/**
* 图片上传的处理函数
*
* @access public
* @param array upload 包含上传的图片文件信息的数组
* @param array dir 文件要上传在$this->data_dir下的目录名。如果为空图片放在则在$this->images_dir下以当月命名的目录下
* @param array img_name 上传图片名称,为空则随机生成
* @return mix 如果成功则返回文件名,否则返回false
*/
function upload_image($upload, $dir = '', $img_name = '')
{
/* 没有指定目录默认为根目录images */
if (empty($dir)) {
/* 创建当月目录 */
$dir = date('Ym');
$dir = ROOT_PATH . $this->images_dir . '/' . $dir . '/';
} else {
/* 创建目录 */
$dir = ROOT_PATH . $this->data_dir . '/' . $dir . '/';
if ($img_name) {
$img_name = $dir . $img_name;
// 将图片定位到正确地址
}
}
/* 如果目标目录不存在,则创建它 */
if (!file_exists($dir)) {
if (!make_dir($dir)) {
/* 创建目录失败 */
$this->error_msg = sprintf($GLOBALS['_LANG']['directory_readonly'], $dir);
$this->error_no = ERR_DIRECTORY_READONLY;
return false;
}
}
if (empty($img_name)) {
$img_name = $this->unique_name($dir);
$img_name = $dir . $img_name . $this->get_filetype($upload['name']);
}
if (!$this->check_img_type($upload['type'])) {
$this->error_msg = $GLOBALS['_LANG']['invalid_upload_image_type'];
$this->error_no = ERR_INVALID_IMAGE_TYPE;
return false;
}
/* 允许上传的文件类型 */
$allow_file_types = '|GIF|JPG|JEPG|PNG|BMP|SWF|';
if (!check_file_type($upload['tmp_name'], $img_name, $allow_file_types)) {
$this->error_msg = $GLOBALS['_LANG']['invalid_upload_image_type'];
$this->error_no = ERR_INVALID_IMAGE_TYPE;
return false;
}
if ($this->move_file($upload, $img_name)) {
return str_replace(ROOT_PATH, '', $img_name);
} else {
$this->error_msg = sprintf($GLOBALS['_LANG']['upload_failure'], $upload['name']);
$this->error_no = ERR_UPLOAD_FAILURE;
return false;
}
}
/**
* 图片上传的处理函数
*
* @access public
* @param array upload 包含上传的图片文件信息的数组
* @param array dir 文件要上传在$this->data_dir下的目录名。如果为空图片放在则在$this->images_dir下以当月命名的目录下
* @param array img_name 上传图片名称,为空则随机生成
* @return mix 如果成功则返回文件名,否则返回false
*/
function upload_image($upload, $dir = '', $img_name = '')
{
/* 没有指定目录默认为根目录images */
if (empty($dir)) {
/* 创建当月目录 */
$dir = date('Ym');
$dir = $this->root_path . $this->images_dir . '/' . $dir . '/';
} else {
/* 创建目录 */
$dir = $this->root_path . $this->data_dir . '/' . $dir . '/';
if ($img_name) {
$img_name = $dir . $img_name;
// 将图片定位到正确地址
}
}
/* 如果目标目录不存在,则创建它 */
if (!file_exists($dir)) {
$this->dmkdir($dir);
}
if (empty($img_name)) {
$img_name = $this->unique_name($dir);
$img_name = $dir . $img_name . $this->get_filetype($upload['name']);
}
if (!$this->check_img_type($upload['type'])) {
$this->error_msg = '图片类型错误';
return false;
}
/* 允许上传的文件类型 */
$allow_file_types = '|GIF|JPG|JEPG|PNG|BMP|SWF|';
if (!check_file_type($upload['tmp_name'], $img_name, $allow_file_types)) {
$this->error_msg = '文件类型错误';
return false;
}
if ($this->move_file($upload, $img_name)) {
return str_replace($this->root_path, '', $img_name);
} else {
$this->error_msg = '文件上传失败';
return false;
}
}
if ($_REQUEST['act'] == 'update') {
/* 权限判断 */
admin_priv('article_manage');
/*检查文章名是否相同*/
