/**
* 用户登录及权限验证
* @param int $gid 用户组
* @return array
*/
public function access($gid = 0)
{
global $king;
if (!($user = $this->checkLogin())) {
//若未登录状态,则跳到登陆页
if ($GLOBALS['action'] == 'ajax') {
//ajax页面里不做跳转
$js = "\$.kc_ajax('{URL:\\'" . $king->config('inst') . "user/index.php\\',CMD:\\'login\\',IS:1,METHOD:\\'GET\\'}')";
kc_ajax('', '', '', $js);
} else {
header("Location: " . $king->config('inst') . "user/login.php");
}
}
if ($gid !== 0) {
//如果gid不等于0的话,则比较gid
if ($gid != $user['gid']) {
if ($GLOBALS['action'] == 'ajax') {
kc_error($king->lang->get('user/error/gaccess'));
} else {
$tmp = new KC_Template_class($king->config('templatelogin', 'user'), $king->config('templatepath') . '/inside/system/error.htm');
$tmp->assign('main', $king->lang->get('user/error/gaccess'));
$tmp->assign('title', $king->lang->get('system/common/error'));
exit($tmp->output());
}
}
}
//权限验证
return $user;
}
function king_ajax_delete()
{
global $king;
$king->access('feedback_delete');
$list = kc_getlist();
$king->db->query("delete from %s_feedback where kid in ({$list})");
kc_ajax('OK', "<p class=\"k_ok\">" . $king->lang->get('system/ok/delete') . "</p>", 1);
}
function king_ajax_delete()
{
global $king;
$king->access('portal_comment_delete');
$list = kc_getlist();
$cachepath = 'portal/comment';
$king->cache->rd($cachepath);
$king->db->query("delete from %s_comment where cid in ({$list})");
kc_ajax('OK', "<p class=\"k_ok\">" . $king->lang->get('system/ok/delete') . "</p>", 1);
}
function king_ajax_commend()
{
global $king;
$king->access('portal_tag_edt');
$kid = kc_get('kid', 2, 1);
$is = kc_get('is', 2, 1);
$ico = $is ? 'n1' : 'n2';
$king->db->update('%s_tag', array('iscommend' => $is), "kid={$kid}");
kc_ajax('', kc_icon($ico), '', "\$('#commend_{$kid}').attr('rel','{CMD:\\'commend\\',ID:\\'commend_{$kid}\\',is:" . (1 - $is) . ",kid:{$kid},IS:2}')");
//{CMD:\commend\',is:'+is+',ID:\'commend_'+id+'\',kid:'+id+',IS:2}
}
function king_ajax_salt()
{
global $king;
$id_fly = kc_post('ID');
$id = substr($id_fly, 0, strlen($id_fly) - 4);
$salt = kc_random(12);
$js = "\$('#{$id}_salt').val('{$salt}');";
$s = "<img alt=\"" . $king->lang->get('system/check/verifynew') . "\" src=\"" . $king->config('inst') . "system/verify.php?salt={$salt}\"/>";
$s .= "<a href=\"javascript:;\" class=\"k_ajax\" rel=\"{URL:'../system/verify.php',ID:'{$id_fly}',CMD:'salt'}\">" . $king->lang->get('system/check/verifynew') . "</a>";
kc_ajax('', $s, 0, $js);
}
/**
编辑
*/
function king_ajax_edt()
{
global $king;
$king->access('portal_express_edt');
$eid = kc_get('eid', 2);
$sql = "kname,nsprice,niprice,kremark,kaddress";
$array_sql = explode(',', $sql);
if ($GLOBALS['ismethod'] || empty($eid)) {
$data = $_POST;
if (!$GLOBALS['ismethod']) {
$data['kaddress'] = 'http://';
}
} else {
if (!($data = $king->db->getRows_one("select {$sql} from %s_express where eid={$eid}"))) {
kc_error($king->lang->get('system/error/notre'));
}
}
$data = kc_data($array_sql, $data);
//kname
$array = array(array('kname', 0, 1, 50));
$s = $king->htmForm($king->lang->get('portal/express/name'), kc_htm_input('kname', $data['kname'], 50, 200), $array);
//nsprice
$array = array(array('nsprice', 0, 1, 5), array('nsprice', 2));
$s .= $king->htmForm($king->lang->get('portal/express/sprice'), kc_htm_input('nsprice', $data['nsprice'], 5, 50), $array);
//nsprice
$array = array(array('niprice', 0, 1, 5), array('niprice', 2));
$s .= $king->htmForm($king->lang->get('portal/express/iprice'), kc_htm_input('niprice', $data['niprice'], 5, 50), $array);
