上传文件严格检测，后台用户状态优化

README.md

@@ -7,8 +7,8 @@
  * 后台：http://adm.aieok.com
  * 账号：test
  * 密码：test123
- * 版本：TaoLer 1.7.15
+ * 版本：TaoLer 1.7.16
- * 日期：2021.7.1
+ * 日期：2021.7.15
 
 #### 项目地址
 

app/admin/controller/Forum.php

@@ -221,7 +221,7 @@ class Forum extends AdminController
 				$where[] = ['a.content','like','%'.$map['content'].'%'];
 				unset($map['content']);
 			}
-			if(isset($data['status'])){
+			if(isset($data['status']) && $data['status'] !== '' ){
 				$where[] = ['a.status','=',(int)$data['status']];
 				unset($map['status']);
 			}

app/admin/controller/Set.php

@@ -106,26 +106,16 @@ class Set extends AdminController
 	//上传logo
 	public function upload()
 	{
-		$file = request()->file('file');
+        $uploads = new \app\common\lib\Uploads();
-
+        $upRes = $uploads->put('file','logo',2000,'image','uniqid');
-		try {
+        $logoJson = $upRes->getData();
-			validate(['image'=>'filesize:2048|fileExt:jpg,png,gif|image:200,200,jpg'])
+		if($logoJson['status'] == 0){
-            ->check(array($file));
+			$result = Db::name('system')->where('id', 1)->update(['logo'=>$logoJson['url']]);
-			$savename = \think\facade\Filesystem::disk('public')->putFile('logo',$file);
-		} catch (think\exception\ValidateException $e) {
-			echo $e->getMessage();
-		}
-		$upload = Config::get('filesystem.disks.public.url');
-		
-		if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-			$result = Db::name('system')->where('id', 1)->update(['logo'=>$name_path]);
 			if($result){
 				$res = ['code'=>0,'msg'=>'上传logo成功'];
 			} else {
 				$res = ['code'=>1,'msg'=>'上传错误'];
 			}
-            
         }
 	return json($res);
 	}

app/admin/controller/Slider.php

@@ -12,9 +12,10 @@ use app\admin\model\Slider as SliderModel;
 class Slider extends AdminController
 {
     /**
-     * 显示资源列表
+     * @return string
-     *
+     * @throws \think\db\exception\DataNotFoundException
-     * @return \think\Response
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function index()
     {
@@ -50,10 +51,11 @@ class Slider extends AdminController
 
 
     /**
-     * 编辑幻灯
+     * @param $id
-     *
+     * @return string|\think\response\Json
-     * @param  int  $id
+     * @throws \think\db\exception\DataNotFoundException
-     * @return \think\Response
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function edit($id)
     {
@@ -78,27 +80,16 @@ class Slider extends AdminController
     }
 
     /**
-     * 保存更新的资源
+     * @return \think\response\Json
-     *
-     * @param
-     * @param  int  $id
-     * @return \think\Response
      */
     public function uploadImg()
     {
-		$id = Request::param();
+        $uploads = new \app\common\lib\Uploads();
-        $file = request()->file('file');
+        $upRes = $uploads->put('file','slider',1024,'image');
-		try {
+        $slires = $upRes->getData();
-			validate(['image'=>'filesize:2048|fileExt:jpg,png,gif|image:200,200,jpg'])
+
-            ->check(array($file));
+		if($slires['status'] == 0){
-			$savename = \think\facade\Filesystem::disk('public')->putFile('slider',$file);
+            $name_path = $slires['url'];
-		} catch (think\exception\ValidateException $e) {
-			echo $e->getMessage();
-		}
-		$upload = Config::get('filesystem.disks.public.url');
-		
-		if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
 				$res = ['code'=>0,'msg'=>'上传flash成功','src'=>$name_path];
 			} else {
 				$res = ['code'=>1,'msg'=>'上传错误'];
@@ -107,10 +98,11 @@ class Slider extends AdminController
     }
 
     /**
-     * 删除指定资源
+     * @param $id
-     *
+     * @return \think\response\Json
-     * @param  int  $id
+     * @throws \think\db\exception\DataNotFoundException
-     * @return \think\Response
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function delete($id)
     {

app/admin/controller/Upgrade.php

@@ -294,13 +294,17 @@ class Upgrade extends AdminController
     public function uploadZip()
     {
 		$files = request()->file('file');
+		$mime = $files->getMime();
+		if($mime !== 'application/zip'){
+            return json(['code'=>-1,'msg'=>'文件类型不对']);
+        }
 		$name = $files->getOriginalName();
 
