DedeBIZ
/
DedeV6
Tarkkaile 2
Äänestä 0
Fork 0
Koodi Pull-pyynnöt 0 Julkaisut 29 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1938 Commitit
3 Branchit
2.7GB
Puu: 4f80c2b602
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '4f80c2b602'
${ noResults }
DedeV6/src/admin/api.php

391 lines
14KB
Raaka Blame Historia 

  1. <?php

  2. /**

  3.  * 后台api接口

  4.  *

  5.  * @version        $id:api.php 8:26 2022年11月20日 tianya $

  6.  * @package        DedeBIZ.Administrator

  7.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. define('AJAXLOGIN', TRUE);

  12. define('IS_DEDEAPI', TRUE);

  13. define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));

  14. require_once(DEDEADMIN.'/../system/common.inc.php');

  15. require_once(DEDEINC.'/userlogin.class.php');

  16. AjaxHead();

  17. helper('cache');

  18. $action = isset($action) && in_array($action, array('is_need_check_code', 'has_new_version', 'get_changed_files', 'update_backup', 'get_update_versions', 'update', 'upload_image')) ? $action  : '';

  19. $curDir = dirname(GetCurUrl()); //当前目录

  20. /**

  21.  * 登录鉴权

  22.  *

  23.  * @return void

  24.  */

  25. function checkLogin()

  26. {

  27.     $cuserLogin = new userLogin();

  28.     if ($cuserLogin->getUserID() <= 0 || $cuserLogin->getUserType() != 10) {

  29.         echo json_encode(array(

  30.             "code" => -1,

  31.             "msg" => "当前操作需要登录超级管理员账号",

  32.             "data" => null,

  33.         ));

  34.         exit;

  35.     }

  36. }

  37. if ($action === 'is_need_check_code') {

  38.     $cuserLogin = new userLogin();

  39.     $isNeed = $cuserLogin->isNeedCheckCode($userid);

  40.     echo json_encode(array(

  41.         "code" => 0,

  42.         "msg" => "",

  43.         "data" => array(

  44.             "isNeed" => $isNeed,

  45.         ),

  46.     ));

  47.     exit;

  48. } else if ($action === 'has_new_version') {

  49.     //判断版本更新差异sql

  50.     $unQueryVer = array();

  51.     if (!TableHasField("#@__tagindex", "keywords")) {

  52.         $unQueryVer[] = "6.0.2";

  53.     }

  54.     if (!TableHasField("#@__feedback", "replycount")) {

  55.         $unQueryVer[] = "6.0.3";

  56.     }

  57.     if (!TableHasField("#@__arctype", "litimg")) {

  58.         $unQueryVer[] = "6.1.0";

  59.     }

  60.     if (!$dsql->IsTable("#@__statistics")) {

  61.         $unQueryVer[] = "6.1.7";

  62.     }

  63.     if (TableHasField("#@__tagindex", "tag_pinyin")) {

  64.         $unQueryVer[] = "6.1.8";

  65.     }

  66.     if (!TableHasField("#@__admin", "pwd_new")) {

  67.         $unQueryVer[] = "6.1.9";

  68.     }

  69.     if (!TableHasField("#@__arctype", "cnoverview")) {

  70.         $unQueryVer[] = "6.1.10";

  71.     }

  72.     if (!TableHasField("#@__admin", "loginerr") || !TableHasField("#@__member", "loginerr")) {

  73.         $unQueryVer[] = "6.2.0";

  74.     }

  75.     $row = $dsql->GetOne("SELECT COUNT(*) as dd FROM `#@__sysconfig` WHERE varname = 'cfg_bizcore_api'");

  76.     if ($row['dd'] == 0) {

  77.         $unQueryVer[] = "6.2.3";

  78.     }

  79.     if (!$dsql->IsTable("#@__sys_payment")) {

  80.         $unQueryVer[] = "6.2.5";

  81.     }

  82.     if (!TableHasField("#@__arctype", "apienabled")) {

  83.         $unQueryVer[] = "6.2.7";

  84.     }

  85.     if (count($unQueryVer) > 0) {

  86.         $upsqls = GetUpdateSQL();

  87.         foreach ($unQueryVer as $vv) {

  88.             $ss = $upsqls[$vv];

  89.             foreach ($ss as $s) {

  90.                 if (trim($s) != '') {

  91.                     $dsql->safeCheck = false;

  92.                     $dsql->ExecuteNoneQuery(trim($s));

  93.                     $dsql->safeCheck = true;

  94.                 }

  95.             }

  96.         }

  97.     }

  98.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  99.     checkLogin();

  100.     //是否存在更新版本

  101.     $phpv = phpversion();

