public function manage() { if (!$this->admin_username) { return false; } set_time_limit(0); // 最多显示400张 $infos = Loader::model('attachment_model')->field('filepath')->limit(400)->order('aid DESC')->select(); $str = ""; foreach ($infos as $r) { $ext = File::get_suffix($r['filepath']); if (in_array($ext, $this->imgext)) { $str .= $this->upload_url . $r['filepath'] . 'ue_separate_ue'; } } exit($str); }
/** * 获取临时未处理文件列表 * * @return Ambigous <boolean, mixed, string> */ private function att_not_used() { $this->att_db = Loader::model('attachment_model'); if ($att_json = cookie('att_json')) { if ($att_json) { $att_cookie_arr = explode('||', $att_json); } foreach ($att_cookie_arr as $_att_c) { $att[] = json_decode($_att_c, true); } if (is_array($att) && !empty($att)) { foreach ($att as $n => $v) { $ext = File::get_suffix($v['src']); if (in_array($ext, $this->imgext)) { $att[$n]['fileimg'] = $v['src']; $att[$n]['width'] = '80'; $att[$n]['filename'] = urldecode($v['filename']); } else { $att[$n]['fileimg'] = file_icon($v['src']); $att[$n]['width'] = '64'; $att[$n]['filename'] = urldecode($v['filename']); } $this->cookie_att .= '|' . $v['src']; } } } return isset($att) ? $att : false; }
/** * 判断是否为图片 */ function is_image($file) { $ext_arr = array('jpg', 'gif', 'png', 'bmp', 'jpeg', 'tiff'); $ext = File::get_suffix($file); return in_array($ext, $ext_arr) ? $ext_arr : false; }
/** * 数据库恢复 * * @param unknown_type $filename */ private function import_database($filename) { if ($filename && File::get_suffix($filename) == 'sql') { $filepath = DATA_PATH . 'bakup' . DIRECTORY_SEPARATOR . $this->pdo_name . DIRECTORY_SEPARATOR . $filename; if (!file_exists($filepath)) { showmessage(L('database_sorry') . " {$filepath} " . L('database_not_exist')); } $sql = file_get_contents($filepath); self::sql_execute($sql); showmessage("{$filename} " . L('data_have_load_to_database')); } else { $fileid = $this->fileid ? $this->fileid : 1; $pre = $filename; $filename = $filename . $fileid . '.sql'; $filepath = DATA_PATH . 'bakup' . DIRECTORY_SEPARATOR . $this->pdo_name . DIRECTORY_SEPARATOR . $filename; if (file_exists($filepath)) { $sql = File::read($filepath); self::sql_execute($sql); $fileid++; showmessage(L('bakup_data_file') . " {$filename} " . L('load_success'), U('admin/database/import', array('pdoname' => $this->pdo_name, 'pre' => $pre, 'fileid' => $fileid, 'dosubmit' => '1'))); } else { showmessage(L('data_recover_succ'), U('admin/database/import')); } } }
echo L('block_data'); ?> </legend> <table width="100%" class="table_form" id="table_form"> <?php if ($data['type'] == 1) { ?> <script language="Javascript" type="text/javascript"> editAreaLoader.init({ id: "data" ,start_highlight: true ,allow_toggle: true ,word_wrap: true ,language: "zh" ,syntax: "<?php echo File::get_suffix(C('template', 'ext')); ?> " //语法 }); </script> <tr> <td class="y-bg"><textarea cols="80" id="data" name="data" rows="20"><?php echo htmlspecialchars($data['data']); ?> </textarea></td> </tr> <?php } else { if (is_array($data['data'])) { foreach ($data['data'] as $key => $val) {
public function download() { $a_k = trim($_GET['a_k']); $yun_auth_key = md5($this->auth_key . $_SERVER['HTTP_USER_AGENT']); $a_k = String::authcode($a_k, 'DECODE', $yun_auth_key); if (empty($a_k)) { showmessage(L('illegal_parameters')); } unset($i, $m, $f, $t, $ip); parse_str($a_k); if (isset($i)) { $downid = intval($i); } if (!isset($m)) { showmessage(L('illegal_parameters')); } if (!isset($modelid)) { showmessage(L('illegal_parameters')); } if (empty($f)) { showmessage(L('url_invalid')); } if (!$i || $m < 0) { showmessage(L('illegal_parameters')); } if (!isset($t)) { showmessage(L('illegal_parameters')); } if (!isset($ip)) { showmessage(L('illegal_parameters')); } $starttime = intval($t); if (preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\\.