prepare("SELECT id, username FROM users WHERE api_key = ?"); $stmt->execute([$api_key]); return $stmt->fetch(PDO::FETCH_ASSOC); } $api_key = $_POST['api_key'] ?? $_GET['api_key'] ?? ''; $user = validateApiKey($api_key); if (!$user) { http_response_code(401); echo json_encode([ 'success' => false, 'error' => '无效的API密钥' ]); exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['image'])) { $title = $_POST['title'] ?? ''; $tags = isset($_POST['tags']) ? explode(',', $_POST['tags']) : []; $is_public = isset($_POST['is_public']) ? (int)$_POST['is_public'] : 1; $file = $_FILES['image']; if ($file['error'] !== UPLOAD_ERR_OK) { http_response_code(400); echo json_encode(['success' => false, 'error' => '文件上传失败']); exit; } if ($file['size'] > MAX_FILE_SIZE) { http_response_code(400); echo json_encode(['success' => false, 'error' => '文件大小不能超过5MB']); exit; } $file_extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); if (!in_array($file_extension, ALLOWED_TYPES)) { http_response_code(400); echo json_encode(['success' => false, 'error' => '不支持的文件格式']); exit; } if (empty($title)) { $title = pathinfo($file['name'], PATHINFO_FILENAME); } $filename = uniqid() . '_' . time() . '.' . $file_extension; $upload_path = '../uploads/' . $filename; if (move_uploaded_file($file['tmp_name'], $upload_path)) { try { $stmt = $pdo->prepare("INSERT INTO images (user_id, title, filename, is_public, file_size, mime_type) VALUES (?, ?, ?, ?, ?, ?)"); $stmt->execute([ $user['id'], $title, $filename, $is_public, $file['size'], $file['type'] ]); $image_id = $pdo->lastInsertId(); $tagNames = []; if (!empty($tags)) { foreach ($tags as $tag_name) { $tag_name = trim($tag_name); if (!empty($tag_name)) { $stmt = $pdo->prepare("SELECT id FROM tags WHERE name = ?"); $stmt->execute([$tag_name]); $tag = $stmt->fetch(PDO::FETCH_ASSOC); if (!$tag) { $stmt = $pdo->prepare("INSERT INTO tags (name) VALUES (?)"); $stmt->execute([$tag_name]); $tag_id = $pdo->lastInsertId(); } else { $tag_id = $tag['id']; } $stmt = $pdo->prepare("INSERT IGNORE INTO image_tags (image_id, tag_id) VALUES (?, ?)"); $stmt->execute([$image_id, $tag_id]); $tagNames[] = $tag_name; } } } echo json_encode([ 'success' => true, 'data' => [ 'id' => $image_id, 'title' => $title, 'filename' => $filename, 'url' => SITE_URL . '/uploads/' . $filename, 'direct_url' => SITE_URL . '/uploads/' . $filename, 'view_url' => SITE_URL . '/view-image.php?id=' . $image_id, 'tags' => $tagNames, 'is_public' => $is_public, 'file_size' => $file['size'], 'uploaded_at' => date('Y-m-d H:i:s') ] ]); } catch(PDOException $e) { unlink($upload_path); http_response_code(500); echo json_encode(['success' => false, 'error' => '数据库错误: ' . $e->getMessage()]); } } else { http_response_code(500); echo json_encode(['success' => false, 'error' => '文件保存失败']); } } else { http_response_code(405); echo json_encode(['success' => false, 'error' => '只允许POST请求']); } ?>