DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
180 Commits
3 Branches
206MB
Tree: 44d039dc90
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '44d039dc90'
${ noResults }
DedeV6/src/include/helpers/upload.helper.php

241 lines
10.0KB
Raw Blame History 

  1. <?php  if(!defined('DEDEINC')) exit('dedecms');

  2. /**

  3.  * 上传处理小助手

  4.  *

  5.  * @version        $Id: upload.helper.php 1 2010-07-05 11:43:09Z tianya $

  6.  * @package        DedeCMS.Helpers

  7.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. 

  12. /**

  13.  *  管理员上传文件的通用函数

  14.  *

  15.  * @access    public

  16.  * @param     string  $uploadname  上传名称

  17.  * @param     string  $ftype  文件类型

  18.  * @param     string  $rnddd  后缀数字

  19.  * @param     bool  $watermark  是否水印

  20.  * @param     string  $filetype  image、media、addon

  21.  *      $file_type='' 对于swfupload上传的文件, 因为没有filetype,所以需指定,并且有些特殊之处不同

  22.  * @return    int   -1 没选定上传文件,0 文件类型不允许, -2 保存失败,其它:返回上传后的文件名

  23.  */

  24. if ( ! function_exists('AdminUpload'))

  25. {

  26.     function AdminUpload($uploadname, $ftype='image', $rnddd=0, $watermark=TRUE, $filetype='' )

  27.     {

  28.         global $dsql, $cuserLogin, $cfg_addon_savetype, $cfg_dir_purview;

  29.         global $cfg_basedir, $cfg_image_dir, $cfg_soft_dir, $cfg_other_medias;

  30.         global $cfg_imgtype, $cfg_softtype, $cfg_mediatype;

  31.         if($watermark) include_once(DEDEINC.'/image.func.php');

  32.         

  33.         $file_tmp = isset($GLOBALS[$uploadname]) ? $GLOBALS[$uploadname] : '';

  34.         if($file_tmp=='' || !is_uploaded_file($file_tmp) )

  35.         {

  36.             return -1;

  37.         }

  38.         

  39.         $file_tmp = $GLOBALS[$uploadname];

  40.         $file_size = filesize($file_tmp);

  41.         $file_type = $filetype=='' ? strtolower(trim($GLOBALS[$uploadname.'_type'])) : $filetype;

  42.         

  43.         $file_name = isset($GLOBALS[$uploadname.'_name']) ? $GLOBALS[$uploadname.'_name'] : '';

  44.         $file_snames = explode('.', $file_name);

  45.         $file_sname = strtolower(trim($file_snames[count($file_snames)-1]));

  46.         

  47.         if($ftype=='image' || $ftype=='imagelit')

  48.         {

  49.             $filetype = '1';

  50.             $sparr = Array('image/pjpeg', 'image/jpeg', 'image/gif', 'image/png', 'image/xpng', 'image/wbmp');

  51.             if(!in_array($file_type, $sparr)) return 0;

  52.             if($file_sname=='')

  53.             {

  54.                 if($file_type=='image/gif') $file_sname = 'jpg';

  55.                 else if($file_type=='image/png' || $file_type=='image/xpng') $file_sname = 'png';

  56.                 else if($file_type=='image/wbmp') $file_sname = 'bmp';

  57.                 else $file_sname = 'jpg';

  58.             }

  59.             $filedir = $cfg_image_dir.'/'.MyDate($cfg_addon_savetype, time());

  60.         }

  61.         else if($ftype=='media')

  62.         {

  63.             $filetype = '3';

  64.             if( !preg_match('/'.$cfg_mediatype.'/', $file_sname) ) return 0;

  65.             $filedir = $cfg_other_medias.'/'.MyDate($cfg_addon_savetype, time());

  66.         }

  67.         else

  68.         {

  69.             $filetype = '4';

  70.             $cfg_softtype .= '|'.$cfg_mediatype.'|'.$cfg_imgtype;

  71.             $cfg_softtype = str_replace('||', '|', $cfg_softtype);

  72.             if( !preg_match('/'.$cfg_softtype.'/', $file_sname) ) return 0;

  73.             $filedir = $cfg_soft_dir.'/'.MyDate($cfg_addon_savetype, time());