//kaddress
$array = array(array('kaddress', 0, 1, 255), array('kaddress', 6));
$s .= $king->htmForm($king->lang->get('portal/express/address'), kc_htm_input('kaddress', $data['kaddress'], 255, 400), $array);
//kremark
$array = array(array('kremark', 0, 0, 3000));
$s .= $king->htmForm($king->lang->get('portal/common/remark'), '<textarea name="kremark" id="kremark" rows="6" cols="100" class="k_in w400">' . htmlspecialchars($data['kremark']) . '</textarea>', $array);
if ($GLOBALS['ischeck']) {
$array = array();
foreach ($array_sql as $val) {
$array[$val] = $data[$val];
}
if (empty($eid)) {
//insert
$king->db->insert('%s_express', $array);
} else {
$king->db->update('%s_express', $array, "eid={$eid}");
}
$js = 'setTimeout("parent.location=\'manage.express.php\'",1000)';
kc_ajax('', '', '', $js);
}
$but = kc_htm_a($king->lang->get('system/common/save'), "{CMD:'edt',eid:'{$eid}',IS:1}");
kc_ajax($king->lang->get('portal/title/expressedt'), $s, $but, '', 440, 350 + $GLOBALS['check_num'] * 15);
}
/**
发货
*/
function king_ajax_express()
{
global $king;
$king->access('portal_orders_delivery');
$oid = kc_get('oid', 2, 1);
$sql = "eid,expressnumber,kremark,nsenddate";
$array_sql = explode(',', $sql);
if ($GLOBALS['ismethod']) {
$data = $_POST;
} else {
if (!($data = $king->db->getRows_one("select {$sql} from %s_orders where oid={$oid}"))) {
kc_error($king->lang->get('system/error/notre'));
}
}
$data = kc_data($array_sql, $data);
$s = '';
//eid
$express = $king->portal->getExpress();
$array_express = array();
foreach ($express as $eid => $rs) {
$array_express[$eid] = htmlspecialchars($rs['kname']);
}
$array = array(array('eid', 0, 1, 11), array('eid', 2));
$s .= $king->htmForm($king->lang->get('portal/orders/express'), kc_htm_select('eid', $array_express, $data['eid']), $array);
//expressnumber
$array = array(array('expressnumber', 0, 1, 30));
$s .= $king->htmForm($king->lang->get('portal/express/expressnumber'), kc_htm_input('expressnumber', $data['expressnumber'], 30, 200), $array);
//kremark
$array = array(array('kremark', 0, 0, 3000));
$s .= $king->htmForm($king->lang->get('portal/common/remark'), '<textarea name="kremark" id="kremark" rows="8" cols="100" class="k_in w400">' . htmlspecialchars($data['kremark']) . '</textarea>', $array);
if ($GLOBALS['ischeck']) {
$array = array();
foreach ($array_sql as $val) {
$array[$val] = $data[$val];
}
if (empty($data['nsenddate'])) {
$array['nsenddate'] = time();
}
//如果nsenddate为空,则填写当前时间戳
$array['nstatus'] = 4;
//交易状态设置为发货
$king->db->update('%s_orders', $array, "oid={$oid}");
$js = 'setTimeout("parent.location=\'manage.orders.php\'",1000)';
kc_ajax('', '', '', $js);
}
$but = kc_htm_a($king->lang->get('portal/common/delivery'), "{CMD:'express',oid:'{$oid}',IS:1,nsenddate:'{$data['nsenddate']}'}");
kc_ajax($king->lang->get('portal/title/delivery'), $s, $but, '', 440, 290 + $GLOBALS['check_num'] * 15);
}
function king_ajax_add()
{
global $king;
$fbtime = kc_cookie("fbtime");
//获得上次操作时间
$ktitle = kc_post('ktitle');
$kname = kc_post('kname');
$kemail = kc_post('kemail');
$kphone = kc_post('kphone');
$kqq = kc_post('kqq');
$kcontent = kc_post('kcontent');
//check ktitle
if (!isset($ktitle[1]) || strlen($ktitle) > 50) {
kc_error($king->lang->get('feedback/error/name', 0));
}
//check kname
if (!isset($kname[1]) || strlen($kname) > 30) {
kc_error($king->lang->get('feedback/error/name', 1));
}
//check kemail
if (!kc_validate($kemail, 5)) {
