DedeBIZ
/
DedeV6


			
				
					
						
						
							
							<?php
/**
 * 后台api接口
 *
 * @version        $id:api.php 8:26 2022年11月20日 tianya $
 * @package        DedeBIZ.Administrator
 * @copyright      Copyright (c) 2022 DedeBIZ.COM
 * @license        GNU GPL v2 (https://www.dedebiz.com/license)
 * @link           https://www.dedebiz.com
 */
define('AJAXLOGIN', TRUE);
define('IS_DEDEAPI', TRUE);
define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));
require_once(DEDEADMIN.'/../system/common.inc.php');
require_once(DEDEINC.'/userlogin.class.php');
@set_time_limit(0);
AjaxHead();
helper('cache');
$action = isset($action) && in_array($action, array('is_need_check_code', 'has_new_version', 'get_changed_files', 'update_backup', 'get_update_versions', 'update', 'upload_image', 'get_ai_server', 'get_setbody_url')) ? $action  : '';
$curDir = dirname(GetCurUrl());//当前目录
/**
 * 登录鉴权
 *
 * @return void
 */
function checkLogin()
{
    $cuserLogin = new userLogin();
    if ($cuserLogin->getUserID() <= 0 || $cuserLogin->getUserType() != 10) {
        echo json_encode(array(
            "code" => -1,
            "msg" => "此操作需要登录超级管理员权限",
            "data" => null,
        ));
        exit;
    }
}
if ($action === 'is_need_check_code') {
    $cuserLogin = new userLogin();
    $isNeed = $cuserLogin->isNeedCheckCode($userid);
    echo json_encode(array(
        "code" => 0,
        "msg" => "",
        "data" => array(
            "isNeed" => $isNeed,
        ),
    ));
    exit;
} else if ($action === 'has_new_version') {
    //判断版本SQL之间差异
    $unQueryVer = array();
    if (!TableHasField("#@__tagindex", "keywords")) {
        $unQueryVer[] = "6.0.2";
    }
    if (!TableHasField("#@__feedback", "replycount")) {
        $unQueryVer[] = "6.0.3";
    }
    if (!TableHasField("#@__arctype", "litimg")) {
        $unQueryVer[] = "6.1.0";
    }
    if (!$dsql->IsTable("#@__statistics")) {
        $unQueryVer[] = "6.1.7";
    }
    if (TableHasField("#@__tagindex", "tag_pinyin")) {
        $unQueryVer[] = "6.1.8";
    }
    if (!TableHasField("#@__admin", "pwd_new")) {
        $unQueryVer[] = "6.1.9";
    }
    if (!TableHasField("#@__arctype", "cnoverview")) {
        $unQueryVer[] = "6.1.10";
    }
    if (!TableHasField("#@__admin", "loginerr") || !TableHasField("#@__member", "loginerr")) {
        $unQueryVer[] = "6.2.0";
    }
    $row = $dsql->GetOne("SELECT COUNT(*) as dd FROM `#@__sysconfig` WHERE varname = 'cfg_bizcore_api'");
    if (isset($row['dd']) && $row['dd'] == 0) {
        $unQueryVer[] = "6.2.3";
    }
    if (!$dsql->IsTable("#@__sys_payment")) {
        $unQueryVer[] = "6.2.5";
    }
    if (!TableHasField("#@__arctype", "apienabled")) {
        $unQueryVer[] = "6.2.7";
    }
    if (!$dsql->IsTable("#@__ai")) {
        $unQueryVer[] = "6.5.0";
    }
    $row = $dsql->GetOne("SELECT COUNT(*) as dd FROM `#@__ai_prompt` WHERE pname = 'body_edit'");
    if (isset($row['dd']) && $row['dd'] == 0) {
        $unQueryVer[] = "6.5.1";
    }
    if (count($unQueryVer) > 0) {
        $upsqls = GetUpdateSQL();
        foreach ($unQueryVer as $vv) {
            $ss = $upsqls[$vv];
            foreach ($ss as $s) {
                if (trim($s) != '') {
                    $dsql->safeCheck = false;
                    $dsql->ExecuteNoneQuery(trim($s));
                    $dsql->safeCheck = true;
                }
            }
        }
    }
    require_once(DEDEINC.'/libraries/dedehttpdown.class.php');
    checkLogin();
    //发现有新版本
    $phpv = phpversion();
    $sp_os = PHP_OS;
    $mysql_ver = $dsql->GetVersion();
    $nurl = $_SERVER['HTTP_HOST'];
    if (preg_match("#[a-z\-]{1,}\.[a-z]{2,}#i", $nurl)) {
        $nurl = urlencode($nurl);
    } else {
        $nurl = "test";
    }
    $add_query = '';
    $query = "SELECT COUNT(*) AS dd FROM `#@__member` ";
    $row1 = $dsql->GetOne($query);
    if ($row1) $add_query .= "&mcount={$row1['dd']}";
    $query = "SELECT COUNT(*) AS dd FROM `#@__arctiny` ";
    $row2 = $dsql->GetOne($query);
    if ($row2) $add_query .= "&acount={$row2['dd']}";
    $offUrl = DEDEBIZURL."/version?version={$cfg_version_detail}&formurl={$nurl}&phpver={$phpv}&os={$sp_os}&mysqlver={$mysql_ver}{$add_query}&json=1";
