/** * 用户登录及权限验证 * @param int $gid 用户组 * @return array */ public function access($gid = 0) { global $king; if (!($user = $this->checkLogin())) { //若未登录状态,则跳到登陆页 if ($GLOBALS['action'] == 'ajax') { //ajax页面里不做跳转 $js = "\$.kc_ajax('{URL:\\'" . $king->config('inst') . "user/index.php\\',CMD:\\'login\\',IS:1,METHOD:\\'GET\\'}')"; kc_ajax('', '', '', $js); } else { header("Location: " . $king->config('inst') . "user/login.php"); } } if ($gid !== 0) { //如果gid不等于0的话,则比较gid if ($gid != $user['gid']) { if ($GLOBALS['action'] == 'ajax') { kc_error($king->lang->get('user/error/gaccess')); } else { $tmp = new KC_Template_class($king->config('templatelogin', 'user'), $king->config('templatepath') . '/inside/system/error.htm'); $tmp->assign('main', $king->lang->get('user/error/gaccess')); $tmp->assign('title', $king->lang->get('system/common/error')); exit($tmp->output()); } } } //权限验证 return $user; }
function king_ajax_delete() { global $king; $king->access('feedback_delete'); $list = kc_getlist(); $king->db->query("delete from %s_feedback where kid in ({$list})"); kc_ajax('OK', "<p class=\"k_ok\">" . $king->lang->get('system/ok/delete') . "</p>", 1); }
function king_ajax_delete() { global $king; $king->access('portal_comment_delete'); $list = kc_getlist(); $cachepath = 'portal/comment'; $king->cache->rd($cachepath); $king->db->query("delete from %s_comment where cid in ({$list})"); kc_ajax('OK', "<p class=\"k_ok\">" . $king->lang->get('system/ok/delete') . "</p>", 1); }
function king_ajax_commend() { global $king; $king->access('portal_tag_edt'); $kid = kc_get('kid', 2, 1); $is = kc_get('is', 2, 1); $ico = $is ? 'n1' : 'n2'; $king->db->update('%s_tag', array('iscommend' => $is), "kid={$kid}"); kc_ajax('', kc_icon($ico), '', "\$('#commend_{$kid}').attr('rel','{CMD:\\'commend\\',ID:\\'commend_{$kid}\\',is:" . (1 - $is) . ",kid:{$kid},IS:2}')"); //{CMD:\commend\',is:'+is+',ID:\'commend_'+id+'\',kid:'+id+',IS:2} }
function king_ajax_salt() { global $king; $id_fly = kc_post('ID'); $id = substr($id_fly, 0, strlen($id_fly) - 4); $salt = kc_random(12); $js = "\$('#{$id}_salt').val('{$salt}');"; $s = "<img alt=\"" . $king->lang->get('system/check/verifynew') . "\" src=\"" . $king->config('inst') . "system/verify.php?salt={$salt}\"/>"; $s .= "<a href=\"javascript:;\" class=\"k_ajax\" rel=\"{URL:'../system/verify.php',ID:'{$id_fly}',CMD:'salt'}\">" . $king->lang->get('system/check/verifynew') . "</a>"; kc_ajax('', $s, 0, $js); }
/** 编辑 */ function king_ajax_edt() { global $king; $king->access('portal_express_edt'); $eid = kc_get('eid', 2); $sql = "kname,nsprice,niprice,kremark,kaddress"; $array_sql = explode(',', $sql); if ($GLOBALS['ismethod'] || empty($eid)) { $data = $_POST; if (!$GLOBALS['ismethod']) { $data['kaddress'] = 'http://'; } } else { if (!($data = $king->db->getRows_one("select {$sql} from %s_express where eid={$eid}"))) { kc_error($king->lang->get('system/error/notre')); } } $data = kc_data($array_sql, $data); //kname $array = array(array('kname', 0, 1, 50)); $s = $king->htmForm($king->lang->get('portal/express/name'), kc_htm_input('kname', $data['kname'], 50, 200), $array); //nsprice $array = array(array('nsprice', 0, 1, 5), array('nsprice', 2)); $s .= $king->htmForm($king->lang->get('portal/express/sprice'), kc_htm_input('nsprice', $data['nsprice'], 5, 50), $array); //nsprice $array = array(array('niprice', 0, 1, 5), array('niprice', 2)); $s .