         //校验后缀
         $ext = pathinfo($name,PATHINFO_EXTENSION);  //文件后缀
         if($ext != 'zip')
         {
-            return json(['code'=>0,'msg'=>'请上传文件格式不对']);
+            return json(['code'=>-1,'msg'=>'上传文件格式不对']);
         }
         //对比版本号
         $fname = pathinfo($name,PATHINFO_FILENAME);   //无后缀文件名

app/admin/controller/User.php

@@ -4,14 +4,11 @@ namespace app\admin\controller;
 
 use app\common\controller\AdminController;
 use app\admin\validate\Admin;
-use app\admin\model\Admin as adminModel;
 use think\facade\View;
 use think\facade\Request;
-use think\facade\Config;
 use think\facade\Db;
-use think\facade\Session;
-use think\exception\ValidateException;
 use app\common\model\User as UserModel;
+use app\common\lib\Uploads;
 
 class User extends AdminController
 {
@@ -26,7 +23,7 @@ class User extends AdminController
 	public function list()
 	{
 		if(Request::isAjax()){
-			$datas = Request::only(['id','name','email','sex']);
+			$datas = Request::only(['id','name','email','sex','status']);
 			$map = array_filter($datas,[$this,'filtrArr']);
 			$user = Db::name('user')->where(['delete_time'=>0])->where($map)->order('id desc')->paginate(30);
 			$count = $user->total();
@@ -100,31 +97,22 @@ class User extends AdminController
 	//上传头像
 	 public function uploadImg()
     {
-        $file = request()->file('file');
+		$uploads = new Uploads();
-		try {
+		$upRes = $uploads->put('file','head_pic',2000,'image');
-			validate(['file'=>'fileSize:204800|fileExt:jpg,png,gif'])
+        $userJson = $upRes->getData();
-            ->check(['file'=>$file]);
+        if($userJson['status'] == 0){
-			$savename = \think\facade\Filesystem::disk('public')->putFile('head_pic',$file);
+            $res = ['code'=>0,'msg'=>'上传头像成功','src'=>$userJson['url']];
-		} catch (think\exception\ValidateException $e) {
+        } else {
-			echo $e->getMessage();
+            $res = ['code'=>1,'msg'=>'上传错误'];
-		}
+        }
-		$upload = Config::get('filesystem.disks.public.url');
+        return json($res);
-		
-		if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-				$res = ['code'=>0,'msg'=>'上传头像成功','src'=>$name_path];
-			} else {
-				$res = ['code'=>-1,'msg'=>'上传错误'];
-			}
-		return json($res);
     }
 	
 	
 	//审核用户
 	public function check()
 	{
-		$data = Request::param();
+		$data = Request::only(['id','status']);
-
 		//获取状态
 		$res = Db::name('user')->where('id',$data['id'])->save(['status' => $data['status']]);
 		if($res){

app/admin/view/set/system/website.html

@@ -188,7 +188,8 @@
 	//LOGO选完文件后不自动上传
 	  upload.render({
 		elem: '#logo-img'
-		,url: '{:url('admin/set/upload')}'
+		,url: "{:url('admin/set/upload')}"
+        ,data: {type:'image'}
 		,auto: false
 		,exts: 'jpg|png|gif|bmp|jpeg'
 		,size: 1000

app/admin/view/slider/add.html

@@ -104,21 +104,20 @@
 		,btns: ['clear', 'now']
 		,trigger: 'click'
 	  });
-	
+	//上传图片
     upload.render({
       elem: '#layuiadmin-upload-slid-img'
       ,url: 'uploadImg'
+      ,data:{type:'image'}
       ,accept: 'images'
       ,acceptMime: 'image/*'
 	  ,auto: false
 	  ,choose: function (obj) { //选择文件后的回调
 			imgcom.uploads(obj);
 		  }
-	  
       ,done: function(res){
         //console.log(res)
 		$(this.item).prev("div").children("input").val(res.src)
-		
 			if(res.code == 0){
 				layer.msg(res.msg,{
 					icon:6,

app/admin/view/slider/edit.html

@@ -73,11 +73,12 @@
     base: '/static/admin/' //静态资源所在路径
   }).extend({
     index: 'lib/index' //主入口模块
-  }).use(['index', 'form', 'upload','laydate','colorpicker'], function(){
+  }).use(['index', 'form', 'upload','laydate','colorpicker', 'imgcom'], function(){
     var $ = layui.$
     ,form = layui.form
 	,laydate = layui.laydate
-    ,upload = layui.upload ;
+    ,upload = layui.upload
+    ,imgcom = layui.imgcom;
 	var colorpicker = layui.colorpicker;
     
 	//颜色表单赋值
@@ -102,17 +103,22 @@
 		,btns: ['clear', 'now']
 		,trigger: 'click'
 	  });
-	
+
+	//上传图片
     upload.render({
 	//var id = $('.layui-btn').(this).attr('dataid');
       elem: '#layuiadmin-upload-slid-img'
       ,url: 'uploadImg'
+      ,data:{type:'image'}
       ,accept: 'images'
       ,method: 'get'
       ,acceptMime: 'image/*'
+      ,auto: false
+      ,choose: function (obj) { //选择文件后的回调
+            imgcom.uploads(obj);
+        }
       ,done: function(res){
 		$(this.item).prev("div").children("input").val(res.src)
-		
 			if(res.code == 0){
 				layer.msg(res.msg,{
 					icon:6,

