php防dedecms附件式文件在线管理系统

header("Content-type: text/html; charset=UTF-8");
define("ROOT",str_ireplace('/waityou/'.basename(__FILE__),'',str_ireplace("","/",__FILE__)));
define("UploadFolder","/uploadfile/");//上传根目录
define("_d",$_SERVER['DOCUMENT_ROOT']);
define("AllowUploadType","gif|jpg|png|txt|doc|xls|ppt|pdf|rar|zip|7z|chm|mp3|mp4|mpg|mpeg|flv|swf");//允许上传的类型
define("MaxUploadSize",@ini_get('upload_max_filesize'));

$act = empty($_GET['act'])?'':$_GET['act'];

if($act == ""){
html_header();
}elseif($act == 'left'){
left();
}elseif($act == 'right'){
if(!empty($_POST['upfolder'])) {
upload_file();exit;
}

$dir = empty($_GET['folder'])?'':$_GET['folder'];
if($dir == ''){
right(UploadFolder);
}else{
$del_file = empty($_GET['del_file'])?'':$_GET['del_file'];
if($del_file == '') {
open_folder($dir);
}else{
delete_file($del_file);
}
}
}

function html_header(){
echo '

function html_footer(){
echo '';
}

function left() {
$yearpath = UploadFolder.date('Y').'/';
if(!is_dir(_d.$yearpath)) @mkdir(_d.$yearpath);
$m=0;
function folder_tree($dir) {
$i = 0;
global $m;
$m++;
if(is_dir($dir)) {
$files = scandir($dir);
foreach ($files as $file) {
$i++;
$currentfile = $dir .'/'. $file;
$currentfile = str_replace("//","/",$currentfile);
$last_dir = "";
$prefix = '';
if (is_dir($currentfile)) {
if ($file != '.' && $file != '..') {
$minus_count = substr_count(strstr($currentfile,UploadFolder), '/');
if($minus_count $prefix = '├';
}elseif($minus_count ==1){
$prefix = '├';
}elseif($minus_count ==2) {
$prefix = '├→';
}elseif($minus_count ==3) {
$prefix = '├—→→';
}else{
$prefix = '---';
}
$last_dir .= $prefix.":OpenFolder('" . substr($currentfile,strlen(_d)-1) . "/')">". substr(substr($currentfile, strrpos($currentfile, '/')),1) . "
";
echo $last_dir;
folder_tree($currentfile);$m--;
}
}
}
}
}
//global UploadFolder;

echo "

";

   echo '
';

   folder_tree($_SERVER['DOCUMENT_ROOT'].'uploadfile/');

   echo "

echo '
';

}

function right($dir) {
header("Content-type: text/html; charset=UTF-8");
echo '

}
a.files {
width:90px;height:30px;overflow:hidden;display:block;border:1px solid #BEBEBE;text-decoration:none;
}
a.files:hover {
background-color:#FFFFEE;background-position:0 -30px;
}
a.files input {
margin-left:-350px;font-size:30px;cursor:pointer;filter:alpha(opacity=0);
opacity:0;
}
a.files, a.files input {
outline:none;/**//*ff*/ hide-focus:expression(this.hideFocus=true);/**//*ie*/
}
';
echo '

echo '

echo 'function OpenFile(id,url,type){
var obj = window.parent.parent.document.getElementById(id);
var selection = document.selection;
obj.focus();
if(type==0){
url = url;
}else if(type==1){
url="";
}
if (typeof obj.selectionStart != "undefined") {
var s = obj.selectionStart;
obj.value = obj.value.substr(0, obj.selectionStart) + url + obj.value.substr(obj.selectionEnd);
obj.selectionEnd = s + url.length;
} else if (selection && selection.createRange) {
var sel = selection.createRange();
sel.text = url;
sel.select();
} else {
obj.value += url;
}
};';
echo 'function addFile(_file){
var inputs = $("idFileList").getElementsByTagName("input");
if(inputs.length>1){
for(var i=0;i if(_file == inputs[i].value){
alert("已经添加过此文件！");
return false;
}
}
}
var oldlen = $("idFileList").rows.length;
var _i = oldlen + 1;
var newtr = $("idFileList").insertRow(oldlen);
newtr.id = "id_"+_i;
var c0 = newtr.insertCell(0);
c0.innerHTML = _i;
var c1 = newtr.insertCell(1);
var _newfile = $("idfile").cloneNode(true);

$("idfile").name = "upfile[]";

