kevin/thinksaas_lmve
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

begin of thinksaas 3.68

Browse Source 
Signed-off-by: kevin <kevin@lmve.net>
This commit is contained in:
kevin
2023-06-22 13:33:25 +08:00
commit 963ec1b2ea
2746 changed files with 331806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/pubs/action/admin.php
+10
View File
@@ -0,0 +1,10 @@
<?php
defined('IN_TS') or die('Access Denied.');
//管理入口
if(is_file('app/'.$app.'/action/admin/'.$mg.'.php')){
include_once 'app/'.$app.'/action/admin/'.$mg.'.php';
}else{
qiMsg('sorry:no index!');
}
app/pubs/action/admin/options.php
+23
View File
@@ -0,0 +1,23 @@
<?php
defined('IN_TS') or die('Access Denied.');
switch($ts){
//基本配置
case "":
$strOption = getAppOptions('pubs');
include template("admin/options");
break;
case "do":
$arrOption = $_POST['option'];
#更新app配置选项
upAppOptions('pubs',$arrOption);
qiMsg('修改成功!');
break;
}
app/pubs/action/aliyun.php
+83
View File
@@ -0,0 +1,83 @@
<?php
defined('IN_TS') or die('Access Denied.');
switch($ts){
/**
* 阿里云oss直传回调
*/
case "callback":
// 1.获取OSS的签名header和公钥url header
$authorizationBase64 = "";
$pubKeyUrlBase64 = "";
/*
* 注意:如果要使用HTTP_AUTHORIZATION头,你需要先在apache或者nginx中设置rewrite,以apache为例,修改
* 配置文件/etc/httpd/conf/httpd.conf(以你的apache安装路径为准),在DirectoryIndex index.php这行下面增加以下两行
RewriteEngine On
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
* */
if (isset($_SERVER['HTTP_AUTHORIZATION']))
{
$authorizationBase64 = $_SERVER['HTTP_AUTHORIZATION'];
}
if (isset($_SERVER['HTTP_X_OSS_PUB_KEY_URL']))
{
$pubKeyUrlBase64 = $_SERVER['HTTP_X_OSS_PUB_KEY_URL'];
}
if ($authorizationBase64 == '' || $pubKeyUrlBase64 == '')
{
header("http/1.1 403 Forbidden");
exit();
}
// 2.获取OSS的签名
$authorization = base64_decode($authorizationBase64);
// 3.获取公钥
$pubKeyUrl = base64_decode($pubKeyUrlBase64);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $pubKeyUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
$pubKey = curl_exec($ch);
if ($pubKey == "")
{
//header("http/1.1 403 Forbidden");
exit();
}
// 4.获取回调body
$body = file_get_contents('php://input');
// 5.拼接待签名字符串
$authStr = '';
$path = $_SERVER['REQUEST_URI'];
$pos = strpos($path, '?');
if ($pos === false)
{
$authStr = urldecode($path)."\n".$body;
}
else
{
$authStr = urldecode(substr($path, 0, $pos)).substr($path, $pos, strlen($path) - $pos)."\n".$body;
}
// 6.验证签名
$ok = openssl_verify($authStr, $authorization, $pubKey, OPENSSL_ALGO_MD5);
if ($ok == 1)
{
header("Content-Type: application/json");
$data = array("Status"=>"Ok");
echo json_encode($data);
}
else
{
//header("http/1.1 403 Forbidden");
exit();
}
break;
}
app/pubs/action/api.php
+9
View File
@@ -0,0 +1,9 @@
<?php
defined ( 'IN_TS' ) or die ( 'Access Denied.' );
// api入口
if (is_file ( 'app/' . $TS_URL['app'] . '/action/api/' . $TS_URL['api'] . '.php' )) {
include_once 'app/' . $TS_URL['app'] . '/action/api/' . $TS_URL['api'] . '.php';
} else {
qiMsg ( 'sorry:no api!' );
}
app/pubs/action/code.php
+12
View File
@@ -0,0 +1,12 @@
<?php
defined('IN_TS') or die('Access Denied.');
/**
* 图形验证码
*/
require_once('thinksaas/Image.class.php');
