diff --git a/application/default/controllers/DataController.php b/application/default/controllers/DataController.php index 7c87e611..6ef60ee1 100755 --- a/application/default/controllers/DataController.php +++ b/application/default/controllers/DataController.php @@ -609,9 +609,9 @@ class DataController extends Zend_Controller_Action $sql="select distinct(md.uuid),md.title from keyword kw left join normalmetadata md on kw.id=md.id where kw.keyword in (select k.keyword from keyword k left join metadata m on k.id=m.id where m.id=? and k.keytype='theme') and kw.id<>? limit 10"; $this->view->related=$this->db->fetchAll($sql,array($id,$id)); //用户下载记录 - $sql = "select o.ts_created,m.uuid,u.realname,u.unit,oa.project as onlineproject, fa.project as offlineproject - from dataorder as o left join metadata as m on o.uuid = m.uuid left join users as u on o.userid=u.id - left join onlineapp oa on o.onlineappid=oa.id left join offlineapp fa on o.offlineappid=fa.id + $sql = "select o.ts_created,m.uuid,u.realname,u.unit,oa.project as onlineproject, fa.project as offlineproject + from dataorder as o left join metadata as m on o.uuid = m.uuid left join users as u on o.userid=u.id + left join onlineapp oa on o.onlineappid=oa.id left join offlineapp fa on o.offlineappid=fa.id where m.uuid = '$uuid' and (o.status=0 or o.status=5) and u.realname IS NOT NULL order by o.ts_created desc limit 10"; $this->view->downhistory=$this->db->fetchAll($sql); //数据附件 @@ -655,9 +655,22 @@ class DataController extends Zend_Controller_Action $email = mb_substr($this->replace(trim($this->_request->getParam('email'))),0,60,'UTF-8'); $url = mb_substr($this->replace(trim($this->_request->getParam('url'))),0,60,'UTF-8'); $content = $this->replace(trim($this->_request->getParam('content'))); + $vdcode = mb_substr($this->replace(trim($this->_request->getParam('vdcode'))),0,4,'UTF-8'); + + if(empty($author)) + { + echo "请输入您的名字"; + exit(); + } if(strlen($author)<3) exit("姓名长度不得少于2个汉字 :)"); + if(empty($email)) + { + echo "请输入您的电子邮箱地址"; + exit(); + } + if(strlen($email)<4) exit("Email长度太短,请填写正确的Email :)"); if(!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i",$email)) @@ -665,11 +678,6 @@ class DataController extends Zend_Controller_Action echo "Email格式不正确"; exit(); } - - if(preg_match("/script/i",$url)) - { - $url = preg_replace("/script/i","script",$url); - } if(strlen($content)<5) exit("评论长度不得少于3个汉字 :)"); @@ -678,14 +686,54 @@ class DataController extends Zend_Controller_Action $content = preg_replace("/script/i","script",$content); } + if(preg_match("/<|>/",$content)) + { + $data=array( + '<'=>'<', + '>'=>'>', + ); + + $patterns = array(); + $replacements = array(); + foreach($data as $k=>$v) + { + $patterns[]='/'.$k.'/i'; + $replacements[]=$v; + } + ksort($patterns); + ksort($replacements); + $content=preg_replace($patterns, $replacements, $content); + if(!empty($url)) + { + $url=preg_replace($patterns, $replacements, $url); + } + } + + if(preg_match("/script/i",$url)) + { + $url = preg_replace("/script/i","script",$url); + } + + if(!preg_match("/http:\/\//",$url)) + { + $url = "http://".$url; + } + $uuid = trim($this->_request->getParam('uuid')); if(!preg_match("/^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$/",$uuid)) { - echo "参数错误"; + echo "参数错误!"; exit(); } + if(strtolower($vdcode) != $_SESSION['vdcodes']) + { + echo "验证码错误,请重新输入"; + exit(); + } + + $data = array( 'uuid' => $uuid, 'uid' => $userid, @@ -707,7 +755,7 @@ class DataController extends Zend_Controller_Action $msg = "用户".$user->username."对元数据《".$this->replace(trim($this->_request->getParam('mdtitle')))."》进行了评论,点击查看"; include_once("message.php"); message::post($this->db,0,-1,"收到新数据评论",$msg); - echo "评论成功"; + echo "评论成功"; exit(); }else { @@ -1082,9 +1130,9 @@ class DataController extends Zend_Controller_Action $r=$this->db->fetchRow($this->db->quoteInto($sql,$userid)); //保证添加的离线数据申请未申请 $sql="select count(*) as datacount from dataorder where (ts_approved is null) and userid='$userid' and uuid=? and status in (1,2,3,4)"; - $r1=$this->db->fetchRow($this->db->quoteInto($sql,$uuid)); - //保证添加的离线数据是正式发布的数据 - $sql="select count(*) as mdcount from normalmetadata where uuid=?"; + $r1=$this->db->fetchRow($this->db->quoteInto($sql,$uuid)); + //保证添加的离线数据是正式发布的数据 + $sql="select count(*) as mdcount from normalmetadata where uuid=?"; $r2=$this->db->fetchRow($this->db->quoteInto($sql,$uuid)); if ($r['datacount']<$this->view->config->download->max && $r1['datacount']<1 && $r2['mdcount']>0) { $sql="insert into dataorder (uuid,ts_created,userid,status) values(?,now(),?,?)"; @@ -1094,8 +1142,8 @@ class DataController extends Zend_Controller_Action $this->view->md=$this->db->fetchRow($sql); } else { if ($r1['datacount']>=1) - $this->view->msg="错误:您申请的数据已经在数据蓝中!"; - elseif ($r2['mdcount']==0) + $this->view->msg="错误:您申请的数据已经在数据蓝中!"; + elseif ($r2['mdcount']==0) $this->view->msg="错误:您申请的数据不存在。"; else $this->view->msg="错误:您正在进行的离线申请的数据数已经超过系统允许的最大值,请在完成本次离线申请后再进行操作!"; diff --git a/application/default/controllers/ServiceController.php b/application/default/controllers/ServiceController.php index 4dce02eb..e9b40c38 100644 --- a/application/default/controllers/ServiceController.php +++ b/application/default/controllers/ServiceController.php @@ -1212,4 +1212,16 @@ class ServiceController extends Zend_Controller_Action echo ''; echo $pagnation; }//文档页面相关数据 + + /* + 输出验证码 + */ + public function imgcodeAction() + { + $this->_helper->layout->disableLayout(); + $this->_helper->viewRenderer->setNoRender(); + include_once('ImgCode.php'); + $imagecode=new Custom_Controller_Plugin_ImgCode(); + $imagecode->image2(); + } } diff --git a/application/default/views/scripts/data/view.phtml b/application/default/views/scripts/data/view.phtml index e93d005f..d7189e56 100755 --- a/application/default/views/scripts/data/view.phtml +++ b/application/default/views/scripts/data/view.phtml @@ -304,6 +304,10 @@ if($auth->hasIdentity())