app/admin/view/upgrade/index.html

@@ -152,6 +152,7 @@
 	upload.render({
 		elem: '#select-file'
 		,url: "{:url('admin/upgrade/uploadzip')}"
+        ,data: {type:'zip'}
 		,accept: 'file'
         ,acceptMime: 'application/zip'
 		,field: 'file'

app/admin/view/user/list.html

@@ -33,6 +33,17 @@
                 <option value="1">女</option>
               </select>
             </div>
+          </div>
+		  <div class="layui-inline">
+            <label class="layui-form-label">状态</label>
+            <div class="layui-input-block">
+              <select name="status">
+			  <option value="">选择状态</option>
+                <option value="1">正常</option>
+				<option value="-1">禁止</option>
+				<option value="0">待审</option>
+              </select>
+            </div>
           </div>
           <div class="layui-inline">
             <button class="layui-btn layuiadmin-btn-useradmin" lay-submit lay-filter="LAY-user-front-search">
@@ -63,7 +74,7 @@
 		{{#  if(d.id == '1'){ }}
 		<input type="checkbox" name="check" lay-skin="switch" disabled lay-text="通过|禁用" value="1" checked id="{{d.id}}">
 		{{#  } else { }}
-		{if condition="checkRuleButton('admin/user/check')"}<input type="checkbox" name="check" lay-skin="switch" lay-filter="usercheck" lay-text="通过|禁用" {{#  if(d.check == 1){ }} checked {{#  } }} id="{{d.id}}" >{else}<button class="layui-btn layui-btn-xs layui-btn-radius layui-btn-disabled">无权限</button>{/if}
+		{if condition="checkRuleButton('admin/user/check')"}<input type="checkbox" name="check" lay-skin="switch" lay-filter="usercheck" lay-text="通过|{{#  if(d.check == -1){ }}禁止{{#  } }} {{#  if(d.check == 0){ }}待审{{#  } }}" {{#  if(d.check == 1){ }} checked {{#  } }} id="{{d.id}}" >{else}<button class="layui-btn layui-btn-xs layui-btn-radius layui-btn-disabled">无权限</button>{/if}
 		{{#  } }}
         </script>
 		<script type="text/html" id="buttonAuth">
@@ -115,26 +126,7 @@
     //监听搜索
     form.on('submit(LAY-user-front-search)', function(data){
       var field = data.field;
-	  //提交 Ajax 成功后，静态更新表格中的数据
+	  $.post("{:url('admin/User/list')}",field);
-	  $.ajax({
-		type:"post",
-		url:"{:url('admin/User/list')}",
-		data:{"id":field.id,"name":field.name,"email":field.email,"sex":field.sex},
-		daType:"json",
-		success:function (data){
-			if (data.code == 0) {
-				
-			} else {
-				layer.open({
-					tiele:'搜索失败',
-					content:data.msg,
-					icon:5,
-					anim:6
-				});
-			}
-		}
-	});
-      
       //执行重载
       table.reload('LAY-user-manage', {
         where: field
@@ -223,17 +215,12 @@
 	//监听用户审核
 	form.on('switch(usercheck)', function(data){
 	var data= data.elem;
-	
+	var status = data.checked ? 1 : -1;
-	if(data.checked == true){
-		data.value = 1;
-	}else{
-		data.value = 0;
-	}
 	//执行用户审核
 		$.ajax({
 			type:'post',
 			url:"{:url('admin/User/check')}",
-			data:{"id":data.id,"status":data.value,},
+			data:{"id":data.id,"status":status},
 			dataType:'json',
 			success:function(res){
 				if(res.code == 0){
@@ -259,15 +246,11 @@
 	//超级管理auth控制
 	form.on('checkbox(auth)', function(data){
 	var data = data.elem;
-	if(data.checked == true){
+	var auth = data.checked ? 1 : 0;
-			data.value = 1;
-		}else{
-			data.value = 0;
-		}
 	$.ajax({
 			type:'post',
 			url:"{:url('admin/User/auth')}",
-			data:{"id":data.id,"auth":data.value,},
+			data:{"id":data.id,"auth":auth},
 			dataType:'json',
 			success:function(data){
 				if(data.code == 0){

app/admin/view/user/useredit.html

@@ -58,6 +58,7 @@
     upload.render({
       elem: '#layuiadmin-upload-useradmin'
       ,url: 'uploadImg'
+      ,data: {type:'image'}
       ,accept: 'images'
       ,method: 'get'
       ,acceptMime: 'image/*'

app/admin/view/user/userform.html

@@ -55,6 +55,7 @@
     upload.render({
       elem: '#layuiadmin-upload-useradmin'
       ,url: 'uploadImg'
+      ,data: {type:'image'}
       ,accept: 'images'
       ,method: 'get'
       ,acceptMime: 'image/*'

