Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
igamebox
/
mtb_crm_asp
1
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Puu: 1a118803ba
Haarat Tunnisteet
mtb_crm_asp
/
system
/
picupload.php

picupload.php 4.7 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 
  1. <?php
    2. 

  2. include "conn.php";
    3. 

  3. checkLogin("");
    4. 

  4. 

  5. // Modern PHP file upload handler
    6. 

  6. // @requires xhEditor
    7. 

  7. // @author Original: Yanis.Wang<yanis.wang@gmail.com>
    8. 

  8. // @site http://xheditor.com/
    9. 

  9. // @licence LGPL(http://www.opensource.org/licenses/lgpl-license.php)
    10. 

  10. // Converted to PHP8 with improved security and functionality
    11. 

  11. 

  12. header('Content-Type: text/html; charset=UTF-8');
    13. 

  13. 

  14. $inputname = 'filedata'; // Form file field name
    15. 

  15. $attachdir = 'u'; // Upload directory, no trailing slash
    16. 

  16. $dirtype = 2; // 1:by day 2:by month 3:by extension
    17. 

  17. $maxattachsize = 2097152; // Max upload size, default 2M
    18. 

  18. $upext = 'txt,rar,zip,jpg,jpeg,gif,png,swf,wmv,avi,wma,mp3,mid'; // Allowed extensions
    19. 

  19. $msgtype = 2; // Return format: 1=only url, 2=parameter array
    20. 

  20. $immediate = $_GET['immediate'] ?? ''; // Immediate upload mode (demo only)
    21. 

  21. 

  22. $err = '';
    23. 

  23. $msg = "''";
    24. 

  24. 

  25. // Check if file was uploaded
    26. 

  26. if (!isset($_FILES[$inputname])) {
    27. 

  27.     $err = "无数据提交";
    28. 

  28. } else {
    29. 

  29.     $file = $_FILES[$inputname];
    30. 

  30.     
    31. 

  31.     // Check file size
    32. 

  32.     if ($file['size'] > $maxattachsize) {
    33. 

  33.         $err = "文件大小超过 " . $maxattachsize . "字节";
    34. 

  34.     } else {
    35. 

  35.         // Check file extension
    36. 

  36.         $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
    37. 

  37.         $allowed_extensions = explode(',', $upext);
    38. 

  38.         if (!in_array($extension, $allowed_extensions)) {
    39. 

  39.             $err = "上传文件扩展名必需为:" . $upext;
    40. 

  40.         } else {
    41. 

  41.             // Create subdirectory based on dirtype
    42. 

  42.             switch ($dirtype) {
    43. 

  43.                 case 1:
    44. 

  44.                     $attach_subdir = "day_" . date("ymd");
    45. 

  45.                     break;
    46. 

  46.                 case 2:
    47. 

  47.                     $attach_subdir = "m" . date("ym");
    48. 

  48.                     break;
    49. 

  49.                 case 3:
    50. 

  50.                     $attach_subdir = "ext_" . $extension;
    51. 

  51.                     break;
    52. 

  52.             }
    53. 

  53.             
    54. 

  54.             $attach_dir = $attachdir . "/" . $attach_subdir . "/";
    55. 

  55.             
    56. 

  56.             // Create directory if it doesn't exist
    57. 

  57.             if (!file_exists($attach_dir)) {
    58. 

  58.                 mkdir($attach_dir, 0777, true);
    59. 

  59.             }
    60. 

  60.             
    61. 

  61.             // Generate random filename
    62. 

  62.             $filename = date("dHis") . rand(10, 99) . "." . $extension;
    63. 

  63.             $target = $attach_dir . $filename;
    64. 

  64.             
    65. 

  65.             // Move uploaded file
    66. 

  66.             if (move_uploaded_file($file['tmp_name'], $target)) {
    67. 

  67.                 // Process image if it's a JPEG
    68. 

  68.                 if (in_array($extension, ['jpg', 'jpeg']) && extension_loaded('gd')) {
    69. 

  69.                     $image = imagecreatefromjpeg($target);
    70. 

  70.                     if ($image) {
    71. 

  71.                         $orig_width = imagesx($image);
    72. 

  72.                         $orig_height = imagesy($image);
    73. 

  73.                         
    74. 

  74.                         $img_w = 520 / $orig_width;
    75. 

  75.                         $img_h = 520 / $orig_height;
    76. 

  76.                         
    77. 

  77.                         if ($img_w < 1 || $img_h < 1) {
    78. 

  78.                             $new_width = $img_w < $img_h ? round($orig_width * $img_h) : 520;
    79. 

  79.                             $new_height = $img_w < $img_h ? 520 : round($orig_height * $img_w);
    80. 

  80.                             
    81. 

  81.                             $new_image = imagecreatetruecolor(520, 520);
    82. 

  82.                             imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $orig_width, $orig_height);
    83. 

  83.                             
    84. 

  84.                             // Crop to square
    85. 

  85.                             $final_image = imagecreatetruecolor(520, 520);
    86. 

  86.                             imagecopyresampled($final_image, $new_image, 0, 0, 0, 0, 520, 520, 520, 520);
    87. 

  87.                             
    88. 

  88.                             imagejpeg($final_image, $target, 100);
    89. 

  89.                             imagedestroy($final_image);
    90. 

  90.                             imagedestroy($new_image);
    91. 

  91.                         } else {
    92. 

  92.                             imagejpeg($image, $target, 100);
    93. 

  93.                         }
    94. 

  94.                         imagedestroy($image);
    95. 

  95.                     }
    96. 

  96.                 }
    97. 

  97.                 
    98. 

  98.                 // Save to database
    99. 

  99.                 $cpid = $_GET['cpid'] ?? '';
    100. 

  100.                 $keys = urlencode($_GET['Keys'] ?? '');
    101. 

  101.                 $ord = urlencode($_GET['Ord'] ?? '');
    102. 

  102.                 $page = $_GET['Page'] ?? '';
    103. 

  103.                 
    104. 

  104.                 $sql = "INSERT INTO pic (cpid, picurl) VALUES (?, ?)";
    105. 

  105.                 $stmt = $conn->prepare($sql);
    106. 

  106.                 $stmt->execute([$cpid, "/System/" . $target]);
    107. 

  107.                 
    108. 

  108.                 header("Location: pic.php?cpid=$cpid&Page=$page&Keys=$keys&Ord=$ord");
    109. 

  109.                 exit;
    110. 

  110.             } else {
    111. 

  111.                 $err = "文件上传失败";
    112. 

  112.             }
    113. 

  113.         }
    114. 

  114.     }
    115. 

  115. }
    116. 

  116. 

  117. // If there was an error, output it
    118. 

  118. if ($err !== '') {
    119. 

  119.     echo "<script>alert('$err');</script>";
    120. 

  120. }
    121. 

  121. ?> 
    122.