/** * 图片上传的处理函数 * * @access public * @param array upload 包含上传的图片文件信息的数组 * @param array dir 文件要上传在$this->data_dir下的目录名。如果为空图片放在则在$this->images_dir下以当月命名的目录下 * @param array img_name 上传图片名称,为空则随机生成 * @return mix 如果成功则返回文件名,否则返回false */ function upload_image($upload, $dir = '', $img_name = '') { /* 没有指定目录默认为根目录images */ if (empty($dir)) { /* 创建当月目录 */ $dir = date('Ym'); $dir = ROOT_PATH . $this->images_dir . '/' . $dir . '/'; } else { /* 创建目录 */ $dir = ROOT_PATH . $this->data_dir . '/' . $dir . '/'; if ($img_name) { $img_name = $dir . $img_name; // 将图片定位到正确地址 } } /* 如果目标目录不存在,则创建它 */ if (!file_exists($dir)) { if (!make_dir($dir)) { /* 创建目录失败 */ $this->error_msg = sprintf($GLOBALS['_LANG']['directory_readonly'], $dir); $this->error_no = ERR_DIRECTORY_READONLY; return false; } } if (empty($img_name)) { $img_name = $this->unique_name($dir); $img_name = $dir . $img_name . $this->get_filetype($upload['name']); } if (!$this->check_img_type($upload['type'])) { $this->error_msg = $GLOBALS['_LANG']['invalid_upload_image_type']; $this->error_no = ERR_INVALID_IMAGE_TYPE; return false; } /* 允许上传的文件类型 */ $allow_file_types = '|GIF|JPG|JEPG|PNG|BMP|SWF|'; if (!check_file_type($upload['tmp_name'], $img_name, $allow_file_types)) { $this->error_msg = $GLOBALS['_LANG']['invalid_upload_image_type']; $this->error_no = ERR_INVALID_IMAGE_TYPE; return false; } if ($this->move_file($upload, $img_name)) { return str_replace(ROOT_PATH, '', $img_name); } else { $this->error_msg = sprintf($GLOBALS['_LANG']['upload_failure'], $upload['name']); $this->error_no = ERR_UPLOAD_FAILURE; return false; } }
/** * 图片上传的处理函数 * * @access public * @param array upload 包含上传的图片文件信息的数组 * @param array dir 文件要上传在$this->data_dir下的目录名。如果为空图片放在则在$this->images_dir下以当月命名的目录下 * @param array img_name 上传图片名称,为空则随机生成 * @return mix 如果成功则返回文件名,否则返回false */ function upload_image($upload, $dir = '', $img_name = '') { /* 没有指定目录默认为根目录images */ if (empty($dir)) { /* 创建当月目录 */ $dir = date('Ym'); $dir = $this->root_path . $this->images_dir . '/' . $dir . '/'; } else { /* 创建目录 */ $dir = $this->root_path . $this->data_dir . '/' . $dir . '/'; if ($img_name) { $img_name = $dir . $img_name; // 将图片定位到正确地址 } } /* 如果目标目录不存在,则创建它 */ if (!file_exists($dir)) { $this->dmkdir($dir); } if (empty($img_name)) { $img_name = $this->unique_name($dir); $img_name = $dir . $img_name . $this->get_filetype($upload['name']); } if (!$this->check_img_type($upload['type'])) { $this->error_msg = '图片类型错误'; return false; } /* 允许上传的文件类型 */ $allow_file_types = '|GIF|JPG|JEPG|PNG|BMP|SWF|'; if (!check_file_type($upload['tmp_name'], $img_name, $allow_file_types)) { $this->error_msg = '文件类型错误'; return false; } if ($this->move_file($upload, $img_name)) { return str_replace($this->root_path, '', $img_name); } else { $this->error_msg = '文件上传失败'; return false; } }
if ($_REQUEST['act'] == 'update') { /* 权限判断 */ admin_priv('article_manage'); /*检查文章名是否相同*/ $is_only = $exc->is_only('title', $_POST['title'], $_POST['id'], "cat_id = '{$_POST['article_cat']}'"); if (!$is_only) { sys_msg(sprintf($_LANG['title_exist'], stripslashes($_POST['title'])), 1); } if (empty($_POST['cat_id'])) { $_POST['cat_id'] = 0; } /* 取得文件地址 */ $file_url = ''; if (empty($_FILES['file']['error']) || !isset($_FILES['file']['error']) && isset($_FILES['file']['tmp_name']) && $_FILES['file']['tmp_name'] != 'none') { // 检查文件格式 if (!check_file_type($_FILES['file']['tmp_name'], $_FILES['file']['name'], $allow_file_types)) { sys_msg($_LANG['invalid_file']); } // 复制文件 $res = upload_article_file($_FILES['file']); if ($res != false) { $file_url = $res; } } if ($file_url == '') { $file_url = $_POST['file_url']; } /* 计算文章打开方式 */ if ($file_url == '') { $open_type = 0; } else {
