上传文件严格检测，后台用户状态优化

2021-07-15 19:10:33 +08:00 · 2021-07-15 19:10:33 +08:00 · c7735fb8c5
commit c7735fb8c5
parent 1c8d3864f5
25 changed files with 272 additions and 274 deletions
--- a/README.md
+++ b/README.md
@ -7,8 +7,8 @@
 * 后台：http://adm.aieok.com
 * 账号：test
 * 密码：test123
- * 版本：TaoLer 1.7.15
- * 日期：2021.7.1
+ * 版本：TaoLer 1.7.16
+ * 日期：2021.7.15

 #### 项目地址

--- a/app/admin/controller/Forum.php
+++ b/app/admin/controller/Forum.php
@ -221,7 +221,7 @@ class Forum extends AdminController
 				$where[] = ['a.content','like','%'.$map['content'].'%'];
 				unset($map['content']);
 			}
-			if(isset($data['status'])){
+			if(isset($data['status']) && $data['status'] !== '' ){
 				$where[] = ['a.status','=',(int)$data['status']];
 				unset($map['status']);
 			}
--- a/app/admin/controller/Set.php
+++ b/app/admin/controller/Set.php
@ -106,26 +106,16 @@ class Set extends AdminController
 	//上传logo
 	public function upload()
 	{
-		$file = request()->file('file');
-
-		try {
-			validate(['image'=>'filesize:2048|fileExt:jpg,png,gif|image:200,200,jpg'])
-            ->check(array($file));
-			$savename = \think\facade\Filesystem::disk('public')->putFile('logo',$file);
-		} catch (think\exception\ValidateException $e) {
-			echo $e->getMessage();
-		}
-		$upload = Config::get('filesystem.disks.public.url');
-		
-		if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-			$result = Db::name('system')->where('id', 1)->update(['logo'=>$name_path]);
+        $uploads = new \app\common\lib\Uploads();
+        $upRes = $uploads->put('file','logo',2000,'image','uniqid');
+        $logoJson = $upRes->getData();
+		if($logoJson['status'] == 0){
+			$result = Db::name('system')->where('id', 1)->update(['logo'=>$logoJson['url']]);
 			if($result){
 				$res = ['code'=>0,'msg'=>'上传logo成功'];
 			} else {
 				$res = ['code'=>1,'msg'=>'上传错误'];
 			}
-            
        }
 	return json($res);
 	}
--- a/app/admin/controller/Slider.php
+++ b/app/admin/controller/Slider.php
@ -12,9 +12,10 @@ use app\admin\model\Slider as SliderModel;
 class Slider extends AdminController
 {
    /**
-     * 显示资源列表
-     *
-     * @return \think\Response
+     * @return string
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
     */
    public function index()
    {
@ -50,10 +51,11 @@ class Slider extends AdminController


    /**
-     * 编辑幻灯
-     *
-     * @param  int  $id
-     * @return \think\Response
+     * @param $id
+     * @return string|\think\response\Json
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
     */
    public function edit($id)
    {
@ -78,27 +80,16 @@ class Slider extends AdminController
    }

    /**
-     * 保存更新的资源
-     *
-     * @param
-     * @param  int  $id
-     * @return \think\Response
+     * @return \think\response\Json
     */
    public function uploadImg()
    {
-		$id = Request::param();
-        $file = request()->file('file');
-		try {
-			validate(['image'=>'filesize:2048|fileExt:jpg,png,gif|image:200,200,jpg'])
-            ->check(array($file));
-			$savename = \think\facade\Filesystem::disk('public')->putFile('slider',$file);
-		} catch (think\exception\ValidateException $e) {
-			echo $e->getMessage();
-		}
-		$upload = Config::get('filesystem.disks.public.url');
-		
-		if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
+        $uploads = new \app\common\lib\Uploads();
+        $upRes = $uploads->put('file','slider',1024,'image');
+        $slires = $upRes->getData();
+
+		if($slires['status'] == 0){
+            $name_path = $slires['url'];
 				$res = ['code'=>0,'msg'=>'上传flash成功','src'=>$name_path];
 			} else {
 				$res = ['code'=>1,'msg'=>'上传错误'];
@ -107,10 +98,11 @@ class Slider extends AdminController
    }

    /**
-     * 删除指定资源
-     *
-     * @param  int  $id
-     * @return \think\Response
+     * @param $id
+     * @return \think\response\Json
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
     */
    public function delete($id)
    {
--- a/app/admin/controller/Upgrade.php
+++ b/app/admin/controller/Upgrade.php
@ -294,13 +294,17 @@ class Upgrade extends AdminController
    public function uploadZip()
    {
 		$files = request()->file('file');
+		$mime = $files->getMime();
+		if($mime !== 'application/zip'){
+            return json(['code'=>-1,'msg'=>'文件类型不对']);
+        }
 		$name = $files->getOriginalName();