$("idfile").parentNode.appendChild(_newfile);
//_newfile.style = "display:none";
c1.appendChild($("idfile"));
var c2 = newtr.insertCell(2);
c2.innerHTML="";
$("idBtnUpload").disabled=false;
$("idBtnDel").disabled=false;
}';

echo 'function delThisFile(_file){
var _fileList = $("idFileList");
var _len = _fileList.rows.length;
var _j = 0;
for(var i=0;i<_len> if(_fileList.rows[i].id == _file){
_fileList.deleteRow(i);
break;
}else{
/*_j = _j + 1;
var _newid = "id_"+_j;
_fileList.rows[i].id = _newid;
_fileList.rows[i].cells[0].innerHTML = _j;
_fileList.rows[i].cells[2].innerHTML = "";*/
}
}
var len = $("idFileList").rows.length;
//alert(len);
for(var j=0;j _j = j + 1;
var _newid = "id_"+_j;
_fileList.rows[j].id = _newid;
_fileList.rows[j].cells[0].innerHTML = _j;
_fileList.rows[j].cells[2].innerHTML = "";
}
}';
echo '';
}

function delete_file($file){
if(substr_count(strtolower($file),UploadFolder) echo 'access denied!';exit;
}

$dir = dirname($file);

$file = mb_convert_encoding (($file),'gbk','utf-8');
if(!(@unlink(_d.$file))) echo($file.'删除失败！');
open_folder($dir);
}

function open_folder($dir){
if(substr($dir,-1,1) != '/') $dir .= '/';
if(substr_count(strtolower($dir),UploadFolder) echo 'access denied!';exit;
}
$dir = str_ireplace("","/",$dir);
$dir = str_ireplace("//","/",$dir);
right($dir);
}

function upload_file(){
set_time_limit(0);
$maxsize = MaxUploadSize;
if (!is_numeric($maxsize)) {
if (strpos($maxsize, 'M') !== false)
$maxsize = intval($maxsize)*1024*1024;
elseif (strpos($maxsize, 'K') !== false)
$maxsize = intval($maxsize)*1024;
elseif (strpos($maxsize, 'G') !== false)
$maxsize = intval($maxsize)*1024*1024*1024;
}
$allowExt = explode("|",AllowUploadType);
$oFolder = $_POST['upfolder'];
$sErrorMsg = '' ;
foreach ($_FILES["upfile"]['name'] as $key => $error) {
$sFileName = '' ;
if(!empty($_FILES['upfile']['name'][$key]) && !empty($_FILES['upfile']['tmp_name'][$key])) {
$sFileName = $_FILES['upfile']['name'][$key] ;
$sFileName = iconv('utf-8','gbk',$sFileName) ;
$sFileTmp = $_FILES['upfile']['tmp_name'][$key];
$sFileSize = $_FILES['upfile']['size'][$key] ;

$sFilePath = _d.$oFolder . $sFileName ;

$sFilePath = str_replace('//','/',$sFilePath);
$sFile = substr( $sFileName, 0, strrpos( $sFileName, '.' ) ) ;
$sExtension = strtolower(substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) )) ;

if(in_array($sExtension, $allowExt)) {
$iCounter = 0 ;
while ( true ) {
$sFilePath = _d.$oFolder. $sFileName ;
if(is_file( $sFilePath )) {
$iCounter++ ;
$sFileName = $sFile. '(' . $iCounter . ').' . $sExtension ;
}else{
if($sFileSize > $maxsize) {
$sErrorMsg .= '文件：'.$sFileName.'('.$sFileSize.')超过最大上传尺寸'.$maxsize.'! ';
break;
}else{
if(is_uploaded_file($sFileTmp)) {
if(!@move_uploaded_file($sFileTmp, $sFilePath)) $sErrorMsg .= '无法移动文件：'.$sFileName.'! ' ;
}else{
$sErrorMsg .= '文件：'.$sFileName.'非正常上传! ';
break;
}
}
if ( is_file( $sFilePath ) ) {
$oldumask = umask(0) ;
@chmod( $sFilePath, 0777 ) ;
umask( $oldumask ) ;
}
break ;
}
}

if ( file_exists( $sFilePath ) ) {
if ( DetectHtml( $sFilePath ) === true ) {
@unlink( $sFilePath ) ;
}
}
}
}
}
header("location:?act=right&folder=".$oFolder);
}

function DetectHtml( $filePath ){
$fp = @fopen( $filePath, 'rb' ) ;

if ( $fp === false || !flock( $fp, LOCK_SH ) ) {
return -1 ;
}

$chunk = fread( $fp, 1024 ) ;
flock( $fp, LOCK_UN ) ;
fclose( $fp ) ;

$chunk = strtolower( $chunk ) ;

if (!$chunk) {
return false ;
}

$chunk = trim( $chunk ) ;

if ( preg_match( "/ return true;
}

$tags = array( '

foreach( $tags as $tag ) {
if( false !== strpos( $chunk, $tag ) ) {
return true ;
}
}

if ( preg_match( '!types*=s*['"]?s*(?:w*/)?(?:ecma|java)!sim', $chunk ) ) {
return true ;
}

if ( preg_match( '!(?:href|src|data)s*=s*['"]?s*(?:ecma|java)script:!sim', $chunk ) ) {
return true ;
}

if ( preg_match( '!urls*(s*['"]?s*(?:ecma|java)script:!sim', $chunk ) ) {
return true ;
}

return false ;
}