  102.     $sp_os = PHP_OS;

  103.     $mysql_ver = $dsql->GetVersion();

  104.     $nurl = $_SERVER['HTTP_HOST'];

  105.     if (preg_match("#[a-z\-]{1,}\.[a-z]{2,}#i", $nurl)) {

  106.         $nurl = urlencode($nurl);

  107.     } else {

  108.         $nurl = "test";

  109.     }

  110.     $add_query = '';

  111.     $query = "SELECT COUNT(*) AS dd FROM `#@__member` ";

  112.     $row1 = $dsql->GetOne($query);

  113.     if ($row1) $add_query .= "&mcount={$row1['dd']}";

  114.     $query = "SELECT COUNT(*) AS dd FROM `#@__arctiny` ";

  115.     $row2 = $dsql->GetOne($query);

  116.     if ($row2) $add_query .= "&acount={$row2['dd']}";

  117.     $offUrl = DEDEBIZURL."/version?version={$cfg_version_detail}&formurl={$nurl}&phpver={$phpv}&os={$sp_os}&mysqlver={$mysql_ver}{$add_query}&json=1";

  118.     if (strpos($_SERVER['SERVER_SOFTWARE'], 'Development Server') !== false && version_compare(phpversion(), '7.2', '<')) {

  119.         echo json_encode(array(

  120.             "code"=>-1,

  121.             "msg"=>'获取版本信息失败',

  122.         ));

  123.         exit;

  124.     }

  125.     $dhd = new DedeHttpDown();

  126.     $dhd->OpenUrl($offUrl);

  127.     $data = $dhd->GetHtml();

  128.     if (empty($data)) {

  129.         echo json_encode(array(

  130.             "code"=>-1,

  131.             "msg"=>'获取版本信息失败',

  132.         ));

  133.     } else {

  134.         echo $data;

  135.     }

  136. } else if ($action === 'get_changed_files') {

  137.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  138.     checkLogin();

  139.     //获取本地更改过的文件

  140.     $hashUrl = DEDEBIZCDN.'/release/'.$cfg_version_detail.'.json';

  141.     $dhd = new DedeHttpDown();

  142.     $dhd->OpenUrl($hashUrl);

  143.     $data = $dhd->GetJSON();

  144.     if (empty($data)) {

  145.         echo json_encode(array(

  146.             "code"=>-1,

  147.             "msg"=>'获取版本信息失败',

  148.         ));

  149.         exit();

  150.     }

  151.     $changedFiles = array();

  152.     foreach ($data as $file) {

  153.         $realFile = DEDEROOT.str_replace("\\", '/', $file->filename);

  154.         if (file_exists($realFile) && md5_file($realFile) !== $file->hash) {

  155.             $changedFiles[] = $file;

  156.             continue;

  157.         }

  158.     }

  159.     echo json_encode(array(

  160.         "code" => 0,

  161.         "msg" => "",

  162.         "data" => array(

  163.             "files" => $changedFiles,

  164.         ),

  165.     ));

  166.     exit;

  167. } else if ($action === 'update_backup') {

  168.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  169.     checkLogin();

  170.     //获取本地更改过的文件

  171.     $hashUrl = DEDEBIZCDN.'/release/'.$cfg_version_detail.'.json';

  172.     $dhd = new DedeHttpDown();

  173.     $dhd->OpenUrl($hashUrl);

  174.     $data = $dhd->GetJSON();

  175.     if (empty($data)) {

  176.         echo json_encode(array(

  177.             "code"=>-1,

  178.             "msg"=>'获取版本信息失败',

  179.         ));

  180.         exit;

  181.     }

  182.     $changedFiles = array();

  183.     $enkey = substr(md5(substr($cfg_cookie_encode, 0, 5)), 0, 10);

  184.     $backupPath = DEDEDATA."/backupfile_{$enkey}";

  185.     RmRecurse($backupPath);

  186.     mkdir($backupPath);

  187.     foreach ($data as $file) {

  188.         $realFile = DEDEROOT.str_replace("\\", '/', $file->filename);

  189.         if (file_exists($realFile) && md5_file($realFile) !== $file->hash) {

  190.             //备份文件

  191.             $dstFile = $backupPath.'/'.str_replace("\\", '/', $file->filename);

  192.             @mkdir(dirname($dstFile), 0777, true);

  193.             copy($realFile, $dstFile);

  194.         }

  195.     }

  196.     echo json_encode(array(

  197.         "code" => 0,

  198.         "msg" => "",

  199.         "data" => array(

  200.             "backupdir" => "data/backupfile_{$enkey}",

  201.         ),

  202.     ));

