/**
加载语言包文件
@param $module : 模块(插件)名称
@param $language: 语言
@return
*/
private function load($module = 'system')
{
/*
*/
$filepath = '';
$getLanguage = '';
$this->mDoc[$module] = new DOMDocument();
if ($this->mLang == '') {
$language = kc_cookie('language');
}
if (!isset($language[0])) {
$language = LANGUAGE;
}
if ($module == 'plugin') {
$path = $this->getPath();
global $action;
$plugin = $action == 'ajax' ? CMD : $action;
$filepath = ROOT . $path . '/plugin/' . $plugin . '/' . $language . '.xml';
} else {
$filepath = ROOT . $module . '/language/' . $language . '.xml';
}
if (!file_exists($filepath)) {
$language = LANGUAGE;
$filepath = ROOT . $module . '/language/' . $language . '.xml';
}
if (file_exists($filepath)) {
$this->mLang = $language;
} else {
return False;
}
$this->mDoc[$module]->load($filepath);
$this->mPath[$module] = new DOMXPath($this->mDoc[$module]);
$this->mModule[] = $module;
if ($module == 'system') {
$jsFile = 'system/js/lang.' . $language . '.js';
if (!file_exists(ROOT . $jsFile)) {
//若无文件
$entries = @$this->mPath['system'];
$lang = array();
$s = "jQuery.extend({kc_lang:function(s){var lang=new Array();" . NL;
$array = array('delete', 'clear', 'logout', 'set', 'close');
foreach ($array as $val) {
$s .= "lang['{$val}']='" . addslashes($entries->evaluate('//kingcms/confirm/' . $val)->item(0)->nodeValue) . "';" . NL;
}
$s .= "lang['timeout']='" . addslashes($entries->evaluate('//kingcms/error/timeout')->item(0)->nodeValue) . "';" . NL;
$s .= "lang['empty']='" . addslashes($entries->evaluate('//kingcms/error/empty')->item(0)->nodeValue) . "';" . NL;
$s .= "lang['enter']='" . addslashes($entries->evaluate('//kingcms/common/enter')->item(0)->nodeValue) . "';" . NL;
$s .= "lang['up']='" . addslashes($entries->evaluate('//kingcms/common/moveup')->item(0)->nodeValue) . "';" . NL;
$s .= "lang['down']='" . addslashes($entries->evaluate('//kingcms/common/movedown')->item(0)->nodeValue) . "';" . NL;
$s .= "lang['updown']='" . addslashes($entries->evaluate('//kingcms/common/updown')->item(0)->nodeValue) . "';" . NL;
for ($i = 0; $i <= 6; $i++) {
$s .= "lang['week{$i}']='" . addslashes($entries->evaluate('//kingcms/time/week' . $i)->item(0)->nodeValue) . "';" . NL;
}
$s .= "return lang[s];}});";
kc_f_put_contents($jsFile, $s);
}
}
return True;
}
public function __construct()
{
$cookie = kc_cookie('userauth');
$cookiePass = substr($cookie, 0, 32);
$ischeck = true;
//是否审核cookie
$GLOBALS['db'] = new db();
global $db;
if (empty($cookie) && !empty($_GET['jsoncallback']) && !empty($_GET['USERID']) && !empty($_GET['SIGN'])) {
$get_userid = $_GET['USERID'];
$get_sign = $_GET['SIGN'];
$sign = md5($get_userid . SITEURL . kc_config('system.salt'));
$userid = $sign == $get_sign ? $get_userid : 0;
$ischeck = false;
//$userid=$get['USERID'];
} else {
$userid = substr($cookie, 32);
}
if (!kc_validate($userid, 2)) {
$userid = 0;
}
if (empty($userid)) {
$user = array('userpass' => 'x', 'openid' => 'xx');
} else {
$user = $db->getRows_one('%s_user', '*', 'userid=' . $userid);
if (empty($user)) {
$user = array('userpass' => 'x', 'openid' => 'xx');
}
}
//用户已登录
if (md5($user['userpass']) == $cookiePass || $ischeck == false || md5($user['openid']) == $cookiePass) {
//更新在线时间
$zx = time() - $user['datezx'];
if ($zx < 300) {
$array = array('[zaixian]' => 'zaixian+' . $zx, 'datezx' => time());
} else {
$array = array('datezx' => time());
}
$db->update('%s_user', $array, 'userid=' . $userid);
unset($user['userpass']);
$user['islogin'] = true;
} else {
