DedeBIZ
/
DedeV6
關注 2
收藏 0
複製 0
程式碼 合併請求 0 版本發佈 29 活動
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
464 提交
3 分支
322MB
目錄樹: 8126787571
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '8126787571'
${ noResults }
DedeV6/public/plus/feedback.php

287 line
9.1KB
原始文件 Blame 歷史記錄 

  1. <?php

  2. /**

  3.  *

  4.  * 评论

  5.  *

  6.  * @version        $Id: feedback.php$

  7.  * @package        DedeBIZ.Site

  8.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. require_once(dirname(__FILE__)."/../../system/common.inc.php");

  13. 

  14. if ($cfg_feedback_forbid == 'Y') {

  15.     echo json_encode(array(

  16.         "code" => -1,

  17.         "msg" => "系统已经禁止评论功能",

  18.         "data" => null,

  19.     ));

  20.     exit();

  21. }

  22. 

  23. require_once(DEDEINC."/filter.inc.php");

  24. if (!isset($action)) {

  25.     $action = '';

  26. }

  27. 

  28. $msg = isset($msg) ? $msg : "";

  29. $feedbacktype = isset($feedbacktype) ? $feedbacktype : "";

  30. $validate = isset($validate) ? $validate : "";

  31. $pwd = isset($pwd) ? $pwd : "";

  32. $comtype = isset($comtype) ? $comtype : "";

  33. $good = isset($good) ? intval($good) : 0;

  34. 

  35. $cfg_formmember = isset($cfg_formmember) ? true : false;

  36. $ischeck = $cfg_feedbackcheck == 'Y' ? 0 : 1;

  37. $aid = isset($aid) ? intval($aid) : 0;

  38. $fid = isset($fid) ? intval($fid) : 0; //用来标记回复评论的变量

  39. 

  40. if (empty($aid) && empty($fid)) {

  41.     echo json_encode(array(

  42.         "code" => -1,

  43.         "msg" => "文档ID不能为空",

  44.         "data" => null,

  45.     ));

  46.     exit();

  47. }

  48. 

  49. include_once(DEDEINC."/memberlogin.class.php");

  50. $cfg_ml = new MemberLogin();

  51. 

  52. 

  53. //查看评论

  54. /*

  55. function __ViewFeedback(){ }

  56. */

  57. //-----------------------------------

  58. if ($action == '' || $action == 'show') {

  59.     //读取文档信息

  60.     $arcRow = GetOneArchive($aid);

  61.     if (empty($arcRow['aid'])) {

  62.         echo json_encode(array(

  63.             "code" => -1,

  64.             "msg" => "无法查看未知文档的评论",

  65.             "data" => null,

  66.         ));

  67.         exit();

  68.     }

  69. 

  70.     $where_sql = "WHERE 1=1";

  71.     if (!empty($fid)) {

  72.         $where_sql .= " AND fb.fid={$fid}";

  73.     }

  74.     if (!empty($aid)) {

  75.         $where_sql .= " AND fb.aid={$aid}";

  76.     }

  77. 

  78.     //调用20条热评

  79.     $querystring = "SELECT fb.*,mb.userid,mb.face as mface,mb.spacesta,mb.scores,mb.sex FROM `#@__feedback` fb

  80.     LEFT JOIN `#@__member` mb on mb.mid = fb.mid $where_sql AND fb.ischeck='1' ORDER BY fb.good DESC";

  81. 

  82.     $dsql->Execute('fb', $querystring." LIMIT 20 ");

  83. 

  84.     $data = array();

  85. 

  86.     while ($row = $dsql->GetArray('fb')) {

  87.         $row['face'] = empty($row['mface']) ? $GLOBALS['cfg_cmspath'].'/static/img/avatar.png' : $row['mface'];

  88.         $row['dtimestr'] = MyDate('Y-m-d', $row['dtime']);

  89.         unset($row['ip']);

  90.         $data[] = $row;

  91.     }

  92. 

  93.     echo json_encode(array(

  94.         "code" => 200,

  95.         "msg" => "",

  96.         "data" => $data,

  97.     ));

  98.     exit;

  99. }

  100. //发表评论

  101. //------------------------------------

  102. /*

  103. function __SendFeedback(){ }

  104. */

  105. else if ($action == 'send') {

  106.     //读取文档信息

  107.     $arcRow = GetOneArchive($aid);

  108.     if ((empty($arcRow['aid']) || $arcRow['notpost'] == '1') && empty($fid)) {

  109.         echo json_encode(array(

  110.             "code" => -1,

  111.             "msg" => "无法对该文档发表评论",

  112.             "data" => null,

  113.         ));

  114.         exit();

  115.     }

  116. 