+ + +

+

@@ -369,7 +373,7 @@ function todownload(ft) function ajaxpage(page){$.ajax({type:"GET",url:"/data/comment/uuid/uuid; ?>",data:'page='+page,success:function(html){$('#allcomments').html(html);}, beforeSend:function(){$('#allcomments').html('加载中');}});};ajaxpage(0); function postcomment(){ $.ajax({'type':"POST",'url':"/data/postcomment",'data':$('#postcommentform').serialize(), -'success':function(html){$('#postcomment').html('提交');setTimeout("$('#postcomment').removeAttr('disabled');",3000); $('#returninfo').html(html);ajaxpage(0);}, +'success':function(html){$('#postcomment').html('提交');setTimeout("$('#postcomment').removeAttr('disabled');",3000);$('#returninfo').html(html);}, 'beforeSend':function(){$('#postcomment').attr('disabled','disabled');$('#postcomment').html('正在提交...'); }});} $('#literature_t').click(function(){literature(1);}); diff --git a/application/default/views/scripts/heihe/view.phtml b/application/default/views/scripts/heihe/view.phtml index 5452f9c2..9e1de4c0 100755 --- a/application/default/views/scripts/heihe/view.phtml +++ b/application/default/views/scripts/heihe/view.phtml @@ -310,6 +310,10 @@ if($auth->hasIdentity())

