/** 加载语言包文件 @param $module : 模块(插件)名称 @param $language: 语言 @return */ private function load($module = 'system') { /* */ $filepath = ''; $getLanguage = ''; $this->mDoc[$module] = new DOMDocument(); if ($this->mLang == '') { $language = kc_cookie('language'); } if (!isset($language[0])) { $language = LANGUAGE; } if ($module == 'plugin') { $path = $this->getPath(); global $action; $plugin = $action == 'ajax' ? CMD : $action; $filepath = ROOT . $path . '/plugin/' . $plugin . '/' . $language . '.xml'; } else { $filepath = ROOT . $module . '/language/' . $language . '.xml'; } if (!file_exists($filepath)) { $language = LANGUAGE; $filepath = ROOT . $module . '/language/' . $language . '.xml'; } if (file_exists($filepath)) { $this->mLang = $language; } else { return False; } $this->mDoc[$module]->load($filepath); $this->mPath[$module] = new DOMXPath($this->mDoc[$module]); $this->mModule[] = $module; if ($module == 'system') { $jsFile = 'system/js/lang.' . $language . '.js'; if (!file_exists(ROOT . $jsFile)) { //若无文件 $entries = @$this->mPath['system']; $lang = array(); $s = "jQuery.extend({kc_lang:function(s){var lang=new Array();" . NL; $array = array('delete', 'clear', 'logout', 'set', 'close'); foreach ($array as $val) { $s .= "lang['{$val}']='" . addslashes($entries->evaluate('//kingcms/confirm/' . $val)->item(0)->nodeValue) . "';" . NL; } $s .= "lang['timeout']='" . addslashes($entries->evaluate('//kingcms/error/timeout')->item(0)->nodeValue) . "';" . NL; $s .= "lang['empty']='" . addslashes($entries->evaluate('//kingcms/error/empty')->item(0)->nodeValue) . "';" . NL; $s .= "lang['enter']='" . addslashes($entries->evaluate('//kingcms/common/enter')->item(0)->nodeValue) . "';" . NL; $s .= "lang['up']='" . addslashes($entries->evaluate('//kingcms/common/moveup')->item(0)->nodeValue) . "';" . NL; $s .= "lang['down']='" . addslashes($entries->evaluate('//kingcms/common/movedown')->item(0)->nodeValue) . "';" . NL; $s .= "lang['updown']='" . addslashes($entries->evaluate('//kingcms/common/updown')->item(0)->nodeValue) . "';" . NL; for ($i = 0; $i <= 6; $i++) { $s .= "lang['week{$i}']='" . addslashes($entries->evaluate('//kingcms/time/week' . $i)->item(0)->nodeValue) . "';" . NL; } $s .= "return lang[s];}});"; kc_f_put_contents($jsFile, $s); } } return True; }
public function __construct() { $cookie = kc_cookie('userauth'); $cookiePass = substr($cookie, 0, 32); $ischeck = true; //是否审核cookie $GLOBALS['db'] = new db(); global $db; if (empty($cookie) && !empty($_GET['jsoncallback']) && !empty($_GET['USERID']) && !empty($_GET['SIGN'])) { $get_userid = $_GET['USERID']; $get_sign = $_GET['SIGN']; $sign = md5($get_userid . SITEURL . kc_config('system.salt')); $userid = $sign == $get_sign ? $get_userid : 0; $ischeck = false; //$userid=$get['USERID']; } else { $userid = substr($cookie, 32); } if (!kc_validate($userid, 2)) { $userid = 0; } if (empty($userid)) { $user = array('userpass' => 'x', 'openid' => 'xx'); } else { $user = $db->getRows_one('%s_user', '*', 'userid=' . $userid); if (empty($user)) { $user = array('userpass' => 'x', 'openid' => 'xx'); } } //用户已登录 if (md5($user['userpass']) == $cookiePass || $ischeck == false || md5($user['openid']) == $cookiePass) { //更新在线时间 $zx = time() - $user['datezx']; if ($zx < 300) { $array = array('[zaixian]' => 'zaixian+' . $zx, 'datezx' => time()); } else { $array = array('datezx' => time()); } $db->update('%s_user', $array, 'userid=' . $userid); unset($user['userpass']); $user['islogin'] = true; } else { $user = array('ismanage' => 0, 'userid' => 0, 'username' => '[匿名]', 'islogin' => false, 'name' => '', 'tel' => '', 'email' => '', 'msn' => '', 'qq' => '', 'userstatu' => false); } $this->info = $user; unset($user); return $this->info; }
