<?php
header("Access-Control-Allow-Origin: *");//允许跨域
header('Access-Control-Allow-Headers: X-Requested-With,X_Requested_With'); //设置允许的跨域header
//date_default_timezone_set("Asia/chongqing");
error_reporting(E_ERROR);
header("Content-Type: text/html; charset=utf-8");
if(isset($_GET['auth_key'])){
    define('AUTH_KEY',urldecode($_GET['auth_key']));
}
else
{
    exit("缺少解密秘钥");
}
if(isset($_GET['base_path']))define('BASE_PATH',decode_path($_GET['base_path'],'DECODE'));
if(isset($_GET['app_path']))define('APP_PATH',decode_path($_GET['app_path'],'DECODE'));
if(isset($_GET['upload_path']))define('UPLOAD_PATH',decode_path($_GET['upload_path'],'DECODE'));
$config = require_once  BASE_PATH.'config'.DIRECTORY_SEPARATOR.'config.php';
require BASE_PATH . 'vendor/autoload.php';
require BASE_PATH . 'vendor/yiisoft/yii2/Yii.php';
require_once  BASE_PATH.'common'.DIRECTORY_SEPARATOR.'functions'.DIRECTORY_SEPARATOR.'global.php';
require_once  BASE_PATH.'common'.DIRECTORY_SEPARATOR.'functions'.DIRECTORY_SEPARATOR.'cus.php';
require_once  BASE_PATH.'common'.DIRECTORY_SEPARATOR.'functions'.DIRECTORY_SEPARATOR.'dir.php';
defined('MYIP') or define('MYIP',ip());
$domain = require_config('domain.php');
define('COOKIE_DOMAIN', $domain['cookie_domain']);//定义cookie全局域
define('WAP_URL', $domain['wap_url']);//WAP站域名
define('WEB_URL', $domain['web_url']);//站点域名
define('UPLOAD_DOMAIN', $domain['upload_domain']);//附件域名
$config = array_merge_recursive(require_config('web.php'), $config);
defined('UPLOAD_URL') or define('UPLOAD_URL',$config['params']['uploadUrl']);
//主机协议
define('SITE_PROTOCOL', isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' ? 'https://' : 'http://');
new yii\web\Application($config);
$ueditorConfig = $config['ueditor'];
$CONFIG = json_decode(preg_replace("/\/\*[\s\S]+?\*\//", "", file_get_contents("config.json")), true);
if(is_array($ueditorConfig))foreach($ueditorConfig as $key=>$value)//获取自定义配置
{
    if(strpos($value,'|'))
    {
        $temp = explode('|',$value);
        $temp = ".".join('|.',$temp);
        $temp = explode('|',$temp);
        $CONFIG[$key] = $temp;
    }
    else
    {
        $CONFIG[$key] = $value;
    }
}
$action = $_GET['action'];
switch ($action) {
    case 'config':
        $result =  json_encode($CONFIG);
        break;
    /* 上传图片 */
    case 'uploadimage':
        /* 上传涂鸦 */
    case 'uploadscrawl':
        /* 上传视频 */
    case 'uploadvideo':
        /* 上传文件 */
    case 'uploadfile':
        $result = include("action_upload.php");
        break;
    /* 列出图片 */
    case 'listimage':
        $result = include("action_list.php");
        break;
    /* 列出文件 */
    case 'listfile':
        $result = include("action_list.php");
        break;
    /* 抓取远程文件 */
    case 'catchimage':
        $result = include("action_crawler.php");
        break;
    default:
        $result = json_encode(array(
            'state'=> '请求地址出错'
        ));
        break;
}

/* 输出结果 */
if (isset($_GET["callback"])) {
    if (preg_match("/^[\w_]+$/", $_GET["callback"])) {
        echo htmlspecialchars($_GET["callback"]) . '(' . $result . ')';
    } else {
        echo json_encode(array(
            'state'=> 'callback参数不合法'
        ));
    }
} else {
    echo $result;
}

/**
 * 字符串加密、解密函数
 * @param	string	$txt		字符串
 * @param	string	$operation	ENCODE为加密，DECODE为解密，可选参数，默认为ENCODE，
 * @param	string	$key		密钥：数字、字母、下划线
 * @param	string	$expiry		过期时间
 * @return	string
 *
 */
function decode_path($string, $operation = 'ENCODE', $key = '', $expiry = 0) {
    $key_length = 4;
    $key = md5($key != '' ? $key : AUTH_KEY);
    $fixedkey = md5($key);
    $egiskeys = md5(substr($fixedkey, 16, 16));
    $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';
    $keys = md5(substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16));
    $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length));

    $i = 0; $result = '';
    $string_length = strlen($string);
    for ($i = 0; $i < $string_length; $i++){
        $result .= chr(ord($string{$i}) ^ ord($keys{$i % 32}));
    }
    if($operation == 'ENCODE') {
        return $runtokey . str_replace('=', '', base64_encode($result));
    } else {
        if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$egiskeys), 0, 16)) {
            return substr($result, 26);
        } else {
            return '';
        }
    }
}