  74.         }

  75.         if(!is_dir(DEDEROOT.$filedir))

  76.         {

  77.             MkdirAll($cfg_basedir.$filedir, $cfg_dir_purview);

  78.             CloseFtp();

  79.         }

  80.         $filename = $cuserLogin->getUserID().'-'.dd2char(MyDate('ymdHis', time())).$rnddd;

  81.         if($ftype=='imagelit') $filename .= '-L';

  82.         if( file_exists($cfg_basedir.$filedir.'/'.$filename.'.'.$file_sname) )

  83.         {

  84.             for($i=50; $i <= 5000; $i++)

  85.             {

  86.                 if( !file_exists($cfg_basedir.$filedir.'/'.$filename.'-'.$i.'.'.$file_sname) )

  87.                 {

  88.                     $filename = $filename.'-'.$i;

  89.                     break;

  90.                 }

  91.             }

  92.         }

  93.         $fileurl = $filedir.'/'.$filename.'.'.$file_sname;

  94.         $rs = move_uploaded_file($file_tmp, $cfg_basedir.$fileurl);

  95.         if(!$rs) return -2;

  96.         if($ftype=='image' && $watermark)

  97.         {

  98.             WaterImg($cfg_basedir.$fileurl, 'up');

  99.         }

  100.         

  101.         //保存信息到数据库

  102.         $title = $filename.'.'.$file_sname;

  103.         $inquery = "INSERT INTO `#@__uploads`(title,url,mediatype,width,height,playtime,filesize,uptime,mid)

  104.             VALUES ('$title','$fileurl','$filetype','0','0','0','".filesize($cfg_basedir.$fileurl)."','".time()."','".$cuserLogin->getUserID()."'); ";

  105.         $dsql->ExecuteNoneQuery($inquery);

  106.         $fid = $dsql->GetLastID();

  107.         AddMyAddon($fid, $fileurl);

  108.         return $fileurl;

  109.     }

  110. }

  111. 

  112. 

  113. //前台会员通用上传函数

  114. //$upname 是文件上传框的表单名,而不是表单的变量

  115. //$handname 允许用户手工指定网址情况下的网址

  116. if ( ! function_exists('MemberUploads'))

  117. {

  118.     function MemberUploads($upname,$handname,$userid=0,$utype='image',$exname='',$maxwidth=0,$maxheight=0,$water=false,$isadmin=false)

  119.     {

  120.         global $cfg_imgtype,$cfg_mb_addontype,$cfg_mediatype,$cfg_user_dir,$cfg_basedir,$cfg_dir_purview;

  121.         

  122.         //当为游客投稿的情况下,这个 id 为 0

  123.         if(empty($userid) ) $userid = 0;

  124.         if(!is_dir($cfg_basedir.$cfg_user_dir."/$userid"))

  125.         {

  126.                 MkdirAll($cfg_basedir.$cfg_user_dir."/$userid", $cfg_dir_purview);

  127.                 CloseFtp();

  128.         }

  129.         //有上传文件

  130.         $allAllowType = str_replace('||', '|', $cfg_imgtype.'|'.$cfg_mediatype.'|'.$cfg_mb_addontype);

  131.         if(!empty($GLOBALS[$upname]) && is_uploaded_file($GLOBALS[$upname]))

  132.         {

  133.             $nowtme = time();

  134. 

  135.             $GLOBALS[$upname.'_name'] = trim(preg_replace("#[ \r\n\t\*\%\\\/\?><\|\":]{1,}#",'',$GLOBALS[$upname.'_name']));

  136.             //源文件类型检查

  137.             if($utype=='image')

  138.             {

  139.                 if(!preg_match("/\.(".$cfg_imgtype.")$/", $GLOBALS[$upname.'_name']))

  140.                 {

  141.                     ShowMsg("你所上传的图片类型不在许可列表,请上传{$cfg_imgtype}类型!",'-1');

  142.                     exit();

  143.                 }

  144.                 $sparr = Array("image/pjpeg","image/jpeg","image/gif","image/png","image/xpng","image/wbmp");

  145.                 $imgfile_type = strtolower(trim($GLOBALS[$upname.'_type']));

