distribution/source/pack/upload/admin-up-icon.php

<?php

// by 请勿倒卖,已申请软著,否则追究法律责任
include "../../system/db.class.php";
$json = json_decode(stripslashes($_POST["post"]), true);
if ($json["_id"] == "IN_WXQRCODE" || $json["_id"] == "IN_LOGO") {
	$filepart = pathinfo($_FILES["file"]["name"]);
	if (in_array(strtolower($filepart["extension"]), array("jpg", "jpeg", "gif", "png"))) {
		$file = "data/image/" . $json["_id"] . ".png";
		@move_uploaded_file($_FILES["file"]["tmp_name"], IN_ROOT . $file);
		echo $file;
	} else {
		echo "-1";
	}
} else {
	$id = intval($json["_id"]);
	$aid = intval($json["_aid"]);
	$apw = $json["_apw"];
	$icon = db("app")->where("in_id", $id)->value("in_icon");
	if (!db("admin")->where("in_adminid", $aid)->value("in_adminid") || md5(db("admin")->where("in_adminid", $aid)->value("in_adminpassword")) !== $apw) {
		exit("Access denied");
	}
	if (!empty($_FILES)) {
		$in_icon = stristr($icon, "/") ? substr(strrchr($icon, "/"), 1) : $icon;
		$filepart = pathinfo($_FILES["file"]["name"]);
		if (in_array(strtolower($filepart["extension"]), array("jpg", "jpeg", "gif", "png"))) {
			$file = IN_ROOT . "data/attachment/" . $in_icon;
			@move_uploaded_file($_FILES["file"]["tmp_name"], $file);
			echo $in_icon;
		} else {
			echo "-1";
		}
	}
}