        //校验后缀
        $ext = pathinfo($name,PATHINFO_EXTENSION);  //文件后缀
        if($ext != 'zip')
        {
-            return json(['code'=>0,'msg'=>'请上传文件格式不对']);
+            return json(['code'=>-1,'msg'=>'上传文件格式不对']);
        }
        //对比版本号
        $fname = pathinfo($name,PATHINFO_FILENAME);   //无后缀文件名
--- a/app/admin/controller/User.php
+++ b/app/admin/controller/User.php
@ -4,14 +4,11 @@ namespace app\admin\controller;

 use app\common\controller\AdminController;
 use app\admin\validate\Admin;
-use app\admin\model\Admin as adminModel;
 use think\facade\View;
 use think\facade\Request;
-use think\facade\Config;
 use think\facade\Db;
-use think\facade\Session;
-use think\exception\ValidateException;
 use app\common\model\User as UserModel;
+use app\common\lib\Uploads;

 class User extends AdminController
 {
@ -26,7 +23,7 @@ class User extends AdminController
 	public function list()
 	{
 		if(Request::isAjax()){
-			$datas = Request::only(['id','name','email','sex']);
+			$datas = Request::only(['id','name','email','sex','status']);
 			$map = array_filter($datas,[$this,'filtrArr']);
 			$user = Db::name('user')->where(['delete_time'=>0])->where($map)->order('id desc')->paginate(30);
 			$count = $user->total();
@ -100,31 +97,22 @@ class User extends AdminController
 	//上传头像
 	 public function uploadImg()
    {
-        $file = request()->file('file');
-		try {
-			validate(['file'=>'fileSize:204800|fileExt:jpg,png,gif'])
-            ->check(['file'=>$file]);
-			$savename = \think\facade\Filesystem::disk('public')->putFile('head_pic',$file);
-		} catch (think\exception\ValidateException $e) {
-			echo $e->getMessage();
-		}
-		$upload = Config::get('filesystem.disks.public.url');
-		
-		if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-				$res = ['code'=>0,'msg'=>'上传头像成功','src'=>$name_path];
-			} else {
-				$res = ['code'=>-1,'msg'=>'上传错误'];
-			}
-		return json($res);
+		$uploads = new Uploads();
+		$upRes = $uploads->put('file','head_pic',2000,'image');
+        $userJson = $upRes->getData();
+        if($userJson['status'] == 0){
+            $res = ['code'=>0,'msg'=>'上传头像成功','src'=>$userJson['url']];
+        } else {
+            $res = ['code'=>1,'msg'=>'上传错误'];
+        }
+        return json($res);
    }
 	
 	
 	//审核用户
 	public function check()
 	{
-		$data = Request::param();
-
+		$data = Request::only(['id','status']);
 		//获取状态
 		$res = Db::name('user')->where('id',$data['id'])->save(['status' => $data['status']]);
 		if($res){
--- a/app/admin/view/set/system/website.html
+++ b/app/admin/view/set/system/website.html
@ -188,7 +188,8 @@
 	//LOGO选完文件后不自动上传
 	  upload.render({
 		elem: '#logo-img'
-		,url: '{:url('admin/set/upload')}'
+		,url: "{:url('admin/set/upload')}"
+        ,data: {type:'image'}
 		,auto: false
 		,exts: 'jpg|png|gif|bmp|jpeg'
 		,size: 1000
--- a/app/admin/view/slider/add.html
+++ b/app/admin/view/slider/add.html
@ -104,21 +104,20 @@
 		,btns: ['clear', 'now']
 		,trigger: 'click'
 	  });
-	
+	//上传图片
    upload.render({
      elem: '#layuiadmin-upload-slid-img'
      ,url: 'uploadImg'
+      ,data:{type:'image'}
      ,accept: 'images'
      ,acceptMime: 'image/*'
 	  ,auto: false
 	  ,choose: function (obj) { //选择文件后的回调
 			imgcom.uploads(obj);
 		  }
-	  
      ,done: function(res){
        //console.log(res)
 		$(this.item).prev("div").children("input").val(res.src)
-		
 			if(res.code == 0){
 				layer.msg(res.msg,{
 					icon:6,
--- a/app/admin/view/slider/edit.html
+++ b/app/admin/view/slider/edit.html
@ -73,11 +73,12 @@
    base: '/static/admin/' //静态资源所在路径
  }).extend({
    index: 'lib/index' //主入口模块
-  }).use(['index', 'form', 'upload','laydate','colorpicker'], function(){
+  }).use(['index', 'form', 'upload','laydate','colorpicker', 'imgcom'], function(){
    var $ = layui.$
    ,form = layui.form
 	,laydate = layui.laydate
-    ,upload = layui.upload ;
+    ,upload = layui.upload
+    ,imgcom = layui.imgcom;
 	var colorpicker = layui.colorpicker;
    
