/** * 文件上传处理 * * @return void */ public function swfupload() { $uid = (int) dr_authcode(str_replace(' ', '+', $this->input->post('session')), 'DECODE'); if (!$uid) { exit('0,' . lang('m-142')); } // 根据页面传入的session来获取当前登录uid,未获取到uid时提示游客无法上传 $this->member = $this->member_model->get_member($uid); // 获取会员信息 // 游客不允许上传,未获取到会员信息时提示游客无法上传 if (!$this->member) { exit('0,' . lang('m-142')); } // 会员组权限 $member_rule = $this->get_cache('member', 'setting', 'permission', $this->member['mark']); // 是否允许上传附件 if (!$this->member['adminid'] && !$member_rule['is_upload']) { exit('0,' . lang('m-143')); } // 附件总大小判断 if (!$this->member['adminid'] && $member_rule['attachsize']) { $data = $this->db->select_sum('filesize')->where('uid', $uid)->get('attachment')->row_array(); $filesize = (int) $data['filesize']; if ($filesize > $member_rule['attachsize'] * 1024 * 1024) { exit('0,' . dr_lang('m-147', $member_rule['attachsize'] . 'MB', dr_format_file_size($filesize))); } } if (IS_POST) { $code = str_replace(' ', '+', $this->input->post('code')); list($size, $ext, $path) = explode('|', dr_authcode($code, 'DECODE')); if ($path) { $path = FCPATH . 'member/uploadfile/' . $path . '/'; } else { $path = FCPATH . 'member/uploadfile/' . date('Ym', SYS_TIME) . '/'; } if (!is_dir($path)) { dr_mkdirs($path); } $this->load->library('upload', array('max_size' => (int) $size * 1024, 'overwrite' => FALSE, 'file_name' => substr(md5(time()), rand(0, 20), 10), 'upload_path' => $path, 'allowed_types' => str_replace(',', '|', $ext), 'file_ext_tolower' => TRUE)); if ($this->upload->do_upload('Filedata')) { $info = $this->upload->data(); $this->load->model('attachment_model'); $result = $this->attachment_model->upload($uid, $info); if (!is_array($result)) { exit('0,' . $result); } list($id, $file, $_ext) = $result; $icon = is_file(FCPATH . 'omooo/statics/images/ext/' . $_ext . '.gif') ? SITE_URL . 'omooo/statics/images/ext/' . $_ext . '.gif' : SITE_URL . 'omooo/statics/images/ext/blank.gif'; //唯一ID,文件全路径,图标,文件名称,文件大小,扩展名 exit($id . ',' . dr_file($file) . ',' . $icon . ',' . str_replace(array('|', '.' . $_ext), '', $info['client_name']) . ',' . dr_format_file_size($info['file_size'] * 1024) . ',' . $_ext); } else { exit('0,' . $this->upload->display_errors('', '')); } } }
/** * 字段表单输入 * * @param string $cname 字段别名 * @param string $name 字段名称 * @param array $cfg 字段配置 * @param array $data 值 * @return string */ public function input($cname, $name, $cfg, $value = NULL, $id = 0) { // 字段显示名称 $text = (isset($cfg['validate']['required']) && $cfg['validate']['required'] == 1 ? '<font color="red">*</font>' : '') . ' ' . $cname . ':'; // 表单附加参数 $attr = isset($cfg['validate']['formattr']) && $cfg['validate']['formattr'] ? $cfg['validate']['formattr'] : ''; // 字段提示信息 $tips = isset($cfg['validate']['tips']) && $cfg['validate']['tips'] ? '<div class="onShow" id="dr_' . $name . '_tips">' . $cfg['validate']['tips'] . '</div>' : ''; // 当字段必填时,加入html5验证标签 if (isset($cfg['validate']['required']) && $cfg['validate']['required'] == 1) { $attr .= ' required="required"'; } // 禁止修改 $disabled = !IS_ADMIN && $id && $value && isset($cfg['validate']['isedit']) && $cfg['validate']['isedit'] ? 'disabled' : ''; // 上传的URL $url = MEMBER_PATH . 