. 		if (!$row) {

  754. 			return NULL;

  755. 		}

  756. 

  757. 		return $row[0];

  758. 	}

  759. 

  760. 	private function appendUserIDCond(&$sql, &$sqlParams)

  761. 	{

  762. 		$useridCond = " 1=1 ";

  763. 		if ($this->UserID !== 0) {

  764. 			$useridCond = " userid = ? ";

  765. 			$sqlParams[] = $this->UserID;

  766. 		}

  767. 

  768. 		$sql = $sql . $useridCond;

  769. 	}

  770. }

  771. 

  772. $api = new SharedAlbumAPI();

  773. $api->Run();

  774. 

  775. ?>