 	//颜色表单赋值
@ -102,17 +103,22 @@
 		,btns: ['clear', 'now']
 		,trigger: 'click'
 	  });
-	
+
+	//上传图片
    upload.render({
 	//var id = $('.layui-btn').(this).attr('dataid');
      elem: '#layuiadmin-upload-slid-img'
      ,url: 'uploadImg'
+      ,data:{type:'image'}
      ,accept: 'images'
      ,method: 'get'
      ,acceptMime: 'image/*'
+      ,auto: false
+      ,choose: function (obj) { //选择文件后的回调
+            imgcom.uploads(obj);
+        }
      ,done: function(res){
 		$(this.item).prev("div").children("input").val(res.src)
-		
 			if(res.code == 0){
 				layer.msg(res.msg,{
 					icon:6,
--- a/app/admin/view/upgrade/index.html
+++ b/app/admin/view/upgrade/index.html
@ -152,6 +152,7 @@
 	upload.render({
 		elem: '#select-file'
 		,url: "{:url('admin/upgrade/uploadzip')}"
+        ,data: {type:'zip'}
 		,accept: 'file'
        ,acceptMime: 'application/zip'
 		,field: 'file'
--- a/app/admin/view/user/list.html
+++ b/app/admin/view/user/list.html
@ -33,6 +33,17 @@
                <option value="1">女</option>
              </select>
            </div>
+          </div>
+		  <div class="layui-inline">
+            <label class="layui-form-label">状态</label>
+            <div class="layui-input-block">
+              <select name="status">
+			  <option value="">选择状态</option>
+                <option value="1">正常</option>
+				<option value="-1">禁止</option>
+				<option value="0">待审</option>
+              </select>
+            </div>
          </div>
          <div class="layui-inline">
            <button class="layui-btn layuiadmin-btn-useradmin" lay-submit lay-filter="LAY-user-front-search">
@ -63,7 +74,7 @@
 		{{#  if(d.id == '1'){ }}
 		<input type="checkbox" name="check" lay-skin="switch" disabled lay-text="通过|禁用" value="1" checked id="{{d.id}}">
 		{{#  } else { }}
-		{if condition="checkRuleButton('admin/user/check')"}<input type="checkbox" name="check" lay-skin="switch" lay-filter="usercheck" lay-text="通过|禁用" {{#  if(d.check == 1){ }} checked {{#  } }} id="{{d.id}}" >{else}<button class="layui-btn layui-btn-xs layui-btn-radius layui-btn-disabled">无权限</button>{/if}
+		{if condition="checkRuleButton('admin/user/check')"}<input type="checkbox" name="check" lay-skin="switch" lay-filter="usercheck" lay-text="通过|{{#  if(d.check == -1){ }}禁止{{#  } }} {{#  if(d.check == 0){ }}待审{{#  } }}" {{#  if(d.check == 1){ }} checked {{#  } }} id="{{d.id}}" >{else}<button class="layui-btn layui-btn-xs layui-btn-radius layui-btn-disabled">无权限</button>{/if}
 		{{#  } }}
        </script>
 		<script type="text/html" id="buttonAuth">
@ -115,26 +126,7 @@
    //监听搜索
    form.on('submit(LAY-user-front-search)', function(data){
      var field = data.field;
-	  //提交 Ajax 成功后，静态更新表格中的数据
-	  $.ajax({
-		type:"post",
-		url:"{:url('admin/User/list')}",
-		data:{"id":field.id,"name":field.name,"email":field.email,"sex":field.sex},
-		daType:"json",
-		success:function (data){
-			if (data.code == 0) {
-				
-			} else {
-				layer.open({
-					tiele:'搜索失败',
-					content:data.msg,
-					icon:5,
-					anim:6
-				});
-			}
-		}
-	});
-      
+	  $.post("{:url('admin/User/list')}",field);
      //执行重载
      table.reload('LAY-user-manage', {
        where: field
@ -223,17 +215,12 @@
 	//监听用户审核
 	form.on('switch(usercheck)', function(data){
 	var data= data.elem;
-	
-	if(data.checked == true){
-		data.value = 1;
-	}else{
-		data.value = 0;
-	}
+	var status = data.checked ? 1 : -1;
 	//执行用户审核
 		$.ajax({
 			type:'post',
 			url:"{:url('admin/User/check')}",
-			data:{"id":data.id,"status":data.value,},
+			data:{"id":data.id,"status":status},
 			dataType:'json',
 			success:function(res){
 				if(res.code == 0){
@ -259,15 +246,11 @@
 	//超级管理auth控制
 	form.on('checkbox(auth)', function(data){
 	var data = data.elem;
-	if(data.checked == true){
-			data.value = 1;
-		}else{
-			data.value = 0;
-		}
+	var auth = data.checked ? 1 : 0;
 	$.ajax({
 			type:'post',
 			url:"{:url('admin/User/auth')}",
-			data:{"id":data.id,"auth":data.value,},
+			data:{"id":data.id,"auth":auth},
 			dataType:'json',
 			success:function(data){
 				if(data.code == 0){
--- a/app/admin/view/user/useredit.html
+++ b/app/admin/view/user/useredit.html
@ -58,6 +58,7 @@
    upload.render({
      elem: '#layuiadmin-upload-useradmin'
      ,url: 'uploadImg'
+      ,data: {type:'image'}
      ,accept: 'images'
      ,method: 'get'
      ,acceptMime: 'image/*'
--- a/app/admin/view/user/userform.html
+++ b/app/admin/view/user/userform.html
@ -55,6 +55,7 @@
    upload.render({
      elem: '#layuiadmin-upload-useradmin'
      ,url: 'uploadImg'
+      ,data: {type:'image'}
      ,accept: 'images'
      ,method: 'get'
      ,acceptMime: 'image/*'
--- a/app/common/controller/AdminController.php
+++ b/app/common/controller/AdminController.php
@ -111,16 +111,22 @@ abstract class AdminController
 	//获取层级
 	protected function getCyl()
 	{
-		$sys = $this->getSystem();
-		$url = $sys['base_url'].'?u='.$sys['domain'];
-		$cy = Api::urlGet($url);
-		if($cy && $cy->code == 0){
-            $cylevel = $cy->level;
-        } else {
-			$cylevel = 0;
+	    /*
+		$cylevel = Cache::get('cylevel');
+		if(!$cylevel){
+			$sys = $this->getSystem();
+			$url = $sys['base_url'].'?u='.$sys['domain'];
+			$cy = Api::urlGet($url);
+			halt($cy);
+			if($cy && $cy->code == 0){
+				$cylevel = $cy->level;
+			} else {
+				$cylevel = 0;
+			}
+			Cache::set('cylevel',$cylevel,3600);
 		}
-		Cache::set('cylevel',$cylevel,3600);
-		return Cache::get('cylevel');
+	    */
+		return 0;
 	}