    if (strpos($_SERVER['SERVER_SOFTWARE'], 'Development Server') !== false && version_compare(phpversion(), '7.2', '<')) {
        echo json_encode(array(
            "code"=>-1,
            "msg"=>'获取版本信息失败',
        ));
        exit;
    }
    $dhd = new DedeHttpDown();
    $dhd->OpenUrl($offUrl);
    $data = $dhd->GetHtml();
    if (empty($data)) {
        echo json_encode(array(
            "code" => -1,
            "msg" => '获取版本信息失败',
        ));
    } else {
        echo $data;
    }
} else if ($action === 'get_changed_files') {
    require_once(DEDEINC.'/libraries/dedehttpdown.class.php');
    checkLogin();
    //获取本地更改过的文件
    $hashUrl = DEDEBIZCDN.'/release/'.$cfg_version_detail.'.json';
    $dhd = new DedeHttpDown();
    $dhd->OpenUrl($hashUrl);
    $data = $dhd->GetJSON();
    if (empty($data)) {
        echo json_encode(array(
            "code" => -1,
            "msg" => '获取版本信息失败',
        ));
        exit();
    }
    $changedFiles = array();
    foreach ($data as $file) {
        $realFile = DEDEROOT.str_replace("\\", '/', $file->filename);
        if (file_exists($realFile) && md5_file($realFile) !== $file->hash) {
            $changedFiles[] = $file;
            continue;
        }
    }
    echo json_encode(array(
        "code" => 0,
        "msg" => "",
        "data" => array(
            "files" => $changedFiles,
        ),
    ));
    exit;
} else if ($action === 'update_backup') {
    require_once(DEDEINC.'/libraries/dedehttpdown.class.php');
    checkLogin();
    //获取本地更改过的文件
    $hashUrl = DEDEBIZCDN.'/release/'.$cfg_version_detail.'.json';
    $dhd = new DedeHttpDown();
    $dhd->OpenUrl($hashUrl);
    $data = $dhd->GetJSON();
    if (empty($data)) {
        echo json_encode(array(
            "code" => -1,
            "msg" => '获取版本信息失败',
        ));
        exit;
    }
    $changedFiles = array();
    $enkey = substr(md5(substr($cfg_cookie_encode, 0, 5)), 0, 10);
    $backupPath = DEDEDATA."/backupfile_{$enkey}";
    RmRecurse($backupPath);
    mkdir($backupPath);
    foreach ($data as $file) {
        $realFile = DEDEROOT.str_replace("\\", '/', $file->filename);
        //备份文件
        if (file_exists($realFile) && md5_file($realFile) !== $file->hash) {
            $dstFile = $backupPath.'/'.str_replace("\\", '/', $file->filename);
            @mkdir(dirname($dstFile), 0777, true);
            copy($realFile, $dstFile);
        }
    }
    echo json_encode(array(
        "code" => 0,
        "msg" => "",
        "data" => array(
            "backupdir" => "data/backupfile_{$enkey}",
        ),
    ));
    exit;
} else if ($action === 'get_update_versions') {
    require_once(DEDEINC.'/libraries/dedehttpdown.class.php');
    checkLogin();
    //获取本地更改过的文件
    $offUrl = DEDEBIZURL."/versions?version={$cfg_version_detail}";
    $dhd = new DedeHttpDown();
    $dhd->OpenUrl($offUrl);
    $data = $dhd->GetHtml();
    if (empty($data)) {
        echo json_encode(array(
            "code" => -1,
            "msg" => '获取版本信息失败',
        ));
        exit;
    }
    $arr = json_decode($data);
    SetCache('update', 'vers', $arr->result->Versions);
    echo $data;
    exit;
} else if ($action === 'update') {
    require_once(DEDEINC.'/libraries/dedehttpdown.class.php');
    $row = GetCache('update', 'vers');
    if (count($row) === 0) {
        echo json_encode(array(
            "code" => -1,
            "msg" => "请获取版本更新记录",
            "data" => null,
        ));
        exit;
    }
    $enkey = substr(md5(substr($cfg_cookie_encode, 0, 5)), 0, 10);
    $backupPath = DEDEDATA."/updatefile_{$enkey}";
    @mkdir($backupPath);
    foreach ($row as $k => $ver) {
        if ($ver->isdownload !== true) {
            $filesUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/files.txt';
            $dhd = new DedeHttpDown();
            $dhd->OpenUrl($filesUrl);
            $fileList = $dhd->GetJSON();
            $dhd->Close();
            $backupVerPath = $backupPath.'/'.$ver->ver;
            if (!is_dir($backupVerPath)) {
                @mkdir($backupVerPath);
            }
            $i = 0;
            foreach ($fileList as $f) {
                $realFile = $backupVerPath.$f->filename;