  203.     exit;

  204. } else if ($action === 'get_update_versions') {

  205.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  206.     checkLogin();

  207.     //获取本地更改过的文件

  208.     $offUrl = DEDEBIZURL."/versions?version={$cfg_version_detail}";

  209.     $dhd = new DedeHttpDown();

  210.     $dhd->OpenUrl($offUrl);

  211.     $data = $dhd->GetHtml();

  212.     if (empty($data)) {

  213.         echo json_encode(array(

  214.             "code"=>-1,

  215.             "msg"=>'获取版本信息失败',

  216.         ));

  217.         exit;

  218.     }

  219.     $arr = json_decode($data);

  220.     SetCache('update', 'vers', $arr->result->Versions);

  221.     echo $data;

  222.     exit;

  223. } else if ($action === 'update') {

  224.     require_once(DEDEINC.'/libraries/dedehttpdown.class.php');

  225.     $row = GetCache('update', 'vers');

  226.     if (count($row) === 0) {

  227.         echo json_encode(array(

  228.             "code" => -1,

  229.             "msg" => "请先获取版本更新记录",

  230.             "data" => null,

  231.         ));

  232.         exit;

  233.     }

  234.     $enkey = substr(md5(substr($cfg_cookie_encode, 0, 5)), 0, 10);

  235.     $backupPath = DEDEDATA."/updatefile_{$enkey}";

  236.     @mkdir($backupPath);

  237.     foreach ($row as $k => $ver) {

  238.         if ($ver->isdownload !== true) {

  239.             $filesUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/files.txt';

  240.             $dhd = new DedeHttpDown();

  241.             $dhd->OpenUrl($filesUrl);

  242.             $fileList = $dhd->GetJSON();

  243.             $dhd->Close();

  244.             $backupVerPath = $backupPath.'/'.$ver->ver;

  245.             RmRecurse($backupVerPath);

  246.             mkdir($backupVerPath);

  247.             foreach ($fileList as $f) {

  248.                 if (!preg_match("/^\//", $f->filename)) {

  249.                     //忽略src之外的目录

  250.                     continue;

  251.                 }

  252.                 $fileUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/src'.$f->filename;

  253.                 $dhd = new DedeHttpDown();

  254.                 $dhd->OpenUrl($fileUrl);

  255.                 $fData = $dhd->GetHtml();

  256.                 $dhd->Close();

  257.                 $f->filename = preg_replace('/^\/admin/', $curDir, $f->filename);

  258.                 $realFile = $backupVerPath.$f->filename;

  259.                 @mkdir(dirname($realFile), 0777, true);

  260.                 file_put_contents($realFile, $fData);

  261.             }

  262.             $sqlUrl = DEDEBIZCDN.'/update/'.$ver->ver.'/update.sql';

  263.             $dhd = new DedeHttpDown();

  264.             $dhd->OpenUrl($sqlUrl);

  265.             $fData = $dhd->GetHtml();

  266.             $dhd->Close();

  267.             $realFile = $backupVerPath.'/update.sql';

  268.             file_put_contents($realFile, $fData);

  269.             $realFile = $backupVerPath.'/files.txt';

  270.             file_put_contents($realFile, json_encode($fileList));

  271.             $row[$k]->isdownload = true;

  272.             SetCache('update', 'vers', $row);

  273.             echo json_encode(array(

  274.                 "code" => 0,

  275.                 "msg" => "正在下载{$ver->ver}的版本更新文件",

  276.                 "data" => array(

  277.                     "finish" => false,

  278.                 ),

  279.             ));

  280.             exit;

  281.         }

  282.     }

  283.     foreach ($row as $k => $ver) {

  284.         if ($ver->ispatched !== true) {

  285.             $backupVerPath = $backupPath.'/'.$ver->ver;

  286.             //执行更新SQL文件

  287.             $sql = file_get_contents($backupVerPath.'/update.sql');

  288.             if (!empty($sql)) {

  289.                 $sql = preg_replace('#ENGINE=MyISAM#i', 'TYPE=MyISAM', $sql);

  290.                 $sql41tmp = 'ENGINE=MyISAM DEFAULT CHARSET='.$cfg_db_language;

  291.                 $sql = preg_replace('#TYPE=MyISAM#i', $sql41tmp, $sql);

  292.                 $sqls = explode(";\r\n", $sql);

  293.                 foreach ($sqls as $sql) {

  294.                     if (trim($sql) != '') {

  295.                         $dsql->safeCheck = false;

  296.                         $dsql->ExecuteNoneQuery(trim($sql));

  297.                         $dsql->safeCheck = true;