= $king->htmForm($king->lang->get('portal/express/iprice'), kc_htm_input('niprice', $data['niprice'], 5, 50), $array); //kaddress $array = array(array('kaddress', 0, 1, 255), array('kaddress', 6)); $s .= $king->htmForm($king->lang->get('portal/express/address'), kc_htm_input('kaddress', $data['kaddress'], 255, 400), $array); //kremark $array = array(array('kremark', 0, 0, 3000)); $s .= $king->htmForm($king->lang->get('portal/common/remark'), '<textarea name="kremark" id="kremark" rows="6" cols="100" class="k_in w400">' . htmlspecialchars($data['kremark']) . '</textarea>', $array); if ($GLOBALS['ischeck']) { $array = array(); foreach ($array_sql as $val) { $array[$val] = $data[$val]; } if (empty($eid)) { //insert $king->db->insert('%s_express', $array); } else { $king->db->update('%s_express', $array, "eid={$eid}"); } $js = 'setTimeout("parent.location=\'manage.express.php\'",1000)'; kc_ajax('', '', '', $js); } $but = kc_htm_a($king->lang->get('system/common/save'), "{CMD:'edt',eid:'{$eid}',IS:1}"); kc_ajax($king->lang->get('portal/title/expressedt'), $s, $but, '', 440, 350 + $GLOBALS['check_num'] * 15); }
/** 发货 */ function king_ajax_express() { global $king; $king->access('portal_orders_delivery'); $oid = kc_get('oid', 2, 1); $sql = "eid,expressnumber,kremark,nsenddate"; $array_sql = explode(',', $sql); if ($GLOBALS['ismethod']) { $data = $_POST; } else { if (!($data = $king->db->getRows_one("select {$sql} from %s_orders where oid={$oid}"))) { kc_error($king->lang->get('system/error/notre')); } } $data = kc_data($array_sql, $data); $s = ''; //eid $express = $king->portal->getExpress(); $array_express = array(); foreach ($express as $eid => $rs) { $array_express[$eid] = htmlspecialchars($rs['kname']); } $array = array(array('eid', 0, 1, 11), array('eid', 2)); $s .= $king->htmForm($king->lang->get('portal/orders/express'), kc_htm_select('eid', $array_express, $data['eid']), $array); //expressnumber $array = array(array('expressnumber', 0, 1, 30)); $s .= $king->htmForm($king->lang->get('portal/express/expressnumber'), kc_htm_input('expressnumber', $data['expressnumber'], 30, 200), $array); //kremark $array = array(array('kremark', 0, 0, 3000)); $s .= $king->htmForm($king->lang->get('portal/common/remark'), '<textarea name="kremark" id="kremark" rows="8" cols="100" class="k_in w400">' . htmlspecialchars($data['kremark']) . '</textarea>', $array); if ($GLOBALS['ischeck']) { $array = array(); foreach ($array_sql as $val) { $array[$val] = $data[$val]; } if (empty($data['nsenddate'])) { $array['nsenddate'] = time(); } //如果nsenddate为空,则填写当前时间戳 $array['nstatus'] = 4; //交易状态设置为发货 $king->db->update('%s_orders', $array, "oid={$oid}"); $js = 'setTimeout("parent.location=\'manage.orders.php\'",1000)'; kc_ajax('', '', '', $js); } $but = kc_htm_a($king->lang->get('portal/common/delivery'), "{CMD:'express',oid:'{$oid}',IS:1,nsenddate:'{$data['nsenddate']}'}"); kc_ajax($king->lang->get('portal/title/delivery'), $s, $but, '', 440, 290 + $GLOBALS['check_num'] * 15); }
function king_ajax_add() { global $king; $fbtime = kc_cookie("fbtime"); //获得上次操作时间 $ktitle = kc_post('ktitle'); $kname = kc_post('kname'); $kemail = kc_post('kemail'); $kphone = kc_post('kphone'); $kqq = kc_post('kqq'); $kcontent = kc_post('kcontent'); //check ktitle if (!isset($ktitle[1]) || strlen($ktitle) > 50) { kc_error($king->lang->get('feedback/error/name', 0)); } //check kname if (!isset($kname[1]) || strlen($kname) > 30) { kc_error($king->lang->get('feedback/error/name', 1)); } //check kemail if (!kc_validate($kemail, 