diff --git a/application/default/controllers/UploadController.php b/application/default/controllers/UploadController.php
new file mode 100644
index 00000000..c73d563f
--- /dev/null
+++ b/application/default/controllers/UploadController.php
@@ -0,0 +1,57 @@
+<?php
+class UploadController extends Zend_Controller_Action {
+    function preDispatch()
+    {
+    	$this->db=Zend_Registry::get('db');
+    	$this->view->config = Zend_Registry::get('config');
+    }
+    	
+    function indexAction() {
+        $this->_helper->layout()->disableLayout();
+        $this->_helper->viewRenderer->setNoRender();
+		try{
+			$auth = Zend_Auth::getInstance();
+			
+			if($auth->hasIdentity())
+			{
+				$user = $auth->getIdentity();
+				$userid = $user->id;
+			}
+			
+			if(empty($userid)||!is_numeric($userid)){
+				echo "请先登录";
+				exit();
+			}
+			
+			$files=new files();
+			$msg = $files -> upload($this->view->config->upload,$_FILES['Filedata'],'reviewatt');
+			
+			if(empty($msg['error']))
+			{
+				$filename = $msg['db_path'];
+				$filesize = $msg['file_size'];
+				$filedesc = $this->_request->getParam('filedesc');
+				$filetype = $this->_request->getParam('dir');
+				$realname = $msg['realname'];
+				
+				$sql = "insert into attachments (filename,filetype,filedesc,userid,filesize,realname) values ('$filename','reviewatt','$filedesc','$userid','$filesize','$realname') RETURNING id";
+				$sth = $this->db->prepare($sql);
+				$sth->execute();
+				$att = $sth->fetch(PDO::FETCH_ASSOC);
+				$msg['attid'] = $attid = $att['id'];
+				echo Zend_Json::encode($msg);
+				exit();
+			}else{
+				$this->messenger->addMessage('附件上传失败:'.$msg['error']);
+				@unlink($filename);
+				$this->_redirect($redirectlink);
+			}
+
+		}catch(Exception $e){
+			echo "错误：".$e->getMessage();
+			exit();
+		}
+
+    }
+	
+}
\ No newline at end of file