/
AttachmentController.class.php
401 lines (349 loc) · 15.1 KB
/
AttachmentController.class.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
<?php
//附件/图片等等
namespace Api\Controller;
use Think\Controller;
class AttachmentController extends BaseController {
public function index(){
echo 'Attachment';
}
//浏览附件
public function visitFile(){
$sign = I("sign");
$imageView2 = I("imageView2");
$d = D("UploadFile") ;
$ret = $d->where(" sign = '%s' ",array($sign))->find();
if ($ret) {
$beyond_the_quota = 0 ;
$days = ceil(( time() -$ret['addtime'])/86400);//自添加图片以来的天数
$adv_day_times = $ret['visit_times'] / $days ; //平均每天的访问次数
$flow_rate = ( $ret['file_size'] * $ret['visit_times'] ) / $days ; //日均流量
//如果是apk文件且在微信浏览器中打开
if ( strpos($_SERVER['HTTP_USER_AGENT'], 'MicroMessenger') !== false && strpos($ret['real_url'] , '.apk') !== false ) {
header("Content-type: text/html; charset=utf-8");
echo "<head><title>温馨提示</title></head>";
echo "<br><h1>微信不支持直接下载,请点击右上角“---”在外部浏览器中打开</h1>";
return ;
}
$d->where(" sign = '%s' ",array($sign))->save(array("visit_times" => $ret['visit_times'] + 1 ,"last_visit_time"=>time()));
//记录用户流量
D("Attachment")->recordUserFlow($ret['uid'] , $ret['file_size']) ;
//$ret['cache_url'] = '' ; //把这个变量赋值为空,禁用掉cache_url;
if ($ret['cache_url']) {
$url = $ret['cache_url'] ;
}else{
$url = $ret['real_url'] ;
}
$array = explode("/Public/Uploads/", $url) ;
$file_path = "../Public/Uploads/".$array[1] ;
$oss_open = D("Options")->get("oss_open" ) ;
if (!$oss_open
&& file_exists($file_path)
&& $ret['display_name']
&& !strstr(strtolower($file_path),'.bmp')
&& !strstr(strtolower($file_path),'.jpg')
&& !strstr(strtolower($file_path),'.png')
&& !strstr(strtolower($file_path),'.pdf')
) {
$this->_downloadFile($file_path, $ret['display_name']);
}else{
header("location:{$url}");
}
}else{
echo "www.showdoc.cc";
}
}
//上传图片
public function uploadImg(){
$login_user = $this->checkLogin();
$item_id = I("item_id/d") ? I("item_id/d") : 0 ;
$page_id = I("page_id/d") ? I("page_id/d") : 0 ;
if ($_FILES['editormd-image-file']['name'] == 'blob') {
$_FILES['editormd-image-file']['name'] .= '.jpg';
}
if (!$_FILES['editormd-image-file']) {
return false;
}
if(D("Attachment")->isDangerFilename($_FILES['editormd-image-file']['name'])){
return false;
}
$url = D("Attachment")->upload($_FILES , 'editormd-image-file' , $login_user['uid'] , $item_id , $page_id ) ;
if ($url) {
echo json_encode(array("url"=>$url,"success"=>1));
}
}
//上传附件
public function attachmentUpload(){
$login_user = $this->checkLogin();
$item_id = I("item_id/d") ? I("item_id/d") : 0 ;
$page_id = I("page_id/d") ? I("page_id/d") : 0 ;
$uploadFile = $_FILES['file'] ;
// 如果附件是要上传绑定到某个页面,那么检验项目权限。如果不绑定,只是上传到自己的文件库,则不需要校验项目权限
if( $page_id > 0 || $item_id > 0){
if (!$this->checkItemEdit($login_user['uid'] , $item_id)) {
$this->sendError(10103);
return;
}
}
if (!$uploadFile) {
return false;
}
if(D("Attachment")->isDangerFilename($uploadFile['name'])){
$this->sendError(10100,'不支持此文件类型');
return false;
}
$url = D("Attachment")->upload($_FILES , 'file' , $login_user['uid'] , $item_id , $page_id ) ;
if ($url) {
echo json_encode(array("url"=>$url,"success"=>1));
}
}
//页面的上传附件列表
public function pageAttachmentUploadList(){
$login_user = $this->checkLogin(false);
$item_id = I("item_id/d") ? I("item_id/d") : 0 ;
$page_id = I("page_id/d") ? I("page_id/d") : 0 ;
if (!$page_id) {
$this->sendError(10103,"请至少先保存一次页面内容");
return;
}
$return = array() ;
$files = D("UploadFile")->join(" file_page on file_page.file_id = upload_file.file_id")->field("upload_file.* , file_page.item_id as item_id ,file_page.page_id as page_id ")->where("file_page.page_id = '$page_id' ")->order("file_page.addtime desc")->select();