                //忽略src之外的目录
                if (!preg_match("/^\//", $f->filename)) {
                    continue;
                }
                if (file_exists($realFile)) {
                    continue;
                }
                $fileUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/src'.$f->filename;
                $dhd = new DedeHttpDown();
                $dhd->OpenUrl($fileUrl);
                $fData = $dhd->GetHtml();
                $dhd->Close();
                $f->filename = preg_replace('/^\/admin/', $curDir, $f->filename);
                @mkdir(dirname($realFile), 0777, true);
                file_put_contents($realFile, $fData);
                $i++;
                if ($i === 10) {
                    echo json_encode(array(
                        "code" => 0,
                        "msg" => "正在下载{$ver->ver}版本的{$f->filename}文件",
                        "data" => array(
                            "finish" => false,
                        ),
                    ));
                    exit;
                }
            }
            $sqlUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/update.sql';
            $dhd = new DedeHttpDown();
            $dhd->OpenUrl($sqlUrl);
            $fData = $dhd->GetHtml();
            $dhd->Close();
            $realFile = $backupVerPath.'/update.sql';
            file_put_contents($realFile, $fData);
            $realFile = $backupVerPath.'/files.txt';
            file_put_contents($realFile, json_encode($fileList));
            $row[$k]->isdownload = true;
            SetCache('update', 'vers', $row);
            echo json_encode(array(
                "code" => 0,
                "msg" => "正在下载{$ver->ver}版本更新文件",
                "data" => array(
                    "finish" => false,
                ),
            ));
            exit;
        }
    }
    foreach ($row as $k => $ver) {
        if ($ver->ispatched !== true) {
            $backupVerPath = $backupPath.'/'.$ver->ver;
            //执行更新SQL文件
            $sql = file_get_contents($backupVerPath.'/update.sql');
            if (!empty($sql)) {
                $sql = preg_replace('#ENGINE=MyISAM#i', 'TYPE=MyISAM', $sql);
                $sql41tmp = 'ENGINE=MyISAM DEFAULT CHARSET='.$cfg_db_language;
                $sql = preg_replace('#TYPE=MyISAM#i', $sql41tmp, $sql);
                $sqls = explode(";\r\n", $sql);
                foreach ($sqls as $sql) {
                    if (trim($sql) != '') {
                        $dsql->safeCheck = false;
                        $dsql->ExecuteNoneQuery(trim($sql));
                        $dsql->safeCheck = true;
                    }
                }
            }
            //复制文件
            $fileList = json_decode(file_get_contents($backupVerPath.'/files.txt'));
            foreach ($fileList as $f) {
                //忽略src之外的目录
                if (!preg_match("/^\//", $f->filename)) {
                    continue;
                }
                $f->filename = preg_replace('/^\/admin/', $curDir, $f->filename);
                $srcFile = $backupVerPath.$f->filename;
                $dstFile = str_replace(array("\\", "//"), '/', DEDEROOT.$f->filename);
                @mkdir(dirname($dstFile), 0777, true);
                $rs = @copy($srcFile, $dstFile);
                if ($rs) {
                    unlink($srcFile);
                }
            }
            $row[$k]->ispatched = true;
            SetCache('update', 'vers', $row);
            RmRecurse($backupVerPath);
            echo json_encode(array(
                "code" => 0,
                "msg" => "正在更新{$ver->ver}版本补丁文件",
                "data" => array(
                    "finish" => false,
                ),
            ));
            exit;
        }
    }
    echo json_encode(array(
        "code" => 0,
        "msg" => "",
        "data" => array(
            "finish" => true,
        ),
    ));
    exit;
} else if($action === 'upload_image') {
    $cuserLogin = new userLogin();
    if ($cuserLogin->getUserID() <= 0) {
        echo json_encode(array(
            "code" => -1,
            "msg" => "登录系统后才能上传图片",
            "data" => null,
        ));
        exit;
    }