app/common/controller/AdminController.php

@@ -111,16 +111,22 @@ abstract class AdminController
 	//获取层级
 	protected function getCyl()
 	{
-		$sys = $this->getSystem();
+	    /*
-		$url = $sys['base_url'].'?u='.$sys['domain'];
+		$cylevel = Cache::get('cylevel');
-		$cy = Api::urlGet($url);
+		if(!$cylevel){
-		if($cy && $cy->code == 0){
+			$sys = $this->getSystem();
-            $cylevel = $cy->level;
+			$url = $sys['base_url'].'?u='.$sys['domain'];
-        } else {
+			$cy = Api::urlGet($url);
-			$cylevel = 0;
+			halt($cy);
+			if($cy && $cy->code == 0){
+				$cylevel = $cy->level;
+			} else {
+				$cylevel = 0;
+			}
+			Cache::set('cylevel',$cylevel,3600);
 		}
-		Cache::set('cylevel',$cylevel,3600);
+	    */
-		return Cache::get('cylevel');
+		return 0;
 	}
 
     /**

app/common/controller/BaseController.php

@@ -274,22 +274,5 @@ abstract class BaseController
 		}
         View::assign(['sysInfo'=>$sysInfo,'headlinks'=>$head_links,'footlinks'=>$foot_links]);
     }
-	
-	//返回上传文件配置类型
-	protected function getExtType($ext)
-	{
-		$extType = Db::name('system')->where('id',1)->value('uptype');
-		$extArr = explode(',',$extType);
-		foreach ($extArr as $v){
-			$fileMime = stristr($v,':',true);//返回字符:前字符串
-			if($ext == $fileMime){
-				$arr = explode('|',stristr($v,':')); //返回:后字符串
-				//var_dump($arr);
-				return $arr;
-			} 
-			return [];
-		}
-	}
-	
 
 }

app/common/lib/Uploads.php

@@ -0,0 +1,111 @@
+<?php
+namespace app\common\lib;
+
+use think\facade\Config;
+use think\facade\Filesystem;
+use think\exception\ValidateException;
+use think\facade\Db;
+
+class Uploads 
+{
+    protected $fileName;
+    protected $dirName;
+    protected $fileSize;
+	protected $fileType;
+
+
+    /**
+     * 获取上传文件的mime和后缀
+     * @param string $fileType 上传文件的类型只能为：视频video，文件application，图片image,文本text
+     * @param string $type 获取文件的mime还是文件后缀ext
+     * @return array
+     */
+    protected function getFileInfo(string $fileType,string $type)
+    {
+        $extType = Db::name('system')->where('id',1)->value('uptype');
+        $extArr = explode(',',$extType);
+        //查询系统配置中运行上传文件类型，组成新的数组
+        $fileMime = [];
+        foreach ($extArr as $k=>$v){
+            $k = stristr($v,':',true);//返回字符:前字符串
+            $fileMime[$k] = explode('|',substr($v,strrpos($v,":")+1)); //返回:后字符串转换为数组
+        }
+        //根据上传文件的类型得到允许的文件mime或后缀
+        $arr = [];
+        $fileTypeArr = explode('|',$fileType);
+        foreach($fileTypeArr as $ft){
+            if(array_key_exists($ft,$fileMime)){   //数组中是否存在上传的数组的键
+
+                foreach($fileMime as $k=>$v){
+                    if($ft == $k){//文件类型和配置中类型相同时
+                        //获取文件mime
+                        if($type == 'mime'){
+                            //拼接字符串组成新mime数组
+                            foreach($v as $m){
+                                $arr[] = $ft. '/' . $m;
+                            }
+                        }
+                        //获取文件后缀
+                        if($type == 'ext'){
+                            $arr =  array_merge($arr,$v);   //合并数组
+                        }
+                    }
+                }
+
+            }
+        }
+        return $arr;
+    }
+	
+	//上传文件
+
+    /**
+     * 上传文件
+     * @param string $fileName 文件名,form表单中的name
+     * @param string $dirName
+     * @param int $fileSize
+     * @param string $fileType
+     * @return \think\response\Json
+     */
+
+    /**
+     * @param string $fileName 文件名,form表单中的name
+     * @param string $dirName 文件夹名,上传路径中的文件夹名称
+     * @param int $fileSize 文件大小，上传限制大小
+     * @param string $fileType 文件类型，只能为：视频video，文件application，图片image,文本text
+     * @param string $rule 文件命名规则，默认md5,uniqid,date,sha1
+     * @return \think\response\Json
+     */
+    public function put(string $fileName, string $dirName, int $fileSize, string $fileType, string $rule = null)
+    {
+		$file = request()->file($fileName);
+		//$type = $file->getMime();
+		$fileExt = $this->getFileInfo($fileType,'ext');
+		$fileMime = $this->getFileInfo($fileType,'mime');
+
+		try {
+			validate([$fileName=>['fileSize'=>$fileSize * 1024,'fileExt'=>$fileExt,'fileMime'=>$fileMime]])
+            ->check(['file'=>$file]);
+			
+		} catch (ValidateException $e) {
+			return json(['status'=>-1,'msg'=>$e->getMessage()]);
+		}
+		
+		$savename = \think\facade\Filesystem::disk('public')->putFile(session('user_id'). '/' .$dirName, $file, $rule);
+		$upload = Config::get('filesystem.disks.public.url');
+
+		if($savename){
+            //$name = $file->hashName();
+            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
+			//halt($name_path);
+			//$image = \think\Image::open("uploads/$name_path");
+			//$image->thumb(168, 168)->save("uploads/$name_path");
+
+            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
+        }else{
+            $res = ['status'=>-1,'msg'=>'上传错误'];
+        }
+	return json($res);
+    }
+
+}

app/common/model/UpgradeAuth.php

@@ -16,6 +16,10 @@ class UpgradeAuth extends Model
 	protected $deleteTime = 'delete_time';
 	protected $defaultSoftDelete = 0;
 	
