zhengxifeng
/
zc100
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Nessuna descrizione
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
3 Rami (Branch)
Albero (Tree): 44fd6f8a91
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '44fd6f8a91'
${ noResults }
zc100/application/admin/logic/FilemanagerLogic.php

FilemanagerLogic.php 15KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417 
  1. <?php

  2. /**

  3.  * 易优CMS

  4.  * ============================================================================

  5.  * 版权所有 2016-2028 海口快推科技有限公司,并保留所有权利。

  6.  * 网站地址: http://www.eyoucms.com

  7.  * ----------------------------------------------------------------------------

  8.  * 如果商业用途务必到官方购买正版授权, 以免引起不必要的法律纠纷.

  9.  * ============================================================================

  10.  * Author: 小虎哥 <1105415366@qq.com>

  11.  * Date: 2018-4-3

  12.  */

  13. 

  14. namespace app\admin\logic;

  15. 

  16. use think\Model;

  17. use think\Db;

  18. /**

  19.  * 文件管理逻辑定义

  20.  * Class CatsLogic

  21.  * @package admin\Logic

  22.  */

  23. class FilemanagerLogic extends Model

  24. {

  25.     public $globalTpCache = array();

  26.     public $baseDir = ''; // 服务器站点根目录绝对路径

  27.     public $maxDir = '';

  28.     public $replaceImgOpArr = array(); // 替换权限

  29.     public $editOpArr = array(); // 编辑权限

  30.     public $renameOpArr = array(); // 改名权限

  31.     public $delOpArr = array(); // 删除权限

  32.     public $moveOpArr = array(); // 移动权限

  33.     public $editExt = array(); // 允许新增/编辑扩展名文件

  34.     public $disableFuns = array(); // 允许新增/编辑扩展名文件

  35. 

  36.     /**

  37.      * 析构函数

  38.      */

  39.     function  __construct() {

  40.         $this->globalTpCache = tpCache('global');

  41.         $this->baseDir = rtrim(ROOT_PATH, DS); // 服务器站点根目录绝对路径

  42.         $this->maxDir = $this->globalTpCache['web_templets_dir']; // 默认文件管理的最大级别目录

  43.         // 替换权限

  44.         $this->replaceImgOpArr = array('gif','jpg','svg');

  45.         // 编辑权限

  46.         $this->editOpArr = array('txt','htm','js','css');

  47.         // 改名权限

  48.         $this->renameOpArr = array('dir','gif','jpg','svg','flash','zip','exe','mp3','wmv','rm','txt','htm','js','css','other');

  49.         // 删除权限

  50.         $this->delOpArr = array('dir','gif','jpg','svg','flash','zip','exe','mp3','wmv','rm','txt','htm','php','js','css','other');

  51.         // 移动权限

  52.         $this->moveOpArr = array('gif','jpg','svg','flash','zip','exe','mp3','wmv','rm','txt','htm','js','css','other');

  53.         // 允许新增/编辑扩展名文件

  54.         $this->editExt = array('htm','js','css','txt');

  55.         // 过滤php危险函数

  56.         $this->disableFuns = ['phpinfo'];

  57.     }

  58. 

  59.     /**

  60.      * 编辑文件

  61.      *

  62.      * @access    public

  63.      * @param     string  $filename  文件名

  64.      * @param     string  $activepath  当前路径

  65.      * @param     string  $content  文件内容

  66.      * @return    string

  67.      */

  68.     public function editFile($filename, $activepath = '', $content = '')

  69.     {

  70.         $security = tpSetting('security');

  71.         if (empty($security['security_ask_open']) || empty($security['security_answer'])) {

  72.             return '需要开启密保问题设置';

  73.         } else {

  74.             $admin_id = session('?admin_id') ? (int)session('admin_id') : 0;

  75.             $admin_info = Db::name('admin')->field('admin_id,last_ip')->where(['admin_id'=>$admin_id])->find();

  76.             // 当前管理员二次安全验证过的IP地址

  77.             $security_answerverify_ip = !empty($security['security_answerverify_ip']) ? $security['security_answerverify_ip'] : '-1';

  78.             // 同IP不验证

  79.             if (empty($admin_info) || $admin_info['last_ip'] != $security_answerverify_ip) {

  80.                 return '出于安全考虑,请勿非法越过密保答案验证';

  81.             }  

  82.         }

  83. 

  84.         if (!filename_preg_match()) {

  85.             return '文件名称含有非法入侵字符!';

  86.         }

  87. 