    /**
--- a/app/common/controller/BaseController.php
+++ b/app/common/controller/BaseController.php
@ -274,22 +274,5 @@ abstract class BaseController
 		}
        View::assign(['sysInfo'=>$sysInfo,'headlinks'=>$head_links,'footlinks'=>$foot_links]);
    }
-	
-	//返回上传文件配置类型
-	protected function getExtType($ext)
-	{
-		$extType = Db::name('system')->where('id',1)->value('uptype');
-		$extArr = explode(',',$extType);
-		foreach ($extArr as $v){
-			$fileMime = stristr($v,':',true);//返回字符:前字符串
-			if($ext == $fileMime){
-				$arr = explode('|',stristr($v,':')); //返回:后字符串
-				//var_dump($arr);
-				return $arr;
-			} 
-			return [];
-		}
-	}
-	

 }
--- a/app/common/lib/Uploads.php
+++ b/app/common/lib/Uploads.php
@ -0,0 +1,111 @@
+<?php
+namespace app\common\lib;
+
+use think\facade\Config;
+use think\facade\Filesystem;
+use think\exception\ValidateException;
+use think\facade\Db;
+
+class Uploads 
+{
+    protected $fileName;
+    protected $dirName;
+    protected $fileSize;
+	protected $fileType;
+
+
+    /**
+     * 获取上传文件的mime和后缀
+     * @param string $fileType 上传文件的类型只能为：视频video，文件application，图片image,文本text
+     * @param string $type 获取文件的mime还是文件后缀ext
+     * @return array
+     */
+    protected function getFileInfo(string $fileType,string $type)
+    {
+        $extType = Db::name('system')->where('id',1)->value('uptype');
+        $extArr = explode(',',$extType);
+        //查询系统配置中运行上传文件类型，组成新的数组
+        $fileMime = [];
+        foreach ($extArr as $k=>$v){
+            $k = stristr($v,':',true);//返回字符:前字符串
+            $fileMime[$k] = explode('|',substr($v,strrpos($v,":")+1)); //返回:后字符串转换为数组
+        }
+        //根据上传文件的类型得到允许的文件mime或后缀
+        $arr = [];
+        $fileTypeArr = explode('|',$fileType);
+        foreach($fileTypeArr as $ft){
+            if(array_key_exists($ft,$fileMime)){   //数组中是否存在上传的数组的键
+
+                foreach($fileMime as $k=>$v){
+                    if($ft == $k){//文件类型和配置中类型相同时
+                        //获取文件mime
+                        if($type == 'mime'){
+                            //拼接字符串组成新mime数组
+                            foreach($v as $m){
+                                $arr[] = $ft. '/' . $m;
+                            }
+                        }
+                        //获取文件后缀
+                        if($type == 'ext'){
+                            $arr =  array_merge($arr,$v);   //合并数组
+                        }
+                    }
+                }
+
+            }
+        }
+        return $arr;
+    }
+	
+	//上传文件
+
+    /**
+     * 上传文件
+     * @param string $fileName 文件名,form表单中的name
+     * @param string $dirName
+     * @param int $fileSize
+     * @param string $fileType
+     * @return \think\response\Json
+     */
+
+    /**
+     * @param string $fileName 文件名,form表单中的name
+     * @param string $dirName 文件夹名,上传路径中的文件夹名称
+     * @param int $fileSize 文件大小，上传限制大小
+     * @param string $fileType 文件类型，只能为：视频video，文件application，图片image,文本text
+     * @param string $rule 文件命名规则，默认md5,uniqid,date,sha1
+     * @return \think\response\Json
+     */
+    public function put(string $fileName, string $dirName, int $fileSize, string $fileType, string $rule = null)
+    {
+		$file = request()->file($fileName);
+		//$type = $file->getMime();
+		$fileExt = $this->getFileInfo($fileType,'ext');
+		$fileMime = $this->getFileInfo($fileType,'mime');
+
+		try {
+			validate([$fileName=>['fileSize'=>$fileSize * 1024,'fileExt'=>$fileExt,'fileMime'=>$fileMime]])
+            ->check(['file'=>$file]);
+			
+		} catch (ValidateException $e) {
+			return json(['status'=>-1,'msg'=>$e->getMessage()]);
+		}
+		
+		$savename = \think\facade\Filesystem::disk('public')->putFile(session('user_id'). '/' .$dirName, $file, $rule);
+		$upload = Config::get('filesystem.disks.public.url');
+
+		if($savename){
+            //$name = $file->hashName();
+            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
+			//halt($name_path);
+			//$image = \think\Image::open("uploads/$name_path");
+			//$image->thumb(168, 168)->save("uploads/$name_path");
+
+            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
+        }else{
+            $res = ['status'=>-1,'msg'=>'上传错误'];
+        }
+	return json($res);
+    }
+
+}
--- a/app/common/model/UpgradeAuth.php
+++ b/app/common/model/UpgradeAuth.php
@ -16,6 +16,10 @@ class UpgradeAuth extends Model
 	protected $deleteTime = 'delete_time';
 	protected $defaultSoftDelete = 0;
 	