$user = array('ismanage' => 0, 'userid' => 0, 'username' => '[匿名]', 'islogin' => false, 'name' => '', 'tel' => '', 'email' => '', 'msn' => '', 'qq' => '', 'userstatu' => false);
}
$this->info = $user;
unset($user);
return $this->info;
}
function king_ajax_add()
{
global $king;
$fbtime = kc_cookie("fbtime");
//获得上次操作时间
$ktitle = kc_post('ktitle');
$kname = kc_post('kname');
$kemail = kc_post('kemail');
$kphone = kc_post('kphone');
$kqq = kc_post('kqq');
$kcontent = kc_post('kcontent');
//check ktitle
if (!isset($ktitle[1]) || strlen($ktitle) > 50) {
kc_error($king->lang->get('feedback/error/name', 0));
}
//check kname
if (!isset($kname[1]) || strlen($kname) > 30) {
kc_error($king->lang->get('feedback/error/name', 1));
}
//check kemail
if (!kc_validate($kemail, 5)) {
kc_error($king->lang->get('feedback/error/name', 2));
}
//check kcontent
if (!isset($kcontent[9])) {
kc_error($king->lang->get('feedback/error/name', 3));
}
if ($fbtime > time() - 3600) {
kc_ajax($king->lang->get('system/common/tip'), $king->lang->get('feedback/error/name', 5), 0);
} else {
//记录本次发布时间
setcookie("fbtime", time(), time() + 3600, '/');
$array = array('ktitle' => $ktitle, 'kname' => $kname, 'kemail' => $kemail, 'kphone' => $kphone, 'kqq' => $kqq, 'kcontent' => $kcontent, 'norder' => $king->db->neworder('%s_feedback'), 'ndate' => time());
$king->db->insert('%s_feedback', $array);
kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('feedback/ok/add') . '</p>', "<a href=\"index.php\">" . $king->lang->get('system/common/enter') . "</a>");
//添加成功后返回的地址
}
}
/**
* 验证用户是否已登录
*/
public function checkLogin()
{
global $king;
if ($auth = kc_cookie('auth_' . $king->config('userpre', 'user'))) {
list($userid, $username, $userpass) = explode("\t", $auth);
$user = $this->infoUser($userid);
if ($user['authcookie'] != $auth) {
return False;
}
$this->userid = $userid;
return $user;
} else {
return False;
}
}
function king_def()
{
global $king;
$sel_array = array('mysql' => 'MySQL', 'sqlite' => 'SQLite');
$phpself = $_SERVER['PHP_SELF'];
$inst = substr($phpself, 0, strlen($phpself) - 11);
//安装目录
$select_type = kc_htm_radio('dbtype', $sel_array, 'sqlite');
//数据库类型
$array_dirs = array('config.php', 'system/js');
$array_func = array('mysql_connect', 'file_get_contents', 'file_put_contents', 'simplexml_load_file');
//,'fsockopen'
$s = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\r\n<title>" . $king->lang->get('system/install/title') . "</title>\r\n<link href=\"system/skins/default/style.css\" rel=\"stylesheet\" type=\"text/css\" />\r\n<style type=\"text/css\">\r\n.k_table_form{font-size:12px;}\r\n.k_table_form th{width:200px;color:#000;font-weight:normal;text-indent:5px;padding:5px;}\r\n.k_table_form td{text-indent:5px;}\r\n</style>\r\n<meta name=\"generator\" content=\"KingCMS\"/>\r\n<script type=\"text/javascript\" src=\"system/js/jquery.js\"></script>\r\n<script type=\"text/javascript\" src=\"system/js/jquery.kc.js\"></script>\r\n<script type=\"text/javascript\" src=\"system/skins/default/fun.js\"></script>\r\n<script type=\"text/javascript\">\r\njQuery(function(\$){\r\n\r\n\t\$(\"#k_dbtype_mysql , #k_dbtype_sqlite\").click(function(){\$.ck_radio(this)});\r\n\r\n\t\$.ck_radio=function(obj){\r\n\t\tif(\$(obj).attr('id')=='k_dbtype_mysql'){\r\n\t\t\t\$('.mysql').show();\r\n\t\t\t\$('.sqlite').hide();\r\n\r\n\t\t}else{\r\n\t\t\t\$('.sqlite').show();\r\n\t\t\t\$('.mysql').hide();\r\n\t\t\r\n\t\t}\r\n\t}\r\n\r\n});\r\n\r\n</script>\r\n</head>\r\n<body>\r\n<div id=\"k_ajax\"></div>\r\n<div id=\"top\">\r\n\t<a id=\"logo\" href=\"http://www.kingcms.com\" target=\"_blank\"><img alt=\"KingCMS\" src=\"system/skins/default/logo.gif\"/></a>\r\n\t<ul class=\"k_menu\">\r\n\t\t<li><a href=\"INSTALL.php\">" . $king->lang->get('system/common/install') . "</a></li>\r\n\t\t<li><a href=\"javascript:;\">" . $king->lang->get('system/common/language') . "</a>\r\n\r\n\t\t\t\t<ul>";