kc_error($king->lang->get('feedback/error/name', 2));
}
//check kcontent
if (!isset($kcontent[9])) {
kc_error($king->lang->get('feedback/error/name', 3));
}
if ($fbtime > time() - 3600) {
kc_ajax($king->lang->get('system/common/tip'), $king->lang->get('feedback/error/name', 5), 0);
} else {
//记录本次发布时间
setcookie("fbtime", time(), time() + 3600, '/');
$array = array('ktitle' => $ktitle, 'kname' => $kname, 'kemail' => $kemail, 'kphone' => $kphone, 'kqq' => $kqq, 'kcontent' => $kcontent, 'norder' => $king->db->neworder('%s_feedback'), 'ndate' => time());
$king->db->insert('%s_feedback', $array);
kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('feedback/ok/add') . '</p>', "<a href=\"index.php\">" . $king->lang->get('system/common/enter') . "</a>");
//添加成功后返回的地址
}
}
function king_ajax_isshow()
{
global $king;
$king->access('portal_field_edt');
$kid = kc_get('kid', 2, 1);
$field = kc_post('field');
$is = kc_get('is', 2, 1) ? 1 : 0;
$modelid = kc_get('modelid', 22, 1);
$array_is = array('isadmin1', 'isadmin2', 'isuser1', 'isuser2', 'islist', 'issearch', 'isrelate');
if (!in_array($field, $array_is)) {
//防止非法输入
kc_error($king->lang->get('system/error/param'));
}
if ($res = $king->db->getRows_one("select ktitle from %s_field where kid={$kid} and kfield='ktitle'")) {
kc_ajax('', kc_icon($is ? 'n2' : 'n1'), 0, "alert('" . $king->lang->get('portal/tip/noedt') . ": {$res['ktitle']}')");
}
$array = array($field => $is);
$king->db->update('%s_field', $array, "kid={$kid}");
$king->cache->del('portal/model/model' . $modelid);
$s = kc_icon($is ? 'n1' : 'n2');
$js = "\$('#{$field}_{$kid}').attr('rel','{CMD:\\'isshow\\',field:\\'{$field}\\',modelid:{$modelid},kid:{$kid},is:" . (1 - $is) . ",ID:\\'{$field}_{$kid}\\',IS:2}')";
kc_ajax('', $s, 0, $js);
}
function king_ajax_lostpwd1()
{
global $king;
$username = kc_post('username');
//ask
if ($user = $king->db->getRows_one("select userid,uid,userask,useranswer,usermail from %s_user where isdelete=0 and username='******'username')) . "'")) {
if (!$user['userask']) {
kc_error($king->lang->get('user/error/ask'));
}
} else {
kc_error($king->lang->get('system/error/param'));
}
$s = $king->htmForm($king->lang->get('user/label/ask'), htmlspecialchars($user['userask']));
//answer
$array = array(array('useranswer', 0, 1, 16), array('useranswer', 12, $king->lang->get('portal/check/lost/answer'), $user['useranswer'] != kc_post('useranswer')));
$s .= $king->htmForm($king->lang->get('user/label/answer'), '<input class="k_in w150" type="text" name="useranswer" id="useranswer" maxlength="16" value="' . htmlspecialchars(kc_post('useranswer')) . '" />', $array);
//mail
$_array = array(array('usermail', 0, 6, 32), array('usermail', 5, $king->lang->get('portal/check/reg/u-4')), array('usermail', 12, $king->lang->get('portal/check/lost/mail'), strtolower($user['usermail']) != strtolower(kc_post('usermail'))));
$s .= $king->htmForm($king->lang->get('portal/user/mail'), '<input class="k_in w250" type="text" name="usermail" value="' . htmlspecialchars(kc_post('usermail')) . '" maxlength="32" />', $_array);
//pass
$_array = array(array('userpass', 0, 6, 30), array('userpass', 17, null, 'userpass1'));
$s .= $king->htmForm($king->lang->get('portal/user/pass') . ' (6-30)', '<input class="k_in w150" type="password" name="userpass" id="userpass" maxlength="30" value="' . htmlspecialchars(kc_post('userpass')) . '" />', $_array);
//repass