5)) { kc_error($king->lang->get('feedback/error/name', 2)); } //check kcontent if (!isset($kcontent[9])) { kc_error($king->lang->get('feedback/error/name', 3)); } if ($fbtime > time() - 3600) { kc_ajax($king->lang->get('system/common/tip'), $king->lang->get('feedback/error/name', 5), 0); } else { //记录本次发布时间 setcookie("fbtime", time(), time() + 3600, '/'); $array = array('ktitle' => $ktitle, 'kname' => $kname, 'kemail' => $kemail, 'kphone' => $kphone, 'kqq' => $kqq, 'kcontent' => $kcontent, 'norder' => $king->db->neworder('%s_feedback'), 'ndate' => time()); $king->db->insert('%s_feedback', $array); kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('feedback/ok/add') . '</p>', "<a href=\"index.php\">" . $king->lang->get('system/common/enter') . "</a>"); //添加成功后返回的地址 } }
function king_ajax_isshow() { global $king; $king->access('portal_field_edt'); $kid = kc_get('kid', 2, 1); $field = kc_post('field'); $is = kc_get('is', 2, 1) ? 1 : 0; $modelid = kc_get('modelid', 22, 1); $array_is = array('isadmin1', 'isadmin2', 'isuser1', 'isuser2', 'islist', 'issearch', 'isrelate'); if (!in_array($field, $array_is)) { //防止非法输入 kc_error($king->lang->get('system/error/param')); } if ($res = $king->db->getRows_one("select ktitle from %s_field where kid={$kid} and kfield='ktitle'")) { kc_ajax('', kc_icon($is ? 'n2' : 'n1'), 0, "alert('" . $king->lang->get('portal/tip/noedt') . ": {$res['ktitle']}')"); } $array = array($field => $is); $king->db->update('%s_field', $array, "kid={$kid}"); $king->cache->del('portal/model/model' . $modelid); $s = kc_icon($is ? 'n1' : 'n2'); $js = "\$('#{$field}_{$kid}').attr('rel','{CMD:\\'isshow\\',field:\\'{$field}\\',modelid:{$modelid},kid:{$kid},is:" . (1 - $is) . ",ID:\\'{$field}_{$kid}\\',IS:2}')"; kc_ajax('', $s, 0, $js); }
function king_ajax_lostpwd1() { global $king; $username = kc_post('username'); //ask if ($user = $king->db->getRows_one("select userid,uid,userask,useranswer,usermail from %s_user where isdelete=0 and username='******'username')) . "'")) { if (!$user['userask']) { kc_error($king->lang->get('user/error/ask')); } } else { kc_error($king->lang->get('system/error/param')); } $s = $king->htmForm($king->lang->get('user/label/ask'), htmlspecialchars($user['userask'])); //answer $array = array(array('useranswer', 0, 1, 16), array('useranswer', 12, $king->lang->get('portal/check/lost/answer'), $user['useranswer'] != kc_post('useranswer'))); $s .= $king->htmForm($king->lang->get('user/label/answer'), '<input class="k_in w150" type="text" name="useranswer" id="useranswer" maxlength="16" value="' . htmlspecialchars(kc_post('useranswer')) . '" />', $array); //mail $_array = array(array('usermail', 0, 6, 32), array('usermail', 5, $king->lang->get('portal/check/reg/u-4')), array('usermail', 12, $king->lang->get('portal/check/lost/mail'), strtolower($user['usermail']) != strtolower(kc_post('usermail')))); $s .= $king->htmForm($king->lang->get('portal/user/mail'), '<input class="k_in w250" type="text" name="usermail" value="' . htmlspecialchars(kc_post('usermail')) . '" maxlength="32" />', $_array); //pass $_array = array(array('userpass', 0, 6, 30), array('userpass', 17, null, 'userpass1')); $s .= $king->htmForm($king->lang->get('portal/user/pass') . ' (6-30)', '<input class="k_in w150" type="password" name="userpass" id="userpass" maxlength="30" value="' . htmlspecialchars(kc_post('userpass')) . '" />', $_array); //repass $s .