//language
$array = kc_f_getdir('system/language', 'xml');
$array = array_map('kc_f_name', $array);
$_language = kc_cookie('language');
foreach ($array as $val) {
$s .= '<li><a href="javascript:;" class="k_ajax" rel="{CMD:\'language\',lang:\'' . $val . '\'}">';
if ($_language == $val) {
$s .= '• ';
}
$s .= kc_getlang($val) . '</a></li>';
}
$s .= "</ul>\r\n\t\t</li>\r\n\t</ul>\r\n</div>\r\n<div id=\"main\">\r\n\r\n\r\n<table class=\"w0\"><tr><td style=\"vertical-align:top;\" class=\"w10\">\r\n\t<form name=\"form_install\" id=\"form_install\">\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/install/db') . "</h3>\r\n\t<table class=\"k_table_form\" cellspacing=\"0\">\r\n\t\t<tbody><tr><th>" . $king->lang->get('system/install/dbtype') . "</th><td>{$select_type}</td></tr></tbody>\r\n\t\t<tr><th>" . $king->lang->get('system/install/pre') . "</th><td><input id=\"pre\" name=\"pre\" class=\"k_in w200\" value=\"king\"/></td></tr>\r\n\t\t<tr><th>" . $king->lang->get('system/install/preadmin') . "</th><td><input id=\"preadmin\" name=\"preadmin\" class=\"k_in w200\" value=\"kc\"/></td></tr>\r\n\r\n\t\t<tr class=\"mysql none\"><th>" . $king->lang->get('system/install/dbhost') . "</th><td><input id=\"host\" name=\"host\" class=\"k_in w200\" value=\"localhost\"/></td></tr>\r\n\t\t<tr class=\"mysql none\"><th>" . $king->lang->get('system/install/dbdata') . "</th><td><input id=\"data\" name=\"data\" class=\"k_in w200\" value=\"test\"/></td></tr>\r\n\t\t<tr class=\"mysql none\"><th>" . $king->lang->get('system/install/dbuser') . "</th><td><input id=\"user\" name=\"user\" class=\"k_in w200\" value=\"root\"/></td></tr>\r\n\t\t<tr class=\"mysql none\"><th>" . $king->lang->get('system/install/dbpass') . "</th><td><input id=\"pass\" name=\"pass\" class=\"k_in w200\" value=\"\"/></td></tr>\r\n\r\n\t\t<tr class=\"sqlite\"><th>" . $king->lang->get('system/install/dbfile') . "</th><td><input id=\"sqlitedata\" name=\"sqlitedata\" class=\"k_in w200\" value=\"" . kc_random(12) . ".db3\"/></td></tr>\r\n\t</table>\r\n\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/install/admin') . "</h3>\r\n\t<table class=\"k_table_form\" cellspacing=\"0\">\r\n\t\t<tbody><tr><th>" . $king->lang->get('system/install/adminname') . "</th><td><input id=\"adminname\" name=\"adminname\" class=\"k_in w200\" value=\"admin\"/></td></tr></tbody>\r\n\t\t<tr><th>" . $king->lang->get('system/install/adminpass') . "</th><td><input id=\"adminpass\" name=\"adminpass\" class=\"k_in w200\" value=\"admin888\"/></td></tr>\r\n\t</table>\r\n\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/level/config') . "</h3>\r\n\t<table class=\"k_table_form\" cellspacing=\"0\">\r\n\t\t<tbody><tr><th>" . $king->lang->get('system/install/cache') . "</th><td><input id=\"cache\" name=\"cache\" class=\"k_in w200\" value=\"_cache\"/></td></tr></tbody>\r\n\r\n\t\t<tr><th>" . $king->lang->get('system/const/inst') . "</th><td><input id=\"inst\" name=\"inst\" class=\"k_in w100\" value=\"{$inst}\"/></td></tr>\r\n\t\t<tr><th>" . $king->lang->get('system/install/timediff') . "</th><td><input id=\"timediff\" name=\"timediff\" class=\"k_in w100\"/></td></tr>\r\n\t\t<tr><th>" . $king->lang->get('system/install/debug') . "</th><td><input