$s .= $king->htmForm($king->lang->get('portal/user/pass1'), '<input class="k_in w150" type="password" name="userpass1" id="userpass1" maxlength="30" value="' . htmlspecialchars(kc_post('userpass1')) . '" />');
$verify = new KC_Verify_class();
$s .= $verify->Show();
if ($GLOBALS['ischeck']) {
$array = array();
$salt = kc_random(6);
$md5pass = md5($salt . kc_post('userpass'));
$array['userpass'] = $md5pass;
$array['ksalt'] = $salt;
$userid = $king->db->update('%s_user', $array, "userid={$user['userid']}");
//写Cookie
$s = $king->user->userLogin($user['userid'], 2592000);
$king->user->delUserInfo($user['userid']);
kc_ajax($king->lang->get('system/common/welcome'), $s . "<p class=\"k_ok\">" . $king->lang->get('portal/user/lostok') . "</p>", 0);
}
$but = kc_htm_a($king->lang->get('system/common/submit'), "{URL:'" . $king->config('inst') . "user/index.php',CMD:'lostpwd1',username:'******',IS:1}");
$height = $king->config('verifyopen') ? 250 + $king->config('verifyheight') : 230;
kc_ajax($king->lang->get('portal/user/name'), $s, $but, '', 420, $height + $GLOBALS['check_num'] * 15);
}
/**
上移下移数据
@param string $_table 数据表名
@param int $id 索引ID的值
@param string $_where 条件
@param int $_order 排序,1为倒序,0为正序
@param string $_kidname 索引ID的字段名称
@param string $_norder 决定排序的字段名称
这个函数可以进一步优化,当置顶或垫底的时候,直接获取最大值+1或最小值-1的方法来更新
这样做就不用遍历很多数据,也可以避免数据过多的时候,超时的问题。
*/
public function updown($_table, $id, $_where = null, $_order = 1, $_kidname = 'kid', $_norder = 'norder')
{
$_back = $_SERVER['HTTP_REFERER'];
$_array1 = array('kid' => 0, 'norder' => 0);
$_array2 = array('kid' => 0, 'norder' => 0);
//@param int $_num 偏移量
$_num = kc_get('NUMBER', 2, 1);
//@param string $_act [up|down]上移或下移
$_act = kc_post('UPDOWN') == 'up' ? 'up' : 'down';
if ($_order) {
$_act == 'down' ? $order = 'desc' : ($order = 'asc');
} else {
$_act == 'up' ? $order = 'desc' : ($order = 'asc');
}
if ($_where != null) {
$_where = ' where ' . $_where;
}
$sql = "select {$_kidname},{$_norder} from {$_table} {$_where} order by {$_norder} {$order}";
$this->query($sql);
$this->getRows_number();
if ($_num == 0) {
$_num = $this->Rows;
}
$_table = sprintf($_table, DB_PRE);
$array = is_object($this->mQuery) ? $this->mQuery->fetchAll() : $array();
$count = count($array);
for ($i = 0; $i < $count; $i++) {
if ($id == $array[$i][$_kidname]) {
$_array1['kid'] = $array[$i][$_kidname];
$_array2['kid'] = $array[$i][$_norder];
for ($j = 1; $j <= $_num; $j++) {
if ($i + $j < $count) {
$_array1['norder'] = $array[$i + $j][$_kidname];
$_array2['norder'] = $array[$i + $j][$_norder];
$this->link->query("update {$_table} set {$_norder}={$_array2['norder']} where {$_kidname}={$_array1['kid']}");
$this->link->query("update {$_table} set {$_norder}={$_array2['kid']} where {$_kidname}={$_array1['norder']}");
$_array2['kid'] = $_array2['norder'];
}
}
kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\'');
}
}
kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\'');
}
function king_ajax_logout()
{
global $king;
$king->access(0);
$king->cache->del('system/admin/' . $king->admin['adminname']);
//写注销log
list($_name, $_pass) = isset($_COOKIE['KingCMS_Admin']) ? kc_explode("\t", $_COOKIE['KingCMS_Admin'], 2) : array(NULL, NULL);
$king->log(3, $_name);
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"');
setcookie('KingCMS_Admin', $_name, -864000, '/');
kc_ajax('', '', 0, 'parent.location=\'../system/login.php\'');
}
/**
tagmenu的管理
*/
public function tagmenu()
{
global $king;
$cachepath = 'skin/tagmenu/' . $king->admin['adminid'];