  88.         $fileinfo = pathinfo($filename);

  89.         $ext = strtolower($fileinfo['extension']);

  90.         $filename = trim($fileinfo['filename'], '.').'.'.$fileinfo['extension'];

  91. 

  92.         /*不允许越过指定最大级目录的文件编辑*/

  93.         $tmp_max_dir = preg_replace("#\/#i", "\/", $this->maxDir);

  94.         if (!preg_match("#^".$tmp_max_dir."#i", $activepath)) {

  95.             return '没有操作权限!';

  96.         }

  97.         /*--end*/

  98. 

  99.         /*允许编辑的文件类型*/

  100.         if (!in_array($ext, $this->editExt)) {

  101.             return '只允许操作文件类型如下:'.implode('|', $this->editExt);

  102.         }

  103.         /*--end*/

  104. 

  105.         $file = $this->baseDir."$activepath/$filename";

  106.         if (!is_writable(dirname($file))) {

  107.             return "请把模板文件目录设置为可写入权限!";

  108.         }

  109.         if ('htm' == $ext) {

  110.             $content = htmlspecialchars_decode($content, ENT_QUOTES);

  111.             if (preg_match('#<([^?]*)\?php#i', $content) || preg_match('#<\?(\s*)=#i', $content) || (preg_match('#<\?#i', $content) && preg_match('#\?>#i', $content)) || preg_match('#\{eyou\:php([^\}]*)\}#i', $content) || preg_match('#\{php([^\}]*)\}#i', $content) || preg_match('#(\s+)language(\s*)=(\s*)("|\')?php("|\')?#i', $content)) {

  112.                 return "模板里不允许有php语法,为了安全考虑,请通过FTP工具进行编辑上传。";

  113.             }

  114.             foreach ($this->disableFuns as $key => $val) {

  115.                 $val_new = msubstr($val, 0, 1).'-'.msubstr($val, 1);

  116.                 $content = preg_replace("/(@)?".$val."(\s*)\(/i", "{$val_new}(", $content);

  117.             }

  118.         }

  119.         $fp = fopen($file, "w");

  120.         fputs($fp, $content);

  121.         fclose($fp);

  122.         return true;

  123.     }

  124. 

  125.     /**

  126.      * 上传文件

  127.      *

  128.      * @param     string  $dirname  新目录

  129.      * @param     string  $activepath  当前路径

  130.      * @param     boolean  $replace  是否替换

  131.      * @param     string  $type  文件类型:图片image , 附件file , 视频media

  132.      */

  133.     public function upload($fileElementId, $activepath = '', $replace = false, $type = 'image')

  134.     {

  135.         $retData = [];

  136.         $file = request()->file($fileElementId);

  137.         if (is_object($file) && !is_array($file)) {

  138.             $retData = $this->uploadfile($file, $activepath, $replace, $type);

  139.         } 

  140.         else if (!is_object($file) && is_array($file)) {

  141.             $fileArr = $file;

  142.             $i = 0;

  143.             $j = 0;

  144.             foreach ($fileArr as $key => $fileObj) {

  145.                 if (empty($fileObj)) {

  146.                     continue;

  147.                 }

  148.                 $res = $this->uploadfile($fileObj, $activepath, $replace, $type);

  149.                 if(!empty($res['code']) && $res['code'] == 1) {

  150.                     $i++;

  151.                 } else {

  152.                     $j++;

  153.                 }

  154.             }

  155. 

  156.             if ($j == 0) {

  157.                 $retData['code'] = 0;

  158.                 $retData['msg'] = "上传失败 $i 个文件到: $activepath";

  159.             } else {

  160.                 $retData['code'] = 1;

  161.                 $retData['msg'] = "上传成功!";

  162.             }

  163.         }

  164. 

  165.         return $retData;

  166.     }

  167. 

  168.     /**

  169.      * 自定义上传

  170.      *

  171.      * @param     object  $file  文件对象

  172.      * @param     string  $activepath  当前路径

  173.      * @param     boolean  $replace  是否替换

  174.      * @param     string  $type  文件类型:图片image , 附件file , 视频media

  175.      */

  176.     public function uploadfile($file, $activepath = '', $replace = false, $type = 'image')

  177.     {

  178.         $validate = array();

  179. 

  180.         /*文件类型限制*/

  181.         switch ($type) {

  182.             case 'image':

  183.                 $validate_ext = tpCache('basic.image_type');

  184.                 break;

  185. 

  186.             case 'file':

  187.                 $validate_ext = tpCache('basic.file_type');

  188.                 break;

  189. 

