<?php
require_once 'conn.php';
checkLogin();

/**
 * File upload handler for PHP 8
 * @author Original ASP version by Yanis.Wang<yanis.wang@gmail.com>
 * @version 1.0.0
 */

// Configuration
$inputName = 'filedata'; // Form file field name
$attachDir = 'system/u'; // Upload directory path
$dirType = 2; // 1: by day, 2: by month, 3: by extension
$maxAttachSize = 5242880; // Max file size (5MB)
$allowedExt = ['txt', 'rar', 'zip', 'jpg', 'jpeg', 'gif', 'png', 'swf', 'wmv', 'avi', 'wma', 'mp3', 'mid', 'pdf'];
$msgType = 2; // Return format: 1 = only URL, 2 = parameter array
$immediate = $_GET['immediate'] ?? '0';

$err = '';
$msg = "''";

// Check if file was uploaded
if (!isset($_FILES[$inputName])) {
    $err = "无数据提交";
} else {
    $file = $_FILES[$inputName];
    
    // Check file size
    if ($file['size'] > $maxAttachSize) {
        $err = "文件大小超过 " . $maxAttachSize . "字节";
    } else {
        // Get file extension
        $extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
        
        // Check if extension is allowed
        if (!in_array($extension, $allowedExt)) {
            $err = "上传文件扩展名必需为：" . implode(',', $allowedExt);
        } else {
            // Create subdirectory based on dirType
            switch ($dirType) {
                case 1:
                    $attachSubdir = "day_" . date('ymd');
                    break;
                case 2:
                    $attachSubdir = "m" . date('ym');
                    break;
                case 3:
                    $attachSubdir = "ext_" . $extension;
                    break;
            }
            
            $attachPath = $attachDir . '/' . $attachSubdir;
            
            // Create directory if it doesn't exist
            if (!file_exists($attachPath)) {
                mkdir($attachPath, 0777, true);
            }
            
            // Generate random filename
            $filename = date('dHis') . rand(10000, 99999) . '.' . $extension;
            $target = $attachPath . '/' . $filename;
            
            // Move uploaded file
            if (move_uploaded_file($file['tmp_name'], $target)) {
                $imgurl = $target;
                $target = str_replace('\\', '/', $target);
                
                if ($immediate == "1") {
                    $target = "!" . $target;
                }
                
                if ($msgType == 1) {
                    $msg = "'" . $target . "'";
                } else {
                    $msg = "{
                        'url': '/" . $target . "',
                        'localname': '" . addslashes($file['name']) . "',
                        'id': '1'
                    }";
                }
            } else {
                $err = "文件上传失败";
            }
        }
    }
}

// Output response
if (isset($_GET['act']) && $_GET['act'] == 's') {
    echo "<script>parent.document.getElementById('infoimgurl').value='/System/" . $imgurl . "';location.href='uploadfile.php'</script>";
} else {
    echo "{'err':'" . addslashes($err) . "','msg':" . $msg . "}";
}