diff --git a/application/default/controllers/DataController.php b/application/default/controllers/DataController.php index da47bf51..e5134e4e 100755 --- a/application/default/controllers/DataController.php +++ b/application/default/controllers/DataController.php @@ -607,63 +607,98 @@ class DataController extends Zend_Controller_Action //数据附件 $sql = $this->db->quoteInto("select m.id,a.realname from mdattach m left join attachments a on m.id=a.id where m.uuid=?",$uuid); $this->view->attachments = $this->db->fetchAll($sql); - //数据评论 - $sql="select * from comments where uuid=? order by id desc"; - $this->view->comments=$this->db->fetchAll($sql,array($uuid)); - $user=Zend_Auth::getInstance()->getIdentity(); - $commentForm=new CommentForm(); - $formdata['uuid']=$uuid; - $formdata['uid']=0;//用户ID,默认为0,即未登录用户 - $this->view->addHelperPath('helper','Zend_View_Helper_'); - if ($this->_request->isPost()) { - include_once("bcspamblock.php"); - $formdata=$this->_request->getPost(); - if (bcspamblock_verify() && $commentForm->isValid($formdata)) { - $sql="insert into comments (userid,uuid,author,email,url,ip,content,agent,type) values(?,?,?,?,?,?,?,?,?)"; - $agent=$this->_request->getHeader('User-Agent'); - $ip=$this->_request->getServer('REMOTE_ADDR'); - $type='comment'; - $stripper = new Zend_Filter_StripTags('strong');//剔除特殊字符HTML - $content=$stripper->filter($formdata['content']); - $author=$stripper->filter($formdata['author']); - $this->db->query($sql,array($formdata['uid'],$formdata['uuid'],$author,$formdata['email'],$formdata['url'],$ip,$content,$agent,$type)); - $patt = array(); - $patt['user'] = $author; - $patt['uuid'] = $formdata['uuid']; - $patt['title']= $this->view->metadata->title; - $patt['content']= $content; - - $title = "收到新数据评论"; - $msg = "用户".$user->username."对元数据《".$patt['title']."》进行了评论,点击查看"; - include_once("message.php"); - message::post($this->db,0,-1,$title,$msg); - - $mailtp=new EmailText($this->db,"data-comment-note",$patt); - $mail=new WestdcMailer($this->view->config->smtp); - $mail->setBodyText($mailtp->getBody()); - $mail->setFrom($this->view->config->service->email,'西部数据中心服务组'); - $mail->addTo($this->view->config->service->email); - $mail->setSubject($mailtp->getSubject()); - $mail->send(); - $formdata['content']=''; - } - } elseif ($user) { - $formdata['uid']=$user->id; - $formdata['author']=$user->username; - $formdata['email']=$user->email; - } - $commentForm->populate($formdata); - $this->view->commentForm=$commentForm; + //自动跳转 $sql="select s.* from datasource d left join source s on d.sourceid=s.id where d.uuid=?"; $row=$this->db->fetchRow($this->db->quoteInto($sql,$uuid)); $jump=(int)$this->_request->getParam('jump'); if (empty($jump)) $jump=1;//默认跳转 if (@$row->has_pages && ($jump!=0)) - { + { $this->_helper->viewRenderer($row->code.'/view',null,true); } } + + function replace($string){ + $patterns = array("/\"/i","/\'/i"); + $replacements = array("“","‘"); + ksort($patterns); + ksort($replacements); + return preg_replace($patterns, $replacements, $string); + } + + function postcommentAction(){ + $this->_helper->layout->disableLayout(); + $this->_helper->viewRenderer->setNoRender(); + try{ + $auth = Zend_Auth::getInstance(); + if($auth->hasIdentity()) + { + $user = $auth->getIdentity(); + $userid = $user->id; + }else + { + $userid=0; + } + + $author = mb_substr($this->replace(trim($this->_request->getParam('author'))),0,30,'UTF-8'); + $email = mb_substr($this->replace(trim($this->_request->getParam('email'))),0,60,'UTF-8'); + $url = mb_substr($this->replace(trim($this->_request->getParam('url'))),0,60,'UTF-8'); + $content = $this->replace(trim($this->_request->getParam('content'))); + + if(strlen($author)<3) exit("姓名长度不得少于2个汉字 :)"); + + if(strlen($email)<4) exit("Email长度太短,请填写正确的Email :)"); + + if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email)) + { + echo "Email格式不正确"; + exit(); + } + + if(strlen($content)<5) exit("评论长度不得少于3个汉字 :)"); + + $uuid = trim($this->_request->getParam('uuid')); + + if(!preg_match("/^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$/",$uuid)) + { + echo "参数错误"; + exit(); + } + + $data = array( + 'uuid' => $uuid, + 'uid' => $userid, + 'author' => $author, + 'email' => $email, + 'url' => $url, + 'ip' => $_SERVER['REMOTE_ADDR'], + 'content' => $content, + 'agent' => $_SERVER['HTTP_USER_AGENT'], + 'type' => 'comment' + ); + + $sql = "INSERT INTO comments (author,email,url,ip,content,agent,type,uuid,userid) VALUES (?,?,?,?,?,?,?,?,?)"; + $sth = $this->db->prepare($sql); + $exec = $sth->execute(array($data['author'],$data['email'],$data['url'],$data['ip'],$data['content'],$data['agent'],$data['type'],$data['uuid'],$data['uid'])); + + if($exec) + { + $msg = "用户".$user->username."对元数据《".$this->replace(trim($this->_request->getParam('mdtitle')))."》进行了评论,点击查看"; + include_once("message.php"); + message::post($this->db,0,-1,"收到新数据评论",$msg); + echo "评论成功"; + exit(); + }else + { + echo "评论失败,请重试 :)"; + exit(); + } + }catch(Exception $e){ + echo "出错了,请稍后再试"; + exit(); + } + } /* * 数据评论,根据UUID读取 */ diff --git a/application/default/views/scripts/data/view.phtml b/application/default/views/scripts/data/view.phtml index a0d31b9d..79d04ef9 100755 --- a/application/default/views/scripts/data/view.phtml +++ b/application/default/views/scripts/data/view.phtml @@ -146,7 +146,7 @@ endforeach; -
+

@@ -257,7 +257,31 @@ echo '';

评论加载中
-commentForm; ?> +
+

+ + +

+

+ + +

+

+ + +

+

+ + +

+

+ + + + 提交 +

+
+
@@ -275,23 +299,23 @@ echo '';