-   
+   public function getAuthLevelAttr($value)
+    {
+        $level = [0=>'免费版',1=>'初级版',2=>'高级版'];
+        return $level[$value];
+    }
 
 }

app/index/controller/Article.php

@@ -12,6 +12,7 @@ use app\common\model\Article as ArticleModel;
 use think\exception\ValidateException;
 use taoler\com\Message;
 use app\common\lib\Msgres;
+use app\common\lib\Uploads;
 
 class Article extends BaseController
 {
@@ -250,103 +251,32 @@ class Article extends BaseController
 		}
 		return $res;
 	}
-	
+
-	//文本编辑器上传图片
+	public function uploads()
-	public function textImgUpload()
     {
-        $file = request()->file('file');
+        $type = Request::param('type');
-		try {
+		//halt($type);
-			validate(['file'=>['fileSize'=>'1024000','fileExt'=>$this->getExtType('image')]])
+        $uploads = new Uploads();
-            ->check(['file'=>$file]);
+        switch ($type){
-			
+            case 'image':
-		} catch (ValidateException $e) {
+                $upRes = $uploads->put('file','article_pic',1024,'image');
-			return json(['status'=>-1,'msg'=>$e->getMessage()]);
+                break;
-		}
+            case 'zip':
-		
+                $upRes = $uploads->put('file','article_zip',1024,'application|image');
-		$savename = \think\facade\Filesystem::disk('public')->putFile('article_pic',$file);
+                break;
-		$upload = Config::get('filesystem.disks.public.url');
+            case 'video':
-
+                $upRes = $uploads->put('file','article_video',102400,'video|audio');
-		if($savename){
+                break;
-            //$name = $file->hashName();
+            case 'audio':
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
+                $upRes = $uploads->put('file','article_audio',102400,'audio');
-			//halt($name_path);
+                break;
-			//$image = \think\Image::open("uploads/$name_path");
+            default:
-			//$image->thumb(168, 168)->save("uploads/$name_path");
+                $upRes = $uploads->put('file','article_file',1024,'image');
-
+                break;
-            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
-        }else{
-            $res = ['status'=>-1,'msg'=>'上传错误'];
         }
-	return json($res);
+        return $upRes;
     }
 
-    //上传附件
-    public function upzip()
-    {
-        $file = request()->file('file');
-        try {
-            validate(['file'=>['fileSize'=>'1024000','fileExt'=>$this->getExtType('file')]])
-                ->check(['file'=>$file]);
-            $savename = \think\facade\Filesystem::disk('public')->putFile('article_zip',$file);
-        } catch (ValidateException $e) {
-            return json(['status'=>-1,'msg'=>$e->getMessage()]);
-        }
-        $upload = Config::get('filesystem.disks.public.url');
-
-        if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
-        }else{
-            $res = ['status'=>-1,'msg'=>'上传错误'];
-        }
-        return json($res);
-    }
-
-    //上传视频
-    public function upVideo()
-    {
-        $file = request()->file('file');
-        try {
-            validate(['file'=>['fileSize'=>'102400000','fileExt'=>$this->getExtType('mp4')]])
-                ->check(['file'=>$file]);
-            $savename = \think\facade\Filesystem::disk('public')->putFile('video',$file);
-        } catch (ValidateException $e) {
-            return json(['status'=>-1,'msg'=>$e->getMessage()]);
-        }
-        $upload = Config::get('filesystem.disks.public.url');
-
-        if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
-        }else{
-            $res = ['status'=>-1,'msg'=>'上传错误'];
-        }
-        return json($res);
-    }
-	
-	//上传音频
-    public function upAudio()
-    {
-        $file = request()->file('file');
-        try {
-            validate(['file'=>['fileSize'=>'10240000','fileExt'=>$this->getExtType('mp3')]])
-                ->check(['file'=>$file]);
-            $savename = \think\facade\Filesystem::disk('public')->putFile('audio',$file);
-        } catch (ValidateException $e) {
-            return json(['status'=>-1,'msg'=>$e->getMessage()]);
-        }
-        $upload = Config::get('filesystem.disks.public.url');
-
-        if($savename){
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);
-            $res = ['status'=>0,'msg'=>'上传成功','url'=> $name_path];
-        }else{
-            $res = ['status'=>-1,'msg'=>'上传错误'];
-        }
-        return json($res);
-    }
-
-
     //附件下载
     public function download($id)
     {