|$)/i', $f) || strpos($f, ":\\") !== FALSE || strpos($f, '..') !== FALSE) { showmessage(L('url_error')); } $fileurl = trim($f); if (!isset($downid) || empty($fileurl) || !preg_match("/[0-9]{10}/", $starttime) || !preg_match("/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/", $ip) || $ip != IP) { showmessage(L('illegal_parameters')); } $endtime = TIME - $starttime; if ($endtime > 3600) { showmessage(L('url_invalid')); } if ($m) { $fileurl = trim($s) . trim($fileurl); } //远程文件 if (strpos($fileurl, ':/') && strpos($fileurl, C('attachment', 'upload_url')) === false) { header("Location: {$fileurl}"); } else { if ($d == 0) { header("Location: " . $fileurl); } else { $fileurl = str_replace(array(C('attachment', 'upload_url'), '/'), array(C('attachment', 'upload_path'), DIRECTORY_SEPARATOR), $fileurl); $filename = basename($fileurl); //处理中文文件 if (preg_match("/^([\\s\\S]*?)([�-�][@-�])([\\s\\S]*?)/", $fileurl)) { $filename = str_replace(array("%5C", "%2F", "%3A"), array("\\", "/", ":"), urlencode($fileurl)); $filename = urldecode(basename($filename)); } $ext = File::get_suffix($filename); $filename = date('Ymd_his') . String::rand_string(3) . '.' . $ext; File::down($fileurl, $filename); } } }
/** * 判断是否为视频 */ function is_video($file) { $ext_arr = array('rm', 'mpg', 'avi', 'mpeg', 'wmv', 'flv', 'asf', 'rmvb'); $ext = File::get_suffix($file); return in_array($ext, $ext_arr) ? $ext_arr : false; }
/** * 修改模版 */ public function edit_file() { if (empty($this->tpl_edit)) { showmessage(L('tpl_edit')); } $dir = isset($_GET['dir']) && trim($_GET['dir']) ? str_replace(array('..\\', '../', './', '.\\'), '', urldecode(trim($_GET['dir']))) : ''; $file = isset($_GET['file']) && trim($_GET['file']) ? trim($_GET['file']) : ''; if ($file) { preg_match('/^([a-zA-Z0-9])?([^.|-|_]+)/i', $file, $file_t); $file_t = $file_t[0]; $file_t_v = array('header' => array('{$SEO[\'title\']}' => L('seo_title'), '{$SEO[\'site_title\']}' => L('site_title'), '{$SEO[\'keyword\']}' => L('seo_keyword'), '{$SEO[\'description\']}' => L('seo_des')), 'category' => array('{$catid}' => L('cat_id'), '{$catname}' => L('cat_name'), '{$url}' => L('cat_url'), '{$r[catname]}' => L('cat_name'), '{$r[url]}' => 'URL', '{$CATEGORYS}' => L('cats')), 'list' => array('{$catid}' => L('cat_id'), '{$catname}' => L('cat_name'), '{$url}' => L('cat_url'), '{$CATEGORYS}' => L('cats')), 'show' => array('{$title}' => L('title'), '{$inputtime}' => L('inputtime'), '{$copyfrom}' => L('comeform'), '{$content}' => L('content'), '{$previous_page[url]}' => L('pre_url'), '{$previous_page[title]}' => L('pre_title'), '{$next_page[url]}' => L('next_url'), '{$next_page[title]}' => L('next_title')), 'page' => array('{$CATEGORYS}' => L('cats'), '{$content}' => L('content'))); } if ('.' . File::get_suffix($file) != $this->suffix) { showmessage(L("can_edit_files")); } $filepath = $this->filepath . $dir . DIRECTORY_SEPARATOR . $file; $is_write = 0; if (is_writable($filepath)) { $is_write = 1; } if (isset($_POST['dosubmit'])) { $code = isset($_POST['code']) ? stripslashes($_POST['code']) : showmessage(L('illegal_operation'), HTTP_REFERER); if ($is_write == 1) { Loader::helper('template:global'); creat_template_bak($filepath, $this->style, $dir); file_put_contents($filepath, htmlspecialchars_decode($code)); showmessage(L('operation_success'), HTTP_REFERER); } else { showmessage(L("file_does_not_writable"), HTTP_REFERER); } } else { if (file_exists($filepath)) { $data = htmlspecialchars(file_get_contents($filepath)); } else { showmessage(L('file_does_not_exists')); } } $show_header = true; include $this->view('file_edit_file'); }