$is_only = $exc->is_only('title', $_POST['title'], $_POST['id'], "cat_id = '{$_POST['article_cat']}'");
if (!$is_only) {
sys_msg(sprintf($_LANG['title_exist'], stripslashes($_POST['title'])), 1);
}
if (empty($_POST['cat_id'])) {
$_POST['cat_id'] = 0;
}
/* 取得文件地址 */
$file_url = '';
if (empty($_FILES['file']['error']) || !isset($_FILES['file']['error']) && isset($_FILES['file']['tmp_name']) && $_FILES['file']['tmp_name'] != 'none') {
// 检查文件格式
if (!check_file_type($_FILES['file']['tmp_name'], $_FILES['file']['name'], $allow_file_types)) {
sys_msg($_LANG['invalid_file']);
}
// 复制文件
$res = upload_article_file($_FILES['file']);
if ($res != false) {
$file_url = $res;
}
}
if ($file_url == '') {
$file_url = $_POST['file_url'];
}
/* 计算文章打开方式 */
if ($file_url == '') {
$open_type = 0;
} else {
/* 处理上传文件 */
$file_var_list = array();
$sql = "SELECT * FROM " . $ecs->table('shop_config') . " WHERE parent_id > 0 AND type = 'file'";
$res = $db->query($sql);
while ($row = $db->fetchRow($res))
{
$file_var_list[$row['code']] = $row;
}
foreach ($_FILES AS $code => $file)
{
/* 判断用户是否选择了文件 */
if ((isset($file['error']) && $file['error'] == 0) || (!isset($file['error']) && $file['tmp_name'] != 'none'))
{
/* 检查上传的文件类型是否合法 */
if (!check_file_type($file['tmp_name'], $file['name'], $allow_file_types))
{
sys_msg(sprintf($_LANG['msg_invalid_file'], $file['name']));
}
else
{
if ($code == 'shop_logo')
{
include_once('includes/lib_template.php');
$info = get_template_info($_CFG['template']);
$file_name = str_replace('{$template}', $_CFG['template'], $file_var_list[$code]['store_dir']) . $info['logo'];
}
elseif ($code == 'watermark')
{
$ext = array_pop(explode('.', $file['name']));
/**
* 处理上传文件,并返回上传图片名(上传失败时返回图片名为空)
*
* @access public
* @param array $upload $_FILES 数组
* @param array $type 图片所属类别,即data目录下的文件夹名
*
* @return string 上传图片名
*/
function upload_file($upload, $type)
{
if (!empty($upload['tmp_name'])) {
$ftype = check_file_type($upload['tmp_name'], $upload['name'], '|png|jpg|jpeg|gif|doc|xls|txt|zip|ppt|pdf|rar|docx|xlsx|pptx|');
if (!empty($ftype)) {
$name = date('Ymd');
for ($i = 0; $i < 6; $i++) {
$name .= chr(mt_rand(97, 122));
}
$name = $_SESSION['user_id'] . '_' . $name . '.' . $ftype;
$target = ROOT_PATH . DATA_DIR . '/' . $type . '/' . $name;
if (!move_upload_file($upload['tmp_name'], $target)) {
ECTouch::err()->add(L('upload_file_error'), 1);
return false;
} else {
return $name;
}
} else {
ECTouch::err()->add(L('upload_file_type'), 1);
return false;
}
} else {
ECTouch::err()->add(L('upload_file_error'));
return false;
}
}
}
##### Panel Control Check #####
##### Upload File Validation #####
if (isset($_POST["submit_file"])) {
if ($_FILES["file"]["error"] > 0) {
if ($_FILES["file"]["error"] == 4) {
error_msg("Error: Please select a torrent file.");
} else {
error_msg("Error: " . $_FILES["file"]["error"]);
}
} else {
$file_name = $_FILES["file"]["name"];