= $king->htmForm($king->lang->get('portal/user/pass1'), '<input class="k_in w150" type="password" name="userpass1" id="userpass1" maxlength="30" value="' . htmlspecialchars(kc_post('userpass1')) . '" />'); $verify = new KC_Verify_class(); $s .= $verify->Show(); if ($GLOBALS['ischeck']) { $array = array(); $salt = kc_random(6); $md5pass = md5($salt . kc_post('userpass')); $array['userpass'] = $md5pass; $array['ksalt'] = $salt; $userid = $king->db->update('%s_user', $array, "userid={$user['userid']}"); //写Cookie $s = $king->user->userLogin($user['userid'], 2592000); $king->user->delUserInfo($user['userid']); kc_ajax($king->lang->get('system/common/welcome'), $s . "<p class=\"k_ok\">" . $king->lang->get('portal/user/lostok') . "</p>", 0); } $but = kc_htm_a($king->lang->get('system/common/submit'), "{URL:'" . $king->config('inst') . "user/index.php',CMD:'lostpwd1',username:'******',IS:1}"); $height = $king->config('verifyopen') ? 250 + $king->config('verifyheight') : 230; kc_ajax($king->lang->get('portal/user/name'), $s, $but, '', 420, $height + $GLOBALS['check_num'] * 15); }
/** 上移下移数据 @param string $_table 数据表名 @param int $id 索引ID的值 @param string $_where 条件 @param int $_order 排序,1为倒序,0为正序 @param string $_kidname 索引ID的字段名称 @param string $_norder 决定排序的字段名称 这个函数可以进一步优化,当置顶或垫底的时候,直接获取最大值+1或最小值-1的方法来更新 这样做就不用遍历很多数据,也可以避免数据过多的时候,超时的问题。 */ public function updown($_table, $id, $_where = null, $_order = 1, $_kidname = 'kid', $_norder = 'norder') { $_back = $_SERVER['HTTP_REFERER']; $_array1 = array('kid' => 0, 'norder' => 0); $_array2 = array('kid' => 0, 'norder' => 0); //@param int $_num 偏移量 $_num = kc_get('NUMBER', 2, 1); //@param string $_act [up|down]上移或下移 $_act = kc_post('UPDOWN') == 'up' ? 'up' : 'down'; if ($_order) { $_act == 'down' ? $order = 'desc' : ($order = 'asc'); } else { $_act == 'up' ? $order = 'desc' : ($order = 'asc'); } if ($_where != null) { $_where = ' where ' . $_where; } $sql = "select {$_kidname},{$_norder} from {$_table} {$_where} order by {$_norder} {$order}"; $this->query($sql); $this->getRows_number(); if ($_num == 0) { $_num = $this->Rows; } $_table = sprintf($_table, DB_PRE); $array = is_object($this->mQuery) ? $this->mQuery->fetchAll() : $array(); $count = count($array); for ($i = 0; $i < $count; $i++) { if ($id == $array[$i][$_kidname]) { $_array1['kid'] = $array[$i][$_kidname]; $_array2['kid'] = $array[$i][$_norder]; for ($j = 1; $j <= $_num; $j++) { if ($i + $j < $count) { $_array1['norder'] = $array[$i + $j][$_kidname]; $_array2['norder'] = $array[$i + $j][$_norder]; $this->link->query("update {$_table} set {$_norder}={$_array2['norder']} where {$_kidname}={$_array1['kid']}"); $this->link->query("update {$_table} set {$_norder}={$_array2['kid']} where {$_kidname}={$_array1['norder']}"); $_array2['kid'] = $_array2['norder']; } } kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\''); } } kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\''); }
function king_ajax_logout() { global $king; $king->access(0); $king->cache->del('system/admin/' . $king->admin['adminname']); //写注销log list($_name, $_pass) = isset($_COOKIE['KingCMS_Admin']) ? kc_explode("\t", $_COOKIE['KingCMS_Admin'], 2) : array(NULL, NULL); $king->log(3, $_name); header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"'); setcookie('KingCMS_Admin', $_name, -864000, '/'); kc_ajax('', '', 0, 'parent.location=\'../system/login.php\''); }