-   
+   public function getAuthLevelAttr($value)
+    {
+        $level = [0=>'免费版',1=>'初级版',2=>'高级版'];
+        return $level[$value];
+    }

 }
--- a/app/index/controller/Article.php
+++ b/app/index/controller/Article.php
@ -12,6 +12,7 @@ use app\common\model\Article as ArticleModel;
 use think\exception\ValidateException;
 use taoler\com\Message;
 use app\common\lib\Msgres;
+use app\common\lib\Uploads;

 class Article extends BaseController
 {
@ -250,103 +251,32 @@ class Article extends BaseController
 		}
 		return $res;
 	}
-	
-	//文本编辑器上传图片
-	public function textImgUpload()
+
+	public function uploads()
    {
-        $file = request()->file('file');
-		try {
-			validate(['file'=>['fileSize'=>'1024000','fileExt'=>$this->getExtType('image')]])
-            ->check(['file'=>$file]);
-			
-		} catch (ValidateException $e) {
-			return json(['status'=>-1,'msg'=>$e->getMessage()]);
-		}
-		
-		$savename = \think\facade\Filesystem::disk('public')->putFile('article_pic',$file);
-		$upload = Config::get('filesystem.disks.public.url');
-
-		if($savename){
-            //$name = $file->hashName();
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-			//halt($name_path);
-			//$image = \think\Image::open("uploads/$name_path");
-			//$image->thumb(168, 168)->save("uploads/$name_path");
-
-            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
-        }else{
-            $res = ['status'=>-1,'msg'=>'上传错误'];
+        $type = Request::param('type');
+		//halt($type);
+        $uploads = new Uploads();
+        switch ($type){
+            case 'image':
+                $upRes = $uploads->put('file','article_pic',1024,'image');
+                break;
+            case 'zip':
+                $upRes = $uploads->put('file','article_zip',1024,'application|image');
+                break;
+            case 'video':
+                $upRes = $uploads->put('file','article_video',102400,'video|audio');
+                break;
+            case 'audio':
+                $upRes = $uploads->put('file','article_audio',102400,'audio');
+                break;
+            default:
+                $upRes = $uploads->put('file','article_file',1024,'image');
+                break;
        }
-	return json($res);
+        return $upRes;
    }