$number = kc_get('number', 2);
$title = kc_post('title');
$url = kc_post('url');
if (!$number) {
$number = 7;
}
$pid = kc_get('pid', 2);
if (!$pid) {
$pid = 1;
}
if (!($array = $king->cache->get($cachepath))) {
$array = array();
}
if (isset($title[0])) {
//如果有title,则是要删除对应的键值
$array = array_diff_key($array, array($title => ''));
$king->cache->put($cachepath, $array);
}
$count = count($array);
//删除menu后,可能出现pid大于总页数的情况,则做如下判断
if ($pid - 1 >= $count / $number) {
$pid--;
}
$array_new = array_chunk($array, $number, True);
if (!($array_new1 = $array_new[$pid - 1])) {
$array_new1 = array();
}
$s = '';
if ($pid > 1) {
$s .= '<a class="k_ajax" rel="{URL:\'../system/manage.php\',CMD:\'tagmenu\',ID:\'k_tagmenu\',number:' . $number . ',pid:' . ($pid - 1) . ',url:\'' . urlencode($url) . '\'}">' . kc_icon('c9') . '</a>';
}
foreach ($array_new1 as $key => $val) {
$val == $url ? $s .= '<span class="red"><a href="' . $val . '">' . htmlspecialchars($key) . '</a>' : ($s .= '<span><a href="' . $val . '">' . htmlspecialchars($key) . '</a>');
$s .= "<img src=\"../system/images/white.gif\" class=\"k_ajax k8 os\" rel=\"{URL:'../system/manage.php',ID:'k_tagmenu',CMD:'tagmenu',number:{$number},url:" . urlencode($url) . ",pid:{$pid},title:\\'" . urlencode($key) . "\\'}\"/></span>";
}
if ($count / $number > $pid) {
$s .= '<a class="k_ajax" rel="{URL:\'../system/manage.php\',ID:\'k_tagmenu\',CMD:\'tagmenu\',number:' . $number . ',pid:' . ($pid + 1) . ',url:\'' . urlencode($url) . '\'}">' . kc_icon('d9') . '</a>';
}
kc_ajax('', $s);
}
/**
编辑文本
*/
function king_ajax_edit()
{
global $king;
$king->access('webftp_edit');
$path = kc_post('path');
$ext = kc_f_ext($path);
switch ($ext) {
case 'html':
$code = 'html';
break;
case 'htm':
$code = 'html';
break;
case 'shtml':
$code = 'html';
break;
case 'shtm':
$code = 'html';
break;
case 'css':
$code = 'css';
break;
case 'js':
$code = 'js';
break;
case 'php':
$code = 'php';
break;
case 'php3':
$code = 'php';
break;
case 'php4':
$code = 'php';
break;
case 'sql':
$code = 'sql';
break;
case 'xml':
$code = 'xml';
break;
default:
$code = '';
}
if (isset($_POST['webftpcontent'])) {
//写文件
kc_f_put_contents($path, $_POST['webftpcontent'], 1);
kc_ajax('OK', "<p class=\"k_ok\">" . $king->lang->get('system/ok/save') . "</p>");
}
if (!kc_f_isfile($path)) {
kc_error($king->lang->get('system/error/notfile'));
}
$content = kc_f_get_contents($path);
$js = "editAreaLoader.init({\r\n\t\t\tid: \"webftpcontent\"\r\n\t\t\t,start_highlight: " . (strlen($content) > 10240 ? 'false' : 'true') . "\r\n\t\t\t,allow_resize: \"both\"\r\n\t\t\t,allow_toggle: false\r\n\t\t\t,word_wrap: true\r\n\t\t\t,language: \"en\"\r\n\t\t\t,syntax: \"php\"\r\n\t\t});";
$s = "<textarea id=\"webftpcontent\" name=\"webftpcontent\" rows=\"15\" cols=\"80\" style=\"width:870px;height:420px\">";
$s .= htmlspecialchars($content);
$s .= "</textarea>";
$but = kc_htm_a($king->lang->get('system/common/save'), "{CMD:'edit',IS:1,path:'{$path}'}");
kc_ajax($king->lang->get('system/common/edit') . ' : ' . $path, $s, $but, $js, 900, 450);
}
/**
Tag自动完成
*/
function king_ajax_tag()
{
global $king;
$king->access('portal_content_edt');
$info = $king->portal->infoList();
$model = $king->portal->infoModel($info['modelid']);
$ktitle = kc_post('ktitle');
$ktag = kc_post('ktag');
// kc_error($ktitle);
if (isset($ktitle[0])) {
//如果标题不为空,则读取关键字列表进行比较
/**/
if (isset($ktag[0])) {
$js = 'alert(\'' . $king->lang->get('portal/tip/ktag') . '\');$.kc_close();';