/** tagmenu的管理 */ public function tagmenu() { global $king; $cachepath = 'skin/tagmenu/' . $king->admin['adminid']; $number = kc_get('number', 2); $title = kc_post('title'); $url = kc_post('url'); if (!$number) { $number = 7; } $pid = kc_get('pid', 2); if (!$pid) { $pid = 1; } if (!($array = $king->cache->get($cachepath))) { $array = array(); } if (isset($title[0])) { //如果有title,则是要删除对应的键值 $array = array_diff_key($array, array($title => '')); $king->cache->put($cachepath, $array); } $count = count($array); //删除menu后,可能出现pid大于总页数的情况,则做如下判断 if ($pid - 1 >= $count / $number) { $pid--; } $array_new = array_chunk($array, $number, True); if (!($array_new1 = $array_new[$pid - 1])) { $array_new1 = array(); } $s = ''; if ($pid > 1) { $s .= '<a class="k_ajax" rel="{URL:\'../system/manage.php\',CMD:\'tagmenu\',ID:\'k_tagmenu\',number:' . $number . ',pid:' . ($pid - 1) . ',url:\'' . urlencode($url) . '\'}">' . kc_icon('c9') . '</a>'; } foreach ($array_new1 as $key => $val) { $val == $url ? $s .= '<span class="red"><a href="' . $val . '">' . htmlspecialchars($key) . '</a>' : ($s .= '<span><a href="' . $val . '">' . htmlspecialchars($key) . '</a>'); $s .= "<img src=\"../system/images/white.gif\" class=\"k_ajax k8 os\" rel=\"{URL:'../system/manage.php',ID:'k_tagmenu',CMD:'tagmenu',number:{$number},url:" . urlencode($url) . ",pid:{$pid},title:\\'" . urlencode($key) . "\\'}\"/></span>"; } if ($count / $number > $pid) { $s .= '<a class="k_ajax" rel="{URL:\'../system/manage.php\',ID:\'k_tagmenu\',CMD:\'tagmenu\',number:' . $number . ',pid:' . ($pid + 1) . ',url:\'' . urlencode($url) . '\'}">' . kc_icon('d9') . '</a>'; } kc_ajax('', $s); }
/** 编辑文本 */ function king_ajax_edit() { global $king; $king->access('webftp_edit'); $path = kc_post('path'); $ext = kc_f_ext($path); switch ($ext) { case 'html': $code = 'html'; break; case 'htm': $code = 'html'; break; case 'shtml': $code = 'html'; break; case 'shtm': $code = 'html'; break; case 'css': $code = 'css'; break; case 'js': $code = 'js'; break; case 'php': $code = 'php'; break; case 'php3': $code = 'php'; break; case 'php4': $code = 'php'; break; case 'sql': $code = 'sql'; break; case 'xml': $code = 'xml'; break; default: $code = ''; } if (isset($_POST['webftpcontent'])) { //写文件 kc_f_put_contents($path, $_POST['webftpcontent'], 1); kc_ajax('OK', "<p class=\"k_ok\">" . $king->lang->get('system/ok/save') . "</p>"); } if (!kc_f_isfile($path)) { kc_error($king->lang->get('system/error/notfile')); } $content = kc_f_get_contents($path); $js = "editAreaLoader.init({\r\n\t\t\tid: \"webftpcontent\"\r\n\t\t\t,start_highlight: " . (strlen($content) > 10240 ? 'false' : 'true') . "\r\n\t\t\t,allow_resize: \"both\"\r\n\t\t\t,allow_toggle: false\r\n\t\t\t,word_wrap: true\r\n\t\t\t,language: \"en\"\r\n\t\t\t,syntax: \"php\"\r\n\t\t});"; $s = "<textarea id=\"webftpcontent\" name=\"webftpcontent\" rows=\"15\" cols=\"80\" style=\"width:870px;height:420px\">"; $s .= htmlspecialchars($content); $s .= "</textarea>"; $but = kc_htm_a($king->lang->get('system/common/save'), "{CMD:'edit',IS:1,path:'{$path}'}"); kc_ajax($king->lang->get('system/common/edit') . ' : ' . $path, $s, $but, $js, 900, 450); }