'index.php?c=api&m=upload&name=' . $name . '&count=1&code=' . str_replace('=', '', dr_authcode($cfg['option']['size'] . '|' . $cfg['option']['ext'] . '|' . $this->get_upload_path($cfg['option']['uploadpath']), 'ENCODE')); // 文件值 $file = $info = ''; if ($value) { $file = $value; $data = dr_file_info($file); if ($data) { $size = $data['size'] ? ' (' . $data['size'] . ')' : ''; $info = '<a href="javascript:;" onclick="dr_show_file_info(\'' . $file . '\')"><img align="absmiddle" src="' . $data['icon'] . '"><div class="onCorrect">' . $data['filename'] . $size . ' </div></a>'; } unset($data); } // 上传按钮与表单值 $tool = '<input type="hidden" id="dr_' . $name . '" name="data[' . $name . ']" value="' . $file . '" ' . $attr . ' /> <input type="button" style="cursor:pointer;" ' . $disabled . ' class="button" onclick="dr_upload_file(\'' . $name . '\', \'' . $url . '\')" value="' . lang('m-119') . '" /> <input type="button" style="cursor:pointer;" class="button" onclick="dr_delete_file(\'' . $name . '\')" value="' . lang('m-346') . '" /> '; // 文件信息查看 $finfo = '<span id="show_' . $name . '" />' . $info . '</span>' . $tips; return $this->input_format($name, $text, $tool . $finfo); }
/** * 字段表单输入 * * @param string $cname 字段别名 * @param string $name 字段名称 * @param array $cfg 字段配置 * @param string $value 值 * @return string */ public function input($cname, $name, $cfg, $value = NULL, $id = 0) { // 字段显示名称 $text = (isset($cfg['validate']['required']) && $cfg['validate']['required'] == 1 ? '<font color="red">*</font>' : '') . ' ' . $cname . ':'; // 表单附加参数 $attr = isset($cfg['validate']['formattr']) && $cfg['validate']['formattr'] ? $cfg['validate']['formattr'] : ''; // 字段提示信息 $tips = isset($cfg['validate']['tips']) && $cfg['validate']['tips'] ? '<div class="onShow" id="dr_' . $name . '_tips">' . $cfg['validate']['tips'] . '</div>' : ''; // 当字段必填时,加入html5验证标签 if (isset($cfg['validate']['required']) && $cfg['validate']['required'] == 1) { $attr .= ' required="required"'; } // 表单选项 $disabled = !IS_ADMIN && $id && $value && isset($cfg['validate']['isedit']) && $cfg['validate']['isedit'] ? 'disabled' : ''; // 上传的URL $url = MEMBER_PATH . 'index.php?c=api&m=upload&name=' . $name . '&count=1&code=' . str_replace('=', '', dr_authcode($cfg['option']['size'] . '|' . $cfg['option']['ext'] . '|' . $this->get_upload_path($cfg['option']['uploadpath']), 'ENCODE')); // 文件值 $file = $info = ''; $value = dr_string2array($value); if ($value['file']) { $file = $value['file']; $data = dr_file_info($file); if ($data) { $size = $data['size'] ? ' (' . $data['size'] . ')' : ''; $info = '<a href="javascript:;" onclick="dr_show_file_info(\'' . $file . '\')"><img align="absmiddle" src="' . $data['icon'] . '"><div class="onCorrect">' . $data['filename'] . $size . ' </div></a>'; } unset($data); $default = ''; if ($value['point']) { $i = 0; foreach ($value['point'] as $time => $title) { $default .= ' <li id="dr_items_' . $name . '_' . $i . '"> 时间(秒):<input type="text" class="input-text" style="width:70px;" value="' . $time . '" name="data[' . $name . '][time][]"> 提示文字:<input type="text" class="input-text" style="width:250px;" value="' . $title . '" name="data[' . $name . '][title][]\\"> <a href="javascript:;" onclick="$(\'#dr_items_' . $name . '_' . $i . '\').remove()">' . lang('del') . '</a> </li>'; $i++; } } } // 显示框宽度设置 $width = isset($cfg['option']['width']) && $cfg['option']['width'] ? $cfg['option']['width'] : '80%'; $str = '<fieldset class="blue pad-10" style="width:' . $width . (is_numeric($width) ? 'px' : '') . ';"> <legend>' . $cname . '</legend> <div class="picList"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td style="text-align:left;padding-left:0;"> <span>' . dr_lang('m-138', str_replace('|', '、', $cfg['option']['ext'])) . '</span> <input type="hidden" id="dr_' . $name . '" name="data[' . $name . '][file]" value="' . $file . '" ' . $attr . ' /> <input type="button" style="cursor:pointer;" ' . $disabled . ' class="button" onclick="dr_upload_file(\'' . $name . '\', \'' . $url . '\')" value="' . lang('m-119') . '" /> <span id="show_' . $name . '" />' . $info . '</span>' . $tips . ' </td> </tr> </table> <ul id="' . $name . '-sort-items" style="margin-top:8px;"> ' . $default . ' </ul> </div> <div class="picBut cu"> <a href="javascript:;" onClick="dr_add_video_' . $name . '()">添加提示点</a> </div> <div class="onShow" style="margin-top:2px;">鼠标经过进度栏N秒时,N秒会提示相应的文字</div> <script type="text/javascript"> $("#' . $name . '-sort-items").sortable(); var id=$("#' . $name . '-sort-items li").size(); function dr_add_video_' . $name . '() { id ++; var html = "<li id=\\"dr_items_' . $name . '_"+id+"\\">"; html+= "时间(秒):<input type=\\"text\\" class=\\"input-text\\" style=\\"width:70px;\\" value=\\"\\" name=\\"data[' . $name . '][time][]\\"> "; html+= "提示文字:<input type=\\"text\\" class=\\"input-text\\" style=\\"width:250px;\\" value=\\"\\" name=\\"data[' . $name . '][title][]\\"> "; html+= "<a href=\\"javascript:;\\" onclick=\\"$(\'#dr_items_' . $name . '_"+id+"\').remove()\\">' . lang('del') . '</a>"; html+= "</li>"; $("#' . $name . '-sort-items").append(html); } </script> </fieldset> '; return $this->input_format($name, $text, $str); }
/** * 字段表单输入 * * @param string $cname 字段别名 * @param string $name 字段名称 * @param array $cfg 字段配置 * @param array $data 值 * @return string */ public function input($cname, $name, $cfg, $value = NULL, $id = 0) { // 字段显示名称 $text = (isset($cfg['validate']['required']) && $cfg['validate']['required'] == 1 ? '<font color="red">*</font>' : '') . ' ' . $cname . ':'; // 显示框宽度设置 $width = isset($cfg['option']['width']) && $cfg['option']['width'] ? $cfg['option']['width'] : '80%'; // 表单附加参数 $attr = isset($cfg['validate']['formattr']) && $cfg['validate']['formattr'] ? $cfg['validate']['formattr'] : ''; // 字段提示信息 $tips = isset($cfg['validate']['tips']) && $cfg['validate']['tips'] ? '<div class="onShow" id="dr_' . $name . '_tips">' . $cfg['validate']['tips'] . '</div>' : ''; // 禁止修改 $disabled = !IS_ADMIN && $id && $value && isset($cfg['validate']['isedit']) && $cfg['validate']['isedit'] ? 'disabled' : ''; // 当字段必填时,加入html5验证标签 if (isset($cfg['validate']['required']) && $cfg['validate']['required'] == 1) { $attr .= ' required="required"'; } // 上传的URL $url = MEMBER_PATH . 'index.php?c=api&m=upload&name=' . $name . '&code=' . str_replace('=', '', dr_authcode($cfg['option']['size'] . '|' . $cfg['option']['ext'] . '|' . $this->get_upload_path($cfg['option']['uploadpath']), 'ENCODE')); // 字段默认值 $file_value = ''; $value && ($value = dr_string2array($value)); // 默认值输出 if ($value && isset($value['file'])) { foreach ($value['file'] as $id => $fileid) { $info = dr_file_info($fileid); $title = $value['title'][$id]; $file_value .= ' <li id="files_' . $name . '_999' . $id . '" list="999' . $id . '" style="cursor:move;"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="80" style="text-align:right"> ' . ($id + 1) . '、 <a href="javascript:;" title="' . lang('edit') . '" onclick="dr_edit_file(\'' . $url . '&count=1\',\'' . $name . '\',\'999' . $id . '\')"><img align="absmiddle" src="' . SITE_URL . 'dayrui/statics/images/b_edit.png"></a> <a href="javascript:;" title="' . lang('del') . '" onclick="dr_remove_file(\'' . $name . '\',\'999' . $id . '\')"><img align=\\"absmiddle\\" src="' . SITE_URL . 'dayrui/statics/images/b_drop.png"></a> </td> <td> <input type="hidden" value="' . $fileid . '" name="data[' . $name . '][file][]" id="fileid_' . $name . '_999' . $id . '" /> <input type="text" class="input-text" style="width:300px;" value="' . $title . '" name="data[' . $name . '][title][]" /> <span id="span_' . $name . '_999' . $id . '"> <a href="javascript:;" onclick="dr_show_file_info(\'' . $fileid . '\')"><img align="absmiddle" src="' . $info['icon'] . '"> <div class="onCorrect">' . $info['size'] . ' </div></a> </span> </td> </tr> </table> </li>'; } } // 输出变量 $str = ''; // 加载js if (!defined('FINECMS_FILES_LD')) { $str .