/* 处理上传文件 */ $file_var_list = array(); $sql = "SELECT * FROM " . $ecs->table('shop_config') . " WHERE parent_id > 0 AND type = 'file'"; $res = $db->query($sql); while ($row = $db->fetchRow($res)) { $file_var_list[$row['code']] = $row; } foreach ($_FILES AS $code => $file) { /* 判断用户是否选择了文件 */ if ((isset($file['error']) && $file['error'] == 0) || (!isset($file['error']) && $file['tmp_name'] != 'none')) { /* 检查上传的文件类型是否合法 */ if (!check_file_type($file['tmp_name'], $file['name'], $allow_file_types)) { sys_msg(sprintf($_LANG['msg_invalid_file'], $file['name'])); } else { if ($code == 'shop_logo') { include_once('includes/lib_template.php'); $info = get_template_info($_CFG['template']); $file_name = str_replace('{$template}', $_CFG['template'], $file_var_list[$code]['store_dir']) . $info['logo']; } elseif ($code == 'watermark') { $ext = array_pop(explode('.', $file['name']));
/** * 处理上传文件,并返回上传图片名(上传失败时返回图片名为空) * * @access public * @param array $upload $_FILES 数组 * @param array $type 图片所属类别,即data目录下的文件夹名 * * @return string 上传图片名 */ function upload_file($upload, $type) { if (!empty($upload['tmp_name'])) { $ftype = check_file_type($upload['tmp_name'], $upload['name'], '|png|jpg|jpeg|gif|doc|xls|txt|zip|ppt|pdf|rar|docx|xlsx|pptx|'); if (!empty($ftype)) { $name = date('Ymd'); for ($i = 0; $i < 6; $i++) { $name .= chr(mt_rand(97, 122)); } $name = $_SESSION['user_id'] . '_' . $name . '.' . $ftype; $target = ROOT_PATH . DATA_DIR . '/' . $type . '/' . $name; if (!move_upload_file($upload['tmp_name'], $target)) { ECTouch::err()->add(L('upload_file_error'), 1); return false; } else { return $name; } } else { ECTouch::err()->add(L('upload_file_type'), 1); return false; } } else { ECTouch::err()->add(L('upload_file_error')); return false; } }
} ##### Panel Control Check ##### ##### Upload File Validation ##### if (isset($_POST["submit_file"])) { if ($_FILES["file"]["error"] > 0) { if ($_FILES["file"]["error"] == 4) { error_msg("Error: Please select a torrent file."); } else { error_msg("Error: " . $_FILES["file"]["error"]); } } else { $file_name = $_FILES["file"]["name"]; $tmp_path = $_FILES["file"]["tmp_name"]; $file_path = $upload_dir . "/" . $_FILES["file"]["name"]; $file_type = $_FILES["file"]["type"]; if (check_ext($file_name) || check_file_type($file_type)) { if (file_exists($file_path)) { error_msg("Error: {$file_name} already exists!"); } else { move_uploaded_file($tmp_path, $file_path); if (!valid_torrent($file_path)) { remove_torrent($file_path); error_msg("Error: Invalid torrent file!"); } else { output_msg("Uploaded: {$file_name}"); } } } else { error_msg("Error: Invalid file type!"); } }
function addNews() { $file_url = ''; if (isset($_FILES['file']['error']) && $_FILES['file']['error'] == 0 || !isset($_FILES['file']['error']) && isset($_FILES['file']['tmp_name']) && $_FILES['file']['tmp_name'] != 'none') { if (!check_file_type($_FILES['file']['tmp_name'], $_FILES['file']['name'], $allow_file_types)) { sys_msg($_LANG['invalid_file']); } $res = upload_article_file($_FILES['file']); if ($res != false) { $file_url = $res; } } if (!$file_url && $_POST['article_id']) { $file_url = $_POST['file_url']; } $open_type = 2; /*插入数据*/ $add_time = gmtime(); $_POST['cat_id'] = 0; if (!$_POST['article_id']) { $sql = "INSERT INTO " . $GLOBALS['ecs']->table('article') . "(title, cat_id, article_type, is_open, author, " . "author_email, keywords, content, add_time, file_url, open_type, link, description) " . "VALUES ('{$_POST['title']}', '{$_POST['article_cat']}', '0', '1', " . "'', '', '', '{$_POST['description']}', " . "'{$add_time}', '{$file_url}', '{$open_type}', '{$_POST['link_url']}', '{$_POST['description']}')"; $GLOBALS['db']->query($sql); return $GLOBALS['db']->insert_id(); } else { $aid = (int) $_POST['article_id']; $GLOBALS['db']->query("update " . $GLOBALS['ecs']->table('article') . " set \r\n\t\ttitle='{$_POST[title]}',file_url='{$file_url}',link='{$_POST['link_url']}',description='{$_POST['description']}' where article_id={$aid}"); return $aid; } }