/** Tag自动完成 */ function king_ajax_tag() { global $king; $king->access('portal_content_edt'); $info = $king->portal->infoList(); $model = $king->portal->infoModel($info['modelid']); $ktitle = kc_post('ktitle'); $ktag = kc_post('ktag'); // kc_error($ktitle); if (isset($ktitle[0])) { //如果标题不为空,则读取关键字列表进行比较 /**/ if (isset($ktag[0])) { $js = 'alert(\'' . $king->lang->get('portal/tip/ktag') . '\');$.kc_close();'; kc_ajax('', null, 0, $js); } /**/ $key = $king->portal->getTag($ktitle, $ktag); // kc_error($key); if (isset($key[0])) { $js = '$(\'#ktag\').val(\'' . $key . '\');'; } else { $js = 'alert(\'' . $king->lang->get('portal/tip/nottag') . '\');'; } } else { $js = 'alert(\'' . $king->lang->get('portal/tip/ktitle') . '[' . addslashes($model['field']['text']['ktitle']) . ']\');'; } kc_ajax('', null, 0, $js . "\$.kc_close();"); }
/** 上移下移数据 @param string $_table 数据表名 @param int $id 索引ID的值 @param string $_where 条件 @param int $_order 排序,1为倒序,0为正序 @param string $_kidname 索引ID的字段名称 @param string $_norder 决定排序的字段名称 */ public function updown($_table, $id, $_where = null, $_order = 1, $_kidname = 'kid', $_norder = 'norder') { $_back = $_SERVER['HTTP_REFERER']; $_array1 = array('kid' => 0, 'norder' => 0); $_array2 = array('kid' => 0, 'norder' => 0); //@param int $_num 偏移量 $_num = kc_get('NUMBER', 2, 1); //@param string $_act [up|down]上移或下移 $_act = kc_post('UPDOWN') == 'up' ? 'up' : 'down'; if ($_order) { $_act == 'down' ? $order = 'desc' : ($order = 'asc'); } else { $_act == 'up' ? $order = 'desc' : ($order = 'asc'); } if ($_where != null) { $_where = ' where ' . $_where; } $_sql = "select {$_kidname},{$_norder} from {$_table} {$_where} order by {$_norder} {$order}"; $this->query($_sql); $this->getRows_number(); if ($_num == 0) { $_num = $this->Rows; } $_table = sprintf($_table, DB_PREFIX); for ($i = 0; $i < $this->Rows; $i++) { if (!mysql_data_seek($this->mQuery, $i)) { kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\''); } $res = mysql_fetch_array($this->mQuery); if ($id == $res[$_kidname]) { $_array1['kid'] = $res[$_kidname]; $_array2['kid'] = $res[$_norder]; for ($j = 1; $j <= $_num; $j++) { if ($i + $j < $this->Rows) { if (!mysql_data_seek($this->mQuery, $i + $j)) { kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\''); } $res = mysql_fetch_array($this->mQuery); $_array1['norder'] = $res[$_kidname]; $_array2['norder'] = $res[$_norder]; mysql_query("update {$_table} set {$_norder}={$_array2['norder']} where {$_kidname}={$_array1['kid']} limit 1;", $this->link); mysql_query("update {$_table} set {$_norder}={$_array2['kid']} where {$_kidname}={$_array1['norder']} limit 1;", $this->link); $_array2['kid'] = $_array2['norder']; } } kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\''); } } kc_ajax('', '', 0, 'parent.location=\'' . $_back . '\''); }
function king_ajax_comment() { global $king; $kid = kc_get('kid', 2, 1); $modelid = kc_get('modelid', 22, 1); $kcontent = kc_get('kcontent', 0, 1); $commenttime = kc_cookie("commenttime"); if ($commenttime < time() - 120) { //限制2分钟内只能发一次评论 setcookie("commenttime", time(), time() + 86400, '/'); } else { kc_error($king->lang->get('portal/tip/nocomment')); } if (kc_strlen($kcontent) > 10) { $kcontent = preg_replace('/<a ([^>]*)>|<\\/a>/is', '', $kcontent); //过滤链接 $kcontent = preg_replace('/<(table|tbody|thead|tr|td|th|caption) ?([^>]*)>|<\\/(table|tbody|thead|tr|td|th|caption)>/is', '', $kcontent); //过滤表格 $kcontent = preg_replace('/(<([^>]*))( style=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent); //过滤样式 $kcontent = preg_replace('/(<([^>]*))( id=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent); $kcontent = preg_replace('/(<([^>]*))( class=)(["\'])(.*?)\\4(([^>]*)\\/?