$tmp_path = $_FILES["file"]["tmp_name"];
$file_path = $upload_dir . "/" . $_FILES["file"]["name"];
$file_type = $_FILES["file"]["type"];
if (check_ext($file_name) || check_file_type($file_type)) {
if (file_exists($file_path)) {
error_msg("Error: {$file_name} already exists!");
} else {
move_uploaded_file($tmp_path, $file_path);
if (!valid_torrent($file_path)) {
remove_torrent($file_path);
error_msg("Error: Invalid torrent file!");
} else {
output_msg("Uploaded: {$file_name}");
}
}
} else {
error_msg("Error: Invalid file type!");
}
}
function addNews()
{
$file_url = '';
if (isset($_FILES['file']['error']) && $_FILES['file']['error'] == 0 || !isset($_FILES['file']['error']) && isset($_FILES['file']['tmp_name']) && $_FILES['file']['tmp_name'] != 'none') {
if (!check_file_type($_FILES['file']['tmp_name'], $_FILES['file']['name'], $allow_file_types)) {
sys_msg($_LANG['invalid_file']);
}
$res = upload_article_file($_FILES['file']);
if ($res != false) {
$file_url = $res;
}
}
if (!$file_url && $_POST['article_id']) {
$file_url = $_POST['file_url'];
}
$open_type = 2;
/*插入数据*/
$add_time = gmtime();
$_POST['cat_id'] = 0;
if (!$_POST['article_id']) {
$sql = "INSERT INTO " . $GLOBALS['ecs']->table('article') . "(title, cat_id, article_type, is_open, author, " . "author_email, keywords, content, add_time, file_url, open_type, link, description) " . "VALUES ('{$_POST['title']}', '{$_POST['article_cat']}', '0', '1', " . "'', '', '', '{$_POST['description']}', " . "'{$add_time}', '{$file_url}', '{$open_type}', '{$_POST['link_url']}', '{$_POST['description']}')";
$GLOBALS['db']->query($sql);
return $GLOBALS['db']->insert_id();
} else {
$aid = (int) $_POST['article_id'];
$GLOBALS['db']->query("update " . $GLOBALS['ecs']->table('article') . " set \r\n\t\ttitle='{$_POST[title]}',file_url='{$file_url}',link='{$_POST['link_url']}',description='{$_POST['description']}' where article_id={$aid}");
return $aid;
}
}
/**
* 分类商品代表图片
* @param int $catid 商品分类id
*/
function upload_category_pic($catid)
{
/* 允许上传的文件类型 */
$allow_file_types = '|GIF|JPG|PNG|BMP|';
foreach ($_FILES as $code => $file) {
/* 判断用户是否选择了文件 */
if (isset($file['error']) && $file['error'] == 0 || !isset($file['error']) && $file['tmp_name'] != 'none') {
/* 检查上传的文件类型是否合法 */
if (!check_file_type($file['tmp_name'], $file['name'], $allow_file_types)) {
sys_msg(sprintf($_LANG['msg_invalid_file'], $file['name']));
} else {
$file_name = "../data/supplier/category/";
if ($code == 'cat_pic') {
$ext = array_pop(explode('.', $file['name']));
$file_name .= $_SESSION['supplier_id'] . 'c' . time() . '.' . $ext;
if ($catid > 0) {
$catpic = get_cat_info($catid);
if (file_exists($catpic['cat_pic'])) {
@unlink($catpic['cat_pic']);
}
}
}
/* 判断是否上传成功 */
if (move_upload_file($file['tmp_name'], $file_name)) {
return $file_name;
} else {
sys_msg(sprintf($_LANG['msg_upload_failed'], $file['name'], $file_name));
}
}
}
}
}
/**
* private function validateFile.
