<?php
// 图片审核 API：通过/拒绝 pictures_pending 中的图片
session_start();
header('Content-Type: application/json; charset=utf-8');

$ADMIN_PASSWORD = 'my123123';
$pendingDir = __DIR__ . '/../pictures_pending';
$picturesRoot = __DIR__ . '/../pictures/images/user';

function out($ok, $msg, $extra = []) {
  echo json_encode(array_merge(['ok'=>$ok,'msg'=>$msg], $extra), JSON_UNESCAPED_UNICODE);
  exit;
}

$authed = !empty($_SESSION['admin_ok']);
if (!$authed) {
  $pwd = trim($_POST['password'] ?? '');
  if ($pwd === $ADMIN_PASSWORD) $authed = true;
}
if (!$authed) out(false, '未授权或密码错误');

$action = $_POST['action'] ?? '';
$file = basename($_POST['file'] ?? '');
if (!$action || !$file) out(false, '缺少必要参数');

$pendingPath = $pendingDir . '/' . $file;
if (!is_file($pendingPath)) out(false, '待审核文件不存在');

if ($action === 'reject') {
  $ok = @unlink($pendingPath);
  @unlink($pendingPath . '.json');
  out(!!$ok, $ok ? '已拒绝并删除' : '删除失败');
}

if ($action === 'approve') {
  $dateDir = date('Y-m-d');
  $dstDir = $picturesRoot . '/' . $dateDir;
  if (!is_dir($dstDir)) @mkdir($dstDir, 0777, true);

  $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
  if (!in_array($ext, ['jpg','jpeg','png','gif','webp'])) $ext = 'jpg';
  $newName = 'image_' . date('Ymd_His') . '_' . mt_rand(1000,9999) . '.' . $ext;
  $dstPath = $dstDir . '/' . $newName;

  $ok = @rename($pendingPath, $dstPath);
  @rename($pendingPath . '.json', $dstPath . '.json');
  if (!$ok) out(false, '转存失败');

  // 相对路径（供前端或日志显示）
  $rel = 'pictures/images/user/' . $dateDir . '/' . $newName;
  out(true, '审核通过，已入库', ['path' => $rel]);
}

out(false, '未知操作');
?>