>)/is', '$1 $6', $kcontent); } if (kc_strlen($kcontent) < 5) { kc_ajax($king->lang->get('system/title/tip'), $king->lang->get('portal/tip/nocontent')); return; } $model = $king->portal->infoModel($modelid); if ($res = $king->db->getRows_one("select ncomment from %s__{$model['modeltable']} where kid={$kid}")) { $ncomment = $res['ncomment'] + 1; $_array = array('ncomment' => $ncomment); $king->db->update('%s__' . $model['modeltable'], $_array, "kid={$kid}"); } else { kc_error($king->lang->get('portal/error/notq')); return; } $king->load('user'); if ($user = $king->user->checkLogin()) { //已登录 $username = $user['username']; unset($user); } else { //未登录 $username = ''; } $_array = array('kid' => $kid, 'modelid' => $modelid, 'kcontent' => $kcontent, 'username' => $username, 'nip' => kc_getip(), 'ndate' => time(), 'isshow' => 1); $king->db->insert("%s_comment", $_array); $xmlpath = $king->config('xmlpath', 'portal') . '/portal/' . $modelid . '/' . wordwrap($kid, 1, '/', 1) . '.xml'; kc_f_delete($xmlpath); $cachepath = 'portal/comment/' . $modelid . '/' . $kid; $king->cache->del($cachepath); $js = "\$('#k_comment').html({$ncomment});\$('#kcontent').html('');"; kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('portal/ok/submit') . '</p>', 0, $js); }
function king_ajax_delete_prod() { global $king; $listid = kc_get('listid', 2, 1); $kid = kc_get('kid', 2, 1); $cart = $_COOKIE['KingCMS_Cart'] ? unserialize($_COOKIE['KingCMS_Cart']) : array(); $cart = array_diff_key($cart, array($listid . '-' . $kid => '')); setcookie('KingCMS_Cart', serialize($cart), time() + 86400000, $king->config('inst')); $js = "\$.kc_ajax('{URL:\\'" . $king->config('inst') . "portal/cart.php\\',CMD:\\'buy\\',IS:1}')"; kc_ajax('', '', '', $js); }
function king_ajax_brow_upfile() { global $king; $king->access('#brow_upfile'); $is = ''; $jsfun = ''; $isopen = ''; $info = inc_brow(); extract($info); $isopen = kc_post('isopen', 2, 1); if ($isopen) { $s = "<tr id=\"brow_upfile\"><th>"; $s .= "<iframe src=\"../system/manage.php?action=iframe&CMD=upfile&id={$id}&path={$path}&filetype={$filetype}&is={$is}&jsfun={$jsfun}\" frameborder=\"no\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" style=\"width:360px;height:180px;\"></iframe>"; $s .= "</th></tr>"; $js = "\$('#brow_top').after('{$s}');"; $js .= "\$('#a_brow_upfile').attr('rel','" . addslashes("{{$verbs},CMD:'brow_upfile',isopen:0,path:'{$path}',IS:1,ID:'brow_top'}") . "')"; } else { $js = "\$('#brow_upfile').remove();"; $js .= "\$('#a_brow_upfile').attr('rel','" . addslashes("{{$verbs},CMD:'brow_upfile',isopen:1,path:'{$path}',IS:1,ID:'brow_top'}") . "')"; } kc_ajax('', '', '', $js); }
function king_ajax_incode() { global $king; $king->access('portal_model_dbin'); /* if($GLOBALS['ismethod']){//POST过程 $data=$_POST; } */ $fields = array('modelname', 'modeltable', 'incode'); $data = kc_data($fields); //模型名称 $_array = array(array('modelname', 0, 2, 50)); $s = $king->htmForm($king->lang->get('portal/label/newmodelname') . ' (2-50)', '<input class="k_in w200" type="text" id="modelname" name="modelname" value="' . htmlspecialchars($data['modelname']) . '" maxlength="50" />', $_array); //数据表名称 $_array = array(array('modeltable', 0, 1, 50), array('modeltable', 1), array('modeltable', 12, $king->lang->get('system/check/none'), $king->db->getRows_one("select modelid from %s_model where modeltable='" . $king->db->escape($data['modeltable']) . "';")), array('modeltable', 18, null, $king->portal->holdmodel)); $s .