DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2112 Commits
3 Branches
110MB
Tree: 0d7e7887a8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0d7e7887a8'
${ noResults }
DedeV6/src/admin/api.php

421 lines
15KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * 后台api接口

  4.  *

  5.  * @version        $id:api.php 8:26 2022年11月20日 tianya $

  6.  * @package        DedeBIZ.Administrator

  7.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  8.  * @license        GNU GPL v2 (https://www.dedebiz.com/license)

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. define('AJAXLOGIN', TRUE);

  12. define('IS_DEDEAPI', TRUE);

  13. define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));

  14. require_once(DEDEADMIN.'/../system/common.inc.php');

  15. require_once(DEDEINC.'/userlogin.class.php');

  16. @set_time_limit(0);

  17. AjaxHead();

  18. helper('cache');

  19. $action = isset($action) && in_array($action, array('is_need_check_code', 'has_new_version', 'get_changed_files', 'update_backup', 'get_update_versions', 'update', 'upload_image')) ? $action  : '';

  20. $curDir = dirname(GetCurUrl());//当前目录

  21. /**

  22.  * 登录鉴权

  23.  *

  24.  * @return void

  25.  */

  26. function checkLogin()

  27. {

  28.     $cuserLogin = new userLogin();

  29.     if ($cuserLogin->getUserID() <= 0 || $cuserLogin->getUserType() != 10) {

  30.         echo json_encode(array(

  31.             "code" => -1,

  32.             "msg" => "此操作需要登录超级管理员权限",

  33.             "data" => null,

  34.         ));

  35.         exit;

  36.     }

  37. }

  38. if ($action === 'is_need_check_code') {

  39.     $cuserLogin = new userLogin();

  40.     $isNeed = $cuserLogin->isNeedCheckCode($userid);

  41.     echo json_encode(array(

  42.         "code" => 0,

  43.         "msg" => "",

  44.         "data" => array(

  45.             "isNeed" => $isNeed,

  46.         ),

  47.     ));

  48.     exit;

  49. } else if ($action === 'has_new_version') {

  50.     //判断版本SQL之间差异

  51.     $unQueryVer = array();

  52.     if (!TableHasField("#@__tagindex", "keywords")) {

  53.         $unQueryVer[] = "6.0.2";

  54.     }

  55.     if (!TableHasField("#@__feedback", "replycount")) {

  56.         $unQueryVer[] = "6.0.3";

  57.     }

  58.     if (!TableHasField("#@__arctype", "litimg")) {

  59.         $unQueryVer[] = "6.1.0";

  60.     }

  61.     if (!$dsql->IsTable("#@__statistics")) {

  62.         $unQueryVer[] = "6.1.7";

  63.     }

  64.     if (TableHasField("#@__tagindex", "tag_pinyin")) {

  65.         $unQueryVer[] = "6.1.8";

  66.     }

  67.     if (!TableHasField("#@__admin", "pwd_new")) {

  68.         $unQueryVer[] = "6.1.9";

  69.     }

  70.     if (!TableHasField("#@__arctype", "cnoverview")) {

  71.         $unQueryVer[] = "6.1.10";

  72.     }

  73.     if (!TableHasField("#@__admin", "loginerr") || !TableHasField("#@__member", "loginerr")) {

  74.         $unQueryVer[] = "6.2.0";

  75.     }

  76.     $row = $dsql->GetOne("SELECT COUNT(*) as dd FROM `#@__sysconfig` WHERE varname = 'cfg_bizcore_api'");

  77.     if ($row['dd'] == 0) {

  78.         $unQueryVer[] = "6.2.3";

  79.     }

  80.     if (!$dsql->IsTable("#@__sys_payment")) {

  81.         $unQueryVer[] = "6.2.5";

  82.     }

  83.     if (!TableHasField("#@__arctype", "apienabled")) {

  84.         $unQueryVer[] = "6.2.7";

  85.     }

  86.     if (count($unQueryVer) > 0) {

  87.         $upsqls = GetUpdateSQL();

  88.         foreach ($unQueryVer as $vv) {

  89.             $ss = $upsqls[$vv];

  90.             foreach ($ss as $s) {

  91.                 if (trim($s) != '') {

  92.                     $dsql->safeCheck = false;

  93.                     $dsql->ExecuteNoneQuery(trim($s));

  94.                     $dsql->safeCheck = true;

  95.                 }

  96.             }

  97.         }

  98.     }

  99.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  100.     checkLogin();

  101.     //发现有新版本

  102.     $phpv = phpversion();

  103.     $sp_os = PHP_OS;

  104.     $mysql_ver = $dsql->GetVersion();

  105.     $nurl = $_SERVER['HTTP_HOST'];