id=\"debug\" value=\"1\" name=\"debug\" type=\"checkbox\" checked=\"checked\"/><label for=\"debug\">" . $king->lang->get('system/install/opendebug') . "</label></td></tr>\r\n\t</table>\r\n\r\n\t<script type=\"text/javascript\">\r\n\tvar dateObj = new Date();\r\n\tvar timediff=" . date('G', 0) . ";\r\n\t\$('#timediff').val(timediff);\r\n\t</script>\r\n\r\n\t<p>\r\n\t\t<input value=\"1\" id=\"license\" name=\"license\" type=\"checkbox\"/><label for=\"license\">" . $king->lang->get('system/install/readlicense') . "</label>\r\n\t\t[<a href=\"http://www.kingcms.com/license/\" target=\"_blank\">" . $king->lang->get('system/install/license') . "</a>]\r\n\t</p>\r\n\t\t<input value=\"1\" id=\"isdelete\" name=\"isdelete\" type=\"checkbox\" checked=\"checked\"/><label for=\"isdelete\">" . $king->lang->get('system/install/isdelete') . "</label>\r\n\t<p>\r\n\r\n\t</p>\r\n\r\n\t<p class=\"k_submit\">\r\n\r\n\t\t<input value=\"" . $king->lang->get('system/common/install') . "[S]\" class=\"k_ajax big\" rel=\"{CMD:'config',FORM:'form_install'}\" type=\"button\" accesskey=\"s\"/>\r\n\r\n\t</p>\r\n\t</form>\r\n</td><td class=\"w1\" style=\"vertical-align:top;\"></td><td>\r\n\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/skin/sys') . "</h3>\r\n\t<table class=\"k_table_list\" cellspacing=\"0\">\r\n\t<tr><th class=\"w10\">" . $king->lang->get('system/skin/obj') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/required') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/this') . "</th></tr>";
$s .= '<tr><td>' . $king->lang->get('system/skin/os') . '</td><td>ALL</td><td>' . PHP_OS . '</td></tr>';
$s .= '<tr><td>' . $king->lang->get('system/skin/phpver') . '</td><td>5.1.0+</td><td>' . PHP_VERSION . '</td></tr>';
if (function_exists('disk_free_space')) {
$s .= '<tr><td>' . $king->lang->get('system/skin/diskspace') . '</td><td>>2 Mb</td><td>' . kc_f_size(disk_free_space('./')) . '</td></tr>';
}
$s .= "</table>\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/skin/writeinfo') . "</h3>\r\n\t<table class=\"k_table_list\" cellspacing=\"0\">\r\n\t<tr><th class=\"w10\">" . $king->lang->get('system/skin/filedir') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/required') . "</th><th class=\"w5wgfv -k07-87;[yu'pbv9io/h9;'99999\">" . $king->lang->get('system/skin/this') . "</td></tr>";
foreach ($array_dirs as $val) {
$s .= '<tr><td>' . $val . '</td><td>' . $king->lang->get('system/skin/write/w1') . '</td><td>' . $king->lang->get('system/skin/write/w' . (is_writable(ROOT . $val) ? 1 : 0)) . '</td></tr>';
}
$s .= "</table>\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/skin/func') . "</h3>\r\n\t<table class=\"k_table_list\" cellspacing=\"0\">\r\n\t<tr><th class=\"w10\">" . $king->lang->get('system/skin/funs') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/required') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/this') . "</th></tr>";
foreach ($array_func as $val) {
$s .= '<tr><td>' . $val . '()</td><td>' . $king->lang->get('system/skin/fun/f1') . '</td><td>' . $king->lang->get('system/skin/fun/f' . (function_exists($val) ? 1 : 0)) . '</td></tr>';
}
$s .= "</table>\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/skin/other') . "</h3>\r\n\t<table class=\"k_table_list\" cellspacing=\"0\">\r\n\t";