    $imgfile_name = $_FILES["file"]['name'];
    $activepath = $cfg_image_dir;
    $allowedTypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/webp");
    $uploadedFile = $_FILES['file']['tmp_name'];
    if (!function_exists('mime_content_type')) {
        echo json_encode(array(
            "code" => -1,
            "uploaded" => 0,
            "error" => array(
                "message" => "系统不支持fileinfo组件，建议php.ini中开启",
            ),
        ));
        exit;
    }
    if (empty($uploadedFile)) {
        echo json_encode(array(
            "code" => -1,
            "msg" => "文件为空",
            "data" => null,
        ));
        exit;
    }
    $fileType = mime_content_type($uploadedFile);
    $imgSize = getimagesize($uploadedFile);
    if (!in_array($fileType, $allowedTypes) || !$imgSize) {
        echo json_encode(array(
            "code" => -1,
            "uploaded" => 0,
            "error" => array(
                "message" => "仅支持图片格式文件",
            ),
        ));
        exit;
    }
    $nowtme = time();
    $mdir = MyDate($cfg_addon_savetype, $nowtme);
    if (!is_dir($cfg_basedir.$activepath."/$mdir")) {
        MkdirAll($cfg_basedir.$activepath."/$mdir", $cfg_dir_purview);
    }
    $cuserLogin = new userLogin();
    $iseditor = isset($iseditor)? intval($iseditor) : 0;
    $filename_name = $cuserLogin->getUserID().'-'.dd2char(MyDate("ymdHis", $nowtme).mt_rand(100, 999));
    $filename = $mdir.'/'.$filename_name;
    $fs = explode('.', $imgfile_name);
    $filename = $filename.'.'.$fs[count($fs) - 1];
    $filename_name = $filename_name.'.'.$fs[count($fs) - 1];
    $fullfilename = $cfg_basedir.$activepath."/".$filename;
    if (preg_match('#\.(php|pl|cgi|asp|aspx|jsp|php5|php4|php3|shtm|shtml|htm)$#i', trim($fullfilename))) {
        echo json_encode(array(
            "code" => -1,
            "uploaded" => 0,
            "error" => array(
                "message" => "文件扩展名已被系统禁止",
            ),
        ));
        exit;
    }
    move_uploaded_file($_FILES["file"]["tmp_name"], $fullfilename) or die(json_encode(array(
        "code" => -1,
        "uploaded" => 0,
        "error" => array(
            "message" => "上传失败",
        ),
    )));
    $info = '';
    $sizes[0] = 0;
    $sizes[1] = 0;
    $sizes = getimagesize($fullfilename, $info);
    $imgwidthValue = $sizes[0];
    $imgheightValue = $sizes[1];
    $imgsize = filesize($fullfilename);
    $inquery = "INSERT INTO `#@__uploads` (arcid,title,url,mediatype,width,height,playtime,filesize,uptime,mid) VALUES ('0','$filename','".$activepath."/".$filename."','1','$imgwidthValue','$imgheightValue','0','{$imgsize}','{$nowtme}','".$cuserLogin->getUserID()."'); ";
    $dsql->ExecuteNoneQuery($inquery);
    $fid = $dsql->GetLastID();
    AddMyAddon($fid, $activepath.'/'.$filename);
    echo json_encode(array(
        "code" => 0,
        "msg" => "上传成功",
        "data" => $activepath."/".$filename,
    ));
} else if($action === 'get_ai_server') {
    $params = $_GET;
    unset($params['action']);
    checkLogin();
    $params['timestamp'] = time(); // 加入时间戳
    $cuserLogin = new userLogin();
    $params['adminid'] = $cuserLogin->getUserID(); // 加入时间戳
    $params['ip'] = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1'; // 获取客户端IP

    ksort($params); // 按字典序排序
    $queryString = http_build_query($params); // 生成查询字符串
    $params['sign'] = md5($queryString . $cfg_ai_apikey); // 计算MD5签名
    $url = $cfg_ai_server . '/ai?' . http_build_query($params);
    echo json_encode(array(
        "code" => 0,
        "data" => $url,
    ));
} else if($action === 'get_setbody_url') {
    $params = $_GET;
    unset($params['action']);
    checkLogin();
    $params['timestamp'] = time(); // 加入时间戳
    $cuserLogin = new userLogin();
    $params['adminid'] = $cuserLogin->getUserID(); // 加入时间戳
    $params['ip'] = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1'; // 获取客户端IP

    ksort($params); // 按字典序排序
    $queryString = http_build_query($params); // 生成查询字符串
    $params['sign'] = md5($queryString . $cfg_ai_apikey); // 计算MD5签名
    $url = $cfg_ai_server . '/api/setbody?' . http_build_query($params);
    echo json_encode(array(
        "code" => 0,
        "data" => $url,
    ));
}
?>