  106.     if (preg_match("#[a-z\-]{1,}\.[a-z]{2,}#i", $nurl)) {

  107.         $nurl = urlencode($nurl);

  108.     } else {

  109.         $nurl = "test";

  110.     }

  111.     $add_query = '';

  112.     $query = "SELECT COUNT(*) AS dd FROM `#@__member` ";

  113.     $row1 = $dsql->GetOne($query);

  114.     if ($row1) $add_query .= "&mcount={$row1['dd']}";

  115.     $query = "SELECT COUNT(*) AS dd FROM `#@__arctiny` ";

  116.     $row2 = $dsql->GetOne($query);

  117.     if ($row2) $add_query .= "&acount={$row2['dd']}";

  118.     $offUrl = DEDEBIZURL."/version?version={$cfg_version_detail}&formurl={$nurl}&phpver={$phpv}&os={$sp_os}&mysqlver={$mysql_ver}{$add_query}&json=1";

  119.     if (strpos($_SERVER['SERVER_SOFTWARE'], 'Development Server') !== false && version_compare(phpversion(), '7.2', '<')) {

  120.         echo json_encode(array(

  121.             "code"=>-1,

  122.             "msg"=>'获取版本信息失败',

  123.         ));

  124.         exit;

  125.     }

  126.     $dhd = new DedeHttpDown();

  127.     $dhd->OpenUrl($offUrl);

  128.     $data = $dhd->GetHtml();

  129.     if (empty($data)) {

  130.         echo json_encode(array(

  131.             "code"=>-1,

  132.             "msg"=>'获取版本信息失败',

  133.         ));

  134.     } else {

  135.         echo $data;

  136.     }

  137. } else if ($action === 'get_changed_files') {

  138.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  139.     checkLogin();

  140.     //获取本地更改过的文件

  141.     $hashUrl = DEDEBIZCDN.'/release/'.$cfg_version_detail.'.json';

  142.     $dhd = new DedeHttpDown();

  143.     $dhd->OpenUrl($hashUrl);

  144.     $data = $dhd->GetJSON();

  145.     if (empty($data)) {

  146.         echo json_encode(array(

  147.             "code"=>-1,

  148.             "msg"=>'获取版本信息失败',

  149.         ));

  150.         exit();

  151.     }

  152.     $changedFiles = array();

  153.     foreach ($data as $file) {

  154.         $realFile = DEDEROOT.str_replace("\\", '/', $file->filename);

  155.         if (file_exists($realFile) && md5_file($realFile) !== $file->hash) {

  156.             $changedFiles[] = $file;

  157.             continue;

  158.         }

  159.     }

  160.     echo json_encode(array(

  161.         "code" => 0,

  162.         "msg" => "",

  163.         "data" => array(

  164.             "files" => $changedFiles,

  165.         ),

  166.     ));

  167.     exit;

  168. } else if ($action === 'update_backup') {

  169.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  170.     checkLogin();

  171.     //获取本地更改过的文件

  172.     $hashUrl = DEDEBIZCDN.'/release/'.$cfg_version_detail.'.json';

  173.     $dhd = new DedeHttpDown();

  174.     $dhd->OpenUrl($hashUrl);

  175.     $data = $dhd->GetJSON();

  176.     if (empty($data)) {

  177.         echo json_encode(array(

  178.             "code"=>-1,

  179.             "msg"=>'获取版本信息失败',

  180.         ));

  181.         exit;

  182.     }

  183.     $changedFiles = array();

  184.     $enkey = substr(md5(substr($cfg_cookie_encode, 0, 5)), 0, 10);

  185.     $backupPath = DEDEDATA."/backupfile_{$enkey}";

  186.     RmRecurse($backupPath);

  187.     mkdir($backupPath);

  188.     foreach ($data as $file) {

  189.         $realFile = DEDEROOT.str_replace("\\", '/', $file->filename);

  190.         //备份文件

  191.         if (file_exists($realFile) && md5_file($realFile) !== $file->hash) {

  192.             $dstFile = $backupPath.'/'.str_replace("\\", '/', $file->filename);

  193.             @mkdir(dirname($dstFile), 0777, true);

  194.             copy($realFile, $dstFile);

  195.         }

  196.     }

  197.     echo json_encode(array(

  198.         "code" => 0,

  199.         "msg" => "",

  200.         "data" => array(

  201.             "backupdir" => "data/backupfile_{$enkey}",

  202.         ),

  203.     ));

  204.     exit;

  205. } else if ($action === 'get_update_versions') {

  206.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  207.     checkLogin();

  208.     //获取本地更改过的文件

  209.     $offUrl = DEDEBIZURL."/versions?version={$cfg_version_detail}";

  210.     $dhd = new DedeHttpDown();

  211.     $dhd->OpenUrl($offUrl);

  212.     $data = $dhd->GetHtml();