function king_ajax_add() { global $king; $fbtime = kc_cookie("fbtime"); //获得上次操作时间 $ktitle = kc_post('ktitle'); $kname = kc_post('kname'); $kemail = kc_post('kemail'); $kphone = kc_post('kphone'); $kqq = kc_post('kqq'); $kcontent = kc_post('kcontent'); //check ktitle if (!isset($ktitle[1]) || strlen($ktitle) > 50) { kc_error($king->lang->get('feedback/error/name', 0)); } //check kname if (!isset($kname[1]) || strlen($kname) > 30) { kc_error($king->lang->get('feedback/error/name', 1)); } //check kemail if (!kc_validate($kemail, 5)) { kc_error($king->lang->get('feedback/error/name', 2)); } //check kcontent if (!isset($kcontent[9])) { kc_error($king->lang->get('feedback/error/name', 3)); } if ($fbtime > time() - 3600) { kc_ajax($king->lang->get('system/common/tip'), $king->lang->get('feedback/error/name', 5), 0); } else { //记录本次发布时间 setcookie("fbtime", time(), time() + 3600, '/'); $array = array('ktitle' => $ktitle, 'kname' => $kname, 'kemail' => $kemail, 'kphone' => $kphone, 'kqq' => $kqq, 'kcontent' => $kcontent, 'norder' => $king->db->neworder('%s_feedback'), 'ndate' => time()); $king->db->insert('%s_feedback', $array); kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('feedback/ok/add') . '</p>', "<a href=\"index.php\">" . $king->lang->get('system/common/enter') . "</a>"); //添加成功后返回的地址 } }
/** * 验证用户是否已登录 */ public function checkLogin() { global $king; if ($auth = kc_cookie('auth_' . $king->config('userpre', 'user'))) { list($userid, $username, $userpass) = explode("\t", $auth); $user = $this->infoUser($userid); if ($user['authcookie'] != $auth) { return False; } $this->userid = $userid; return $user; } else { return False; } }
function king_def() { global $king; $sel_array = array('mysql' => 'MySQL', 'sqlite' => 'SQLite'); $phpself = $_SERVER['PHP_SELF']; $inst = substr($phpself, 0, strlen($phpself) - 11); //安装目录 $select_type = kc_htm_radio('dbtype', $sel_array, 'sqlite'); //数据库类型 $array_dirs = array('config.php', 'system/js'); $array_func = array('mysql_connect', 'file_get_contents', 'file_put_contents', 'simplexml_load_file'); //,'fsockopen' $s = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\r\n<title>" . $king->lang->get('system/install/title') . "</title>\r\n<link href=\"system/skins/default/style.css\" rel=\"stylesheet\" type=\"text/css\" />\r\n<style type=\"text/css\">\r\n.k_table_form{font-size:12px;}\r\n.k_table_form th{width:200px;color:#000;font-weight:normal;text-indent:5px;padding:5px;}\r\n.k_table_form td{text-indent:5px;}\r\n</style>\r\n<meta name=\"generator\" content=\"KingCMS\"/>\r\n<script type=\"text/javascript\" src=\"system/js/jquery.js\"></script>\r\n<script type=\"text/javascript\" src=\"system/js/jquery.kc.js\"></script>\r\n<script type=\"text/javascript\" src=\"system/skins/default/fun.js\"></script>\r\n<script type=\"text/javascript\">\r\njQuery(function(\$){\r\n\r\n\t\$(\"#k_dbtype_mysql , #k_dbtype_sqlite\").click(function(){\$.ck_radio(this)});\r\n\r\n\t\$.ck_radio=function(obj){\r\n\t\tif(\$(obj).attr('id')=='k_dbtype_mysql'){\r\n\t\t\t\$('.mysql').show();\r\n\t\t\t\$('.sqlite').hide();\r\n\r\n\t\t}else{\r\n\t\t\t\$('.sqlite').show();\r\n\t\t\t\$('.mysql').hide();\r\n\t\t\r\n\t\t}\r\n\t}\r\n\r\n});\r\n\r\n</script>\r\n</head>\r\n<body>\r\n<div id=\"k_ajax\"></div>\r\n<div id=\"top\">\r\n\t<a id=\"logo\" href=\"http://www.kingcms.com\" target=\"_blank\"><img alt=\"KingCMS\" src=\"system/skins/default/logo.gif\"/></a>\r\n\t<ul class=\"k_menu\">\r\n\t\t<li><a href=\"INSTALL.php\">" . $king->lang->get('system/common/install') . "</a></li>\r\n\t\t<li><a href=\"javascript:;\">" . $king->lang->get('system/common/language') . "</a>\r\n\r\n\t\t\t\t<ul>"; //language $array = kc_f_getdir('system/language', 'xml'); $array = array_map('kc_f_name', $array); $_language = kc_cookie('language'); foreach ($array as $val) { $s .