kc_ajax('', null, 0, $js);
}
/**/
$key = $king->portal->getTag($ktitle, $ktag);
// kc_error($key);
if (isset($key[0])) {
$js = '$(\'#ktag\').val(\'' . $key . '\');';
} else {
$js = 'alert(\'' . $king->lang->get('portal/tip/nottag') . '\');';
}
} else {
$js = 'alert(\'' . $king->lang->get('portal/tip/ktitle') . '[' . addslashes($model['field']['text']['ktitle']) . ']\');';
}
kc_ajax('', null, 0, $js . "\$.kc_close();");
}
/**
上移下移数据
@param string $_table 数据表名
@param int $id 索引ID的值
@param string $_where 条件
@param int $_order 排序,1为倒序,0为正序
@param string $_kidname 索引ID的字段名称
@param string $_norder 决定排序的字段名称
*/
public function updown($_table, $id, $_where = null, $_order = 1, $_kidname = 'kid', $_norder = 'norder')
{
$_back = $_SERVER['HTTP_REFERER'];
$_array1 = array('kid' => 0, 'norder' => 0);
$_array2 = array('kid' => 0, 'norder' => 0);
//@param int $_num 偏移量
$_num = kc_get('NUMBER', 2, 1);
//@param string $_act [up|down]上移或下移
$_act = kc_post('UPDOWN') == 'up' ? 'up' : 'down';
if ($_order) {
$_act == 'down' ? $order = 'desc' : ($order = 'asc');
} else {
$_act == 'up' ? $order = 'desc' : ($order = 'asc');
}
if ($_where != null) {
$_where = ' where ' . $_where;
}
$_sql = "select {$_kidname},{$_norder} from {$_table} {$_where} order by {$_norder} {$order}";
$this->query($_sql);
$this->getRows_number();
if ($_num == 0) {
$_num = $this->Rows;
}
$_table = sprintf($_table, DB_PREFIX);
for ($i = 0; $i < $this->Rows; $i++) {
if (!mysql_data_seek($this->mQuery, $i)) {
kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\'');
}
$res = mysql_fetch_array($this->mQuery);
if ($id == $res[$_kidname]) {
$_array1['kid'] = $res[$_kidname];
$_array2['kid'] = $res[$_norder];
for ($j = 1; $j <= $_num; $j++) {
if ($i + $j < $this->Rows) {
if (!mysql_data_seek($this->mQuery, $i + $j)) {
kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\'');
}
$res = mysql_fetch_array($this->mQuery);
$_array1['norder'] = $res[$_kidname];
$_array2['norder'] = $res[$_norder];
mysql_query("update {$_table} set {$_norder}={$_array2['norder']} where {$_kidname}={$_array1['kid']} limit 1;", $this->link);
mysql_query("update {$_table} set {$_norder}={$_array2['kid']} where {$_kidname}={$_array1['norder']} limit 1;", $this->link);
$_array2['kid'] = $_array2['norder'];
}
}
kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\'');
}
}
kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\'');
}
function king_ajax_comment()
{
global $king;
$kid = kc_get('kid', 2, 1);
$modelid = kc_get('modelid', 22, 1);
$kcontent = kc_get('kcontent', 0, 1);
$commenttime = kc_cookie("commenttime");
if ($commenttime < time() - 120) {
//限制2分钟内只能发一次评论
setcookie("commenttime", time(), time() + 86400, '/');
} else {
kc_error($king->lang->get('portal/tip/nocomment'));
}
if (kc_strlen($kcontent) > 10) {
$kcontent = preg_replace('/<a ([^>]*)>|<\\/a>/is', '', $kcontent);
//过滤链接
$kcontent = preg_replace('/<(table|tbody|thead|tr|td|th|caption) ?([^>]*)>|<\\/(table|tbody|thead|tr|td|th|caption)>/is', '', $kcontent);
//过滤表格
$kcontent = preg_replace('/(<([^>]*))( style=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent);
//过滤样式
$kcontent = preg_replace('/(<([^>]*))( id=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent);
$kcontent = preg_replace('/(<([^>]*))( class=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent);
}
if (kc_strlen($kcontent) < 5) {
kc_ajax($king->lang->get('system/title/tip'), $king->lang->get('portal/tip/nocontent'));
return;
}
