backend.php 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277
  1. <?php
  2. require_once "config.php";
  3. header("Content-type: text/json");
  4. // let's not start a session if there's no cookie, login is impossible
  5. // via backend anyway
  6. if (!isset($_COOKIE['epube_sid'])) {
  7. header($_SERVER["SERVER_PROTOCOL"]." 402 Unauthorized");
  8. echo "Unauthorized";
  9. die;
  10. }
  11. require_once "sessions.php";
  12. require_once "db.php";
  13. @$owner = SQLite3::escapeString($_SESSION["owner"]);
  14. if (!$owner) {
  15. header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized");
  16. echo "Unauthorized";
  17. die;
  18. }
  19. $op = $_REQUEST["op"];
  20. $ldb = Db::get();
  21. ob_start("ob_gzhandler");
  22. switch ($op) {
  23. case "cover":
  24. $id = (int) $_REQUEST["id"];
  25. $db = new SQLite3(CALIBRE_DB, SQLITE3_OPEN_READONLY);
  26. $result = $db->query("SELECT has_cover, path FROM books WHERE id = " . $id);
  27. while ($line = $result->fetchArray(SQLITE3_ASSOC)) {
  28. $filename = BOOKS_DIR . "/" . $line["path"] . "/" . "cover.jpg";
  29. if (file_exists($filename)) {
  30. $base_filename = basename($filename);
  31. header("Content-type: " . mime_content_type($filename));
  32. header('Cache-control: max-age= ' . (86400*24));
  33. readfile($filename);
  34. } else {
  35. header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
  36. echo "File not found.";
  37. }
  38. }
  39. break;
  40. case "getowner":
  41. $owner = SQLite3::escapeString($_SESSION["owner"]);;
  42. print json_encode(["owner" => $owner]);
  43. break;
  44. case "getinfo":
  45. $id = (int) $_REQUEST["id"];
  46. $db = new SQLite3(CALIBRE_DB, SQLITE3_OPEN_READONLY);
  47. $result = $db->query("SELECT books.*, s.name AS series_name,
  48. (SELECT text FROM comments WHERE book = books.id) AS comment,
  49. (SELECT id FROM data WHERE book = books.id AND format = 'EPUB' LIMIT 1) AS epub_id FROM books
  50. LEFT JOIN books_series_link AS bsl ON (bsl.book = books.id)
  51. LEFT JOIN series AS s ON (bsl.series = s.id)
  52. WHERE books.id = " . $id);
  53. if ($line = $result->fetchArray(SQLITE3_ASSOC)) {
  54. print json_encode($line);
  55. }
  56. break;
  57. case "togglefav":
  58. $id = (int) $_REQUEST["id"];
  59. $result = $ldb->query("SELECT id FROM epube_favorites WHERE bookid = '$id'
  60. AND owner = '$owner' LIMIT 1");
  61. $found_id = false;
  62. $status = -1;
  63. while ($line = $result->fetchArray(SQLITE3_ASSOC)) {
  64. $found_id = $line["id"];
  65. }
  66. if ($found_id) {
  67. $ldb->query("DELETE FROM epube_favorites WHERE id = " . $found_id);
  68. $status = 0;
  69. } else {
  70. $ldb->query("INSERT INTO epube_favorites (bookid, owner) VALUES ($id, '$owner')");
  71. $status = 1;
  72. }
  73. print json_encode(["id" => $id, "status" => $status]);
  74. case "download":
  75. $id = (int) $_REQUEST["id"];
  76. $db = new SQLite3(CALIBRE_DB, SQLITE3_OPEN_READONLY);
  77. $result = $db->query("SELECT path, name, format FROM data LEFT JOIN books ON (data.book = books.id) WHERE data.id = " . $id);
  78. while ($line = $result->fetchArray(SQLITE3_ASSOC)) {
  79. $filename = BOOKS_DIR . "/" . $line["path"] . "/" . $line["name"] . "." . strtolower($line["format"]);
  80. if (file_exists($filename)) {
  81. $base_filename = basename($filename);
  82. header("Content-type: " . mime_content_type($filename));
  83. header("Content-Disposition: attachment; filename=\"$base_filename\"");
  84. readfile($filename);
  85. } else {
  86. header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
  87. echo "File not found.";
  88. }
  89. }
  90. break;
  91. case "getpagination":
  92. $bookid = (int) $_REQUEST["id"];
  93. if ($bookid) {
  94. $result = $ldb->query("SELECT pagination FROM epube_pagination WHERE bookid = '$bookid' LIMIT 1");