  146.                 if(!in_array($imgfile_type, $sparr))

  147.                 {

  148.                     ShowMsg('上传的图片格式错误,请使用JPEG、GIF、PNG、WBMP格式的其中一种!', '-1');

  149.                     exit();

  150.                 }

  151.             }

  152.             else if($utype=='flash' && !preg_match("/\.swf$/", $GLOBALS[$upname.'_name']))

  153.             {

  154.                 ShowMsg('上传的文件必须为flash文件!', '-1');

  155.                 exit();

  156.             }

  157.             else if($utype=='media' && !preg_match("/\.(".$cfg_mediatype.")$/",$GLOBALS[$upname.'_name']))

  158.             {

  159.                 ShowMsg('你所上传的文件类型必须为:'.$cfg_mediatype, '-1');

  160.                 exit();

  161.             }

  162.             else if(!preg_match("/\.(".$allAllowType.")$/", $GLOBALS[$upname.'_name']))

  163.             {

  164.                 ShowMsg("你所上传的文件类型不被允许!",'-1');

  165.                 exit();

  166.             }

  167.             //再次严格检测文件扩展名是否符合系统定义的类型

  168.             $fs = explode('.', $GLOBALS[$upname.'_name']);

  169.             $sname = $fs[count($fs)-1];

  170.             $alltypes = explode('|', $allAllowType);

  171.             if(!in_array(strtolower($sname), $alltypes))

  172.             {

  173.                 ShowMsg('你所上传的文件类型不被允许!', '-1');

  174.                 exit();

  175.             }

  176.             //强制禁止的文件类型

  177.             if(preg_match("/(asp|php|pl|cgi|shtm|js)$/", $sname))

  178.             {

  179.                 ShowMsg('你上传的文件为系统禁止的类型!', '-1');

  180.                 exit();

  181.             }

  182.             if($exname=='')

  183.             {

  184.                 $filename = $cfg_user_dir."/$userid/".dd2char($nowtme.'-'.mt_rand(1000,9999)).'.'.$sname;

  185.             }

  186.             else

  187.             {

  188.                 $filename = $cfg_user_dir."/{$userid}/{$exname}.".$sname;

  189.             }

  190.             move_uploaded_file($GLOBALS[$upname], $cfg_basedir.$filename) or die("上传文件到 {$filename} 失败!");

  191.             @unlink($GLOBALS[$upname]);

  192.             

  193.             if(@filesize($cfg_basedir.$filename) > $GLOBALS['cfg_mb_upload_size'] * 1024)

  194.             {

  195.                 @unlink($cfg_basedir.$filename);

  196.                 ShowMsg('你上传的文件超出系统大小限制!', '-1');

  197.                 exit();

  198.             }

  199.             

  200.             //加水印或缩小图片

  201.             if($utype=='image')

  202.             {

  203.                 include_once(DEDEINC.'/image.func.php');

  204.                 if($maxwidth>0 || $maxheight>0)

  205.                 {

  206.                     ImageResize($cfg_basedir.$filename, $maxwidth, $maxheight);

  207.                 }

  208.                 else if($water)

  209.                 {

  210.                     WaterImg($cfg_basedir.$filename);

  211.                 }

  212.             }

  213.             return $filename;

  214.         }

  215.         //没有上传文件

  216.         else

  217.         {

  218.             //强制禁止的文件类型

  219.             if($handname=='')

  220.             {

  221.                 return $handname;

  222.             }

  223.             else if(preg_match("/\.(asp|php|pl|cgi|shtm|js)$/", $handname))

  224.             {

  225.                 exit('Not allow filename for not safe!');

  226.             }

  227.             else if( !preg_match("/\.(".$allAllowType.")$/", $handname) )

  228.             {

  229.                 exit('Not allow filename for filetype!');

  230.             }

  231.             // 2011-4-10 修复会员中心修改相册时候错误(by:jason123j)

  232.             else if( !preg_match('#^http:#', $handname) && !preg_match('#^'.$cfg_user_dir.'/'.$userid."#", $handname) && !$isadmin )

  233.             {

  234.                 exit('Not allow filename for not userdir!');

  235.             }

  236.             return $handname;

  237.         }

  238.     }

  239. }

  240.