*
* validation for file upload from form
*
* @param string $fieldname
* fieldname of input file form
*/
function validateFile($fieldname)
{
$error = '';
if (!empty($_FILES[$fieldname]['error'])) {
switch ($_FILES[$fieldname]['error']) {
case '1':
$error = 'Upload maximum file is 4 MB.';
break;
case '2':
$error = 'File is too big, please upload with smaller size.';
break;
case '3':
$error = 'File uploaded, but only halef of file.';
break;
case '4':
$error = 'There is no File to upload';
break;
case '6':
$error = 'Temporary folder not exists, Please try again.';
break;
case '7':
$error = 'Failed to record File into disk.';
break;
case '8':
$error = 'Upload file has been stop by extension.';
break;
case '999':
default:
$error = 'No error code avaiable';
}
} elseif (empty($_FILES[$fieldname]['tmp_name']) || $_FILES[$fieldname]['tmp_name'] == 'none') {
$error = 'There is no File to upload.';
} elseif ($_FILES[$fieldname]['size'] > FILE_UPLOAD_MAX_SIZE) {
$error = 'Upload maximum file is ' . number_format(FILE_UPLOAD_MAX_SIZE / 1024, 2) . ' MB.';
} else {
//$get_ext = substr($_FILES[$fieldname]['name'],strlen($_FILES[$fieldname]['name'])-3,3);
$cekfileformat = check_file_type($_FILES[$fieldname]);
if (!$cekfileformat) {
$error = 'Upload File only allow (jpg, gif, png, pdf, doc, xls, xlsx, docx)';
}
}
return $error;
}
/**
* 保存附件
* Enter description here ...
* @param unknown_type $attach
*/
function save_notice_attach($notice_id, $attach, $uploader)
{
global $allow_file_types;
$result = array("error" => 0, "msg" => "");
if (isset($attach['error']) && $attach['error'] == 0 || !isset($attach['error']) && isset($attach['tmp_name']) && $attach['tmp_name'] != 'none') {
// 检查文件格式
if (!check_file_type($attach['tmp_name'], $attach['name'], $allow_file_types)) {
return array("error" => 1, "msg" => "您上传的文件格式不被允许,只能是以下格式的文件才能上传:" . $allow_file_types);
}
// 复制文件
$res = upload_article_file($attach);
if ($res != false) {
$file_url = $res;
}
} else {
if (isset($attach['error']) && $attach['error'] == 4) {
return $result;
} else {
return array("error" => 1, "msg" => "您上传的文件存在异常,文件必须在2M之内,且只能是以下格式的文件:" . $allow_file_types);
}
}
$sql = "insert into " . $GLOBALS['ecs']->table("notice_attach") . " (notice_id, name, path, size, type, uploader, created) \r\n\t\tvalues ('{$notice_id}', '{$attach['name']}', '{$file_url}', '{$attach['size']}', '{$attach['type']}', '{$uploader}', now()) ";
$GLOBALS['db']->query($sql);
return $result;
}
function validate_file($field, $caption)
{
if ($_FILES[$field]['error'] == 0) {
$temp_array = explode(":", $caption);
$caption = $temp_array[0];
$file_type = $temp_array[1];
/*$mime_type = mime_content_type($_FILES[$field]['tmp_name']);
if(!strstr($mime_type,$file_type)) {
$this->error_array[] = "Please select a valid ".$caption." file";
}*/
if (!check_file_type($_FILES[$field]['tmp_name'], $file_type)) {
$this->error_array[] = "Please select a valid " . $caption . " file";
//unset so it doesnt get added to xml schema
unset($_FILES[$field]);
}
}
}
function check_file_type($filename, $type_name)
{
$len = strlen($type_name);
if (substr($filename, -$len) == $type_name) {
return true;
}
return false;
}
// download src code
$md5 = md5($src_code);
$target_dir = "../code_dir/{$md5}";
$cmd = "rm -rf {$target_dir}; mkdir {$target_dir}; cd {$target_dir}; wget '{$src_code}'";
system($cmd);
// depress the compressed file