  213.     if (empty($data)) {

  214.         echo json_encode(array(

  215.             "code"=>-1,

  216.             "msg"=>'获取版本信息失败',

  217.         ));

  218.         exit;

  219.     }

  220.     $arr = json_decode($data);

  221.     SetCache('update', 'vers', $arr->result->Versions);

  222.     echo $data;

  223.     exit;

  224. } else if ($action === 'update') {

  225.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  226.     $row = GetCache('update', 'vers');

  227.     if (count($row) === 0) {

  228.         echo json_encode(array(

  229.             "code" => -1,

  230.             "msg" => "请获取版本更新记录",

  231.             "data" => null,

  232.         ));

  233.         exit;

  234.     }

  235.     $enkey = substr(md5(substr($cfg_cookie_encode, 0, 5)), 0, 10);

  236.     $backupPath = DEDEDATA."/updatefile_{$enkey}";

  237.     @mkdir($backupPath);

  238.     foreach ($row as $k => $ver) {

  239.         if ($ver->isdownload !== true) {

  240.             $filesUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/files.txt';

  241.             $dhd = new DedeHttpDown();

  242.             $dhd->OpenUrl($filesUrl);

  243.             $fileList = $dhd->GetJSON();

  244.             $dhd->Close();

  245.             $backupVerPath = $backupPath.'/'.$ver->ver;

  246.             if (!is_dir($backupVerPath)) {

  247.                 @mkdir($backupVerPath);

  248.             }

  249.             $i = 0;

  250.             foreach ($fileList as $f) {

  251.                 $realFile = $backupVerPath.$f->filename;

  252.                 //忽略src之外的目录

  253.                 if (!preg_match("/^\//", $f->filename)) {

  254.                     continue;

  255.                 }

  256.                 if (file_exists($realFile)) {

  257.                     continue;

  258.                 }

  259.                 $fileUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/src'.$f->filename;

  260.                 $dhd = new DedeHttpDown();

  261.                 $dhd->OpenUrl($fileUrl);

  262.                 $fData = $dhd->GetHtml();

  263.                 $dhd->Close();

  264.                 $f->filename = preg_replace('/^\/admin/', $curDir, $f->filename);

  265.                 @mkdir(dirname($realFile), 0777, true);

  266.                 file_put_contents($realFile, $fData);

  267.                 $i++;

  268.                 if ($i === 10) {

  269.                     echo json_encode(array(

  270.                         "code" => 0,

  271.                         "msg" => "正在下载{$ver->ver}版本的{$f->filename}文件",

  272.                         "data" => array(

  273.                             "finish" => false,

  274.                         ),

  275.                     ));

  276.                     exit;

  277.                 }

  278.             }

  279.             $sqlUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/update.sql';

  280.             $dhd = new DedeHttpDown();

  281.             $dhd->OpenUrl($sqlUrl);

  282.             $fData = $dhd->GetHtml();

  283.             $dhd->Close();

  284.             $realFile = $backupVerPath.'/update.sql';

  285.             file_put_contents($realFile, $fData);

  286.             $realFile = $backupVerPath.'/files.txt';

  287.             file_put_contents($realFile, json_encode($fileList));

  288.             $row[$k]->isdownload = true;

  289.             SetCache('update', 'vers', $row);

  290.             echo json_encode(array(

  291.                 "code" => 0,

  292.                 "msg" => "正在下载{$ver->ver}版本更新文件",

  293.                 "data" => array(

  294.                     "finish" => false,

  295.                 ),

  296.             ));

  297.             exit;

  298.         }

  299.     }

  300.     foreach ($row as $k => $ver) {

  301.         if ($ver->ispatched !== true) {

  302.             $backupVerPath = $backupPath.'/'.$ver->ver;

  303.             //执行更新SQL文件

  304.             $sql = file_get_contents($backupVerPath.'/update.sql');

  305.             if (!empty($sql)) {

  306.                 $sql = preg_replace('#ENGINE=MyISAM#i', 'TYPE=MyISAM', $sql);

  307.                 $sql41tmp = 'ENGINE=MyISAM DEFAULT CHARSET='.$cfg_db_language;

  308.                 $sql = preg_replace('#TYPE=MyISAM#i', $sql41tmp, $sql);

  309.                 $sqls = explode(";\r\n", $sql);

  310.                 foreach ($sqls as $sql) {

  311.                     if (trim($sql) != '') {

  312.                         $dsql->safeCheck = false;

  313.                         $dsql->ExecuteNoneQuery(trim($sql));

  314.                         $dsql->safeCheck = true;

  315.                     }

  316.                 }

  317.             }

  318.             //复制文件

  319.             $fileList = json_decode(file_get_contents($backupVerPath.'/files.txt'));