/** * 分类商品代表图片 * @param int $catid 商品分类id */ function upload_category_pic($catid) { /* 允许上传的文件类型 */ $allow_file_types = '|GIF|JPG|PNG|BMP|'; foreach ($_FILES as $code => $file) { /* 判断用户是否选择了文件 */ if (isset($file['error']) && $file['error'] == 0 || !isset($file['error']) && $file['tmp_name'] != 'none') { /* 检查上传的文件类型是否合法 */ if (!check_file_type($file['tmp_name'], $file['name'], $allow_file_types)) { sys_msg(sprintf($_LANG['msg_invalid_file'], $file['name'])); } else { $file_name = "../data/supplier/category/"; if ($code == 'cat_pic') { $ext = array_pop(explode('.', $file['name'])); $file_name .= $_SESSION['supplier_id'] . 'c' . time() . '.' . $ext; if ($catid > 0) { $catpic = get_cat_info($catid); if (file_exists($catpic['cat_pic'])) { @unlink($catpic['cat_pic']); } } } /* 判断是否上传成功 */ if (move_upload_file($file['tmp_name'], $file_name)) { return $file_name; } else { sys_msg(sprintf($_LANG['msg_upload_failed'], $file['name'], $file_name)); } } } } }
/** * private function validateFile. * * validation for file upload from form * * @param string $fieldname * fieldname of input file form */ function validateFile($fieldname) { $error = ''; if (!empty($_FILES[$fieldname]['error'])) { switch ($_FILES[$fieldname]['error']) { case '1': $error = 'Upload maximum file is 4 MB.'; break; case '2': $error = 'File is too big, please upload with smaller size.'; break; case '3': $error = 'File uploaded, but only halef of file.'; break; case '4': $error = 'There is no File to upload'; break; case '6': $error = 'Temporary folder not exists, Please try again.'; break; case '7': $error = 'Failed to record File into disk.'; break; case '8': $error = 'Upload file has been stop by extension.'; break; case '999': default: $error = 'No error code avaiable'; } } elseif (empty($_FILES[$fieldname]['tmp_name']) || $_FILES[$fieldname]['tmp_name'] == 'none') { $error = 'There is no File to upload.'; } elseif ($_FILES[$fieldname]['size'] > FILE_UPLOAD_MAX_SIZE) { $error = 'Upload maximum file is ' . number_format(FILE_UPLOAD_MAX_SIZE / 1024, 2) . ' MB.'; } else { //$get_ext = substr($_FILES[$fieldname]['name'],strlen($_FILES[$fieldname]['name'])-3,3); $cekfileformat = check_file_type($_FILES[$fieldname]); if (!$cekfileformat) { $error = 'Upload File only allow (jpg, gif, png, pdf, doc, xls, xlsx, docx)'; } } return $error; }
/** * 保存附件 * Enter description here ... * @param unknown_type $attach */ function save_notice_attach($notice_id, $attach, $uploader) { global $allow_file_types; $result = array("error" => 0, "msg" => ""); if (isset($attach['error']) && $attach['error'] == 0 || !isset($attach['error']) && isset($attach['tmp_name']) && $attach['tmp_name'] != 'none') { // 检查文件格式 if (!check_file_type($attach['tmp_name'], $attach['name'], $allow_file_types)) { return array("error" => 1, "msg" => "您上传的文件格式不被允许,只能是以下格式的文件才能上传:" . $allow_file_types); } // 复制文件 $res = upload_article_file($attach); if ($res != false) { $file_url = $res; } } else { if (isset($attach['error']) && $attach['error'] == 4) { return $result; } else { return array("error" => 1, "msg" => "您上传的文件存在异常,文件必须在2M之内,且只能是以下格式的文件:" . $allow_file_types); } } $sql = "insert into " . $GLOBALS['ecs']->table("notice_attach") . " (notice_id, name, path, size, type, uploader, created) \r\n\t\tvalues ('{$notice_id}', '{$attach['name']}', '{$file_url}', '{$attach['size']}', '{$attach['type']}', '{$uploader}', now()) "; $GLOBALS['db']->query($sql); return $result; }