app/index/controller/User.php

@@ -112,14 +112,14 @@ class User extends BaseController
 	{
 		if(Request::isAjax()){
 			$data = Request::only(['user_id','email','nickname','sex','city','area_id','sign']);
-			$validate = new \app\common\validate\User;
+			$validate = new userValidate;
 			$result = $validate->scene('Set')->check($data);
 			if(!$result){
 				$this->error($validate->getError());
 			} else {
-                $user = new \app\common\model\User;
+                $user = new userModel;
                 $result = $user->setNew($data);
-				if($result==1){
+				if($result == 1){
 					Cache::tag('user')->clear();
 				    return ['code'=>0,'msg'=>'资料更新成功'];
 				} else {
@@ -135,25 +135,22 @@ class User extends BaseController
 	//更换头像
 	public function uploadHeadImg()
     {
-        $file = request()->file('file');
+        $uploads = new \app\common\lib\Uploads();
-		try {
+        $upRes = $uploads->put('file','head_img',1024,'image','uniqid');
-			validate(['file'=>'fileSize:204800|fileExt:jpg,png,gif,jpeg'])
+        $upHeadRes = $upRes->getData();
-            ->check(['file'=>$file]);
+        if($upHeadRes['status'] == 0){
-			$savename = \think\facade\Filesystem::disk('public')->putFile('head_pic',$file);
+            $name_path = $upHeadRes['url'];
-		} catch (think\exception\ValidateException $e) {
-			return json(['status'=>-1,'msg'=>$e->getMessage()]);
-		}
-		$upload = Config::get('filesystem.disks.public.url');
-        if($savename){
             //$name = $file->hashName();
-            $name_path =str_replace('\\',"/",$upload.'/'.$savename);	
 			//$image = \think\Image::open("uploads/$name_path");
 			//$image->thumb(168, 168)->save("uploads/$name_path");
 
             //查出当前用户头像删除原头像并更新
 			$imgPath = Db::name('user')->where('id',$this->uid)->value('user_img');
-			if(file_exists($imgPath)){
+			if(file_exists('.'.$imgPath)){
-				unlink('.'.$imgPath);
+				$dirPath    = dirname('.'.$imgPath);
+				if($dirPath !== './static/res/images/avatar'){ //防止删除默认头像
+					unlink('.'.$imgPath);
+				}
 			}  
             $result = Db::name('user')
                 ->where('id',$this->uid)
@@ -164,7 +161,7 @@ class User extends BaseController
             } else {
                 $res = ['status'=>1,'msg'=>'头像更新失败'];
             }
-        }else{
+        } else {
             $res = ['status'=>1,'msg'=>'上传错误'];
         }
 	return json($res);
@@ -210,8 +207,7 @@ class User extends BaseController
 	public function activate()
 	{
 		$this->isLogin();
-		$user['user_id'] = session::get('user_id');
+		$user = UserModel::find($this->uid);
-		$user = UserModel::find($user['user_id']);
 		$this->assign('user',$user);
 		return view();
 	}
@@ -221,12 +217,12 @@ class User extends BaseController
 	{
 		if(Request::isAjax()){
 			$data = Request::param();
-			$validate = new \app\common\validate\User();
+			$validate = new userValidate;
 			$res = $validate->scene('setPass')->check($data);
 			if(!$res){
 				return $this->error($validate->getError());
 			}
-		$user = new \app\common\model\User;
+		$user = new userModel;
 		$result = $user->setpass($data);
 			if($result == 1) {
 				Session::clear();

app/install/data/taoler.sql

@@ -27,7 +27,7 @@ CREATE TABLE `tao_admin` (
   `email` varchar(30) NOT NULL DEFAULT '' COMMENT '邮箱',
   `mobile` varchar(11) NOT NULL DEFAULT '' COMMENT '手机号',
   `sex` tinyint(1) NOT NULL DEFAULT '0' COMMENT '0女1男',
-  `status` enum('1','0') NOT NULL DEFAULT '0' COMMENT '1启用0禁用',
+  `status` enum('1','0','-1') NOT NULL DEFAULT '0' COMMENT '1启用0待审-1禁用',
   `auth_group_id` smallint(1) NOT NULL DEFAULT '0' COMMENT '1超级管理员0是普通管理员',
   `remarks` varchar(255) NOT NULL DEFAULT '' COMMENT '备注',
   `last_login_ip` varchar(70) NOT NULL DEFAULT '' COMMENT '最后登录IP',
@@ -41,8 +41,7 @@ CREATE TABLE `tao_admin` (
 -- ----------------------------
 -- Records of tao_admin
 -- ----------------------------
-INSERT INTO `tao_admin` VALUES ('1', 'admin', '管理员', '95d6f8d0d0c3b45e5dbe4057da1b149e', 'taoler@qq.com', '13812345678', '1', '1', '1', '2019.1.1 新年发布新版本！', '127.0.0.1', '1612162986', '1579053025', '1578986600', '0');
+INSERT INTO `tao_admin` VALUES ('1', 'admin', '管理员', '95d6f8d0d0c3b45e5dbe4057da1b149e', 'taoler@qq.com', '13812345678', '1', '1', '1', '2021 TaoLer！', '127.0.0.1', '1612162986', '1579053025', '1578986600', '0');
-INSERT INTO `tao_admin` VALUES ('2', 'test', '', '3dbfa76bd34a2a0274f5d52f5529ccb3', 'test@qq.com', '13567891236', '0', '0', '2', '', '127.0.0.1', '1578643147', '1555892325', '1576554415', '0');
 
