|
|
@ -132,10 +132,10 @@ Class ApiController extends Controller { |
|
|
|
$maxDirLen = 20; |
|
|
|
$maxDirLen = 20; |
|
|
|
if (empty($newDir) || mb_strlen($newDir, 'utf-8') > $maxDirLen) { |
|
|
|
if (empty($newDir) || mb_strlen($newDir, 'utf-8') > $maxDirLen) { |
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
}else if (strpos($newDir, '/') !== false) { |
|
|
|
}else if (strpos($newDir, '/') !== false) { |
|
|
|
$err = "待创建的目录名称中不能包含斜杠字符!"; |
|
|
|
$err = "待创建的目录名称中不能包含斜杠字符!"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
@ -181,10 +181,10 @@ Class ApiController extends Controller { |
|
|
|
$maxDirLen = 20; |
|
|
|
$maxDirLen = 20; |
|
|
|
if (empty($delDir) || mb_strlen($delDir, 'utf-8') > $maxDirLen) { |
|
|
|
if (empty($delDir) || mb_strlen($delDir, 'utf-8') > $maxDirLen) { |
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
}else if (strpos($delDir, '/') !== false) { |
|
|
|
}else if (strpos($delDir, '/') !== false) { |
|
|
|
$err = "待删除的目录名称中不能包含斜杠字符!"; |
|
|
|
$err = "待删除的目录名称中不能包含斜杠字符!"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
@ -229,7 +229,7 @@ Class ApiController extends Controller { |
|
|
|
$maxDirLen = 50; |
|
|
|
$maxDirLen = 50; |
|
|
|
if (empty($fromDir) || mb_strlen($fromDir, 'utf-8') > $maxDirLen || empty($toDir) || mb_strlen($toDir, 'utf-8') > $maxDirLen) { |
|
|
|
if (empty($fromDir) || mb_strlen($fromDir, 'utf-8') > $maxDirLen || empty($toDir) || mb_strlen($toDir, 'utf-8') > $maxDirLen) { |
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
$err = "目录名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
}else if ($this->isParentDirectoryValid($fromDir) == false) { //目录合法性检查 |
|
|
|
}else if ($this->isParentDirectoryValid($fromDir) == false) { //目录合法性检查 |
|
|
|
$err = "目录{$fromDir}不存在"; |
|
|
|
$err = "目录{$fromDir}不存在"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
@ -275,7 +275,7 @@ Class ApiController extends Controller { |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
}else if (strpos($fromDir, '/') !== false || strpos($toDir, '/') !== false) { |
|
|
|
}else if (strpos($fromDir, '/') !== false || strpos($toDir, '/') !== false) { |
|
|
|
$err = "目录名称中不能包含斜杠字符!"; |
|
|
|
$err = "目录名称中不能包含斜杠字符!"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
@ -321,10 +321,10 @@ Class ApiController extends Controller { |
|
|
|
$maxDirLen = 30; |
|
|
|
$maxDirLen = 30; |
|
|
|
if (empty($delFile) || mb_strlen($delFile, 'utf-8') > $maxDirLen) { |
|
|
|
if (empty($delFile) || mb_strlen($delFile, 'utf-8') > $maxDirLen) { |
|
|
|
$err = "文件名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
$err = "文件名不能为空且最长 {$maxDirLen} 个字符"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
}else if (strpos($delFile, '/') !== false) { |
|
|
|
}else if (strpos($delFile, '/') !== false) { |
|
|
|
$err = "待删除的文件名称中不能包含斜杠字符!"; |
|
|
|
$err = "待删除的文件名称中不能包含斜杠字符!"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
|
$target = __DIR__ . '/../www/' . FSC::$app['config']['content_directory']; |
|
|
@ -422,10 +422,10 @@ Class ApiController extends Controller { |
|
|
|
$maxPasswordLen = 30; |
|
|
|
$maxPasswordLen = 30; |
|
|
|
if (empty($username) || mb_strlen($username, 'utf-8') > $maxUsernameLen) { |
|
|
|
if (empty($username) || mb_strlen($username, 'utf-8') > $maxUsernameLen) { |
|
|
|
$err = "用户名不能为空且最长 {$maxUsernameLen} 个字符"; |
|
|
|
$err = "用户名不能为空且最长 {$maxUsernameLen} 个字符"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
}else if (empty($password) || mb_strlen($password, 'utf-8') > $maxPasswordLen) { |
|
|
|
}else if (empty($password) || mb_strlen($password, 'utf-8') > $maxPasswordLen) { |
|
|
|
$err = "密码不能为空且最长 {$maxPasswordLen} 个字符"; |
|
|
|
$err = "密码不能为空且最长 {$maxPasswordLen} 个字符"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
$admConfig = FSC::$app['config']['admin']; |
|
|
|
$admConfig = FSC::$app['config']['admin']; |
|
|
@ -436,10 +436,10 @@ Class ApiController extends Controller { |
|
|
|
$captcha_code = !empty($userData['captcha_code']) ? $userData['captcha_code'] : ''; |
|
|
|
$captcha_code = !empty($userData['captcha_code']) ? $userData['captcha_code'] : ''; |
|
|
|
if (!empty($admConfig['captcha']) && empty($captcha_code)) { |