  190.             case 'media':

  191.                 $validate_ext = tpCache('basic.media_type');

  192.                 break;

  193.             

  194.             default:

  195.                 $validate_ext = tpCache('basic.image_type');

  196.                 break;

  197.         }

  198.         $validate['ext'] = explode('|', $validate_ext);

  199.         /*--end*/

  200. 

  201.         /*文件大小限制*/

  202.         $validate_size = tpCache('basic.file_size');

  203.         if (!empty($validate_size)) {

  204.             $validate['size'] = $validate_size * 1024 * 1024; // 单位为b

  205.         }

  206.         /*--end*/

  207. 

  208.         /*上传文件验证*/

  209.         if (!empty($validate)) {

  210.             $is_validate = $file->check($validate);

  211.             if ($is_validate === false) {

  212.                 return ['code'=>0, 'msg'=>$file->getError()];

  213.             }   

  214.         }

  215.         /*--end*/

  216. 

  217.         $savePath = !empty($activepath) ? trim($activepath, '/') : UPLOAD_PATH.'temp';

  218.         if (!file_exists($savePath)) {

  219.             tp_mkdir($savePath);

  220.         }

  221. 

  222.         if (false == $replace) {

  223.             $fileinfo = $file->getInfo();

  224.             $filename = pathinfo($fileinfo['name'], PATHINFO_BASENAME); //获取上传文件名

  225.         } else {

  226.             $filename = $replace;

  227.         }

  228.         $fileExt = pathinfo($filename, PATHINFO_EXTENSION); //获取上传文件扩展名

  229.         if (!in_array($fileExt, $validate['ext'])) {

  230.             return ['code'=>0, 'msg'=>'上传文件后缀不允许'];

  231.         }

  232. 

  233.         // 使用自定义的文件保存规则

  234.         $info = $file->move($savePath, $filename, true);

  235.         if($info){

  236.             return ['code'=>1, 'msg'=>'上传成功'];

  237.         }else{

  238.             return ['code'=>0, 'msg'=>$file->getError()];

  239.         }

  240.     }

  241. 

  242.     /**

  243.      * 当前目录下的文件列表

  244.      */

  245.     public function getDirFile($directory, $activepath = '',  &$arr_file = array()) {

  246. 

  247.         if (!file_exists($directory)) {

  248.             return false;

  249.         }

  250. 

  251.         $fileArr = $dirArr = $parentArr = array();

  252. 

  253.         $mydir = dir($directory);

  254.         while(false !== $file = $mydir->read())

  255.         {

  256.             $filesize = $filetime = $intro = '';

  257.             $filemine = 'file';

  258. 

  259.             if($file != "." && $file != ".." && !is_dir("$directory/$file"))

  260.             {

  261.                 @$filesize = filesize("$directory/$file");

  262.                 @$filesize = format_bytes($filesize);

  263.                 @$filetime = filemtime("$directory/$file");

  264.             }

  265. 

  266.             if ($file == '.') 

  267.             {

  268.                 continue;

  269.             } 

  270.             else if($file == "..") 

  271.             {

  272.                 if($activepath == "" || $activepath == $this->maxDir) {

  273.                     continue;

  274.                 }

  275.                 $parentArr = array(

  276.                     array(

  277.                         'filepath'  => preg_replace("#[\/][^\/]*$#i", "", $activepath),

  278.                         'filename'  => '上级目录',

  279.                         'filesize'  => '',

  280.                         'filetime'  => '',

  281.                         'filemine'  => 'dir',

  282.                         'filetype'  => 'dir2',

  283.                         'icon'      => 'file_topdir.gif',

  284.                         'intro'  => '(当前目录:'.$activepath.')',

  285.                     ),

  286.                 );

  287.                 continue;

  288.             } 

  289.             else if(is_dir("$directory/$file"))

  290.             {

  291.                 if(preg_match("#^_(.*)$#i", $file)) continue; #屏蔽FrontPage扩展目录和linux隐蔽目录

  292.                 if(preg_match("#^\.(.*)$#i", $file)) continue;

  293.                 $file_info = array(

  294.                     'filepath'  => $activepath.'/'.$file,

  295.                     'filename'  => $file,

  296.                     'filesize'  => '',

  297.                     'filetime'  => '',

  298.                     'filemine'  => 'dir',

  299.                     'filetype'  => 'dir',

  300.                     'icon'      => 'dir.gif',

  301.                     'intro'     => '',

  302.                 );