$Image = new Image();
echo $Image->buildImageVerify($width=65,$height=30,$randval=NULL,$verifyName='verify');
app/pubs/action/download.php
+113
View File
@@ -0,0 +1,113 @@
<?php
defined('IN_TS') or die('Access Denied.');
function download($dir,$name)
{
$arr=explode('.', $dir);
$ext=end($arr); //end()返回数组的最后一个元素
if($ext=='pdf')
{
$file = fopen($dir,"r"); // 打开文件
// 输入文件标签
Header("Content-type: application/pdf");
Header("filename:" . $name);
// 输出文件内容
echo fread($file,filesize($dir));
fclose($file);
}else
{
$file = fopen($dir,"r"); // 打开文件
// 输入文件标签
Header("Content-type: application/octet-stream");
Header("Accept-Ranges: bytes");
Header("Accept-Length: ".filesize($dir));
Header("Content-Disposition: attachment; filename=" . $name);
// 输出文件内容
echo fread($file,filesize($dir));
fclose($file);
}
}
if($ts=='')
{
echo "gun!";
exit;
}
if($ts=='-1')
{
echo "erro";
exit;
}
$userid = aac('user')->isLogin();
$ts=tsUrlCheck($ts);
if(aac('user')->isPublisher()==false) {tsNotice('你可能被限制或没有验证邮箱,检查邮箱是否认证。','->点击认证<-',tsUrl('user','verify'));}
$userme=aac('user')->getOneUser($userid);
$the_file=$new['pubs']->find('editor',array(
'pwd'=>$ts,
));
if($the_file)
{
$file_dir = "uploadfile/editor/".$the_file['url'];
if (!file_exists($file_dir)) { //检查文件是否存在
echo "文件已删除";
exit;
}else{
if($the_file['userid']==$userid)
{
download($file_dir,$the_file['title']);
exit;
}else
{
if(aac('user')->delScore($userid,"download file:" . $the_file['title'],2))
{
download($file_dir,$the_file['title']);
aac('user')->addScore($the_file['userid'],$userme['username']."download:" . $the_file['title'],1,1);
exit;
}else
{
tsNotice('下载文件需要2积分,你似乎不够!');
}
}
}
}else
{
echo "文件已删除";
exit;
}
/*
$file_name = "187.doc";
$file_dir = "uploadfile/editor/0/0/";
if (!file_exists($file_dir . $file_name)) { //检查文件是否存在
echo "文件已删除";
exit;
}else{
$file = fopen($file_dir . $file_name,"r"); // 打开文件
// 输入文件标签
Header("Content-type: application/octet-stream");
Header("Accept-Ranges: bytes");
Header("Accept-Length: ".filesize($file_dir . $file_name));
Header("Content-Disposition: attachment; filename=" . $file_name);
// 输出文件内容
echo fread($file,filesize($file_dir . $file_name));
fclose($file);
exit;
}
*/
?>
app/pubs/action/draft.php
+37
View File
@@ -0,0 +1,37 @@
<?php
defined('IN_TS') or die('Access Denied.');
/**
* 存草稿箱
*/
$userid = tsIntval($TS_USER['userid']);
if($userid==0){
getJson('非法操作!',1,0);
}
$types = tsTrim($_POST['types']);
$title = tsTrim($_POST['title']);
$content = tsClean($_POST['content']);
if($types && $title && $content){
if(!in_array($types,array('topic','article'))){
getJson('非法操作!',1,0);
}
$new['pubs']->replace('draft',array(
'userid'=>$userid,
'types'=>$types,
),array(
'userid'=>$userid,
'types'=>$types,
'title'=>$title,
'content'=>$content,
'addtime'=>time(),
));
getJson('已自动保存内容到草稿箱!',1);
}
app/pubs/action/editor.php
+126
View File
@@ -0,0 +1,126 @@
<?php
defined('IN_TS') or die('Access Denied.');
/**
* 编辑器上传控制
*/
switch($ts){
#图片上传
case "photo":
$js = tsIntval($_GET['js']);
$userid = aac('user')->isLogin();
$id = $new['pubs']->create('editor',array(
'userid'=>$userid,
'type'=>'photo',