  298.                     }

  299.                 }

  300.             }

  301.             //复制文件

  302.             $fileList = json_decode(file_get_contents($backupVerPath.'/files.txt'));

  303.             foreach ($fileList as $f) {

  304.                 if (!preg_match("/^\//", $f->filename)) {

  305.                     //忽略src之外的目录

  306.                     continue;

  307.                 }

  308.                 $f->filename = preg_replace('/^\/admin/', $curDir, $f->filename);

  309.                 $srcFile = $backupVerPath.$f->filename;

  310.                 $dstFile = str_replace(array("\\", "//"), '/', DEDEROOT.$f->filename);

  311.                 @mkdir(dirname($dstFile), 0777, true);

  312.                 $rs = @copy($srcFile, $dstFile);

  313.                 if ($rs) {

  314.                     unlink($srcFile);

  315.                 }

  316.             }

  317.             $row[$k]->ispatched = true;

  318.             SetCache('update', 'vers', $row);

  319.             RmRecurse($backupVerPath);

  320.             echo json_encode(array(

  321.                 "code" => 0,

  322.                 "msg" => "正在应用{$ver->ver}的版本补丁文件",

  323.                 "data" => array(

  324.                     "finish" => false,

  325.                 ),

  326.             ));

  327.             exit;

  328.         }

  329.     }

  330.     echo json_encode(array(

  331.         "code" => 0,

  332.         "msg" => "",

  333.         "data" => array(

  334.             "finish" => true,

  335.         ),

  336.     ));

  337.     exit;

  338. } else if($action === 'upload_image'){

  339.     checkLogin();

  340.     $imgfile_name = $_FILES["file"]['name'];

  341.     $activepath = $cfg_image_dir;

  342.     $allowedTypes = array("image/pjpeg", "image/jpeg", "image/gif", "image/png", "image/xpng", "image/wbmp", "image/webp");

  343.     $uploadedFile = $_FILES['file']['tmp_name'];

  344.     $fileType = mime_content_type($uploadedFile);

  345.     $imgSize = getimagesize($uploadedFile);

  346.     if (!in_array($fileType, $allowedTypes) || !$imgSize) {

  347.         echo json_encode(array(

  348.             "code" => -1,

  349.             "msg" => "仅支持图片格式文件",

  350.             "data" => null,

  351.         ));

  352.         exit;

  353.     }

  354.     $nowtme = time();

  355.     $mdir = MyDate($cfg_addon_savetype, $nowtme);

  356.     if (!is_dir($cfg_basedir.$activepath."/$mdir")) {

  357.         MkdirAll($cfg_basedir.$activepath."/$mdir", $cfg_dir_purview);

  358.         CloseFtp();

  359.     }

  360.     $cuserLogin = new userLogin();

  361.     $iseditor = isset($iseditor)? intval($iseditor) : 0;

  362.     $filename_name = $cuserLogin->getUserID().'-'.dd2char(MyDate("ymdHis", $nowtme).mt_rand(100, 999));

  363.     $filename = $mdir.'/'.$filename_name;

  364.     $fs = explode('.', $imgfile_name);

  365.     $filename = $filename.'.'.$fs[count($fs) - 1];

  366.     $filename_name = $filename_name.'.'.$fs[count($fs) - 1];

  367.     $fullfilename = $cfg_basedir.$activepath."/".$filename;

  368.     move_uploaded_file($_FILES["file"]["tmp_name"], $fullfilename) or die(json_encode(array(

  369.         "code" => -1,

  370.         "msg" => "上传失败",

  371.         "data" => null,

  372.     )));

  373.     $info = '';

  374.     $sizes[0] = 0;

  375.     $sizes[1] = 0;

  376.     $sizes = getimagesize($fullfilename, $info);

  377.     $imgwidthValue = $sizes[0];

  378.     $imgheightValue = $sizes[1];

  379.     $imgsize = filesize($fullfilename);

  380.     $inquery = "INSERT INTO `#@__uploads` (arcid,title,url,mediatype,width,height,playtime,filesize,uptime,mid) VALUES ('0','$filename','".$activepath."/".$filename."','1','$imgwidthValue','$imgheightValue','0','{$imgsize}','{$nowtme}','".$cuserLogin->getUserID()."'); ";

  381.     $dsql->ExecuteNoneQuery($inquery);

  382.     $fid = $dsql->GetLastID();

  383.     AddMyAddon($fid, $activepath.'/'.$filename);

  384.     echo json_encode(array(

  385.         "code" => 0,

  386.         "msg" => "上传成功",

  387.         "data" => $activepath."/".$filename,

  388.     ));

  389. 

  390. }

  391. ?>