  320.             foreach ($fileList as $f) {

  321.                 //忽略src之外的目录

  322.                 if (!preg_match("/^\//", $f->filename)) {

  323.                     continue;

  324.                 }

  325.                 $f->filename = preg_replace('/^\/admin/', $curDir, $f->filename);

  326.                 $srcFile = $backupVerPath.$f->filename;

  327.                 $dstFile = str_replace(array("\\", "//"), '/', DEDEROOT.$f->filename);

  328.                 @mkdir(dirname($dstFile), 0777, true);

  329.                 $rs = @copy($srcFile, $dstFile);

  330.                 if ($rs) {

  331.                     unlink($srcFile);

  332.                 }

  333.             }

  334.             $row[$k]->ispatched = true;

  335.             SetCache('update', 'vers', $row);

  336.             RmRecurse($backupVerPath);

  337.             echo json_encode(array(

  338.                 "code" => 0,

  339.                 "msg" => "正在更新{$ver->ver}版本补丁文件",

  340.                 "data" => array(

  341.                     "finish" => false,

  342.                 ),

  343.             ));

  344.             exit;

  345.         }

  346.     }

  347.     echo json_encode(array(

  348.         "code" => 0,

  349.         "msg" => "",

  350.         "data" => array(

  351.             "finish" => true,

  352.         ),

  353.     ));

  354.     exit;

  355. } else if($action === 'upload_image') {

  356.     checkLogin();

  357.     $imgfile_name = $_FILES["file"]['name'];

  358.     $activepath = $cfg_image_dir;

  359.     $allowedTypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/webp");

  360.     $uploadedFile = $_FILES['file']['tmp_name'];

  361.     if (!function_exists('mime_content_type')) {

  362.         echo json_encode(array(

  363.             "code" => -1,

  364.             "uploaded" => 0,

  365.             "error" => array(

  366.                 "message" => "系统不支持fileinfo组件,建议php.ini中开启",

  367.             ),

  368.         ));

  369.         exit;

  370.     }

  371.     $fileType = mime_content_type($uploadedFile);

  372.     $imgSize = getimagesize($uploadedFile);

  373.     if (!in_array($fileType, $allowedTypes) || !$imgSize) {

  374.         echo json_encode(array(

  375.             "code" => -1,

  376.             "uploaded" => 0,

  377.             "error" => array(

  378.                 "message" => "仅支持图片格式文件",

  379.             ),

  380.         ));

  381.         exit;

  382.     }

  383.     $nowtme = time();

  384.     $mdir = MyDate($cfg_addon_savetype, $nowtme);

  385.     if (!is_dir($cfg_basedir.$activepath."/$mdir")) {

  386.         MkdirAll($cfg_basedir.$activepath."/$mdir", $cfg_dir_purview);

  387.     }

  388.     $cuserLogin = new userLogin();

  389.     $iseditor = isset($iseditor)? intval($iseditor) : 0;

  390.     $filename_name = $cuserLogin->getUserID().'-'.dd2char(MyDate("ymdHis", $nowtme).mt_rand(100, 999));

  391.     $filename = $mdir.'/'.$filename_name;

  392.     $fs = explode('.', $imgfile_name);

  393.     $filename = $filename.'.'.$fs[count($fs) - 1];

  394.     $filename_name = $filename_name.'.'.$fs[count($fs) - 1];

  395.     $fullfilename = $cfg_basedir.$activepath."/".$filename;

  396.     move_uploaded_file($_FILES["file"]["tmp_name"], $fullfilename) or die(json_encode(array(

  397.         "code" => -1,

  398.         "uploaded" => 0,

  399.         "error" => array(

  400.             "message" => "上传失败",

  401.         ),

  402.     )));

  403.     $info = '';

  404.     $sizes[0] = 0;

  405.     $sizes[1] = 0;

  406.     $sizes = getimagesize($fullfilename, $info);

  407.     $imgwidthValue = $sizes[0];

  408.     $imgheightValue = $sizes[1];

  409.     $imgsize = filesize($fullfilename);

  410.     $inquery = "INSERT INTO `#@__uploads` (arcid,title,url,mediatype,width,height,playtime,filesize,uptime,mid) VALUES ('0','$filename','".$activepath."/".$filename."','1','$imgwidthValue','$imgheightValue','0','{$imgsize}','{$nowtme}','".$cuserLogin->getUserID()."'); ";

  411.     $dsql->ExecuteNoneQuery($inquery);

  412.     $fid = $dsql->GetLastID();

  413.     AddMyAddon($fid, $activepath.'/'.$filename);

  414.     echo json_encode(array(

  415.         "code" => 0,

  416.         "msg" => "上传成功",

  417.         "data" => $activepath."/".$filename,

  418.     ));

  419. 

  420. }

  421. ?>