$model = $king->portal->infoModel($modelid);
if ($res = $king->db->getRows_one("select ncomment from %s__{$model['modeltable']} where kid={$kid}")) {
$ncomment = $res['ncomment'] + 1;
$_array = array('ncomment' => $ncomment);
$king->db->update('%s__' . $model['modeltable'], $_array, "kid={$kid}");
} else {
kc_error($king->lang->get('portal/error/notq'));
return;
}
$king->load('user');
if ($user = $king->user->checkLogin()) {
//已登录
$username = $user['username'];
unset($user);
} else {
//未登录
$username = '';
}
$_array = array('kid' => $kid, 'modelid' => $modelid, 'kcontent' => $kcontent, 'username' => $username, 'nip' => kc_getip(), 'ndate' => time(), 'isshow' => 1);
$king->db->insert("%s_comment", $_array);
$xmlpath = $king->config('xmlpath', 'portal') . '/portal/' . $modelid . '/' . wordwrap($kid, 1, '/', 1) . '.xml';
kc_f_delete($xmlpath);
$cachepath = 'portal/comment/' . $modelid . '/' . $kid;
$king->cache->del($cachepath);
$js = "\$('#k_comment').html({$ncomment});\$('#kcontent').html('');";
kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('portal/ok/submit') . '</p>', 0, $js);
}
function king_ajax_delete_prod()
{
global $king;
$listid = kc_get('listid', 2, 1);
$kid = kc_get('kid', 2, 1);
$cart = $_COOKIE['KingCMS_Cart'] ? unserialize($_COOKIE['KingCMS_Cart']) : array();
$cart = array_diff_key($cart, array($listid . '-' . $kid => ''));
setcookie('KingCMS_Cart', serialize($cart), time() + 86400000, $king->config('inst'));
$js = "\$.kc_ajax('{URL:\\'" . $king->config('inst') . "portal/cart.php\\',CMD:\\'buy\\',IS:1}')";
kc_ajax('', '', '', $js);
}
function king_ajax_brow_upfile()
{
global $king;
$king->access('#brow_upfile');
$is = '';
$jsfun = '';
$isopen = '';
$info = inc_brow();
extract($info);
$isopen = kc_post('isopen', 2, 1);
if ($isopen) {
$s = "<tr id=\"brow_upfile\"><th>";
$s .= "<iframe src=\"../system/manage.php?action=iframe&CMD=upfile&id={$id}&path={$path}&filetype={$filetype}&is={$is}&jsfun={$jsfun}\" frameborder=\"no\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" style=\"width:360px;height:180px;\"></iframe>";
$s .= "</th></tr>";
$js = "\$('#brow_top').after('{$s}');";
$js .= "\$('#a_brow_upfile').attr('rel','" . addslashes("{{$verbs},CMD:'brow_upfile',isopen:0,path:'{$path}',IS:1,ID:'brow_top'}") . "')";
} else {
$js = "\$('#brow_upfile').remove();";
$js .= "\$('#a_brow_upfile').attr('rel','" . addslashes("{{$verbs},CMD:'brow_upfile',isopen:1,path:'{$path}',IS:1,ID:'brow_top'}") . "')";
}
kc_ajax('', '', '', $js);
}
function king_ajax_incode()
{
global $king;
$king->access('portal_model_dbin');
/*
if($GLOBALS['ismethod']){//POST过程
$data=$_POST;
}
*/
$fields = array('modelname', 'modeltable', 'incode');
$data = kc_data($fields);
//模型名称
$_array = array(array('modelname', 0, 2, 50));
$s = $king->htmForm($king->lang->get('portal/label/newmodelname') . ' (2-50)', '<input class="k_in w200" type="text" id="modelname" name="modelname" value="' . htmlspecialchars($data['modelname']) . '" maxlength="50" />', $_array);
//数据表名称
$_array = array(array('modeltable', 0, 1, 50), array('modeltable', 1), array('modeltable', 12, $king->lang->get('system/check/none'), $king->db->getRows_one("select modelid from %s_model where modeltable='" . $king->db->escape($data['modeltable']) . "';")), array('modeltable', 18, null, $king->portal->holdmodel));
$s .= $king->htmForm($king->lang->get('portal/label/newtable') . ' (1-50)', '<input class="k_in w200" type="text" id="modeltable" name="modeltable" value="' . htmlspecialchars($data['modeltable']) . '" maxlength="50" />', $_array);