$file = array_pop(glob("{$target_dir}/*"));
$filename = basename($file);
chdir($target_dir);
if (check_file_type($filename, "zip")) {
$cmd = "unzip {$filename}";
} else {
if (check_file_type($filename, "tgz")) {
$cmd = "tar -zxvf {$filename}";
} else {
echo "Invalid file type: {$filename}";
exit(1);
}
}
system($cmd . " > /dev/null");
chdir("../../php");
save_log($src_code);
echo "file downloaded successfully";
/**
* 更新系统配置
*/
public function post()
{
/* 允许上传的文件类型 */
$allow_file_types = '|GIF|JPG|PNG|BMP|SWF|DOC|XLS|PPT|MID|WAV|ZIP|RAR|PDF|CHM|RM|TXT|CERT|';
$arr = array();
$res = $this->model->table('touch_shop_config')->field('id, value')->select();
if (is_array($res)) {
foreach ($res as $vo) {
$arr[$vo['id']] = $vo['value'];
}
}
foreach (I('value') as $key => $val) {
if ($arr[$key] != $val) {
$data['value'] = $val;
$condition['id'] = $key;
$this->model->table('touch_shop_config')->data($data)->where($condition)->update();
}
}
/* 处理上传文件 */
$file_var_list = array();
$res = $this->model->table('touch_shop_config')->where("parent_id > 0 AND type = 'file'")->select();
if (is_array($res)) {
foreach ($res as $vo) {
$file_var_list[$vo['code']] = $vo;
}
}
foreach ($_FILES as $code => $file) {
/* 判断用户是否选择了文件 */
if (isset($file['error']) && $file['error'] == 0 || !isset($file['error']) && $file['tmp_name'] != 'none') {
/* 检查上传的文件类型是否合法 */
if (!check_file_type($file['tmp_name'], $file['name'], $allow_file_types)) {
$this->message(sprintf(L('msg_invalid_file'), $file['name']), NULL, 'error');
} else {
if ($code == 'shop_logo') {
$info = get_template_info(C('template'));
$info['logo'] = empty($info['logo']) ? 'logo.png' : $info['logo'];
$file_name = str_replace('{$template}', C('template'), $file_var_list[$code]['store_dir']) . $info['logo'];
} elseif ($code == 'watermark') {
$name = explode('.', $file['name']);
$ext = array_pop($name);
$file_name = $file_var_list[$code]['store_dir'] . 'watermark.' . $ext;
if (file_exists($file_var_list[$code]['value'])) {
@unlink($file_var_list[$code]['value']);
}
} elseif ($code == 'no_picture') {
$name = explode('.', $file['name']);
$ext = array_pop($name);
$file_name = $file_var_list[$code]['store_dir'] . 'no_picture.' . $ext;
if (file_exists($file_var_list[$code]['value'])) {
@unlink($file_var_list[$code]['value']);
}
} else {
$file_name = $file_var_list[$code]['store_dir'] . $file['name'];
}
/* 判断是否上传成功 */
if (move_upload_file($file['tmp_name'], $file_name)) {
$data2['value'] = __ROOT__ . str_replace(array('./', '../'), '/', $file_name);
$this->model->table('touch_shop_config')->data($data2)->where("code = '{$code}'")->update();
} else {
$this->message(sprintf(L('msg_upload_failed'), $file['name'], $file_var_list[$code]['store_dir']), NULL, 'error');
}
}
}
}
/* 处理发票类型及税率 */
$invoice_rate = I('invoice_rate');
if (!empty($invoice_rate)) {
foreach ($invoice_rate as $key => $rate) {
$rate = round(floatval($rate), 2);
if ($rate < 0) {
$rate = 0;
}
I('invoice_rate.' . $key, $rate);
}
$invoice = array('type' => I('invoice_type'), 'rate' => I('invoice_rate'));
$data3['value'] = serialize($invoice);
$this->model->table('touch_shop_config')->data($data3)->where("code = 'invoice_type'")->update();
}
/* 清除缓存 */
clear_all_files();
$site_info = site_info();
$this->cloud->data($site_info)->act('post.record');
$this->message(L('save_success'), url('index'));
}
/**
* 处理上传文件,并返回上传图片名(上传失败时返回图片名为空)
*