$s .= "<tr><th class=\"w10 red\">" . $king->lang->get('system/skin/obj') . "</th><th class=\"w5 red\">" . $king->lang->get('system/skin/advice') . "</th><th class=\"w5 red\">" . $king->lang->get('system/skin/this') . "</th></tr>\r\n\t<tr><td>" . $king->lang->get('system/skin/browser') . "</td><td>IE 7.0</td><td>" . kc_browser() . "</td></tr>\r\n\t<tr><td>" . $king->lang->get('system/skin/safemode') . "</td><td>--</td><td>" . $king->lang->get('system/skin/open/o' . (ini_get('safe_mode') ? 1 : 0)) . "</td></tr>\r\n\t<tr><td>" . $king->lang->get('system/skin/maxetime') . "</td><td>--</td><td>" . ini_get('max_execution_time') . "s</td></tr>\r\n\t</table>\r\n\r\n\t<p><img class=\"f6 os\" src=\"system/images/white.gif\"/><a href=\"http://www.kingcms.com/\" class=\"k_ajax\" rel=\"{CMD:'repass',METHOD:'GET'}\">" . $king->lang->get('system/install/resetpass') . "</a></p>\r\n\t<p><img class=\"j2 os\" src=\"system/images/white.gif\"/><a href=\"http://www.kingcms.com/\" class=\"k_ajax\" rel=\"{CMD:'delete'}\">" . $king->lang->get('system/install/delfile') . "</a></p>\r\n\t<p><img class=\"n1 os\" src=\"system/images/white.gif\"/><a href=\"system/login.php\">" . $king->lang->get('system/install/login') . "</a></p>\r\n\r\n</td></tr></table>\r\n\r\n</div>\r\n</body>\r\n</html>";
exit($s);
}
function king_ajax_orders()
{
global $king;
//显示物流方式选择页,并显示对应的物流费用
//订单insert到数据库,并返回订单号。以便客户查询订单,也为邮政付款的用户提供收据上传功能
//清空购物记录
$king->Load('user');
$tip = ($user = $king->user->checkLogin()) ? '' : '<a href="javascript:;" class="k_user_login">' . $king->lang->get('portal/user/nologin') . '</a> <a href="javascript:;" class="k_user_register">' . $king->lang->get('portal/user/regshop') . '</a>';
$array_sql = array('usermail', 'realname', 'useraddress', 'userpost', 'usertel', 'kfeedback');
if ($GLOBALS['ismethod']) {
$data = $_POST;
} else {
$data = array();
if (is_array($user)) {
//用户已登录
foreach ($array_sql as $val) {
$data[$val] = kc_val($user, $val);
}
}
}
$data = kc_data($array_sql, $data);
//kconsignee
$array = array(array('realname', 0, 2, 30));
$s = $king->htmForm($king->lang->get('portal/orders/realname'), kc_htm_input('realname', $data['realname'], 30, 100), $array, null, $tip);
//ktel
$array = array(array('usertel', 0, 6, 30));
$s .= $king->htmForm($king->lang->get('portal/orders/tel'), kc_htm_input('usertel', $data['usertel'], 30, 200), $array);
//kmail
$array = array(array('usermail', 0, 6, 32), array('usermail', 5));
$s .= $king->htmForm($king->lang->get('portal/orders/mail'), kc_htm_input('usermail', $data['usermail'], 32, 200), $array);
//kaddress
$array = array(array('useraddress', 0, 5, 250));
$s .= $king->htmForm($king->lang->get('portal/orders/address'), '<textarea cols="10" id="useraddress" name="useraddress" rows="3" class="k_in w400">' . htmlspecialchars($data['useraddress']) . '</textarea>', $array);
//kpost
$array = array(array('userpost', 0, 6, 6), array('userpost', 2));
$s .= $king->htmForm($king->lang->get('portal/orders/post'), kc_htm_input('userpost', $data['userpost'], 6, 50), $array);
//kfeedback
$array = array(array('kfeedback', 0, 0, 255));
$s .= $king->htmForm($king->lang->get('portal/orders/feedback'), '<textarea cols="10" rows="4" name="kfeedback" id="kfeedback" class="k_in w400">' . htmlspecialchars($data['kfeedback']) . '</textarea>', $array);
if ($GLOBALS['ischeck']) {
$cart = kc_cookie('KingCMS_Cart');
$eid = kc_post('eid');
if (!($cart && isset($eid))) {
kc_error($king->lang->get('system/error/param'));
}
$weight = 0;
$total = 0;
$nnum = 0;
$cart_array = unserialize($cart);
//要过滤掉的内容
$array_black = str_split('<>\'"%');
foreach ($cart_array as $key => $number) {
list($listid, $kid) = explode('-', $key);
$ID = $king->portal->infoID($listid, $kid);
if ($total === 0) {
//第一次运算
$mch_name = kc_substr(str_replace($array_black, '', $ID['ktitle']), 0, 16);
}
$weight += $number * $ID['nweight'];