-    //上传附件
-    public function upzip()
-    {
-        $file = request()->file('file');
-        try {
-            validate(['file'=>['fileSize'=>'1024000','fileExt'=>$this->getExtType('file')]])
-                ->check(['file'=>$file]);
-            $savename = \think\facade\Filesystem::disk('public')->putFile('article_zip',$file);
-        } catch (ValidateException $e) {
-            return json(['status'=>-1,'msg'=>$e->getMessage()]);
-        }
-        $upload = Config::get('filesystem.disks.public.url');
-
-        if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
-        }else{
-            $res = ['status'=>-1,'msg'=>'上传错误'];
-        }
-        return json($res);
-    }
-
-    //上传视频
-    public function upVideo()
-    {
-        $file = request()->file('file');
-        try {
-            validate(['file'=>['fileSize'=>'102400000','fileExt'=>$this->getExtType('mp4')]])
-                ->check(['file'=>$file]);
-            $savename = \think\facade\Filesystem::disk('public')->putFile('video',$file);
-        } catch (ValidateException $e) {
-            return json(['status'=>-1,'msg'=>$e->getMessage()]);
-        }
-        $upload = Config::get('filesystem.disks.public.url');
-
-        if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
-        }else{
-            $res = ['status'=>-1,'msg'=>'上传错误'];
-        }
-        return json($res);
-    }
-	
-	//上传音频
-    public function upAudio()
-    {
-        $file = request()->file('file');
-        try {
-            validate(['file'=>['fileSize'=>'10240000','fileExt'=>$this->getExtType('mp3')]])
-                ->check(['file'=>$file]);
-            $savename = \think\facade\Filesystem::disk('public')->putFile('audio',$file);
-        } catch (ValidateException $e) {
-            return json(['status'=>-1,'msg'=>$e->getMessage()]);
-        }
-        $upload = Config::get('filesystem.disks.public.url');
-
-        if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
-        }else{
-            $res = ['status'=>-1,'msg'=>'上传错误'];
-        }
-        return json($res);
-    }
-
-
    //附件下载
    public function download($id)
    {
--- a/app/index/controller/User.php
+++ b/app/index/controller/User.php
@ -112,14 +112,14 @@ class User extends BaseController
 	{
 		if(Request::isAjax()){
 			$data = Request::only(['user_id','email','nickname','sex','city','area_id','sign']);
-			$validate = new \app\common\validate\User;
+			$validate = new userValidate;
 			$result = $validate->scene('Set')->check($data);
 			if(!$result){
 				$this->error($validate->getError());
 			} else {
-                $user = new \app\common\model\User;
+                $user = new userModel;
                $result = $user->setNew($data);
-				if($result==1){
+				if($result == 1){
 					Cache::tag('user')->clear();
 				    return ['code'=>0,'msg'=>'资料更新成功'];
 				} else {
@ -135,25 +135,22 @@ class User extends BaseController
 	//更换头像
 	public function uploadHeadImg()
    {
-        $file = request()->file('file');
-		try {
-			validate(['file'=>'fileSize:204800|fileExt:jpg,png,gif,jpeg'])
-            ->check(['file'=>$file]);
-			$savename = \think\facade\Filesystem::disk('public')->putFile('head_pic',$file);
-		} catch (think\exception\ValidateException $e) {
-			return json(['status'=>-1,'msg'=>$e->getMessage()]);
-		}
-		$upload = Config::get('filesystem.disks.public.url');
-        if($savename){
+        $uploads = new \app\common\lib\Uploads();
+        $upRes = $uploads->put('file','head_img',1024,'image','uniqid');
+        $upHeadRes = $upRes->getData();
+        if($upHeadRes['status'] == 0){
+            $name_path = $upHeadRes['url'];
            //$name = $file->hashName();
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);	
 			//$image = \think\Image::open("uploads/$name_path");
 			//$image->thumb(168, 168)->save("uploads/$name_path");

            //查出当前用户头像删除原头像并更新
 			$imgPath = Db::name('user')->where('id',$this->uid)->value('user_img');
-			if(file_exists($imgPath)){
-				unlink('.'.$imgPath);
+			if(file_exists('.'.$imgPath)){
+				$dirPath    = dirname('.'.$imgPath);
+				if($dirPath !== './static/res/images/avatar'){ //防止删除默认头像
+					unlink('.'.$imgPath);
+				}
 			}  
            $result = Db::name('user')
                ->where('id',$this->uid)
@ -164,7 +161,7 @@ class User extends BaseController
            } else {
                $res = ['status'=>1,'msg'=>'头像更新失败'];
            }
-        }else{
+        } else {
            $res = ['status'=>1,'msg'=>'上传错误'];
        }
 	return json($res);
@ -210,8 +207,7 @@ class User extends BaseController
 	public function activate()
 	{
 		$this->isLogin();
-		$user['user_id'] = session::get('user_id');
-		$user = UserModel::find($user['user_id']);
+		$user = UserModel::find($this->uid);
 		$this->assign('user',$user);
 		return view();
 	}
@ -221,12 +217,12 @@ class User extends BaseController
 	{
 		if(Request::isAjax()){
 			$data = Request::param();
-			$validate = new \app\common\validate\User();
+			$validate = new userValidate;
 			$res = $validate->scene('setPass')->check($data);
 			if(!$res){
 				return $this->error($validate->getError());
 			}
-		$user = new \app\common\model\User;
+		$user = new userModel;
 		$result = $user->setpass($data);
 			if($result == 1) {
 				Session::clear();
--- a/app/install/data/taoler.sql
+++ b/app/install/data/taoler.sql
@ -27,7 +27,7 @@ CREATE TABLE `tao_admin` (
  `email` varchar(30) NOT NULL DEFAULT '' COMMENT '邮箱',
  `mobile` varchar(11) NOT NULL DEFAULT '' COMMENT '手机号',
  `sex` tinyint(1) NOT NULL DEFAULT '0' COMMENT '0女1男',
-  `status` enum('1','0') NOT NULL DEFAULT '0' COMMENT '1启用0禁用',
+  `status` enum('1','0','-1') NOT NULL DEFAULT '0' COMMENT '1启用0待审-1禁用',
  `auth_group_id` smallint(1) NOT NULL DEFAULT '0' COMMENT '1超级管理员0是普通管理员',
  `remarks` varchar(255) NOT NULL DEFAULT '' COMMENT '备注',
  `last_login_ip` varchar(70) NOT NULL DEFAULT '' COMMENT '最后登录IP',
@ -41,8 +41,7 @@ CREATE TABLE `tao_admin` (
 -- ----------------------------
 -- Records of tao_admin
 -- ----------------------------
-INSERT INTO `tao_admin` VALUES ('1', 'admin', '管理员', '95d6f8d0d0c3b45e5dbe4057da1b149e', 'taoler@qq.com', '13812345678', '1', '1', '1', '2019.1.1 新年发布新版本！', '127.0.0.1', '1612162986', '1579053025', '1578986600', '0');
-INSERT INTO `tao_admin` VALUES ('2', 'test', '', '3dbfa76bd34a2a0274f5d52f5529ccb3', 'test@qq.com', '13567891236', '0', '0', '2', '', '127.0.0.1', '1578643147', '1555892325', '1576554415', '0');
+INSERT INTO `tao_admin` VALUES ('1', 'admin', '管理员', '95d6f8d0d0c3b45e5dbe4057da1b149e', 'taoler@qq.com', '13812345678', '1', '1', '1', '2021 TaoLer！', '127.0.0.1', '1612162986', '1579053025', '1578986600', '0');