= '<li><a href="javascript:;" class="k_ajax" rel="{CMD:\'language\',lang:\'' . $val . '\'}">'; if ($_language == $val) { $s .= '• '; } $s .= kc_getlang($val) . '</a></li>'; } $s .= "</ul>\r\n\t\t</li>\r\n\t</ul>\r\n</div>\r\n<div id=\"main\">\r\n\r\n\r\n<table class=\"w0\"><tr><td style=\"vertical-align:top;\" class=\"w10\">\r\n\t<form name=\"form_install\" id=\"form_install\">\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/install/db') . "</h3>\r\n\t<table class=\"k_table_form\" cellspacing=\"0\">\r\n\t\t<tbody><tr><th>" . $king->lang->get('system/install/dbtype') . "</th><td>{$select_type}</td></tr></tbody>\r\n\t\t<tr><th>" . $king->lang->get('system/install/pre') . "</th><td><input id=\"pre\" name=\"pre\" class=\"k_in w200\" value=\"king\"/></td></tr>\r\n\t\t<tr><th>" . $king->lang->get('system/install/preadmin') . "</th><td><input id=\"preadmin\" name=\"preadmin\" class=\"k_in w200\" value=\"kc\"/></td></tr>\r\n\r\n\t\t<tr class=\"mysql none\"><th>" . $king->lang->get('system/install/dbhost') . "</th><td><input id=\"host\" name=\"host\" class=\"k_in w200\" value=\"localhost\"/></td></tr>\r\n\t\t<tr class=\"mysql none\"><th>" . $king->lang->get('system/install/dbdata') . "</th><td><input id=\"data\" name=\"data\" class=\"k_in w200\" value=\"test\"/></td></tr>\r\n\t\t<tr class=\"mysql none\"><th>" . $king->lang->get('system/install/dbuser') . "</th><td><input id=\"user\" name=\"user\" class=\"k_in w200\" value=\"root\"/></td></tr>\r\n\t\t<tr class=\"mysql none\"><th>" . $king->lang->get('system/install/dbpass') . "</th><td><input id=\"pass\" name=\"pass\" class=\"k_in w200\" value=\"\"/></td></tr>\r\n\r\n\t\t<tr class=\"sqlite\"><th>" . $king->lang->get('system/install/dbfile') . "</th><td><input id=\"sqlitedata\" name=\"sqlitedata\" class=\"k_in w200\" value=\"" . kc_random(12) . ".db3\"/></td></tr>\r\n\t</table>\r\n\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/install/admin') . "</h3>\r\n\t<table class=\"k_table_form\" cellspacing=\"0\">\r\n\t\t<tbody><tr><th>" . $king->lang->get('system/install/adminname') . "</th><td><input id=\"adminname\" name=\"adminname\" class=\"k_in w200\" value=\"admin\"/></td></tr></tbody>\r\n\t\t<tr><th>" . $king->lang->get('system/install/adminpass') . "</th><td><input id=\"adminpass\" name=\"adminpass\" class=\"k_in w200\" value=\"admin888\"/></td></tr>\r\n\t</table>\r\n\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/level/config') . "</h3>\r\n\t<table class=\"k_table_form\" cellspacing=\"0\">\r\n\t\t<tbody><tr><th>" . $king->lang->get('system/install/cache') . "</th><td><input id=\"cache\" name=\"cache\" class=\"k_in w200\" value=\"_cache\"/></td></tr></tbody>\r\n\r\n\t\t<tr><th>" . $king->lang->get('system/const/inst') . "</th><td><input id=\"inst\" name=\"inst\" class=\"k_in w100\" value=\"{$inst}\"/></td></tr>\r\n\t\t<tr><th>" . $king->lang->get('system/install/timediff') . "</th><td><input id=\"timediff\" name=\"timediff\" class=\"k_in w100\"/></td></tr>\r\n\t\t<tr><th>" . $king->lang->get('system/install/debug') . "</th><td><input