  95. if ($line = $result->fetchArray()) {
  96. print $line["pagination"];
  97. } else {
  98. header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
  99. echo "File not found.";
  100. }
  101. }
  102. break;
  103. case "storepagination":
  104. $bookid = (int) $_REQUEST["id"];
  105. $payload = SQLite3::escapeString($_REQUEST["payload"]);
  106. $total_pages = (int) $_REQUEST["total"];
  107. if ($bookid && $payload && $total_pages) {
  108. $ldb->query("BEGIN");
  109. $result = $ldb->query("SELECT id FROM epube_pagination WHERE bookid = '$bookid' LIMIT 1");
  110. if ($line = $result->fetchArray()) {
  111. $id = $line["id"];
  112. $ldb->query("UPDATE epube_pagination SET pagination = '$payload',
  113. total_pages = '$total_pages' WHERE id = '$id'");
  114. } else {
  115. $ldb->query("INSERT INTO epube_pagination (bookid, pagination, total_pages) VALUES
  116. ('$bookid', '$payload', '$total_pages')");
  117. }
  118. $ldb->query("COMMIT");
  119. }
  120. break;
  121. case "getlastread":
  122. $bookid = (int) $_REQUEST["id"];
  123. $lastread = 0;
  124. $lastcfi = "";
  125. $totalpages = 0;
  126. if ($bookid) {
  127. $result = $ldb->query("SELECT b.lastread, b.lastcfi, p.total_pages FROM epube_books AS b, epube_pagination AS p
  128. WHERE b.bookid = p.bookid AND b.bookid = '$bookid' AND b.owner = '$owner' LIMIT 1");
  129. if ($line = $result->fetchArray()) {
  130. $lastread = (int) $line["lastread"];
  131. $lastcfi = $line["lastcfi"];
  132. $totalpages = (int) $line["total_pages"];
  133. }
  134. }
  135. print json_encode(["page" => $lastread, "cfi" => $lastcfi, "total" => $totalpages]);
  136. break;
  137. case "storelastread":
  138. $page = (int) $_REQUEST["page"];
  139. $bookid = (int) $_REQUEST["id"];
  140. $cfi = SQLite3::escapeString($_REQUEST["cfi"]);
  141. if ($page && $bookid) {
  142. $ldb->query("BEGIN");
  143. $result = $ldb->query("SELECT id, lastread, lastcfi FROM epube_books
  144. WHERE bookid = '$bookid' AND owner = '$owner' LIMIT 1");
  145. if ($line = $result->fetchArray()) {
  146. $id = $line["id"];
  147. $lastread = (int) $line["lastread"];
  148. if ($lastread < $page || $page == -1) {
  149. if ($page == -1) $page = 0;
  150. $ldb->query("UPDATE epube_books SET lastread = '$page', lastcfi = '$cfi' WHERE id = '$id'");
  151. }
  152. } else {
  153. $ldb->query("INSERT INTO epube_books (bookid, owner, lastread, lastcfi) VALUES
  154. ('$bookid', '$owner', '$page', '$cfi')");
  155. }
  156. $ldb->query("COMMIT");
  157. }
  158. print json_encode(["page" => $page, "cfi" => $cfi]);
  159. break;
  160. case "define":
  161. if (defined('DICT_ENABLED') && DICT_ENABLED) {
  162. $word = escapeshellarg($_REQUEST["word"]);
  163. exec(DICT_CLIENT . " -h ". DICT_SERVER ." $word 2>&1", $output, $rc);
  164. if ($rc == 0) {
  165. print json_encode(["result" => $output]);
  166. } else if ($rc == 21) {
  167. $word_matches = [];
  168. foreach ($output as $line) {
  169. if (preg_match('/^[^ ]+: *(.*)/', $line, $match)) {
  170. if ($match[1]) {
  171. $word_matches = explode(" ", $match[1]);
  172. break;
  173. }
  174. }
  175. }
  176. $word_matches = implode(" ", array_map("escapeshellarg", $word_matches));
  177. unset($output);
  178. exec(DICT_CLIENT . " -h ". DICT_SERVER ." $word_matches 2>&1", $output, $rc);
  179. if ($rc == 0) {
  180. print json_encode(["result" => $output]);
  181. }
  182. } else if ($rc == 20) {
  183. exec(DICT_CLIENT . " -s soundex -h ". DICT_SERVER ." $word 2>&1", $output, $rc);
  184. print json_encode(["result" => $output]);
  185. } else {
  186. print json_encode(["result" => $output]);
  187. }
  188. }
  189. break;
  190. default:
  191. header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
  192. echo "Method not found.";
  193. }
  194. ?>