// @site http://xheditor.com/ // @licence LGPL(http://www.opensource.org/licenses/lgpl-license.php) // Converted to PHP8 with improved security and functionality $inputname = 'filedata'; // Form file field name $attachdir = 'u'; // Upload directory, no trailing slash $dirtype = 2; // 1:by day 2:by month 3:by extension $maxattachsize = 2097152; // Max upload size, default 2M $upext = 'txt,rar,zip,jpg,jpeg,gif,png,swf,wmv,avi,wma,mp3,mid'; // Allowed extensions $msgtype = 2; // Return format: 1=only url, 2=parameter array $immediate = $_GET['immediate'] ?? ''; // Immediate upload mode (demo only) $err = ''; $msg = "''"; // Check if file was uploaded if (!isset($_FILES[$inputname])) { $err = "无数据提交"; } else { $file = $_FILES[$inputname]; // Check file size if ($file['size'] > $maxattachsize) { $err = "文件大小超过 " . $maxattachsize . "字节"; } else { // Check file extension $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); $allowed_extensions = explode(',', $upext); if (!in_array($extension, $allowed_extensions)) { $err = "上传文件扩展名必需为：" . $upext; } else { // Create subdirectory based on dirtype switch ($dirtype) { case 1: $attach_subdir = "day_" . date("ymd"); break; case 2: $attach_subdir = "m" . date("ym"); break; case 3: $attach_subdir = "ext_" . $extension; break; } $attach_dir = $attachdir . "/" . $attach_subdir . "/"; // Create directory if it doesn't exist if (!file_exists($attach_dir)) { mkdir($attach_dir, 0777, true); } // Generate random filename $filename = date("dHis") . rand(10, 99) . "." . $extension; $target = $attach_dir . $filename; // Move uploaded file if (move_uploaded_file($file['tmp_name'], $target)) { // Process image if it's a JPEG if (in_array($extension, ['jpg', 'jpeg']) && extension_loaded('gd')) { $image = imagecreatefromjpeg($target); if ($image) { $orig_width = imagesx($image); $orig_height = imagesy($image); $img_w = 520 / $orig_width; $img_h = 520 / $orig_height; if ($img_w < 1 || $img_h < 1) { $new_width = $img_w < $img_h ? round($orig_width * $img_h) : 520; $new_height = $img_w < $img_h ? 520 : round($orig_height * $img_w); $new_image = imagecreatetruecolor(520, 520); imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $orig_width, $orig_height); // Crop to square $final_image = imagecreatetruecolor(520, 520); imagecopyresampled($final_image, $new_image, 0, 0, 0, 0, 520, 520, 520, 520); imagejpeg($final_image, $target, 100); imagedestroy($final_image); imagedestroy($new_image); } else { imagejpeg($image, $target, 100); } imagedestroy($image); } } // Save to database $cpid = $_GET['cpid'] ?? ''; $keys = urlencode($_GET['Keys'] ?? ''); $ord = urlencode($_GET['Ord'] ?? ''); $page = $_GET['Page'] ?? ''; $sql = "INSERT INTO pic (cpid, picurl) VALUES (?, ?)"; $stmt = $conn->prepare($sql); $stmt->execute([$cpid, "/System/" . $target]); header("Location: pic.php?cpid=$cpid&Page=$page&Keys=$keys&Ord=$ord"); exit; } else { $err = "文件上传失败"; } } } } header('Content-Type: text/html; charset=UTF-8'); // If there was an error, output it if ($err !== '') { echo ""; } ?>