id=\"debug\" value=\"1\" name=\"debug\" type=\"checkbox\" checked=\"checked\"/><label for=\"debug\">" . $king->lang->get('system/install/opendebug') . "</label></td></tr>\r\n\t</table>\r\n\r\n\t<script type=\"text/javascript\">\r\n\tvar dateObj = new Date();\r\n\tvar timediff=" . date('G', 0) . ";\r\n\t\$('#timediff').val(timediff);\r\n\t</script>\r\n\r\n\t<p>\r\n\t\t<input value=\"1\" id=\"license\" name=\"license\" type=\"checkbox\"/><label for=\"license\">" . $king->lang->get('system/install/readlicense') . "</label>\r\n\t\t[<a href=\"http://www.kingcms.com/license/\" target=\"_blank\">" . $king->lang->get('system/install/license') . "</a>]\r\n\t</p>\r\n\t\t<input value=\"1\" id=\"isdelete\" name=\"isdelete\" type=\"checkbox\" checked=\"checked\"/><label for=\"isdelete\">" . $king->lang->get('system/install/isdelete') . "</label>\r\n\t<p>\r\n\r\n\t</p>\r\n\r\n\t<p class=\"k_submit\">\r\n\r\n\t\t<input value=\"" . $king->lang->get('system/common/install') . "[S]\" class=\"k_ajax big\" rel=\"{CMD:'config',FORM:'form_install'}\" type=\"button\" accesskey=\"s\"/>\r\n\r\n\t</p>\r\n\t</form>\r\n</td><td class=\"w1\" style=\"vertical-align:top;\"></td><td>\r\n\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/skin/sys') . "</h3>\r\n\t<table class=\"k_table_list\" cellspacing=\"0\">\r\n\t<tr><th class=\"w10\">" . $king->lang->get('system/skin/obj') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/required') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/this') . "</th></tr>"; $s .= '<tr><td>' . $king->lang->get('system/skin/os') . '</td><td>ALL</td><td>' . PHP_OS . '</td></tr>'; $s .= '<tr><td>' . $king->lang->get('system/skin/phpver') . '</td><td>5.1.0+</td><td>' . PHP_VERSION . '</td></tr>'; if (function_exists('disk_free_space')) { $s .= '<tr><td>' . $king->lang->get('system/skin/diskspace') . '</td><td>>2 Mb</td><td>' . kc_f_size(disk_free_space('./')) . '</td></tr>'; } $s .= "</table>\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/skin/writeinfo') . "</h3>\r\n\t<table class=\"k_table_list\" cellspacing=\"0\">\r\n\t<tr><th class=\"w10\">" . $king->lang->get('system/skin/filedir') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/required') . "</th><th class=\"w5wgfv -k07-87;[yu'pbv9io/h9;'99999\">" . $king->lang->get('system/skin/this') . "</td></tr>"; foreach ($array_dirs as $val) { $s .= '<tr><td>' . $val . '</td><td>' . $king->lang->get('system/skin/write/w1') . '</td><td>' . $king->lang->get('system/skin/write/w' . (is_writable(ROOT . $val) ? 1 : 0)) . '</td></tr>'; } $s .= "</table>\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/skin/func') . "</h3>\r\n\t<table class=\"k_table_list\" cellspacing=\"0\">\r\n\t<tr><th class=\"w10\">" . $king->lang->get('system/skin/funs') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/required') . "</th><th class=\"w5\">" . $king->lang->get('system/skin/this') . "</th></tr>"; foreach ($array_func as $val) { $s .= '<tr><td>' . $val . '()</td><td>' . $king->lang->get('system/skin/fun/f1') . '</td><td>' . $king->lang->get('system/skin/fun/f' . (function_exists($val) ? 1 : 0)) . '</td></tr>'; } $s .= "</table>\r\n\t<h3 class=\"caption\">" . $king->lang->get('system/skin/other') . "</h3>\r\n\t<table class=\"k_table_list\" cellspacing=\"0\">\r\n\t"; $s .= "<tr><th class=\"w10 red\">" . $king->lang->get('system/skin/obj') . "</th><th class=\"w5 red\">" . $king->lang->get('system/skin/advice') . "</th><th class=\"w5 red\">" . $king->lang->get('system/skin/this') . "</th></tr>\r\n\t<tr><td>" . $king->lang->get('system/skin/browser') . "</td><td>IE 7.0</td><td>" . kc_browser() . "</td></tr>\r\n\t<tr><td>" . $king->lang->get('system/skin/safemode') . "</td><td>--</td><td>" . $king->lang->get('system/skin/open/o' . (ini_get('safe_mode') ? 