':\/|]#", "", $newname)); $uploadfile = isset($imgfile) && empty($uploadfile) ? $imgfile : $uploadfile; $uploadfile_name = isset($imgfile_name) && empty($uploadfile_name) ? $imgfile_name : $uploadfile_name; if (!is_uploaded_file($uploadfile)) { ShowMsg("你没有选择上传的文件或选择的文件大小超出限制!", "-1"); exit(); } //软件类型所有支持的附件 $cfg_softtype = $cfg_softtype; $cfg_softtype = str_replace('||', '|', $cfg_softtype); $uploadfile_name = trim(preg_replace("#[ \r\n\t\*\%\\\/\?><\|\":]{1,}#", '', $uploadfile_name)); if (!preg_match("#\.(" . $cfg_softtype . ")#i", $uploadfile_name)) { ShowMsg("你所上传的{$uploadmbtype}不在许可列表，请更改系统对扩展名限定的配置！", ""); exit(); } $nowtme = time(); if ($activepath == $cfg_soft_dir) { $newdir = MyDate($cfg_addon_savetype, $nowtme); $activepath = $activepath . '/' . $newdir; if (!is_dir($cfg_basedir . $activepath)) { MkdirAll($cfg_basedir . $activepath, $cfg_dir_purview); CloseFtp(); } } //文件名（前为手工指定， 后者自动处理） if (!empty($newname)) { $filename = $newname; if (!preg_match("#\.#", $filename)) $fs = explode('.', $uploadfile_name); else $fs = explode('.', $filename); if (preg_match("#" . $cfg_not_allowall . "#", $fs[count($fs) - 1])) { ShowMsg("你指定的文件名被系统禁止！", 'javascript:;'); exit(); } if (!preg_match("#\.#", $filename)) $filename = $filename . '.' . $fs[count($fs) - 1]; } else { $filename = $cuserLogin->getUserID() . '-' . dd2char(MyDate('ymdHis', $nowtme)); $fs = explode('.', $uploadfile_name); if (preg_match("#" . $cfg_not_allowall . "#", $fs[count($fs) - 1])) { ShowMsg("你上传了某些可能存在不安全因素的文件，系统拒绝操作！", 'javascript:;'); exit(); } $filename = $filename . '.' . $fs[count($fs) - 1]; } $fullfilename = $cfg_basedir . $activepath . '/' . $filename; $fullfileurl = $activepath . '/' . $filename; move_uploaded_file($uploadfile, $fullfilename) or die("上传文件到 $fullfilename 失败！"); @unlink($uploadfile); if ($cfg_remote_site == 'Y' && $remoteuploads == 1) { //分析远程文件路径 $remotefile = str_replace(DEDEROOT, '', $fullfilename); $localfile = '../..' . $remotefile; //创建远程文件夹 $remotedir = preg_replace('/[^\/]*\.(' . $cfg_softtype . ')/', '', $remotefile); $ftp->rmkdir($remotedir); $ftp->upload($localfile, $remotefile); } if ($uploadfile_type == 'application/x-shockwave-flash') { $mediatype = 2; } else if (preg_match('#image#i', $uploadfile_type)) { $mediatype = 1; } else if (preg_match('#audio|media|video#i', $uploadfile_type)) { $mediatype = 3; } else { $mediatype = 4; } $inquery = "INSERT INTO `#@__uploads`(arcid,title,url,mediatype,width,height,playtime,filesize,uptime,mid) VALUES ('0','$filename','$fullfileurl','$mediatype','0','0','0','{$uploadfile_size}','{$nowtme}','" . $cuserLogin->getUserID() . "'); "; $dsql->ExecuteNoneQuery($inquery); $fid = $dsql->GetLastID(); AddMyAddon($fid, $fullfileurl); if ($ck == 1) { $funcNum = isset($_GET['CKEditorFuncNum']) ? $_GET['CKEditorFuncNum'] : 1; $url = $fullfileurl; $arr = array( "uploaded" => 1, "fileName" => $filename, "url" => $url, ); echo json_encode($arr); } else { ShowMsg("成功上传文件！", $bkurl . "?comeback=" . urlencode($filename) . "&f=$f&CKEditorFuncNum=$CKEditorFuncNum&activepath=" . urlencode($activepath) . "&d=" . time()); exit(); }