'addtime'=>time(),
));
$arrUpload = tsUpload($_FILES['photo'], $id, 'editor', array('jpg', 'gif', 'png', 'jpeg'),'sy.png');
if ($arrUpload) {
$new['pubs'] -> update('editor', array(
'id' => $id
), array(
'title'=>$arrUpload['name'],
'path' => $arrUpload['path'],
'url' => $arrUpload['url']
));
if($TS_SITE['file_upload_type']==1){
#阿里云(对象云存储OSS)数据
$url = $TS_SITE['alioss_bucket_url'].'/'.'uploadfile/editor/'.$arrUpload['url'].'?x-oss-process=image/resize,w_800';
}else{
#本地数据
$url = SITE_URL.'uploadfile/editor/'.$arrUpload['url'];
}
if($js==1){
echo json_encode(array(
'errno'=>0,
'data'=>array(
0=>$url,
//0=>tsXimg($arrUpload['url'],'editor','640','',$arrUpload['path']),
),
));
exit();
}else{
echo $url;
//echo tsXimg($arrUpload['url'],'editor','640','',$arrUpload['path']);
exit();
}
}else{
$new['pubs']->delete('editor',array(
'id'=>$id,
));
}
break;
//针对editor.md编辑器的图片上传
case "markdown":
//var_dump($_FILES['editormd-image-file']);
$userid = aac('user')->isLogin();
$id = $new['pubs']->create('editor',array(
'userid'=>$userid,
'type'=>'photo',
'addtime'=>time(),
));
$arrUpload = tsUpload($_FILES['editormd-image-file'], $id, 'editor', array('jpg', 'gif', 'png', 'jpeg'),'sy.png');
if ($arrUpload) {
$new['pubs'] -> update('editor', array(
'id' => $id
), array(
'title'=>$arrUpload['name'],
'path' => $arrUpload['path'],
'url' => $arrUpload['url']
));
if($TS_SITE['file_upload_type']==1){
#阿里云(对象云存储OSS)数据
$url = $TS_SITE['alioss_bucket_url'].'/'.'uploadfile/editor/'.$arrUpload['url'].'?x-oss-process=image/resize,w_800';
}else{
#本地数据
$url = SITE_URL.'uploadfile/editor/'.$arrUpload['url'];
}
echo json_encode(array(
'success'=>1,
'message'=>'图片上传成功!',
'url'=>$url,
));
}else{
$new['pubs']->delete('editor',array(
'id'=>$id,
));
echo json_encode(array(
'success'=>0,
'message'=>'图片上传失败!',
'url'=>'',
));
}
break;
}
app/pubs/action/email.php
+103
View File
@@ -0,0 +1,103 @@
<?php
defined('IN_TS') or die('Access Denied.');
/**
* 发送Email验证码
*/
$email = tsTrim($_POST['email']);
$typeid = tsIntval($_POST['typeid']); //判断Email是否存在:0不判断、1判断存在、2判断不存在
#人机验证
$vaptcha_token = tsTrim($_POST ['vaptcha_token']);
$vaptcha_server = tsTrim($_POST['vaptcha_server']);
if ($TS_SITE['is_vaptcha']) {
$strVt = vaptcha($vaptcha_token,0,$vaptcha_server);
if($strVt['success']==0) {
getJson('人机验证未通过!',1,0);
}
}
if(valid_email($email) == false){
getJson('Email输入有误',1,0);
}
#过滤Email
$is_anti_email = $new['pubs']->find('anti_email',array(
'email'=>$email,
));
if($is_anti_email>0){
getJson('非法操作!',1,0);
}
if($typeid==1){
$strUserEmail = $new['pubs']->find('user',array(
'email'=>$email,
));
if($strUserEmail){
getJson('Email已经存在!',1,0);
}
}elseif($typeid==2){
$strUserEmail = $new['pubs']->find('user',array(
'email'=>$email,
));
if($strUserEmail==''){
getJson('Email不存在!',1,0);
}
}
$strEmail = $new['pubs']->find('email_code',array(
'email'=>$email,
));
$code = random(4,1);
if($strEmail){
$time = time();
$ptime = strtotime($strEmail['addtime']);
$ntime = $time-$ptime;
#短信发送间隔时间
$email_code_send_time = tsIntval($TS_APP['email_code_send_time']);
if($email_code_send_time==0) $email_code_send_time = 30;