= $king->htmForm($king->lang->get('portal/label/newtable') . ' (1-50)', '<input class="k_in w200" type="text" id="modeltable" name="modeltable" value="' . htmlspecialchars($data['modeltable']) . '" maxlength="50" />', $_array); //数据表代码 if ($GLOBALS['ischeck']) { $_array = array(array('incode', 0, 10, 9999999), array('incode', 12, $king->lang->get('portal/check/incode'), !$king->portal->unModelCode($data['incode'], $data['modelname'], $data['modeltable']))); } else { $_array = array(); } $s .= $king->htmForm($king->lang->get('system/common/code'), '<textarea id="incode" name="incode" class="k_in w400" style="height:135px;font-size:10px;line-height:10px;">' . htmlspecialchars($data['incode']) . '</textarea>', $_array); $but = kc_htm_a($king->lang->get("system/common/save"), "{CMD:'incode'}"); if ($GLOBALS['ischeck']) { //如果以上几个都正确的话,就开始执行验证 $king->cache->del('portal/model'); $king->cache->rd('portal/model'); kc_ajax('OK', "<p class=\"k_ok\">" . $king->lang->get('system/ok/add') . "</p>", 1); } $height = 290 + $GLOBALS['check_num'] * 15; kc_ajax($king->lang->get('portal/list/dbin'), $s, $but, null, 435, $height); }
function king_ajax_repass() { global $king; //adminname $array = array(array('readminname', 0, 2, 12), array('readminname', 1)); $s = "<p class=\"k_htm\"><label>" . $king->lang->get('system/admin/name') . "</label><input class=\"k_in w150\" type=\"text\" value=\"" . kc_post('readminname') . "\" id=\"readminname\" name=\"readminname\"/>"; $s .= kc_check($array); $s .= "</p>"; //adminpass $array = array(array('readminpass', 0, 6, 30)); $s .= "<p class=\"k_htm\"><label>" . $king->lang->get('system/admin/pass') . "</label><input class=\"k_in w150\" type=\"text\" value=\"" . kc_post('readminpass') . "\" id=\"readminpass\" name=\"readminpass\"/>"; $s .= kc_check($array); $s .= "</p>"; //but $but = "<a href=\"javascript:;\" class=\"k_ajax\" rel=\"{CMD:'repass',IS:1}\">" . $king->lang->get('system/common/save') . "</a>"; if ($GLOBALS['ischeck']) { //POST过程或新添加的过程 if (!$king->db->getRows_one("SELECT * FROM %a_admin where adminname='" . kc_post('readminname') . "';")) { $king->db->insert('%a_admin', array('adminname' => kc_post('readminname'), 'adminpass' => md5(kc_post('readminpass')), 'adminlevel' => 'admin', 'adminlanguage' => 'zh-cn', 'admineditor' => 'fckeditor', 'admindate' => time(), 'adminlogin' => '../system/manage.php')); } else { $king->db->update('%a_admin', array("adminpass" => md5(kc_post('readminpass')), 'adminlevel' => 'admin'), "adminname='" . kc_post('readminname') . "'"); } kc_ajax('OK', '<p class="k_ok">' . $king->lang->get('system/ok/save') . '</p>'); } kc_ajax($king->lang->get('system/install/repwd'), $s, $but, null, 250, 120 + $GLOBALS['check_num'] * 15); }
/** 显示搜索表单 @param string $s 表单内容 @return string */ function kc_ajax_query($str) { $str = "<div id=\"k_search\">{$str}</div>"; $js = "\$('#k_form_list').prepend('{$str}');\$.kc_close();"; kc_ajax('', '', '', $js); }
function king_ajax_rewriterule() { global $king; $line = $king->config('rewriteline'); $end = $king->config('rewriteend'); $s = $king->htmForm($king->lang->get('portal/label/rule'), '<textarea class="k_in w450" rows="5">' . htmlspecialchars('<IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^(.*)(/(list|page)(' . preg_quote($line) . '[0-9]+)+' . preg_quote($end) . ')$ $1/index.php$2 RewriteRule ^(.*)(/tag' . preg_quote($line) . '.+?(' . preg_quote($line) . '[0-9]+)?' . preg_quote($end) . ')$ $1/index.php$2 </IfModule>') . '</textarea>'); $s .= '<p>' . $king->lang->get('portal/help/rule') . '</p>'; kc_ajax($king->lang->get('portal/title/rewriterule'), $s, 0, '', 480, 210); }