image-pichost/api/upload.php

<?php
require_once '../config.php';

header('Content-Type: application/json');

function validateApiKey($api_key) {
    global $pdo;
    
    if (empty($api_key)) return false;
    
    $stmt = $pdo->prepare("SELECT id, username FROM users WHERE api_key = ?");
    $stmt->execute([$api_key]);
    return $stmt->fetch(PDO::FETCH_ASSOC);
}

$api_key = $_POST['api_key'] ?? $_GET['api_key'] ?? '';
$user = validateApiKey($api_key);

if (!$user) {
    http_response_code(401);
    echo json_encode([
        'success' => false,
        'error' => '无效的API密钥'
    ]);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['image'])) {
    $title = $_POST['title'] ?? '';
    $tags = isset($_POST['tags']) ? explode(',', $_POST['tags']) : [];
    $is_public = isset($_POST['is_public']) ? (int)$_POST['is_public'] : 1;
    $file = $_FILES['image'];

    if ($file['error'] !== UPLOAD_ERR_OK) {
        http_response_code(400);
        echo json_encode(['success' => false, 'error' => '文件上传失败']);
        exit;
    }

    if ($file['size'] > MAX_FILE_SIZE) {
        http_response_code(400);
        echo json_encode(['success' => false, 'error' => '文件大小不能超过5MB']);
        exit;
    }

    $file_extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
    if (!in_array($file_extension, ALLOWED_TYPES)) {
        http_response_code(400);
        echo json_encode(['success' => false, 'error' => '不支持的文件格式']);
        exit;
    }

    if (empty($title)) {
        $title = pathinfo($file['name'], PATHINFO_FILENAME);
    }

    $filename = uniqid() . '_' . time() . '.' . $file_extension;
    $upload_path = '../uploads/' . $filename;

    if (move_uploaded_file($file['tmp_name'], $upload_path)) {
        try {
            $stmt = $pdo->prepare("INSERT INTO images (user_id, title, filename, is_public, file_size, mime_type) VALUES (?, ?, ?, ?, ?, ?)");
            $stmt->execute([
                $user['id'], 
                $title, 
                $filename, 
                $is_public,
                $file['size'],
                $file['type']
            ]);

            $image_id = $pdo->lastInsertId();
            $tagNames = [];

            if (!empty($tags)) {
                foreach ($tags as $tag_name) {
                    $tag_name = trim($tag_name);
                    if (!empty($tag_name)) {
                        $stmt = $pdo->prepare("SELECT id FROM tags WHERE name = ?");
                        $stmt->execute([$tag_name]);
                        $tag = $stmt->fetch(PDO::FETCH_ASSOC);

                        if (!$tag) {
                            $stmt = $pdo->prepare("INSERT INTO tags (name) VALUES (?)");
                            $stmt->execute([$tag_name]);
                            $tag_id = $pdo->lastInsertId();
                        } else {
                            $tag_id = $tag['id'];
                        }

                        $stmt = $pdo->prepare("INSERT IGNORE INTO image_tags (image_id, tag_id) VALUES (?, ?)");
                        $stmt->execute([$image_id, $tag_id]);
                        $tagNames[] = $tag_name;
                    }
                }
            }

            echo json_encode([
                'success' => true,
                'data' => [
                    'id' => $image_id,
                    'title' => $title,
                    'filename' => $filename,
                    'url' => SITE_URL . '/uploads/' . $filename,
                    'direct_url' => SITE_URL . '/uploads/' . $filename,
                    'view_url' => SITE_URL . '/view-image.php?id=' . $image_id,
                    'tags' => $tagNames,
                    'is_public' => $is_public,
                    'file_size' => $file['size'],
                    'uploaded_at' => date('Y-m-d H:i:s')
                ]
            ]);

        } catch(PDOException $e) {
            unlink($upload_path);
            http_response_code(500);
            echo json_encode(['success' => false, 'error' => '数据库错误: ' . $e->getMessage()]);
        }
    } else {
        http_response_code(500);
        echo json_encode(['success' => false, 'error' => '文件保存失败']);
    }
} else {
    http_response_code(405);
    echo json_encode(['success' => false, 'error' => '只允许POST请求']);
}
?>
上传文件至 api 2025-11-30 13:08:30 +00:00			`<?php`
			`require_once '../config.php';`