//数据表代码
if ($GLOBALS['ischeck']) {
$_array = array(array('incode', 0, 10, 9999999), array('incode', 12, $king->lang->get('portal/check/incode'), !$king->portal->unModelCode($data['incode'], $data['modelname'], $data['modeltable'])));
} else {
$_array = array();
}
$s .= $king->htmForm($king->lang->get('system/common/code'), '<textarea id="incode" name="incode" class="k_in w400" style="height:135px;font-size:10px;line-height:10px;">' . htmlspecialchars($data['incode']) . '</textarea>', $_array);
$but = kc_htm_a($king->lang->get("system/common/save"), "{CMD:'incode'}");
if ($GLOBALS['ischeck']) {
//如果以上几个都正确的话,就开始执行验证
$king->cache->del('portal/model');
$king->cache->rd('portal/model');
kc_ajax('OK', "<p class=\"k_ok\">" . $king->lang->get('system/ok/add') . "</p>", 1);
}
$height = 290 + $GLOBALS['check_num'] * 15;
kc_ajax($king->lang->get('portal/list/dbin'), $s, $but, null, 435, $height);
}
function king_ajax_repass()
{
global $king;
//adminname
$array = array(array('readminname', 0, 2, 12), array('readminname', 1));
$s = "<p class=\"k_htm\"><label>" . $king->lang->get('system/admin/name') . "</label><input class=\"k_in w150\" type=\"text\" value=\"" . kc_post('readminname') . "\" id=\"readminname\" name=\"readminname\"/>";
$s .= kc_check($array);
$s .= "</p>";
//adminpass
$array = array(array('readminpass', 0, 6, 30));
$s .= "<p class=\"k_htm\"><label>" . $king->lang->get('system/admin/pass') . "</label><input class=\"k_in w150\" type=\"text\" value=\"" . kc_post('readminpass') . "\" id=\"readminpass\" name=\"readminpass\"/>";
$s .= kc_check($array);
$s .= "</p>";
//but
$but = "<a href=\"javascript:;\" class=\"k_ajax\" rel=\"{CMD:'repass',IS:1}\">" . $king->lang->get('system/common/save') . "</a>";
if ($GLOBALS['ischeck']) {
//POST过程或新添加的过程
if (!$king->db->getRows_one("SELECT * FROM %a_admin where adminname='" . kc_post('readminname') . "';")) {
$king->db->insert('%a_admin', array('adminname' => kc_post('readminname'), 'adminpass' => md5(kc_post('readminpass')), 'adminlevel' => 'admin', 'adminlanguage' => 'zh-cn', 'admineditor' => 'fckeditor', 'admindate' => time(), 'adminlogin' => '../system/manage.php'));
} else {
$king->db->update('%a_admin', array("adminpass" => md5(kc_post('readminpass')), 'adminlevel' => 'admin'), "adminname='" . kc_post('readminname') . "'");
}
kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('system/ok/save') . '</p>');
}
kc_ajax($king->lang->get('system/install/repwd'), $s, $but, null, 250, 120 + $GLOBALS['check_num'] * 15);
}
/**
显示搜索表单
@param string $s 表单内容
@return string
*/
function kc_ajax_query($str)
{
$str = "<div id=\"k_search\">{$str}</div>";
$js = "\$('#k_form_list').prepend('{$str}');\$.kc_close();";
kc_ajax('', '', '', $js);
}
function king_ajax_rewriterule()
{
global $king;
$line = $king->config('rewriteline');
$end = $king->config('rewriteend');
$s = $king->htmForm($king->lang->get('portal/label/rule'), '<textarea class="k_in w450" rows="5">' . htmlspecialchars('<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)(/(list|page)(' . preg_quote($line) . '[0-9]+)+' . preg_quote($end) . ')$ $1/index.php$2
RewriteRule ^(.*)(/tag' . preg_quote($line) . '.+?(' . preg_quote($line) . '[0-9]+)?' . preg_quote($end) . ')$ $1/index.php$2
</IfModule>') . '</textarea>');
$s .= '<p>' . $king->lang->get('portal/help/rule') . '</p>';
kc_ajax($king->lang->get('portal/title/rewriterule'), $s, 0, '', 480, 210);
}