  303.                 array_push($dirArr, $file_info);

  304.                 continue;

  305.             }

  306.             else if(preg_match("#\.(gif|png)#i",$file))

  307.             {

  308.                 $filemine = 'image';

  309.                 $filetype = 'gif';

  310.                 $icon = 'gif.gif';

  311.             }

  312.             else if(preg_match("#\.(jpg|jpeg|bmp|webp)#i",$file))

  313.             {

  314.                 $filemine = 'image';

  315.                 $filetype = 'jpg';

  316.                 $icon = 'jpg.gif';

  317.             }

  318.             else if(preg_match("#\.(svg)#i",$file))

  319.             {

  320.                 $filemine = 'image';

  321.                 $filetype = 'svg';

  322.                 $icon = 'jpg.gif';

  323.             }

  324.             else if(preg_match("#\.(swf|fla|fly)#i",$file))

  325.             {

  326.                 $filetype = 'flash';

  327.                 $icon = 'flash.gif';

  328.             }

  329.             else if(preg_match("#\.(zip|rar|tar.gz)#i",$file))

  330.             {

  331.                 $filetype = 'zip';

  332.                 $icon = 'zip.gif';

  333.             }

  334.             else if(preg_match("#\.(exe)#i",$file))

  335.             {

  336.                 $filetype = 'exe';

  337.                 $icon = 'exe.gif';

  338.             }

  339.             else if(preg_match("#\.(mp3|wma)#i",$file))

  340.             {

  341.                 $filetype = 'mp3';

  342.                 $icon = 'mp3.gif';

  343.             }

  344.             else if(preg_match("#\.(wmv|api)#i",$file))

  345.             {

  346.                 $filetype = 'wmv';

  347.                 $icon = 'wmv.gif';

  348.             }

  349.             else if(preg_match("#\.(rm|rmvb)#i",$file))

  350.             {

  351.                 $filetype = 'rm';

  352.                 $icon = 'rm.gif';

  353.             }

  354.             else if(preg_match("#\.(txt|inc|pl|cgi|asp|xml|xsl|aspx|cfm)#",$file))

  355.             {

  356.                 $filetype = 'txt';

  357.                 $icon = 'txt.gif';

  358.             }

  359.             else if(preg_match("#\.(htm|html)#i",$file))

  360.             {

  361.                 $filetype = 'htm';

  362.                 $icon = 'htm.gif';

  363.             }

  364.             else if(preg_match("#\.(php)#i",$file))

  365.             {

  366.                 $filetype = 'php';

  367.                 $icon = 'php.gif';

  368.             }

  369.             else if(preg_match("#\.(js)#i",$file))

  370.             {

  371.                 $filetype = 'js';

  372.                 $icon = 'js.gif';

  373.             }

  374.             else if(preg_match("#\.(css)#i",$file))

  375.             {

  376.                 $filetype = 'css';

  377.                 $icon = 'css.gif';

  378.             }

  379.             else

  380.             {

  381.                 $filetype = 'other';

  382.                 $icon = 'other.gif';

  383.             }

  384. 

  385.             $file_info = array(

  386.                 'filepath'  => $activepath.'/'.$file,

  387.                 'filename'  => $file,

  388.                 'filesize'  => $filesize,

  389.                 'filetime'  => $filetime,

  390.                 'filemine'  => $filemine,

  391.                 'filetype'  => $filetype,

  392.                 'icon'      => $icon,

  393.                 'intro'     => $intro,

  394.             );

  395.             array_push($fileArr, $file_info);

  396.         }

  397.         $mydir->close();

  398. 

  399.         $arr_file = array_merge($parentArr, $dirArr, $fileArr);

  400. 

  401.         return $arr_file;

  402.     }

  403. 

  404.     /**

  405.      * 将冒号符反替换为反斜杠,适用于IIS服务器在URL上的双重转义限制

  406.      * @param string $filepath 相对路径

  407.      * @param string $replacement 目标字符

  408.      * @param boolean $is_back false为替换,true为还原

  409.      */

  410.     public function replace_path($activepath, $replacement = ':', $is_back = false)

  411.     {

  412.         $activepath = replace_path($activepath, $replacement, $is_back);

  413.         $activepath = preg_replace('/<(\w+)([^\>]*)>([^<]*)<\/(\w+)>/i', '', $activepath);

  414.         $activepath = preg_replace('/(<|>|;|\(|\)|\!)/i', '', $activepath);

  415.         return $activepath;

  416.     }

  417. }