$time30 = 60*$email_code_send_time;
if($ntime<$time30){
//echo 1;exit;//30分钟内只能发送一次短信验证码
getJson('30分钟内只能发送一次Email验证码!',1,0);
}else{
$new['pubs']->update('email_code',array(
'email'=>$email,
),array(
'code'=>$code,
'nums'=>0,
'addtime'=>date('Y-m-d H:i:s'),
));
$result = aac('mail')->postMail($email,$TS_SITE['site_title'].' Email验证码:'.$code,$TS_SITE['site_title'].' Email验证码:'.$code);
getJson('发送成功!',1,1);
}
}else{
$new['pubs']->create('email_code',array(
'email'=>$email,
'code'=>$code,
'nums'=>0,
'addtime'=>date('Y-m-d H:i:s'),
));
$result = aac('mail')->postMail($email,$TS_SITE['site_title'].' Email验证码:'.$code,$TS_SITE['site_title'].' Email验证码:'.$code);
getJson('发送成功!',1,1);
}
app/pubs/action/file.php
+30
View File
@@ -0,0 +1,30 @@
<?php
defined('IN_TS') or die('Access Denied.');
//临时上传
$userid = aac('user')->isLogin();
$dest_dir = 'cache/upload';
createFolders ( $dest_dir );
$arrType = explode ( '.', strtolower ( $_FILES ['filedata'] ['name'] ) );
$type = array_pop ( $arrType );
if (in_array ( $type, array('doc','pdf','ppt','xls','txt') )) {
$name = $userid .'.'. $type;
$dest = $dest_dir . '/' . $name;
unlink ( $dest );
move_uploaded_file ( $_FILES ['filedata'] ['tmp_name'], mb_convert_encoding ( $dest, "gb2312", "UTF-8" ) );
chmod ( $dest, 0777 );
echo SITE_URL.$dest;
}
app/pubs/action/home.php
+10
View File
@@ -0,0 +1,10 @@
<?php
defined('IN_TS') or die('Access Denied.');
if($TS_USER){
header('Location: '.SITE_URL);
exit();
}
$title = $TS_SITE['site_subtitle'];
include template('home');
app/pubs/action/index.php
+3
View File
@@ -0,0 +1,3 @@
<?php
defined('IN_TS') or die('Access Denied.');
echo '11111';
app/pubs/action/phone.php
+121
View File
@@ -0,0 +1,121 @@
<?php
defined('IN_TS') or die('Access Denied.');
/**
* 发送手机验证码
*/
$phone = tsTrim($_POST['phone']);
$authcode = strtolower($_POST['authcode']);
$typeid = tsIntval($_POST['typeid']); //判断手机号是否存在0不判断1判断存在2判断不存在
#人机验证
$vaptcha_token = tsTrim($_POST ['vaptcha_token']);
$vaptcha_server = tsTrim($_POST['vaptcha_server']);
if ($TS_SITE['is_vaptcha']) {
$strVt = vaptcha($vaptcha_token,0,$vaptcha_server);
if($strVt['success']==0) {
getJson('人机验证未通过!',1,0);
}
}
if(isPhone($phone)==false){
//echo 0;exit;//手机号码输入有误
getJson('手机号码输入有误',1,0);
}
if ($authcode != $_SESSION['verify']) {
//echo 5;exit;//图片验证码输入有误
getJson('图片验证码输入有误!',1,0);
}
#过滤手机号
$is_anti_phone = $new['pubs']->find('anti_phone',array(
'phone'=>$phone,
));
if($is_anti_phone>0){
getJson('非法操作!',1,0);
}
if($typeid==1){
$strUserPhone = $new['pubs']->find('user',array(
'phone'=>$phone,
));
if($strUserPhone){
//echo 3;exit;//手机号已经存在
getJson('手机号已经存在!',1,0);
}
}elseif($typeid==2){
$strUserPhone = $new['pubs']->find('user',array(
'phone'=>$phone,
));
if($strUserPhone==''){
//echo 4;exit;//手机号不存在
getJson('手机号不存在!',1,0);
}
}
$strPhone = $new['pubs']->find('phone_code',array(
'phone'=>$phone,
));
$code = random(4,1);
if($strPhone){
$time = time();
$ptime = strtotime($strPhone['addtime']);
$ntime = $time-$ptime;
#短信发送间隔时间
$phone_code_send_time = tsIntval($TS_APP['phone_code_send_time']);
if($phone_code_send_time==0) $phone_code_send_time = 30;
