forked from besteee/mhFault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathzxcomment.php
172 lines (151 loc) · 5.63 KB
/
zxcomment.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
<?php
/**
* ECSHOP 提交用户咨询
* ============================================================================
* 版权所有 2005-2010 上海商派网络科技有限公司,并保留所有权利。
* 网站地址: http://www.ecshop.com;
* ----------------------------------------------------------------------------
* 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和
* 使用;不允许对程序代码以任何形式任何目的的再发布。
* ============================================================================
* $Author: liuhui $
* $Id: comment.php 17063 2010-03-25 06:35:46Z liuhui $
*/
define('IN_ECS', true);
require(dirname(__FILE__) . '/includes/init.php');
require(ROOT_PATH . 'includes/cls_json.php');
if (!isset($_REQUEST['cmt']) && !isset($_REQUEST['act']))
{
/* 只有在没有提交评论内容以及没有act的情况下才跳转 */
ecs_header("Location: ./\n");
exit;
}
$_REQUEST['cmt'] = isset($_REQUEST['cmt']) ? json_str_iconv($_REQUEST['cmt']) : '';
$json = new JSON;
$result = array('error' => 0, 'message' => '', 'content' => '');
if (empty($_REQUEST['act']))
{
/*
* act 参数为空
* 默认为添加评论内容
*/
$cmt = $json->decode($_REQUEST['cmt']);
$cmt->page = 1;
$cmt->id = !empty($cmt->id) ? intval($cmt->id) : 0;
$cmt->type = !empty($cmt->type) ? intval($cmt->type) : 0;
if (empty($cmt) || !isset($cmt->type) || !isset($cmt->id))
{
$result['error'] = 1;
$result['message'] = $_LANG['invalid_comments'];
}
else
{
if ((intval($_CFG['captcha']) & CAPTCHA_COMMENT) && gd_version() > 0)
{
/* 检查验证码 */
include_once('includes/cls_captcha.php');
$validator = new captcha();
if (!$validator->check_word($cmt->captcha))
{
$result['error'] = 1;
$result['message'] = $_LANG['invalid_captcha'];
}
else
{
$factor = intval($_CFG['comment_factor']);
/* 无错误就保存留言 */
if (empty($result['error']))
{
add_comment($cmt);
}
}
}
else
{
/* 没有验证码时,用时间来限制机器人发帖或恶意发评论 */
if (!isset($_SESSION['send_time']))
{
$_SESSION['send_time'] = 0;
}
$cur_time = gmtime();
if (($cur_time - $_SESSION['send_time']) < 30) // 小于30秒禁止发评论
{
$result['error'] = 1;
$result['message'] = '您至少要30秒后才能继续发表咨询';
}
else
{
$factor = intval($_CFG['comment_factor']);
/* 无错误就保存留言 */
if (empty($result['error']))
{
add_comment($cmt);
$_SESSION['send_time'] = $cur_time;
}
}
}
}
}
else
{
/*
* act 参数不为空
* 默认为评论内容列表
* 根据 _GET 创建一个静态对象
*/
$cmt = new stdClass();
$cmt->id = !empty($_GET['id']) ? intval($_GET['id']) : 0;
$cmt->type = !empty($_GET['type']) ? intval($_GET['type']) : 0;
$cmt->page = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1;
}
if ($result['error'] == 0)
{
$comments = assign_zxcomment($cmt->id, $cmt->type, $cmt->page);
$smarty->assign('comment_type', $cmt->type);
$smarty->assign('id', $cmt->id);
$smarty->assign('username', $_SESSION['user_name']);
//$smarty->assign('email', $_SESSION['email']);
$smarty->assign('comments', $comments['comments']);
$smarty->assign('pager', $comments['pager']);
/* 验证码相关设置 */
if ((intval($_CFG['captcha']) & CAPTCHA_COMMENT) && gd_version() > 0)
{
$smarty->assign('enabled_captcha', 1);
$smarty->assign('rand', mt_rand());
}
$result['message'] = $_CFG['comment_check'] ? '您的咨询已成功发表, 请等待管理员的审核!': '您的咨询已成功发表, 感谢您的参与!';
$result['content'] = $smarty->fetch("library/zxcomments_list.lbi");
}
echo $json->encode($result);
/*------------------------------------------------------ */
//-- PRIVATE FUNCTION
/*------------------------------------------------------ */
/**
* 添加评论内容
*
* @access public
* @param object $cmt
* @return void
*/
function add_comment($cmt)
{
/* 评论是否需要审核 */
$status = 1 - $GLOBALS['_CFG']['comment_check'];
$user_id = empty($_SESSION['user_id']) ? 0 : $_SESSION['user_id'];
//$email = empty($cmt->email) ? $_SESSION['email'] : trim($cmt->email);
$user_name = empty($cmt->username) ? $_SESSION['user_name'] : trim($cmt->username);
//$email = htmlspecialchars($email);
$user_name = htmlspecialchars($user_name);
/* 保存评论内容 */
$sql = "INSERT INTO " .$GLOBALS['ecs']->table('zxcomment') .
"(comment_type, id_value, user_name, content, comment_rank, add_time, ip_address, status, parent_id, user_id) VALUES " .
"('" .$cmt->type. "', '" .$cmt->id. "', '$user_name', '" .$cmt->content."', '".$cmt->rank."', ".gmtime().", '".real_ip()."', '$status', '0', '$user_id')";
$result = $GLOBALS['db']->query($sql);
clear_cache_files('zxcomments_list.lbi');
/*if ($status > 0)
{
add_feed($GLOBALS['db']->insert_id(), COMMENT_GOODS);
}*/
return $result;
}
?>