mtb_crm_asp/system/upload.php

<?php
include "conn.php";
checkLogin("");

// upload demo for PHP
// @requires xhEditor
// 
// @author Yanis.Wang<yanis.wang@gmail.com>
// @site http://xheditor.com/
// @licence LGPL(http://www.opensource.org/licenses/lgpl-license.php)
// 
// @Version: 0.9.3 (build 100504)
//
// 注1：本程序仅为演示用，请您根据自己需求进行相应修改，或者重开发

header('Content-Type: text/html; charset=utf-8');

$inputname = 'filedata'; // 表单文件域name
$attach_dir = 'u'; // 上传文件保存路径，结尾不要带/
$dirtype = 2; // 1:按天存入目录 2:按月存入目录 3:按扩展名存目录 建议使用按天存
$maxattachsize = 5242880; // 最大上传大小，默认是5M
$upext = 'txt,rar,zip,jpg,jpeg,gif,png,swf,wmv,avi,wma,mp3,mid,pdf'; // 上传扩展名
$msgtype = 2; // 返回上传参数的格式：1，只返回url，2，返回参数数组
$immediate = $_GET['immediate'] ?? ''; // 立即上传模式，仅为演示用

$err = '';
$msg = "''";

// 检查文件上传
if (!isset($_FILES[$inputname])) {
    $err = "无数据提交";
} else {
    $file = $_FILES[$inputname];
    
    // 检查文件大小
    if ($file['size'] > $maxattachsize) {
        $err = "文件大小超过 " . $maxattachsize . "字节";
    } else {
        $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
        
        // 检查文件类型
        if (!in_array($extension, explode(',', $upext))) {
            $err = "上传文件扩展名必需为：" . $upext;
        } else {
            // 确定子目录
            switch ($dirtype) {
                case 1:
                    $attach_subdir = 'day_' . date('ymd');
                    break;
                case 2:
                    $attach_subdir = 'm' . date('ym');
                    break;
                case 3:
                    $attach_subdir = 'ext_' . $extension;
                    break;
            }
            
            $upload_dir = $attach_dir . '/' . $attach_subdir . '/';
            
            // 创建目录
            if (!file_exists($upload_dir)) {
                mkdir($upload_dir, 0777, true);
            }
            
            // 生成随机文件名
            $filename = date('dHis') . sprintf('%02d', rand(0, 99)) . '.' . $extension;
            $target = $upload_dir . $filename;
            
            // 移动上传文件
            if (move_uploaded_file($file['tmp_name'], $target)) {
                $imgurl = $target;
                $target = jsonString('/system/' . $target);
                
                if ($msgtype == 1) {
                    $msg = "'" . $target . "'";
                } else {
                    $msg = "{'url':'" . $target . "','localname':'" . jsonString($file['name']) . "','id':'1'}";
                }
            } else {
                $err = "文件上传失败";
            }
        }
    }
}

$act = $_GET['act'] ?? '';
if ($act == 's') {
    echo "<script>parent.document.getElementById('ProductImg').value='/System/" . $imgurl . "';location.href='uploadfile.php';</script>";
} else {
    echo "{'err':'" . jsonString($err) . "','msg':" . $msg . "}";
}

function jsonString($str) {
    $str = str_replace("\\", "\\\\", $str);
    $str = str_replace("/", "\\/", $str);
    $str = str_replace("'", "\\'", $str);
    return $str;
}

function dateFormat($date, $format) {
    return date($format, strtotime($date));
}
?>