$total += $number * $ID['nprice'];
$nnum += $number;
}
$nexpress = 0;
//运费
if ($weight !== 0) {
$express = $king->portal->getExpress();
$nexpress = $express[$eid]['nsprice'] + $express[$eid]['niprice'] * ceil($weight > 500 ? $weight / 500 - 1 : 0);
}
$ono = kc_formatdate(time(), 'Ymd') . sprintf("%08.0d", $king->db->neworder('%s_orders', '', 'oid'));
$array = array('kname' => $mch_name, 'userid' => is_array($user) ? $user['userid'] : 0, 'kcontent' => $cart, 'ndate' => time(), 'nip' => kc_getip(), 'eid' => $eid, 'ntotal' => round($total, 2), 'ono' => $ono, 'nnumber' => $nnum, 'kfeedback' => $data['kfeedback'], 'nweight' => $weight, 'nexpress' => $nexpress);
foreach ($array_sql as $val) {
$array[$val] = kc_val($data, $val);
}
$oid = $king->db->insert('%s_orders', $array);
setcookie('KingCMS_Cart', '', -86400000, $king->config('inst'));
$js = "\$.kc_ajax('{URL:\\'" . $king->config('inst') . "portal/cart.php\\',CMD:\\'payment\\',IS:1,oid:{$oid}}')";
kc_ajax('', '', '', $js);
}
$but = kc_htm_a($king->lang->get('portal/cart/backcart'), "{URL:'" . $king->config('inst') . "portal/cart.php',CMD:'buy',IS:1}");
$but .= kc_htm_a($king->lang->get('portal/cart/suborders'), "{URL:'" . $king->config('inst') . "portal/cart.php',CMD:'orders',eid:" . kc_post('eid') . ",IS:1}");
kc_ajax($king->lang->get('portal/cart/suborders'), $s, $but, '', 600, 350 + $GLOBALS['check_num'] * 15);
}
function king_ajax_comment()
{
global $king;
$kid = kc_get('kid', 2, 1);
$modelid = kc_get('modelid', 22, 1);
$kcontent = kc_get('kcontent', 0, 1);
$commenttime = kc_cookie("commenttime");
if ($commenttime < time() - 120) {
//限制2分钟内只能发一次评论
setcookie("commenttime", time(), time() + 86400, '/');
} else {
kc_error($king->lang->get('portal/tip/nocomment'));
}
if (kc_strlen($kcontent) > 10) {
$kcontent = preg_replace('/<a ([^>]*)>|<\\/a>/is', '', $kcontent);
//过滤链接
$kcontent = preg_replace('/<(table|tbody|thead|tr|td|th|caption) ?([^>]*)>|<\\/(table|tbody|thead|tr|td|th|caption)>/is', '', $kcontent);
//过滤表格
$kcontent = preg_replace('/(<([^>]*))( style=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent);
//过滤样式
$kcontent = preg_replace('/(<([^>]*))( id=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent);
$kcontent = preg_replace('/(<([^>]*))( class=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent);
}
if (kc_strlen($kcontent) < 5) {
kc_ajax($king->lang->get('system/title/tip'), $king->lang->get('portal/tip/nocontent'));
return;
}
$model = $king->portal->infoModel($modelid);
if ($res = $king->db->getRows_one("select ncomment from %s__{$model['modeltable']} where kid={$kid}")) {
$ncomment = $res['ncomment'] + 1;
$_array = array('ncomment' => $ncomment);
$king->db->update('%s__' . $model['modeltable'], $_array, "kid={$kid}");
} else {
kc_error($king->lang->get('portal/error/notq'));
return;
}
$king->load('user');
if ($user = $king->user->checkLogin()) {
//已登录
$username = $user['username'];
unset($user);
} else {
//未登录
$username = '';
}
$_array = array('kid' => $kid, 'modelid' => $modelid, 'kcontent' => $kcontent, 'username' => $username, 'nip' => kc_getip(), 'ndate' => time(), 'isshow' => 1);
$king->db->insert("%s_comment", $_array);
$xmlpath = $king->config('xmlpath', 'portal') . '/portal/' . $modelid . '/' . wordwrap($kid, 1, '/', 1) . '.xml';
kc_f_delete($xmlpath);
$cachepath = 'portal/comment/' . $modelid . '/' . $kid;
$king->cache->del($cachepath);
$js = "\$('#k_comment').html({$ncomment});\$('#kcontent').html('');";
kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('portal/ok/submit') . '</p>', 0, $js);
}