function validate_file($field, $caption) { if ($_FILES[$field]['error'] == 0) { $temp_array = explode(":", $caption); $caption = $temp_array[0]; $file_type = $temp_array[1]; /*$mime_type = mime_content_type($_FILES[$field]['tmp_name']); if(!strstr($mime_type,$file_type)) { $this->error_array[] = "Please select a valid ".$caption." file"; }*/ if (!check_file_type($_FILES[$field]['tmp_name'], $file_type)) { $this->error_array[] = "Please select a valid " . $caption . " file"; //unset so it doesnt get added to xml schema unset($_FILES[$field]); } } }
function check_file_type($filename, $type_name) { $len = strlen($type_name); if (substr($filename, -$len) == $type_name) { return true; } return false; } // download src code $md5 = md5($src_code); $target_dir = "../code_dir/{$md5}"; $cmd = "rm -rf {$target_dir}; mkdir {$target_dir}; cd {$target_dir}; wget '{$src_code}'"; system($cmd); // depress the compressed file $file = array_pop(glob("{$target_dir}/*")); $filename = basename($file); chdir($target_dir); if (check_file_type($filename, "zip")) { $cmd = "unzip {$filename}"; } else { if (check_file_type($filename, "tgz")) { $cmd = "tar -zxvf {$filename}"; } else { echo "Invalid file type: {$filename}"; exit(1); } } system($cmd . " > /dev/null"); chdir("../../php"); save_log($src_code); echo "file downloaded successfully";
/** * 更新系统配置 */ public function post() { /* 允许上传的文件类型 */ $allow_file_types = '|GIF|JPG|PNG|BMP|SWF|DOC|XLS|PPT|MID|WAV|ZIP|RAR|PDF|CHM|RM|TXT|CERT|'; $arr = array(); $res = $this->model->table('touch_shop_config')->field('id, value')->select(); if (is_array($res)) { foreach ($res as $vo) { $arr[$vo['id']] = $vo['value']; } } foreach (I('value') as $key => $val) { if ($arr[$key] != $val) { $data['value'] = $val; $condition['id'] = $key; $this->model->table('touch_shop_config')->data($data)->where($condition)->update(); } } /* 处理上传文件 */ $file_var_list = array(); $res = $this->model->table('touch_shop_config')->where("parent_id > 0 AND type = 'file'")->select(); if (is_array($res)) { foreach ($res as $vo) { $file_var_list[$vo['code']] = $vo; } } foreach ($_FILES as $code => $file) { /* 判断用户是否选择了文件 */ if (isset($file['error']) && $file['error'] == 0 || !isset($file['error']) && $file['tmp_name'] != 'none') { /* 检查上传的文件类型是否合法 */ if (!check_file_type($file['tmp_name'], $file['name'], $allow_file_types)) { $this->message(sprintf(L('msg_invalid_file'), $file['name']), NULL, 'error'); } else { if ($code == 'shop_logo') { $info = get_template_info(C('template')); $info['logo'] = empty($info['logo']) ? 'logo.png' : $info['logo']; $file_name = str_replace('{$template}', C('template'), $file_var_list[$code]['store_dir']) . $info['logo']; } elseif ($code == 'watermark') { $name = explode('.', $file['name']); $ext = array_pop($name); $file_name = $file_var_list[$code]['store_dir'] . 'watermark.' . $ext; if (file_exists($file_var_list[$code]['value'])) { @unlink($file_var_list[$code]['value']); } } elseif ($code == 'no_picture') { $name = explode('.', $file['name']); $ext = array_pop($name); $file_name = $file_var_list[$code]['store_dir'] . 'no_picture.' . $ext; if (file_exists($file_var_list[$code]['value'])) { @unlink($file_var_list[$code]['value']); } } else { $file_name = $file_var_list[$code]['store_dir'] . $file['name']; } /* 判断是否上传成功 */ if (move_upload_file($file['tmp_name'], $file_name)) { $data2['value'] = __ROOT__ . str_replace(array('./', '../'), '/', $file_name); $this->model->table('touch_shop_config')->data($data2)->where("code = '{$code}'")->update(); } else { $this->message(sprintf(L('msg_upload_failed'), $file['name'], $file_var_list[$code]['store_dir']), NULL, 'error'); } } } } /* 处理发票类型及税率 */ $invoice_rate = I('invoice_rate'); if (!empty($invoice_rate)) { foreach ($invoice_rate as $key => $rate) { $rate = round(floatval($rate), 2); if ($rate < 0) { $rate = 0; } I('invoice_rate.' . $key, $rate); } $invoice = array('type' => I('invoice_type'), 'rate' => I('invoice_rate')); $data3['value'] = serialize($invoice); $this->model->table('touch_shop_config')->data($data3)->where("code = 'invoice_type'")->update(); } /* 清除缓存 */ clear_all_files(); $site_info = site_info(); $this->cloud->data($site_info)->act('post.record'); $this->message(L('save_success'), url('index')); }
