127 lines
4.3 KiB
PHP
127 lines
4.3 KiB
PHP
<?php
|
|
require_once '../config.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
function validateApiKey($api_key) {
|
|
global $pdo;
|
|
|
|
if (empty($api_key)) return false;
|
|
|
|
$stmt = $pdo->prepare("SELECT id, username FROM users WHERE api_key = ?");
|
|
$stmt->execute([$api_key]);
|
|
return $stmt->fetch(PDO::FETCH_ASSOC);
|
|
}
|
|
|
|
$api_key = $_POST['api_key'] ?? $_GET['api_key'] ?? '';
|
|
$user = validateApiKey($api_key);
|
|
|
|
if (!$user) {
|
|
http_response_code(401);
|
|
echo json_encode([
|
|
'success' => false,
|
|
'error' => '无效的API密钥'
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['image'])) {
|
|
$title = $_POST['title'] ?? '';
|
|
$tags = isset($_POST['tags']) ? explode(',', $_POST['tags']) : [];
|
|
$is_public = isset($_POST['is_public']) ? (int)$_POST['is_public'] : 1;
|
|
$file = $_FILES['image'];
|
|
|
|
if ($file['error'] !== UPLOAD_ERR_OK) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'error' => '文件上传失败']);
|
|
exit;
|
|
}
|
|
|
|
if ($file['size'] > MAX_FILE_SIZE) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'error' => '文件大小不能超过5MB']);
|
|
exit;
|
|
}
|
|
|
|
$file_extension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
|
|
if (!in_array($file_extension, ALLOWED_TYPES)) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'error' => '不支持的文件格式']);
|
|
exit;
|
|
}
|
|
|
|
if (empty($title)) {
|
|
$title = pathinfo($file['name'], PATHINFO_FILENAME);
|
|
}
|
|
|
|
$filename = uniqid() . '_' . time() . '.' . $file_extension;
|
|
$upload_path = '../uploads/' . $filename;
|
|
|
|
if (move_uploaded_file($file['tmp_name'], $upload_path)) {
|
|
try {
|
|
$stmt = $pdo->prepare("INSERT INTO images (user_id, title, filename, is_public, file_size, mime_type) VALUES (?, ?, ?, ?, ?, ?)");
|
|
$stmt->execute([
|
|
$user['id'],
|
|
$title,
|
|
$filename,
|
|
$is_public,
|
|
$file['size'],
|
|
$file['type']
|
|
]);
|
|
|
|
$image_id = $pdo->lastInsertId();
|
|
$tagNames = [];
|
|
|
|
if (!empty($tags)) {
|
|
foreach ($tags as $tag_name) {
|
|
$tag_name = trim($tag_name);
|
|
if (!empty($tag_name)) {
|
|
$stmt = $pdo->prepare("SELECT id FROM tags WHERE name = ?");
|
|
$stmt->execute([$tag_name]);
|
|
$tag = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$tag) {
|
|
$stmt = $pdo->prepare("INSERT INTO tags (name) VALUES (?)");
|
|
$stmt->execute([$tag_name]);
|
|
$tag_id = $pdo->lastInsertId();
|
|
} else {
|
|
$tag_id = $tag['id'];
|
|
}
|
|
|
|
$stmt = $pdo->prepare("INSERT IGNORE INTO image_tags (image_id, tag_id) VALUES (?, ?)");
|
|
$stmt->execute([$image_id, $tag_id]);
|
|
$tagNames[] = $tag_name;
|
|
}
|
|
}
|
|
}
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'data' => [
|
|
'id' => $image_id,
|
|
'title' => $title,
|
|
'filename' => $filename,
|
|
'url' => SITE_URL . '/uploads/' . $filename,
|
|
'direct_url' => SITE_URL . '/uploads/' . $filename,
|
|
'view_url' => SITE_URL . '/view-image.php?id=' . $image_id,
|
|
'tags' => $tagNames,
|
|
'is_public' => $is_public,
|
|
'file_size' => $file['size'],
|
|
'uploaded_at' => date('Y-m-d H:i:s')
|
|
]
|
|
]);
|
|
|
|
} catch(PDOException $e) {
|
|
unlink($upload_path);
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'error' => '数据库错误: ' . $e->getMessage()]);
|
|
}
|
|
} else {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'error' => '文件保存失败']);
|
|
}
|
|
} else {
|
|
http_response_code(405);
|
|
echo json_encode(['success' => false, 'error' => '只允许POST请求']);
|
|
}
|
|
?>
|