 -- ----------------------------
 -- Table structure for tao_article
@@ -480,7 +479,7 @@ CREATE TABLE `tao_system` (
   `logo` varchar(70) NOT NULL DEFAULT '' COMMENT '网站logo',
   `cache` tinyint(5) NOT NULL DEFAULT '0' COMMENT '缓存时间分钟',
   `upsize` int(5) NOT NULL DEFAULT '0' COMMENT '上传文件大小KB',
-  `uptype` varchar(100) NOT NULL DEFAULT '' COMMENT '上传文件类型',
+  `uptype` varchar(50) NOT NULL DEFAULT '' COMMENT '上传文件类型',
   `copyright` varchar(80) NOT NULL DEFAULT '' COMMENT '版权',
   `keywords` tinytext NOT NULL COMMENT '网站关键字',
   `descript` tinytext NOT NULL COMMENT '网站描述',
@@ -503,7 +502,7 @@ CREATE TABLE `tao_system` (
 -- ----------------------------
 -- Records of tao_system
 -- ----------------------------
-INSERT INTO `tao_system` VALUES ('1', 'TaoLer社区演示站', '轻论坛系统', 'http://www.xxx.com', 'taoler', '/storage/logo/logo.png', '10', '2048', 'image:png|gif|jpg|jpeg,file:zip|rar,video:mp4,audio:mp3|m4a', '<a href="https://www.aieok.com" target="_blank">TaoLer</a>', 'TaoLer,轻社区系统,bbs,论坛,Thinkphp6,layui,fly模板,', '这是一个Taoler轻社区论坛系统', '1', '1', '1', '0.0.0.0', '管理员|admin|审核员|超级|垃圾', '1.6.3', '', 'http://api.aieok.com', 'http://api.aieok.com/v1/cy', 'http://api.aieok.com/v1/upload/check', 'http://api.aieok.com/v1/upload/api', '1581221008', '1577419197');
+INSERT INTO `tao_system` VALUES ('1', 'TaoLer社区演示站', '轻论坛系统', 'http://www.xxx.com', 'taoler', '/storage/logo/logo.png', '10', '2048', 'png|gif|jpg|jpeg|zip|rarr', '<a href="https://www.aieok.com" target="_blank">TaoLer</a>', 'TaoLer,轻社区系统,bbs,论坛,Thinkphp6,layui,fly模板,', '这是一个Taoler轻社区论坛系统', '1', '1', '1', '0.0.0.0', '管理员|admin|审核员|超级|垃圾', '1.6.3', '', 'http://api.aieok.com', 'http://api.aieok.com/v1/cy', 'http://api.aieok.com/v1/upload/check', 'http://api.aieok.com/v1/upload/api', '1581221008', '1577419197');
 
 -- ----------------------------
 -- Table structure for tao_user
@@ -523,7 +522,7 @@ CREATE TABLE `tao_user` (
   `auth` enum('1','0') NOT NULL DEFAULT '0' COMMENT '管理员权限0普通1超级',
   `point` int(11) NOT NULL DEFAULT '0' COMMENT '积分',
   `area_id` int(11) DEFAULT NULL COMMENT '用户所属区域ID',
-  `status` enum('0','1') NOT NULL DEFAULT '1' COMMENT '1启用0禁用',
+  `status` enum('0','1','-1') NOT NULL DEFAULT '1' COMMENT '1启用0待审-1禁用',
   `vip` tinyint(1) NOT NULL DEFAULT '0' COMMENT 'vip',
   `last_login_ip` varchar(70) NOT NULL DEFAULT '0' COMMENT '最后登陆ip',
   `last_login_time` int(11) NOT NULL DEFAULT '0' COMMENT '最后登陆时间',
@@ -541,7 +540,7 @@ CREATE TABLE `tao_user` (
 -- ----------------------------
 -- Records of tao_user
 -- ----------------------------
-INSERT INTO `tao_user` VALUES ('1', 'admin', '95d6f8d0d0c3b45e5dbe4057da1b149e', '2147483647', 'admin@qq.com', '管理员', '北京市', '1', '这是我的第一个TP5系统，2019北京。OK! OK!ok@', '/static/res/images/avatar/00.jpg', '1', '0', '1', '1', '0', '127.0.0.1', '0', '0', '0', '0', '1579053025', '1578469091', '0');
+INSERT INTO `tao_user` VALUES ('1', 'admin', '95d6f8d0d0c3b45e5dbe4057da1b149e', '2147483647', 'admin@qq.com', '管理员', '北京市', '1', '这是一个社区系统', '/static/res/images/avatar/00.jpg', '1', '0', '1', '1', '0', '127.0.0.1', '0', '0', '0', '0', '1579053025', '1578469091', '0');
 