 -- ----------------------------
 -- Table structure for tao_article
@ -480,7 +479,7 @@ CREATE TABLE `tao_system` (
  `logo` varchar(70) NOT NULL DEFAULT '' COMMENT '网站logo',
  `cache` tinyint(5) NOT NULL DEFAULT '0' COMMENT '缓存时间分钟',
  `upsize` int(5) NOT NULL DEFAULT '0' COMMENT '上传文件大小KB',
-  `uptype` varchar(100) NOT NULL DEFAULT '' COMMENT '上传文件类型',
+  `uptype` varchar(50) NOT NULL DEFAULT '' COMMENT '上传文件类型',
  `copyright` varchar(80) NOT NULL DEFAULT '' COMMENT '版权',
  `keywords` tinytext NOT NULL COMMENT '网站关键字',
  `descript` tinytext NOT NULL COMMENT '网站描述',
@ -503,7 +502,7 @@ CREATE TABLE `tao_system` (
 -- ----------------------------
 -- Records of tao_system
 -- ----------------------------
-INSERT INTO `tao_system` VALUES ('1', 'TaoLer社区演示站', '轻论坛系统', 'http://www.xxx.com', 'taoler', '/storage/logo/logo.png', '10', '2048', 'image:png|gif|jpg|jpeg,file:zip|rar,video:mp4,audio:mp3|m4a', '<a href="https://www.aieok.com" target="_blank">TaoLer</a>', 'TaoLer,轻社区系统,bbs,论坛,Thinkphp6,layui,fly模板,', '这是一个Taoler轻社区论坛系统', '1', '1', '1', '0.0.0.0', '管理员|admin|审核员|超级|垃圾', '1.6.3', '', 'http://api.aieok.com', 'http://api.aieok.com/v1/cy', 'http://api.aieok.com/v1/upload/check', 'http://api.aieok.com/v1/upload/api', '1581221008', '1577419197');
+INSERT INTO `tao_system` VALUES ('1', 'TaoLer社区演示站', '轻论坛系统', 'http://www.xxx.com', 'taoler', '/storage/logo/logo.png', '10', '2048', 'png|gif|jpg|jpeg|zip|rarr', '<a href="https://www.aieok.com" target="_blank">TaoLer</a>', 'TaoLer,轻社区系统,bbs,论坛,Thinkphp6,layui,fly模板,', '这是一个Taoler轻社区论坛系统', '1', '1', '1', '0.0.0.0', '管理员|admin|审核员|超级|垃圾', '1.6.3', '', 'http://api.aieok.com', 'http://api.aieok.com/v1/cy', 'http://api.aieok.com/v1/upload/check', 'http://api.aieok.com/v1/upload/api', '1581221008', '1577419197');

 -- ----------------------------
 -- Table structure for tao_user
@ -523,7 +522,7 @@ CREATE TABLE `tao_user` (
  `auth` enum('1','0') NOT NULL DEFAULT '0' COMMENT '管理员权限0普通1超级',
  `point` int(11) NOT NULL DEFAULT '0' COMMENT '积分',
  `area_id` int(11) DEFAULT NULL COMMENT '用户所属区域ID',
-  `status` enum('0','1') NOT NULL DEFAULT '1' COMMENT '1启用0禁用',
+  `status` enum('0','1','-1') NOT NULL DEFAULT '1' COMMENT '1启用0待审-1禁用',
  `vip` tinyint(1) NOT NULL DEFAULT '0' COMMENT 'vip',
  `last_login_ip` varchar(70) NOT NULL DEFAULT '0' COMMENT '最后登陆ip',
  `last_login_time` int(11) NOT NULL DEFAULT '0' COMMENT '最后登陆时间',
@ -541,7 +540,7 @@ CREATE TABLE `tao_user` (
 -- ----------------------------
 -- Records of tao_user
 -- ----------------------------
-INSERT INTO `tao_user` VALUES ('1', 'admin', '95d6f8d0d0c3b45e5dbe4057da1b149e', '2147483647', 'admin@qq.com', '管理员', '北京市', '1', '这是我的第一个TP5系统，2019北京。OK! OK!ok@', '/static/res/images/avatar/00.jpg', '1', '0', '1', '1', '0', '127.0.0.1', '0', '0', '0', '0', '1579053025', '1578469091', '0');
+INSERT INTO `tao_user` VALUES ('1', 'admin', '95d6f8d0d0c3b45e5dbe4057da1b149e', '2147483647', 'admin@qq.com', '管理员', '北京市', '1', '这是一个社区系统', '/static/res/images/avatar/00.jpg', '1', '0', '1', '1', '0', '127.0.0.1', '0', '0', '0', '0', '1579053025', '1578469091', '0');