  117.     //如果没有登录,则需要检查验证码

  118.     if (!$cfg_ml->IsLogin()) {

  119.         if ($feedbacktype === 'good') {

  120. 

  121.             //未登录点good不进行数据库记录

  122.             echo json_encode(array(

  123.                 "code" => 200,

  124.                 "msg" => "",

  125.                 "data" => $good + 1,

  126.             ));

  127.             exit();

  128.         }

  129.         $svali = GetCkVdValue();

  130.         if (strtolower($validate) != $svali || $svali == '') {

  131.             //ResetVdValue();

  132.             echo json_encode(array(

  133.                 "code" => -1,

  134.                 "msg" => "验证码错误",

  135.                 "data" => null,

  136.             ));

  137.             exit();

  138.         }

  139.     }

  140. 

  141. 

  142.     //检查用户登录

  143.     if (empty($notuser)) {

  144.         $notuser = 0;

  145.     }

  146. 

  147.     if ($cfg_feedback_guest == 'N' && $cfg_ml->M_ID < 1) {

  148.         echo json_encode(array(

  149.             "code" => -1,

  150.             "msg" => "管理员禁用了游客评论",

  151.             "data" => null,

  152.         ));

  153.         exit();

  154.     }

  155. 

  156.     //匿名发表评论

  157.     if ($notuser == 1) {

  158.         $username = $cfg_ml->M_ID > 0 ? '匿名' : '游客';

  159.     }

  160. 

  161.     //已登录的用户

  162.     else if ($cfg_ml->M_ID > 0) {

  163.         $username = $cfg_ml->M_UserName;

  164.     }

  165. 

  166.     //用户身份验证

  167.     else {

  168.         if ($username != '' && $pwd != '') {

  169.             $rs = $cfg_ml->CheckUser($username, $pwd);

  170.             if ($rs == 1) {

  171.                 $dsql->ExecuteNoneQuery("UPDATE `#@__member` SET logintime='".time()."',loginip='".GetIP()."' WHERE mid='{$cfg_ml->M_ID}'; ");

  172.             } else {

  173.                 $username = '游客';

  174.             }

  175.         } else {

  176.             $username = '游客';

  177.         }

  178.     }

  179.     $ip = GetIP();

  180.     $dtime = time();

  181. 

  182.     //检查评论间隔时间;

  183.     if (!empty($cfg_feedback_time)) {

  184.         //检查最后发表评论时间,如果未登录判断当前IP最后评论时间

  185.         if ($cfg_ml->M_ID > 0) {

  186.             $where = "WHERE `mid` = '$cfg_ml->M_ID'";

  187.         } else {

  188.             $where = "WHERE `ip` = '$ip'";

  189.         }

  190.         $row = $dsql->GetOne("SELECT dtime FROM `#@__feedback` $where ORDER BY `id` DESC ");

  191.         if (is_array($row) && $dtime - $row['dtime'] < $cfg_feedback_time) {

  192.             ResetVdValue();

  193.             echo json_encode(array(

  194.                 "code" => -1,

  195.                 "msg" => "管理员设置了评论间隔时间,请稍等休息一下",

  196.                 "data" => null,

  197.             ));

  198.             exit();

  199.         }

  200.     }

  201. 

  202.     if (empty($face)) {

  203.         $face = 0;

  204.     }

  205.     $face = intval($face);

  206.     $typeid = (isset($typeid) && is_numeric($typeid)) ? intval($typeid) : 0;

  207.     extract($arcRow, EXTR_SKIP);

  208.     $msg = cn_substrR(TrimMsg($msg), $cfg_feedback_msglen);

  209.     $username = cn_substrR(HtmlReplace($username, 2), 20);

  210. 

  211.     if (empty($feedbacktype) || !in_array($feedbacktype, array('good', 'bad'))) {

  212.         $feedbacktype = 'feedback';

  213.     }

  214. 