/** * 处理上传文件,并返回上传图片名(上传失败时返回图片名为空) * * @access public * @param array $upload $_FILES 数组 * @param array $type 图片所属类别,即data目录下的文件夹名 * * @return string 上传图片名 */ function upload_file($upload, $type) { if (!empty($upload['tmp_name'])) { $ftype = check_file_type($upload['tmp_name'], $upload['name'], '|png|jpg|jpeg|gif|doc|xls|txt|zip|ppt|pdf|rar|'); if (!empty($ftype)) { $name = date('Ymd'); for ($i = 0; $i < 6; $i++) { $name .= chr(mt_rand(97, 122)); } $name = $_SESSION['user_id'] . '_' . $name . '.' . $ftype; // $target = ROOT_PATH . DATA_DIR . '/' . $type . '/' . $name; $target = saestor(DATA_DIR . '/' . $type . '/' . $name); // for sae if (!move_upload_file($upload['tmp_name'], $target)) { $GLOBALS['err']->add($GLOBALS['_LANG']['upload_file_error'], 1); return false; } else { return $name; } } else { $GLOBALS['err']->add($GLOBALS['_LANG']['upload_file_type'], 1); return false; } } else { $GLOBALS['err']->add($GLOBALS['_LANG']['upload_file_error']); return false; } }
<?php define('IN_ECS', true); define('ROOT_PATH', preg_replace('/includes(.*)/i', '', str_replace('\\', '/', __FILE__))); $allow_file_types = '|GIF|JPG|PNG|BMP|SWF|DOC|XLS|PPT|MID|WAV|ZIP|RAR|PDF|CHM|RM|TXT|XLSX|CSV|'; if ($allow_file_types && stristr($allow_file_types, '|' . $format . '|') === false) { echo "3"; echo '<br>'; $format = ''; } if (!check_file_type("D:\\phpserver\\phpfileuploadtmp\\phpB989.tmp", "studentTemplate.csv", $allow_file_types)) { print_r(array("error" => 1, "msg" => "您上传的文件格式不被允许,只能是以下格式的文件才能上传:")); } print_r("over"); ?>
function processNewArticle() { $coverMade = FALSE; $content = $_POST['content']; $numOfImages = $_POST['numOfImages']; global $erm; // Process the titles if (!processTitles()) { return FALSE; } if (!processKeywords()) { return FALSE; } if (!processDescription()) { return FALSE; } if (empty($content) || strlen($content) > 60000) { $erm = "Content empty or too large. [max] = 60000 characters."; return FALSE; } //Finished processing the title if (!$numOfImages) { $numOfImages = 0; } /* Process the image */ if ($numOfImages > 0 && $numOfImages < 6) { if (!processImageAlt()) { return FALSE; } for ($i = 0; $i < $numOfImages; $i++) { if ($_FILES['images']['size'][$i] < 1024 || $_FILES['images']['size'][$i] > 500000 || $_FILES['images']['error'][$i] != 0) { @unlink($_FILES['images']['tmp_name'][$i]); continue; } if (($ext = check_file_type($_FILES['images']['name'][$i])) == FALSE) { @unlink($_FILES['images']['tmp_name'][$i]); continue; } $newFileName = $_SESSION['author_id'] . "-" . time() . mt_rand($i * 10, $i * 10 + 9); move_uploaded_file($_FILES['images']['tmp_name'][$i], "../Images/" . $newFileName . ".{$ext}"); if ($coverMade === FALSE) { img_resize("../Images/" . $newFileName . "." . $ext, "../Images/med_thumbs/{$newFileName}.{$ext}", 300, 200, $ext); //Create a medium sized thumb just for one image in the set $coverMade = TRUE; } img_resize("../Images/" . $newFileName . "." . $ext, "../Images/large_thumbs/{$newFileName}.{$ext}", 675, 450, $ext); //Create a large thumb for every image $imageArray[] = $newFileName . "." . $ext; //$imageArray contains the name of every successfully uploaded image file } } if (empty($imageArray)) { $imgExists = 0; } else { $imgExists = 1; } if (($id = write_text_to_database($imgExists)) === FALSE) { $erm = "Database error"; return FALSE; } if ($imgExists) { write_images_to_database($id, $imageArray); } return $id; }