':\/|]#", "", $newname));
$uploadfile = isset($imgfile) && empty($uploadfile) ? $imgfile : $uploadfile;
$uploadfile_name = isset($imgfile_name) && empty($uploadfile_name) ? $imgfile_name : $uploadfile_name;
if (!is_uploaded_file($uploadfile)) {
ShowMsg("您没有选择上传的文件或选择的文件大小超出限制", "-1");
exit();
}
//软件类型所有支持的附件
$cfg_softtype = $cfg_softtype;
$cfg_softtype = str_replace('||', '|', $cfg_softtype);
$uploadfile_name = trim(preg_replace("#[ \r\n\t\*\%\\\/\?><\|\":]{1,}#", '', $uploadfile_name));
if (!preg_match("#\.(".$cfg_softtype.")#i", $uploadfile_name)) {
ShowMsg("您所上传的{$uploadmbtype}不在许可列表,请修改系统对扩展名限定的配置", "-1");
exit();
}
$nowtme = time();
if ($activepath == $cfg_soft_dir) {
$newdir = MyDate($cfg_addon_savetype, $nowtme);
$activepath = $activepath.'/'.$newdir;
if (!is_dir($cfg_basedir.$activepath)) {
MkdirAll($cfg_basedir.$activepath, $cfg_dir_purview);
CloseFtp();
}
}
//文件名(前为手工指定,后者自动处理)
if (!empty($newname)) {
$filename = $newname;
if (!preg_match("#\.#", $filename)) $fs = explode('.', $uploadfile_name);
else $fs = explode('.', $filename);
if (preg_match("#".$cfg_not_allowall."#", $fs[count($fs) - 1])) {
ShowMsg("指定的文件名已被系统禁止", 'javascript:;');
exit();
}
if (!preg_match("#\.#", $filename)) $filename = $filename.'.'.$fs[count($fs) - 1];
} else {
$filename = $cuserLogin->getUserID().'-'.dd2char(MyDate('ymdHis', $nowtme));
$fs = explode('.', $uploadfile_name);
if (preg_match("#".$cfg_not_allowall."#", $fs[count($fs) - 1])) {
ShowMsg("您上传了某些可能存在不安全因素的文件,系统拒绝操作", "-1");
exit();
}
$filename = $filename.'.'.$fs[count($fs) - 1];
}
if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml)[^a-zA-Z0-9]+$#i', trim($filename))) {
ShowMsg("指定的文件名已被系统禁止",'javascript:;');
exit();
}
$fullfilename = $cfg_basedir.$activepath.'/'.$filename;
$fullfileurl = $activepath.'/'.$filename;
$mime = get_mime_type($uploadfile);
if (preg_match("#^unknow#", $mime)) {
ShowMsg("系统不支持fileinfo组件,建议php.ini中开启", -1);
exit;
}
if (!preg_match("#^(image|video|audio|application)#i", $mime)) {
ShowMsg("仅支持媒体文件及应用程序上传", -1);
exit;
}
move_uploaded_file($uploadfile, $fullfilename) or die("上传文件到$fullfilename失败");
@unlink($uploadfile);
if ($uploadfile_type == 'application/x-shockwave-flash') {
$mediatype = 2;
} else if (preg_match('#image#i', $uploadfile_type)) {
$mediatype = 1;
} else if (preg_match('#audio|media|video#i', $uploadfile_type)) {
$mediatype = 3;
} else {
$mediatype = 4;
}
$inquery = "INSERT INTO `#@__uploads` (arcid,title,url,mediatype,width,height,playtime,filesize,uptime,mid) VALUES ('0','$filename','$fullfileurl','$mediatype','0','0','0','{$uploadfile_size}','{$nowtme}','".$cuserLogin->getUserID()."'); ";
$dsql->ExecuteNoneQuery($inquery);
$fid = $dsql->GetLastID();
AddMyAddon($fid, $fullfileurl);
if ($ck == 1) {
$funcNum = isset($_GET['CKEditorFuncNum']) ? $_GET['CKEditorFuncNum'] : 1;
$url = $fullfileurl;
$arr = array(
"uploaded" => 1,
"fileName" => $filename,
"url" => $url,
);
echo json_encode($arr);
} else {
ShowMsg("成功上传文件", $bkurl."?comeback=".urlencode($filename)."&f=$f&CKEditorFuncNum=$CKEditorFuncNum&activepath=".urlencode($activepath)."&d=".time());
exit();
}
?>