if ($files) {
$item_id = $files[0]['item_id'] ;
if (!$this->checkItemVisit($login_user['uid'] , $item_id)) {
$this->sendError(10103);
return;
}
foreach ($files as $key => $value) {
$url = '';
if($value['sign']){
$url = server_url("api/attachment/visitFile",array("sign" => $value['sign'])) ;
}else{
$url = $value['real_url'] ;
}
$return[] = array(
"file_id"=>$value['file_id'],
"display_name"=>$value['display_name'],
"url"=>$url,
"addtime"=> date("Y-m-d H:i:s" , $value['addtime'] ),
);
}
}
$this->sendResult($return);
}
//删除页面中已上传文件
public function deletePageUploadFile(){
$login_user = $this->checkLogin();
$file_id = I("file_id/d") ? I("file_id/d") : 0 ;
$page_id = I("page_id/d") ? I("page_id/d") : 0 ;
$count = D("FilePage")->where(" file_id = '$file_id' and page_id > 0 ")->count() ;
if($count <= 1 ){
$this->deleteMyAttachment();
}else{
$page = M("Page")->where(" page_id = '$page_id' ")->find();
if (!$this->checkItemEdit($login_user['uid'] , $page['item_id'])) {
$this->sendError(10103);
return;
}
$res = D("FilePage")->where(" file_id = '$file_id' and page_id = '$page_id' ")->delete() ;
if($res){
$this->sendResult(array());
}else{
$this->sendError(10101,"删除失败");
}
}
}
//获取全站的附件列表。给管理员查看附件用
public function getAllList(){
$login_user = $this->checkLogin();
$this->checkAdmin(); //重要,校验管理员身份
$page = I("page/d");
$count = I("count/d");
$attachment_type = I("attachment_type/d");
$display_name = I("display_name");
$username = I("username");
$return = array() ;
$where = ' 1 = 1 ';
if($attachment_type == 1 ){
$where .=" and file_type like '%image%' " ;
}
if($attachment_type == 2 ){
$where .=" and file_type not like '%image%' " ;
}
if($display_name){
$display_name = \SQLite3::escapeString($display_name) ;
$where .=" and display_name like '%{$display_name}%' " ;
}
if($username){
$username = \SQLite3::escapeString($username) ;
$uid = D("User")->where(" username = '{$username}' ")->getField('uid') ;
$uid = $uid ? $uid : -99 ;
$where .=" and uid = '{$uid}' " ;
}
$files = D("UploadFile")->where($where)->order("addtime desc")->page($page ,$count)->select();
if ($files) {
foreach ($files as $key => $value) {
$username = '';
if($value['uid']){
$username = D("User")->where(" uid = {$value['uid']} ")->getField('username') ;
}
$url = '';
if($value['sign']){
$url = server_url("api/attachment/visitFile",array("sign" => $value['sign'])) ;
}else{
$url = $value['real_url'] ;
}
$return['list'][] = array(
"file_id"=>$value['file_id'],
"username"=>$username,
"uid"=>$value['uid'],
"file_type"=>$value['file_type'],
"visit_times"=>$value['visit_times'],
"file_size"=>$value['file_size'],
"item_id"=>$value['item_id'],
"page_id"=>$value['page_id'],
"file_size_m"=>round( $value['file_size']/(1024*1024),3),
"display_name"=>$value['display_name']?$value['display_name']:'',
"url"=>$url ,
"addtime"=> date("Y-m-d H:i:s" , $value['addtime'] ),
"last_visit_time"=> date("Y-m-d H:i:s" , $value['last_visit_time'] ),
);
}
}
$return['total'] = D("UploadFile")->where($where)->count();
$used = D("UploadFile")->where($where)->getField('sum(file_size)');
$return['used'] = $used ;
$return['used_m'] = round( $used/(1024*1024),3) ;
$this->sendResult($return);
}
//删除附件
public function deleteAttachment(){
$login_user = $this->checkLogin();
$this->checkAdmin(); //重要,校验管理员身份
$file_id = I("file_id/d") ? I("file_id/d") : 0 ;
$file = D("UploadFile")->where("file_id = '$file_id' ")->find();
$ret = D("Attachment")->deleteFile($file_id);
if ($ret) {
$this->sendResult(array());
}else{
$this->sendError(10101,"删除失败");
}
}
//获取我的附件列表