$time30 = 60*$phone_code_send_time;
if($ntime<$time30){
//echo 1;exit;//30分钟内只能发送一次短信验证码
getJson($phone_code_send_time.'分钟内只能发送一次短信验证码!',1,0);
}else{
$new['pubs']->update('phone_code',array(
'phone'=>$phone,
),array(
'code'=>$code,
'nums'=>0,
'addtime'=>date('Y-m-d H:i:s'),
));
$response = aac('mail')->sendSms($phone,$code);
#var_dump($response);
//echo 2;exit;//发送成功
getJson('发送成功!',1,1);
}
}else{
$new['pubs']->create('phone_code',array(
'phone'=>$phone,
'code'=>$code,
'nums'=>0,
'addtime'=>date('Y-m-d H:i:s'),
));
$response = aac('mail')->sendSms($phone,$code);
#var_dump($response);
//echo 2;exit;//发送成功
getJson('发送成功!',1,1);
}
app/pubs/action/photo.php
+51
View File
@@ -0,0 +1,51 @@
<?php
defined('IN_TS') or die('Access Denied.');
/*
<script type="text/javascript" src="{SITE_URL}public/js/jquery.upload.v2.js"></script>
<script>
$(function(){
$("#upload").upload({
action: "{SITE_URL}index.php?app=pubs&ac=photo", //上传地址
fileName: "filedata", //文件名称。用于后台接收
params: {}, //参数
accept: ".jpg", //文件类型
complete: function (rs) { //上传完成
$("#photo img").attr("src",rs);
},
submit: function () { //提交之前
//alert("submit");
}
});
})
</script>
*/
//集合JS的临时上传
$userid = aac('user')->isLogin();
$dest_dir = 'cache/upload';
createFolders ( $dest_dir );
$arrType = explode ( '.', strtolower ( $_FILES ['filedata'] ['name'] ) );
$type = array_pop ( $arrType );
if (in_array ( $type, array('jpg','jpeg','gif','png') )) {
$name = $userid .'.'. $type;
$dest = $dest_dir . '/' . $name;
unlink ( $dest );
move_uploaded_file ( $_FILES ['filedata'] ['tmp_name'], mb_convert_encoding ( $dest, "gb2312", "UTF-8" ) );
chmod ( $dest, 0777 );
echo SITE_URL.$dest.'?v='.rand();
}
app/pubs/action/plugin.php
+11
View File
@@ -0,0 +1,11 @@
<?php
defined('IN_TS') or die('Access Denied.');
//插件条件入口
if(is_file('plugins/'.$app.'/'.$plugin.'/'.$in.'.php')){
require_once('plugins/'.$app.'/'.$plugin.'/'.$in.'.php');
}else{
qiMsg('sorry:no plugin!');
}
//形如这样
//index.php?app=group&ac=plugin&plugin=qq&in=do
app/pubs/action/signin.php
+17
View File
@@ -0,0 +1,17 @@
<?php
if($ts=='')
{
echo "WDNMD";
exit;
}
if($ts=='signin')
{
$js = intval($_GET['js']);
getJson('签到啊',$js);
}
?>
app/pubs/action/urltoid.php
+56
View File
@@ -0,0 +1,56 @@
<?php
defined('IN_TS') or die('Access Denied.');
if($ts=='')
{
echo "gun!";
exit;
}
$userid = aac('user')->isLogin();
$ts=tsFilter($ts);
$url=str_replace("/uploadfile/editor/","",$ts);
if($url=='')
{
echo "erro";
exit;
}
$the_file=$new['pubs']->find('editor',array(
'url'=>$url,
));
if($the_file)
{
echo $the_file['id'];
}else
{
echo "-1";
}
/*
$file_name = "187.doc";
$file_dir = "uploadfile/editor/0/0/";
if (!file_exists($file_dir . $file_name)) { //检查文件是否存在
echo "文件已删除";
exit;
}else{
$file = fopen($file_dir . $file_name,"r"); // 打开文件
// 输入文件标签
Header("Content-type: application/octet-stream");
Header("Accept-Ranges: bytes");
Header("Accept-Length: ".filesize($file_dir . $file_name));
Header("Content-Disposition: attachment; filename=" . $file_name);
// 输出文件内容
echo fread($file,filesize($file_dir . $file_name));
fclose($file);
exit;
}
*/
?>