			`header('Content-Type: application/json');`

			`function validateApiKey($api_key) {`
			`global $pdo;`

			`if (empty($api_key)) return false;`

			`$stmt = $pdo->prepare("SELECT id, username FROM users WHERE api_key = ?");`
			`$stmt->execute([$api_key]);`
			`return $stmt->fetch(PDO::FETCH_ASSOC);`
			`}`

			`$api_key = $_POST['api_key'] ?? $_GET['api_key'] ?? '';`
			`$user = validateApiKey($api_key);`

			`if (!$user) {`
			`http_response_code(401);`
			`echo json_encode([`
			`'success' => false,`
			`'error' => '无效的API密钥'`
			`]);`
			`exit;`
			`}`

			`if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['image'])) {`
			`$title = $_POST['title'] ?? '';`
			`$tags = isset($_POST['tags']) ? explode(',', $_POST['tags']) : [];`
			`$is_public = isset($_POST['is_public']) ? (int)$_POST['is_public'] : 1;`
			`$file = $_FILES['image'];`

			`if ($file['error'] !== UPLOAD_ERR_OK) {`
			`http_response_code(400);`
			`echo json_encode(['success' => false, 'error' => '文件上传失败']);`
			`exit;`
			`}`

			`if ($file['size'] > MAX_FILE_SIZE) {`
			`http_response_code(400);`
			`echo json_encode(['success' => false, 'error' => '文件大小不能超过5MB']);`
			`exit;`
			`}`

			`$file_extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));`
			`if (!in_array($file_extension, ALLOWED_TYPES)) {`
			`http_response_code(400);`
			`echo json_encode(['success' => false, 'error' => '不支持的文件格式']);`
			`exit;`
			`}`

			`if (empty($title)) {`
			`$title = pathinfo($file['name'], PATHINFO_FILENAME);`
			`}`

			`$filename = uniqid() . '_' . time() . '.' . $file_extension;`
			`$upload_path = '../uploads/' . $filename;`

			`if (move_uploaded_file($file['tmp_name'], $upload_path)) {`
			`try {`
			`$stmt = $pdo->prepare("INSERT INTO images (user_id, title, filename, is_public, file_size, mime_type) VALUES (?, ?, ?, ?, ?, ?)");`
			`$stmt->execute([`
			`$user['id'],`
			`$title,`
			`$filename,`
			`$is_public,`
			`$file['size'],`
			`$file['type']`
			`]);`

			`$image_id = $pdo->lastInsertId();`
			`$tagNames = [];`

			`if (!empty($tags)) {`
			`foreach ($tags as $tag_name) {`
			`$tag_name = trim($tag_name);`
			`if (!empty($tag_name)) {`
			`$stmt = $pdo->prepare("SELECT id FROM tags WHERE name = ?");`
			`$stmt->execute([$tag_name]);`
			`$tag = $stmt->fetch(PDO::FETCH_ASSOC);`

			`if (!$tag) {`
			`$stmt = $pdo->prepare("INSERT INTO tags (name) VALUES (?)");`
			`$stmt->execute([$tag_name]);`
			`$tag_id = $pdo->lastInsertId();`
			`} else {`
			`$tag_id = $tag['id'];`
			`}`

			`$stmt = $pdo->prepare("INSERT IGNORE INTO image_tags (image_id, tag_id) VALUES (?, ?)");`
			`$stmt->execute([$image_id, $tag_id]);`
			`$tagNames[] = $tag_name;`
			`}`
			`}`
			`}`

			`echo json_encode([`
			`'success' => true,`
			`'data' => [`
			`'id' => $image_id,`
			`'title' => $title,`
			`'filename' => $filename,`
			`'url' => SITE_URL . '/uploads/' . $filename,`
			`'direct_url' => SITE_URL . '/uploads/' . $filename,`
			`'view_url' => SITE_URL . '/view-image.php?id=' . $image_id,`
			`'tags' => $tagNames,`
			`'is_public' => $is_public,`
			`'file_size' => $file['size'],`
			`'uploaded_at' => date('Y-m-d H:i:s')`
			`]`
			`]);`

			`} catch(PDOException $e) {`
			`unlink($upload_path);`
			`http_response_code(500);`
			`echo json_encode(['success' => false, 'error' => '数据库错误: ' . $e->getMessage()]);`
			`}`
			`} else {`
			`http_response_code(500);`
			`echo json_encode(['success' => false, 'error' => '文件保存失败']);`
			`}`
			`} else {`
			`http_response_code(405);`
			`echo json_encode(['success' => false, 'error' => '只允许POST请求']);`
			`}`
			`?>`