public function getMyList(){
$login_user = $this->checkLogin();
$page = I("page/d");
$count = I("count/d");
$attachment_type = I("attachment_type/d");
$display_name = I("display_name");
$username = I("username");
$return = array() ;
$where = " uid = {$login_user['uid']} ";
if($attachment_type == 1 ){
$where .=" and file_type like '%image%' " ;
}
if($attachment_type == 2 ){
$where .=" and file_type not like '%image%' " ;
}
if($display_name){
$display_name = \SQLite3::escapeString($display_name) ;
$where .=" and display_name like '%{$display_name}%' " ;
}
$files = D("UploadFile")->where($where)->order("addtime desc")->page($page ,$count)->select();
if ($files) {
foreach ($files as $key => $value) {
$username = '';
$return['list'][] = array(
"file_id"=>$value['file_id'],
"uid"=>$value['uid'],
"file_type"=>$value['file_type'],
"visit_times"=>$value['visit_times'],
"file_size"=>$value['file_size'],
"item_id"=>$value['item_id'],
"page_id"=>$value['page_id'],
"file_size_m"=>round( $value['file_size']/(1024*1024),3),
"display_name"=>$value['display_name']?$value['display_name']:'',
"url"=>server_url("api/attachment/visitFile",array("sign" => $value['sign'])),
"addtime"=> date("Y-m-d H:i:s" , $value['addtime'] ),
"last_visit_time"=> date("Y-m-d H:i:s" , $value['last_visit_time'] ),
);
}
}
$return['total'] = D("UploadFile")->where($where)->count();
$used = D("UploadFile")->where($where)->getField('sum(file_size)');
$return['used'] = $used ;
$return['used_m'] = round( $used/(1024*1024),3) ;
$used_flow = D("Attachment")->getUserFlow($login_user['uid']) ; ; //该用户的本月使用流量
$return['used_flow_m'] = round( $used_flow/(1024*1024),3) ;
$this->sendResult($return);
}
//删除附件
public function deleteMyAttachment(){
$login_user = $this->checkLogin();
$file_id = I("file_id/d") ? I("file_id/d") : 0 ;
$file = D("UploadFile")->where("file_id = '$file_id' and uid ='$login_user[uid]' ")->find();
if($file){
$ret = D("Page")->deleteFile($file_id);
if ($ret) {
$this->sendResult(array());
return ;
}
}
$this->sendError(10101,"删除失败");
}
//将已上传文件绑定到页面中
public function bindingPage(){
$login_user = $this->checkLogin();
$file_id = I("file_id/d") ? I("file_id/d") : 0 ;
$page_id = I("page_id/d");
$file = D("UploadFile")->where("file_id = '$file_id' and uid ='$login_user[uid]' ")->find();
$page = M("Page")->where(" page_id = '$page_id' ")->find();
if (!$this->checkItemEdit($login_user['uid'] , $page['item_id'])) {
$this->sendError(10103);
return;
}
$insert = array(
"file_id" => $file_id,
"item_id" => $page['item_id'] ,
"page_id" => $page_id,
"addtime" => time(),
);
$ret = D("FilePage")->add($insert);
if( $ret){
$this->sendResult(array());
}else{
$this->sendError(10101);
}
}
//输出本地文件到浏览器
public function _downloadFile($filename, $rename='showdoc') {
//设置脚本的最大执行时间,设置为0则无时间限制
set_time_limit(3000);
ini_set('max_execution_time', '0');
//通过header()发送头信息
//因为不知道文件是什么类型的,告诉浏览器输出的是字节流
header('content-type:application/octet-stream');
//告诉浏览器返回的文件大小类型是字节
header('Accept-Ranges:bytes');
//获得文件大小
$filesize = filesize($filename);//(此方法无法获取到远程文件大小),远程文件用下面get_headers方法
//$header_array = get_headers($filename, true);
//$filesize = $header_array['Content-Length'];
//var_dump($header_array);exit();
//告诉浏览器返回的文件大小
header('Accept-Length:'.$filesize);
//告诉浏览器文件作为附件处理并且设定最终下载完成的文件名称
header('content-disposition:attachment;filename='.basename($rename));
//针对大文件,规定每次读取文件的字节数为4096字节,直接输出数据
$read_buffer = 4096;
$handle = fopen($filename, 'rb');
//总的缓冲的字节数
$sum_buffer = 0;
//只要没到文件尾,就一直读取
while(!feof($handle) && $sum_buffer<$filesize) {
echo fread($handle,$read_buffer);
$sum_buffer += $read_buffer;
}
//关闭句柄
fclose($handle);
}
}