  215.     //保存评论内容

  216.     if ($comtype == 'comments' || $comtype == 'reply') {

  217.         $arctitle = empty($title) ? "" : addslashes($title);

  218.         $typeid = intval($typeid);

  219.         $ischeck = intval($ischeck);

  220.         $feedbacktype = preg_replace("#[^0-9a-z]#i", "", $feedbacktype);

  221.         if ($msg != '') {

  222.             $inquery = "INSERT INTO `#@__feedback`(`aid`,`typeid`,`fid`, `username`,`arctitle`,`ip`,`ischeck`,`dtime`, `mid`,`bad`,`good`,`ftype`,`face`,`msg`)

  223.                    VALUES ('$aid','$typeid','$fid','$username','$arctitle','$ip','$ischeck','$dtime', '{$cfg_ml->M_ID}','0','0','$feedbacktype','$face','$msg'); ";

  224.             $rs = $dsql->ExecuteNoneQuery($inquery);

  225.             if (!$rs) {

  226.                 echo json_encode(array(

  227.                     "code" => -1,

  228.                     "msg" => "发表评论错误",

  229.                     "data" => null,

  230.                 ));

  231.                 //echo $dsql->GetError();

  232.                 exit();

  233.             }

  234.         }

  235.     }

  236. 

  237.     if ($feedbacktype == 'bad') {

  238.         $dsql->ExecuteNoneQuery("UPDATE `#@__archives` SET scores=scores-{cfg_feedback_sub},badpost=badpost+1,lastpost='$dtime' WHERE id='$aid' ");

  239.     } else if ($feedbacktype == 'good') {

  240.         $row = $dsql->GetOne("SELECT COUNT(*) as dd FROM `#@__feedback_goodbad` WHERE fid={$fid} AND mid={$cfg_ml->M_ID} AND fgtype=0");

  241. 

  242.         if (intval($row['dd']) <= 0) {

  243.             $dsql->ExecuteNoneQuery("INSERT INTO `#@__feedback_goodbad` (`mid`, `fid`, `fgtype`) VALUES ('$cfg_ml->M_ID', '$fid', '0');");

  244.             $dsql->ExecuteNoneQuery("UPDATE `#@__archives` SET scores=scores+{$cfg_feedback_add},goodpost=goodpost+1,lastpost='$dtime' WHERE id='$aid' ");

  245.         } else {

  246.             $dsql->ExecuteNoneQuery("DELETE FROM `#@__feedback_goodbad` WHERE mid='{$cfg_ml->M_ID}' AND fid={$fid} AND fgtype=0");

  247.             $dsql->ExecuteNoneQuery("UPDATE `#@__archives` SET scores=scores-{$cfg_feedback_add},goodpost=goodpost-1,lastpost='$dtime' WHERE id='$aid' ");

  248.         }

  249. 

  250.         $rr = $dsql->GetOne("SELECT COUNT(*) as dd FROM `#@__feedback_goodbad` WHERE fid={$fid}");

  251.         $dsql->ExecuteNoneQuery("UPDATE `#@__feedback` SET good='{$rr['dd']}' WHERE id={$fid}");

  252.         echo json_encode(array(

  253.             "code" => 200,

  254.             "msg" => "",

  255.             "data" => $rr['dd'],

  256.         ));

  257.         exit;

  258.     } else {

  259.         $dsql->ExecuteNoneQuery("UPDATE `#@__archives` SET scores=scores+1,lastpost='$dtime' WHERE id='$aid' ");

  260.     }

  261.     if ($cfg_ml->M_ID > 0) {

  262.         $dsql->ExecuteNoneQuery("UPDATE `#@__member` SET scores=scores+{$cfg_sendfb_scores} WHERE mid='{$cfg_ml->M_ID}' ");

  263.     }

  264.     //统计用户发出的评论

  265.     if ($cfg_ml->M_ID > 0) {

  266.         $row = $dsql->GetOne("SELECT COUNT(*) AS nums FROM `#@__feedback` WHERE `mid`='".$cfg_ml->M_ID."'");

  267.         $dsql->ExecuteNoneQuery("UPDATE `#@__member_tj` SET `feedback`='$row[nums]' WHERE `mid`='".$cfg_ml->M_ID."'");

  268.     }

  269. 

  270.     $_SESSION['sedtime'] = time();

  271.     if (empty($uid) && isset($cmtuser)) $uid = $cmtuser;

  272.     if ($ischeck == 0) {

  273.         echo json_encode(array(

  274.             "code" => 200,

  275.             "msg" => "成功发表评论,但需审核后才会显示您的评论",

  276.             "data" => "ok",

  277.         ));

  278.     } else {

  279.         echo json_encode(array(

  280.             "code" => 200,

  281.             "msg" => "成功发表评论,现在转到评论页面",

  282.             "data" => "ok",

  283.         ));

  284.     }

  285.     exit();

  286. }