|
|
|
if (!empty($admConfig['captcha']) && empty($captcha_code)) { |
|
|
|
$err = "请刷新网页,如果验证码图片无法显示请联系管理员!"; |
|
|
|
$err = "请刷新网页,如果验证码图片无法显示请联系管理员!"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
}else if (!empty($admConfig['captcha']) && !empty($captcha_code) && $captcha != $captcha_code) { |
|
|
|
}else if (!empty($admConfig['captcha']) && !empty($captcha_code) && $captcha != $captcha_code) { |
|
|
|
$err = "验证码不正确,请注意字母大小写!"; |
|
|
|
$err = "验证码不正确,请注意字母大小写!"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if ($username == $admConfig['username'] && $password == $admConfig['password']) { |
|
|
|
if ($username == $admConfig['username'] && $password == $admConfig['password']) { |
|
|
@ -557,10 +557,10 @@ Class ApiController extends Controller { |
|
|
|
$filename = $this->post('name', ''); |
|
|
|
$filename = $this->post('name', ''); |
|
|
|
if (empty($upfile) || empty($filename)) { |
|
|
|
if (empty($upfile) || empty($filename)) { |
|
|
|
$err = '所有参数都不能为空!'; |
|
|
|
$err = '所有参数都不能为空!'; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notLogined']); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
}else if (!preg_match('/^data:[a-z0-9]+\/[a-z0-9]+;base64,/i', $upfile)) { |
|
|
|
}else if (!preg_match('/^data:[a-z0-9]+\/[a-z0-9]+;base64,/i', $upfile)) { |
|
|
|
$err = '图片数据必需为base64格式!'; |
|
|
|
$err = '图片数据必需为base64格式!'; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notLogined']); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
}else if (!empty($parentDir) && $this->isParentDirectoryValid($parentDir) == false) { //父目录合法性检查 |
|
|
|
}else if (!empty($parentDir) && $this->isParentDirectoryValid($parentDir) == false) { //父目录合法性检查 |
|
|
|
$err = "父目录{$parentDir}不存在"; |
|
|
|
$err = "父目录{$parentDir}不存在"; |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
@ -604,4 +604,57 @@ Class ApiController extends Controller { |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//切换皮肤 |
|
|
|
|
|
|
|
public function actionSwitchTheme() { |
|
|
|
|
|
|
|
$code = 0; |
|
|
|
|
|
|
|
$msg = $err = ''; |
|
|
|
|
|
|
|
$data = array(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($this->isUserLogined() == false) { |
|
|
|
|
|
|
|
$err = '没登陆或登陆已过期!'; |
|
|
|
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notLogined']); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$themeName = $this->post('theme', ''); |
|
|
|
|
|
|
|
$contentDirectory = $this->post('contentdir', ''); |
|
|
|
|
|
|
|
$allowedThemes = FSC::$app['config']['allowedThemes']; |
|
|
|
|
|
|
|
if (empty($themeName)) { |
|
|
|
|
|
|
|
$err = '参数不能为空!'; |
|
|
|
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
|
|
|
}else if (!in_array($themeName, $allowedThemes)) { |
|
|
|
|
|
|
|
$err = "不支持的皮肤:{$themeName}"; |
|
|
|
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
|
|
|
}else if (!empty($contentDirectory) && strpos($contentDirectory, '/') !== false) { |
|
|
|
|
|
|
|
$err = "内容目录名称中不能包含斜杠字符!"; |
|
|
|
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data'), $this->httpStatus['notAllowed']); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
$customConfigFile = __DIR__ . '/../runtime/custom_config.json'; |
|
|
|
|
|
|
|
$jsonData = array( |
|
|
|
|
|
|
|
'theme' => $themeName, |
|
|
|
|
|
|
|
); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!empty($contentDirectory)) { |
|
|
|
|
|
|
|
$jsonData['content_directory'] = $contentDirectory; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (file_exists($customConfigFile)) { |
|
|
|
|
|
|
|
$json = file_get_contents($customConfigFile); |
|
|
|
|
|
|
|
$customConfigs = json_decode($json, true); |
|
|
|
|
|
|
|
if (!empty($customConfigs)) { |
|
|
|
|
|
|
|
$jsonData = array_merge($customConfigs, $jsonData); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
file_put_contents($customConfigFile, json_encode($jsonData)); |
|
|
|
|
|
|
|
$code = 1; |
|
|
|
|
|
|
|
$msg = '皮肤修改完成'; |
|
|
|
|
|
|
|
}catch(Exception $e) { |
|
|
|
|
|
|
|
$err = '皮肤修改失败:' . $e->getMessage(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return $this->renderJson(compact('code', 'msg', 'err', 'data')); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|