 -- ----------------------------
 -- Table structure for tao_user_area
--- a/config/taoler.php
+++ b/config/taoler.php
@ -7,7 +7,7 @@ return [
 	//应用名,此项不可更改
 	'appname'	=> 'TaoLer',
    //版本配置
-    'version'   => '1.7.15',
+    'version'   => '1.7.16',
 	//加盐
 	'salt'		=> 'taoler',
 	//数据库备份目录
--- a/extend/taoler/com/Api.php
+++ b/extend/taoler/com/Api.php
@ -41,6 +41,7 @@ class Api
 		curl_close($ch);
 		if($httpCode == '200'){
 			return json_decode($data);
+            //return $data;
 		} else {
 			//$status ='{"code":-1,"msg":"远程服务器失败"}';	//字符串
 			return json_decode('{"code":-1,"msg":"远程服务器失败,稍后重试"}');	//转换为对象
--- a/public/static/res/mods/index.js
+++ b/public/static/res/mods/index.js
@ -176,7 +176,8 @@ layui.define(['layer', 'laytpl', 'form', 'element', 'upload', 'util', 'imgcom'],
 							  ,accept: 'images'
 							  ,acceptMime: 'image/*'
 							  ,exts: 'jpg|png|gif|bmp|jpeg'
-                              ,url: textImgUpload
+                              ,url: uploads
+                              ,data: {type:'image'}
 							  ,auto: false
 							  //,bindAction: '#img-button' //指向一个按钮触发上传
 							  //,field: 'image'
@ -309,7 +310,8 @@ layui.define(['layer', 'laytpl', 'form', 'element', 'upload', 'util', 'imgcom'],

 						//上传视频
 						  upload.render({
-                              url: videoUrl
+                              url: uploads
+                              ,data: {type:'video'}
 							  ,accept: 'video'
 							  ,acceptMime: 'video/mp4'
 							  ,exts: 'mp4'
@ -332,7 +334,8 @@ layui.define(['layer', 'laytpl', 'form', 'element', 'upload', 'util', 'imgcom'],
 							  ,accept: 'images'
 							  ,acceptMime: 'image/*'
 							  ,exts: 'jpg|png|gif|bmp|jpeg'
-                              ,url: textImgUpload
+                              ,url: uploads
+                              ,data: {type:'image'}
 							  ,auto: false
 							  //,bindAction: '#img-button' //指向一个按钮触发上传
 							  //,field: 'image'
@ -397,7 +400,8 @@ layui.define(['layer', 'laytpl', 'form', 'element', 'upload', 'util', 'imgcom'],
                          var loding,audio =  layero.find('input[name="audio"]');

                          upload.render({
-                              url: audioUrl
+                              url: uploads
+                              ,data: {type:'audio'}
 							  ,elem: '#fly-jie-audio-upload .upload-audio'
 							  ,accept: 'audio'
 							  ,acceptMime: 'audio/*'
--- a/view/taoler/index/article/add.html
+++ b/view/taoler/index/article/add.html
@ -77,7 +77,7 @@
                <div class="layui-inline">
                  <label class="layui-form-label">{:lang('enclosure')}</label>
                  <div class="layui-input-inline" style="width: 190px;">
-                   <input type="text" class="layui-input" name="upzip" value="" placeholder="zip,jpg格式" title="上传附件"/>
+                   <input type="text" class="layui-input" name="upzip" value="" placeholder="zip,image文件" title="上传附件"/>
                  </div>
 				  <button type="button" class="layui-btn" id="zip-button"><i class="layui-icon"></i>{:lang('uploads')}</button>
                </div>
@ -170,10 +170,11 @@
          }
        });
 		
-		//指定允许上传的文件类型
+		//上传附件
 		  upload.render({
 			elem: '#zip-button'
-			,url: '{:url('article/upzip')}' //改成您自己的上传接口
+			,url: "{:url('article/Uploads')}" //改成您自己的上传接口
+            ,data: {type:'zip'}
 			,accept: 'file' //普通文件
 			,done: function(res){
 				if(res.status == 0){
@ -182,7 +183,6 @@
 				} else {
 					layer.msg(res.msg);
 				}
-				
 			}
 		  });

--- a/view/taoler/index/public/footer.html
+++ b/view/taoler/index/public/footer.html
@ -16,9 +16,7 @@ var messageNums = "{:url('message/nums')}",
 	userMessage = "{:url('User/message')}",
    login = "{:url('Login/index')}",
    articleAdd = "{:url('Article/add')}",
-    textImgUpload = "{:url('article/textImgUpload')}",
-	videoUrl = "{:url('article/upVideo')}",
-	audioUrl = "{:url('article/upAudio')}",
+	uploads = "{:url('article/uploads')}",
 	searchUrl = "{:url('index/search')}",
 	langUrl = "{:url('index/language')}",
 	replyNum = "{:lang('replies')}";