 -- ----------------------------
 -- Table structure for tao_user_area

config/taoler.php

@@ -7,7 +7,7 @@ return [
 	//应用名,此项不可更改
 	'appname'	=> 'TaoLer',
     //版本配置
-    'version'   => '1.7.15',
+    'version'   => '1.7.16',
 	//加盐
 	'salt'		=> 'taoler',
 	//数据库备份目录

extend/taoler/com/Api.php

@@ -41,6 +41,7 @@ class Api
 		curl_close($ch);
 		if($httpCode == '200'){
 			return json_decode($data);
+            //return $data;
 		} else {
 			//$status ='{"code":-1,"msg":"远程服务器失败"}';	//字符串
 			return json_decode('{"code":-1,"msg":"远程服务器失败,稍后重试"}');	//转换为对象

public/static/res/mods/index.js

@@ -176,7 +176,8 @@ layui.define(['layer', 'laytpl', 'form', 'element', 'upload', 'util', 'imgcom'],
 							  ,accept: 'images'
 							  ,acceptMime: 'image/*'
 							  ,exts: 'jpg|png|gif|bmp|jpeg'
-                              ,url: textImgUpload
+                              ,url: uploads
+                              ,data: {type:'image'}
 							  ,auto: false
 							  //,bindAction: '#img-button' //指向一个按钮触发上传
 							  //,field: 'image'
@@ -309,7 +310,8 @@ layui.define(['layer', 'laytpl', 'form', 'element', 'upload', 'util', 'imgcom'],
 
 						//上传视频
 						  upload.render({
-                              url: videoUrl
+                              url: uploads
+                              ,data: {type:'video'}
 							  ,accept: 'video'
 							  ,acceptMime: 'video/mp4'
 							  ,exts: 'mp4'
@@ -332,7 +334,8 @@ layui.define(['layer', 'laytpl', 'form', 'element', 'upload', 'util', 'imgcom'],
 							  ,accept: 'images'
 							  ,acceptMime: 'image/*'
 							  ,exts: 'jpg|png|gif|bmp|jpeg'
-                              ,url: textImgUpload
+                              ,url: uploads
+                              ,data: {type:'image'}
 							  ,auto: false
 							  //,bindAction: '#img-button' //指向一个按钮触发上传
 							  //,field: 'image'
@@ -397,7 +400,8 @@ layui.define(['layer', 'laytpl', 'form', 'element', 'upload', 'util', 'imgcom'],
                           var loding,audio =  layero.find('input[name="audio"]');
 
                           upload.render({
-                              url: audioUrl
+                              url: uploads
+                              ,data: {type:'audio'}
 							  ,elem: '#fly-jie-audio-upload .upload-audio'
 							  ,accept: 'audio'
 							  ,acceptMime: 'audio/*'

view/taoler/index/article/add.html

@@ -77,7 +77,7 @@
                 <div class="layui-inline">
                   <label class="layui-form-label">{:lang('enclosure')}</label>
                   <div class="layui-input-inline" style="width: 190px;">
-                   <input type="text" class="layui-input" name="upzip" value="" placeholder="zip,jpg格式" title="上传附件"/>
+                   <input type="text" class="layui-input" name="upzip" value="" placeholder="zip,image文件" title="上传附件"/>
                   </div>
 				  <button type="button" class="layui-btn" id="zip-button"><i class="layui-icon"></i>{:lang('uploads')}</button>
                 </div>
@@ -170,10 +170,11 @@
           }
         });
 		
-		//指定允许上传的文件类型
+		//上传附件
 		  upload.render({
 			elem: '#zip-button'
-			,url: '{:url('article/upzip')}' //改成您自己的上传接口
+			,url: "{:url('article/Uploads')}" //改成您自己的上传接口
+            ,data: {type:'zip'}
 			,accept: 'file' //普通文件
 			,done: function(res){
 				if(res.status == 0){
@@ -182,7 +183,6 @@
 				} else {
 					layer.msg(res.msg);
 				}
-				
 			}
 		  });
 

view/taoler/index/public/footer.html

@@ -16,9 +16,7 @@ var messageNums = "{:url('message/nums')}",
 	userMessage = "{:url('User/message')}",
     login = "{:url('Login/index')}",
     articleAdd = "{:url('Article/add')}",
-    textImgUpload = "{:url('article/textImgUpload')}",
+	uploads = "{:url('article/uploads')}",
-	videoUrl = "{:url('article/upVideo')}",
-	audioUrl = "{:url('article/upAudio')}",
 	searchUrl = "{:url('index/search')}",
 	langUrl = "{:url('index/language')}",
 	replyNum = "{:lang('replies')}";