* @access public
* @param array $upload $_FILES 数组
* @param array $type 图片所属类别,即data目录下的文件夹名
*
* @return string 上传图片名
*/
function upload_file($upload, $type)
{
if (!empty($upload['tmp_name'])) {
$ftype = check_file_type($upload['tmp_name'], $upload['name'], '|png|jpg|jpeg|gif|doc|xls|txt|zip|ppt|pdf|rar|');
if (!empty($ftype)) {
$name = date('Ymd');
for ($i = 0; $i < 6; $i++) {
$name .= chr(mt_rand(97, 122));
}
$name = $_SESSION['user_id'] . '_' . $name . '.' . $ftype;
// $target = ROOT_PATH . DATA_DIR . '/' . $type . '/' . $name;
$target = saestor(DATA_DIR . '/' . $type . '/' . $name);
// for sae
if (!move_upload_file($upload['tmp_name'], $target)) {
$GLOBALS['err']->add($GLOBALS['_LANG']['upload_file_error'], 1);
return false;
} else {
return $name;
}
} else {
$GLOBALS['err']->add($GLOBALS['_LANG']['upload_file_type'], 1);
return false;
}
} else {
$GLOBALS['err']->add($GLOBALS['_LANG']['upload_file_error']);
return false;
}
}
<?php
define('IN_ECS', true);
define('ROOT_PATH', preg_replace('/includes(.*)/i', '', str_replace('\\', '/', __FILE__)));
$allow_file_types = '|GIF|JPG|PNG|BMP|SWF|DOC|XLS|PPT|MID|WAV|ZIP|RAR|PDF|CHM|RM|TXT|XLSX|CSV|';
if ($allow_file_types && stristr($allow_file_types, '|' . $format . '|') === false) {
echo "3";
echo '<br>';
$format = '';
}
if (!check_file_type("D:\\phpserver\\phpfileuploadtmp\\phpB989.tmp", "studentTemplate.csv", $allow_file_types)) {
print_r(array("error" => 1, "msg" => "您上传的文件格式不被允许,只能是以下格式的文件才能上传:"));
}
print_r("over");
?>
function processNewArticle()
{
$coverMade = FALSE;
$content = $_POST['content'];
$numOfImages = $_POST['numOfImages'];
global $erm;
// Process the titles
if (!processTitles()) {
return FALSE;
}
if (!processKeywords()) {
return FALSE;
}
if (!processDescription()) {
return FALSE;
}
if (empty($content) || strlen($content) > 60000) {
$erm = "Content empty or too large. [max] = 60000 characters.";
return FALSE;
}
//Finished processing the title
if (!$numOfImages) {
$numOfImages = 0;
}
/* Process the image */
if ($numOfImages > 0 && $numOfImages < 6) {
if (!processImageAlt()) {
return FALSE;
}
for ($i = 0; $i < $numOfImages; $i++) {
if ($_FILES['images']['size'][$i] < 1024 || $_FILES['images']['size'][$i] > 500000 || $_FILES['images']['error'][$i] != 0) {
@unlink($_FILES['images']['tmp_name'][$i]);
continue;
}
if (($ext = check_file_type($_FILES['images']['name'][$i])) == FALSE) {
@unlink($_FILES['images']['tmp_name'][$i]);
continue;
}
$newFileName = $_SESSION['author_id'] . "-" . time() . mt_rand($i * 10, $i * 10 + 9);
move_uploaded_file($_FILES['images']['tmp_name'][$i], "../Images/" . $newFileName . ".{$ext}");
if ($coverMade === FALSE) {
img_resize("../Images/" . $newFileName . "." . $ext, "../Images/med_thumbs/{$newFileName}.{$ext}", 300, 200, $ext);
//Create a medium sized thumb just for one image in the set
$coverMade = TRUE;
}
img_resize("../Images/" . $newFileName . "." . $ext, "../Images/large_thumbs/{$newFileName}.{$ext}", 675, 450, $ext);
//Create a large thumb for every image
$imageArray[] = $newFileName . "." . $ext;
//$imageArray contains the name of every successfully uploaded image file
}
}
if (empty($imageArray)) {
$imgExists = 0;
} else {
$imgExists = 1;
}
if (($id = write_text_to_database($imgExists)) === FALSE) {
$erm = "Database error";
return FALSE;
}
if ($imgExists) {
write_images_to_database($id, $imageArray);
}
return $id;
}