= '<script type="text/javascript" src="' . MEMBER_PATH . 'statics/js/jquery-ui.min.js"></script>'; $str .= '<script type="text/javascript">var homeurl = "' . SITE_URL . '"</script>'; define('FINECMS_FILES_LD', 1); //防止重复加载JS } $str .= '<fieldset class="blue pad-10" style="width:' . $width . (is_numeric($width) ? 'px' : '') . ';">'; $str .= ' <legend>' . lang('m-120') . '</legend>'; $str .= ' <div class="picList" id="list_' . $name . '_files">'; $str .= ' <ul id="' . $name . '-sort-items">'; $str .= $file_value; $str .= ' </ul>'; $str .= ' </div>'; $str .= '</fieldset>'; $str .= '<div class="bk10"></div>'; $str .= '<div class="picBut cu">'; if (!$disabled) { $str .= '<a href="javascript:;" onClick="dr_upload_files(\'' . $name . '\',\'' . $url . '\', \'\', \'' . (int) $cfg['option']['count'] . '\')">' . lang('m-119') . '</a>'; } $str .= '</div>'; $str .= '<script type="text/javascript">$("#' . $name . '-sort-items").sortable();</script>' . $tips; // 输出最终表单显示 return $this->input_format($name, $text, $str); }
/** * 站点间的同步登录 */ protected function api_synlogin() { $code = dr_authcode(str_replace(' ', '+', $this->input->get('code'))); if (!$code) { exit('code is null'); } list($uid, $salt) = explode('-', $code); if (!$uid || !$salt) { exit('data is null'); } if (!$this->db->where('uid', $uid)->where('salt', $salt)->count_all_results('member')) { exit('check error'); } header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $expire = $this->input->get('expire') ? $this->input->get('expire') : 86400; $this->input->set_cookie('member_uid', $uid, $expire); $this->input->set_cookie('member_cookie', substr(md5(SYS_KEY . $uid), 5, 20), $expire); exit('ok'); }
/** * 前端会员验证登录 * * @param string $username 用户名 * @param string $password 明文密码 * @param intval $expire 会话生命周期 * @param intval $back 是否返回字段 * @return string|intval|array * string 登录js同步代码 * int -1 会员不存在 * int -2 密码不正确 * int -3 Ucenter注册失败 * int -4 Ucenter:会员名称不合法 */ public function login($username, $password, $expire, $back = 0) { // 查询会员信息 $data = $this->db->where('username', $username)->get('member')->row_array(); $MEMBER = $this->ci->get_cache('member'); $ucsynlogin = ''; if ($MEMBER['setting']['ucenter']) { // Ucenter 验证 list($uid, $username, $password, $email) = uc_user_login($username, $password); if ($uid > 0) { // 当前会员不存在时就重新注册 if (!$data) { $data['uid'] = $this->_register(array('username' => $username, 'password' => $password, 'email' => $email)); if (!$data['uid']) { return -3; } } $ucsynlogin = uc_user_synlogin($uid); } elseif ($uid == -1) { // Ucenter会员不存在 if (!$data) { return -1; } // 注册Ucenter会员 $uid = uc_user_register($data['username'], $password, $data['email']); if ($uid > 0) { $ucsynlogin = uc_user_synlogin($uid); } elseif ($uid == -1) { return -4; } else { return -3; } } else { return -2; } } else { // 高级验证 if (!$data) { $data = dr_vip_login($this->db, $username); } // 会员不存在 if (!$data) { return -1; } // 密码验证 $password = trim($password); if (md5(md5($password) . $data['salt'] . md5($password)) != $data['password']) { return -2; } } $this->_login_log($data['uid']); // 返字段值,默认返回email if ($back) { return $data; } // 存在Ucenter时采用Ucenter同步方式 if ($ucsynlogin) { return $ucsynlogin; } $synlogin = ''; if ($MEMBER['synurl']) { foreach ($MEMBER['synurl'] as $url) { $code = dr_authcode($data['uid'] . '-' . $data['salt'], 'ENCODE'); $synlogin .= '<script type="text/javascript" src="' . $url . '/index.php?c=api&m=synlogin&expire=' . $expire . '&code=' . $code . '"></script>'; } } else { $code = dr_authcode($data['uid'] . '-' . $data['salt'], 'ENCODE'); $synlogin = '******' . SITE_URL . 'member/index.php?c=api&m=synlogin&expire=' . $expire . '&code=' . $code . '"></script>'; } return $synlogin; }