初始化版本

api/review_picture_action.php

@@ -0,0 +1,56 @@
+<?php
+// 图片审核 API：通过/拒绝 pictures_pending 中的图片
+session_start();
+header('Content-Type: application/json; charset=utf-8');
+
+$ADMIN_PASSWORD = 'my123123';
+$pendingDir = __DIR__ . '/../pictures_pending';
+$picturesRoot = __DIR__ . '/../pictures/images/user';
+
+function out($ok, $msg, $extra = []) {
+  echo json_encode(array_merge(['ok'=>$ok,'msg'=>$msg], $extra), JSON_UNESCAPED_UNICODE);
+  exit;
+}
+
+$authed = !empty($_SESSION['admin_ok']);
+if (!$authed) {
+  $pwd = trim($_POST['password'] ?? '');
+  if ($pwd === $ADMIN_PASSWORD) $authed = true;
+}
+if (!$authed) out(false, '未授权或密码错误');
+
+$action = $_POST['action'] ?? '';
+$file = basename($_POST['file'] ?? '');
+if (!$action || !$file) out(false, '缺少必要参数');
+
+$pendingPath = $pendingDir . '/' . $file;
+if (!is_file($pendingPath)) out(false, '待审核文件不存在');
+
+if ($action === 'reject') {
+  $ok = @unlink($pendingPath);
+  @unlink($pendingPath . '.json');
+  out(!!$ok, $ok ? '已拒绝并删除' : '删除失败');
+}
+
+if ($action === 'approve') {
+  $dateDir = date('Y-m-d');
+  $dstDir = $picturesRoot . '/' . $dateDir;
+  if (!is_dir($dstDir)) @mkdir($dstDir, 0777, true);
+
+  $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
+  if (!in_array($ext, ['jpg','jpeg','png','gif','webp'])) $ext = 'jpg';
+  $newName = 'image_' . date('Ymd_His') . '_' . mt_rand(1000,9999) . '.' . $ext;
+  $dstPath = $dstDir . '/' . $newName;
+
+  $ok = @rename($pendingPath, $dstPath);
+  @rename($pendingPath . '.json', $dstPath . '.json');
+  if (!$ok) out(false, '转存失败');
+
+  // 相对路径（供前端或日志显示）
+  $rel = 'pictures/images/user/' . $dateDir . '/' . $newName;
+  out(true, '审核通过，已入库', ['path' => $rel]);
+}
+
+out(false, '未知操作');
+?>
+