1 : 0)) . "</td></tr>\r\n\t<tr><td>" . $king->lang->get('system/skin/maxetime') . "</td><td>--</td><td>" . ini_get('max_execution_time') . "s</td></tr>\r\n\t</table>\r\n\r\n\t<p><img class=\"f6 os\" src=\"system/images/white.gif\"/><a href=\"http://www.kingcms.com/\" class=\"k_ajax\" rel=\"{CMD:'repass',METHOD:'GET'}\">" . $king->lang->get('system/install/resetpass') . "</a></p>\r\n\t<p><img class=\"j2 os\" src=\"system/images/white.gif\"/><a href=\"http://www.kingcms.com/\" class=\"k_ajax\" rel=\"{CMD:'delete'}\">" . $king->lang->get('system/install/delfile') . "</a></p>\r\n\t<p><img class=\"n1 os\" src=\"system/images/white.gif\"/><a href=\"system/login.php\">" . $king->lang->get('system/install/login') . "</a></p>\r\n\r\n</td></tr></table>\r\n\r\n</div>\r\n</body>\r\n</html>"; exit($s); }
function king_ajax_orders() { global $king; //显示物流方式选择页,并显示对应的物流费用 //订单insert到数据库,并返回订单号。以便客户查询订单,也为邮政付款的用户提供收据上传功能 //清空购物记录 $king->Load('user'); $tip = ($user = $king->user->checkLogin()) ? '' : '<a href="javascript:;" class="k_user_login">' . $king->lang->get('portal/user/nologin') . '</a> <a href="javascript:;" class="k_user_register">' . $king->lang->get('portal/user/regshop') . '</a>'; $array_sql = array('usermail', 'realname', 'useraddress', 'userpost', 'usertel', 'kfeedback'); if ($GLOBALS['ismethod']) { $data = $_POST; } else { $data = array(); if (is_array($user)) { //用户已登录 foreach ($array_sql as $val) { $data[$val] = kc_val($user, $val); } } } $data = kc_data($array_sql, $data); //kconsignee $array = array(array('realname', 0, 2, 30)); $s = $king->htmForm($king->lang->get('portal/orders/realname'), kc_htm_input('realname', $data['realname'], 30, 100), $array, null, $tip); //ktel $array = array(array('usertel', 0, 6, 30)); $s .= $king->htmForm($king->lang->get('portal/orders/tel'), kc_htm_input('usertel', $data['usertel'], 30, 200), $array); //kmail $array = array(array('usermail', 0, 6, 32), array('usermail', 5)); $s .= $king->htmForm($king->lang->get('portal/orders/mail'), kc_htm_input('usermail', $data['usermail'], 32, 200), $array); //kaddress $array = array(array('useraddress', 0, 5, 250)); $s .= $king->htmForm($king->lang->get('portal/orders/address'), '<textarea cols="10" id="useraddress" name="useraddress" rows="3" class="k_in w400">' . htmlspecialchars($data['useraddress']) . '</textarea>', $array); //kpost $array = array(array('userpost', 0, 6, 6), array('userpost', 2)); $s .= $king->htmForm($king->lang->get('portal/orders/post'), kc_htm_input('userpost', $data['userpost'], 6, 50), $array); //kfeedback $array = array(array('kfeedback', 0, 0, 255)); $s .= $king->htmForm($king->lang->get('portal/orders/feedback'), '<textarea cols="10" rows="4" name="kfeedback" id="kfeedback" class="k_in w400">' . htmlspecialchars($data['kfeedback']) . '</textarea>', $array); if ($GLOBALS['ischeck']) { $cart = kc_cookie('KingCMS_Cart'); $eid = kc_post('eid'); if (!($cart && isset($eid))) { kc_error($king->lang->get('system/error/param')); } $weight = 0; $total = 0; $nnum = 0; $cart_array = unserialize($cart); //要过滤掉的内容 $array_black = str_split('<>\'"%'); foreach ($cart_array as $key => $number) { list($listid, $kid) = explode('-', $key); $ID = $king->portal->infoID($listid, $kid); if ($total === 0) { //第一次运算 $mch_name = kc_substr(str_replace($array_black, '', $ID['ktitle']), 0, 16); } $weight += $number * $ID['nweight']; $total += $number * $ID['nprice']; $nnum += $number; } $nexpress = 0; //运费 if ($weight !== 0) { $express = $king->portal->getExpress(); $nexpress = $express[$eid]['nsprice'] + $express[$eid]['niprice'] * ceil($weight > 500 ? $weight / 500 - 1 : 0); } $ono = kc_formatdate(time(), 'Ymd') . sprintf("%08.0d", $king->db->neworder('%s_orders', '', 'oid')); $array = array('kname' => $mch_name, 'userid' => is_array($user) ? $user['userid'] : 0, 'kcontent' => $cart, 'ndate' => time(), 'nip' => kc_getip(), 'eid' => $eid, 'ntotal' => round($total, 2), 'ono' => $ono, 'nnumber' => $nnum, 'kfeedback' => $data['kfeedback'], 'nweight' => $weight, 'nexpress' => $nexpress); foreach ($array_sql as $val) { $array[$val] = kc_val($data, $val); } $oid = $king->db->insert('%s_orders', $array); setcookie('KingCMS_Cart', '', -86400000, $king->config('inst')); $js = "\$.kc_ajax('{URL:\\'" . $king->config('inst') . "portal/cart.php\\',CMD:\\'payment\\',IS:1,oid:{$oid}}')"; kc_ajax('', '', '', $js); } $but = kc_htm_a($king->lang->get('portal/cart/backcart'), "{URL:'" . $king->config('inst') . "portal/cart.php',CMD:'buy',IS:1}"); $but .= kc_htm_a($king->lang->get('portal/cart/suborders'), "{URL:'" . $king->config('inst') . "portal/cart.php',CMD:'orders',eid:" . kc_post('eid') . ",IS:1}"); kc_ajax($king->lang->get('portal/cart/suborders'), $s, $but, '', 600, 350 + $GLOBALS['check_num'] * 15); }
function king_ajax_comment() { global $king; $kid = kc_get('kid', 2, 1); $modelid = kc_get('modelid', 22, 1); $kcontent = kc_get('kcontent', 0, 1); $commenttime = kc_cookie("commenttime"); if ($commenttime < time() - 120) { //限制2分钟内只能发一次评论 setcookie("commenttime", time(), time() + 86400, '/'); } else { kc_error($king->lang->get('portal/tip/nocomment')); } if (kc_strlen($kcontent) > 10) { $kcontent = preg_replace('/<a ([^>]*)>|<\\/a>/is', '', $kcontent); //过滤链接 $kcontent = preg_replace('/<(table|tbody|thead|tr|td|th|caption) ?([^>]*)>|<\\/(table|tbody|thead|tr|td|th|caption)>/is', '', $kcontent); //过滤表格 $kcontent = preg_replace('/(<([^>]*))( style=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent); //过滤样式 $kcontent = preg_replace('/(<([^>]*))( id=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent); $kcontent = preg_replace('/(<([^>]*))( class=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent); } if (kc_strlen($kcontent) < 5) { kc_ajax($king->lang->get('system/title/tip'), $king->lang->get('portal/tip/nocontent')); return; } $model = $king->portal->infoModel($modelid); if ($res = $king->db->getRows_one("select ncomment from %s__{$model['modeltable']} where kid={$kid}")) { $ncomment = $res['ncomment'] + 1; $_array = array('ncomment' => $ncomment); $king->db->update('%s__' . $model['modeltable'], $_array, "kid={$kid}"); } else { kc_error($king->lang->get('portal/error/notq')); return; } $king->load('user'); if ($user = $king->user->checkLogin()) { //已登录 $username = $user['username']; unset($user); } else { //未登录 $username = ''; } $_array = array('kid' => $kid, 'modelid' => $modelid, 'kcontent' => $kcontent, 'username' => $username, 'nip' => kc_getip(), 'ndate' => time(), 'isshow' => 1); $king->db->insert("%s_comment", $_array); $xmlpath = $king->config('xmlpath', 'portal') . '/portal/' . $modelid . '/' . wordwrap($kid, 1, '/', 1) . '.xml'; kc_f_delete($xmlpath); $cachepath = 'portal/comment/' . $modelid . '/' . $kid; $king->cache->del($cachepath); $js = "\$('#k_comment').html({$ncomment});\$('#kcontent').html('');"; kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('portal/ok/submit') . '</p>', 0, $js); }