+ + +

+

@@ -371,7 +375,7 @@ function todownload(ft) function ajaxpage(page){$.ajax({type:"GET",url:"/data/comment/uuid/uuid; ?>",data:'page='+page,success:function(html){$('#allcomments').html(html);}, beforeSend:function(){$('#allcomments').html('加载中');}});};ajaxpage(0); function postcomment(){ $.ajax({'type':"POST",'url':"/data/postcomment",'data':$('#postcommentform').serialize(), -'success':function(html){$('#postcomment').html('提交');setTimeout("$('#postcomment').removeAttr('disabled');",3000); $('#returninfo').html(html);ajaxpage(0);}, +'success':function(html){$('#postcomment').html('提交');setTimeout("$('#postcomment').removeAttr('disabled');",3000);$('#returninfo').html(html);}, 'beforeSend':function(){$('#postcomment').attr('disabled','disabled');$('#postcomment').html('正在提交...'); }});} $('#literature_t').click(function(){literature(1);}); diff --git a/application/default/views/scripts/water/view.phtml b/application/default/views/scripts/water/view.phtml index 6f1abb55..ba6ce5cf 100755 --- a/application/default/views/scripts/water/view.phtml +++ b/application/default/views/scripts/water/view.phtml @@ -300,6 +300,10 @@ if($auth->hasIdentity())

+ + +

+

@@ -335,7 +339,7 @@ $(document).ready(function(){$(".colorbox").colorbox({photo:"true"});}); function ajaxpage(page){$.ajax({type:"GET",url:"/data/comment/uuid/uuid; ?>",data:'page='+page,success:function(html){$('#allcomments').html(html);}, beforeSend:function(){$('#allcomments').html('加载中');}});};ajaxpage(0); function postcomment(){ $.ajax({'type':"POST",'url':"/data/postcomment",'data':$('#postcommentform').serialize(), -'success':function(html){$('#postcomment').html('提交');setTimeout("$('#postcomment').removeAttr('disabled');",3000); $('#returninfo').html(html);ajaxpage(0);}, +'success':function(html){$('#postcomment').html('提交');setTimeout("$('#postcomment').removeAttr('disabled');",3000);$('#returninfo').html(html);}, 'beforeSend':function(){$('#postcomment').attr('disabled','disabled');$('#postcomment').html('正在提交...'); }});} $('#literature_t').click(function(){literature(1);}); diff --git a/application/models/ImgCode.php b/application/models/ImgCode.php new file mode 100644 index 00000000..67bb7a77 --- /dev/null +++ b/application/models/ImgCode.php @@ -0,0 +1,176 @@ +rand_string($length,$mode);//生成随机数 + + + //$authCode = new Zend_Session_Namespace('Auth_Code'); + //$authCode->imagecode = $randval;//生成session + + $_SESSION['vdcodes'] = strtolower($randval); + + $width = ($length*9+10)>$width?$length*9+10:$width; + if ( $type!='gif' && function_exists('imagecreatetruecolor')) { + $im = @imagecreatetruecolor($width,$height); + }else { + $im = @imagecreate($width,$height); + } + $r = Array(225,255,255,223); + $g = Array(225,236,237,255); + $b = Array(225,236,166,125); + $key = mt_rand(0,3); + + $backColor = imagecolorallocate($im, $r[$key],$g[$key],$b[$key]); //背景色(随机) + $borderColor = imagecolorallocate($im, 100, 100, 100); //边框色 + $pointColor = imagecolorallocate($im,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255)); //点颜色 + + @imagefilledrectangle($im, 0, 0, $width - 1, $height - 1, $backColor); + @imagerectangle($im, 0, 0, $width-1, $height-1, $borderColor); + $stringColor = imagecolorallocate($im,mt_rand(0,200),mt_rand(0,120),mt_rand(0,120)); + // 干扰 + for($i=0;$i<10;$i++){ + $fontcolor=imagecolorallocate($im,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255)); + imagearc($im,mt_rand(-10,$width),mt_rand(-10,$height),mt_rand(30,300),mt_rand(20,200),55,44,$fontcolor); + } + for($i=0;$i<25;$i++){ + $fontcolor=imagecolorallocate($im,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255)); + imagesetpixel($im,mt_rand(0,$width),mt_rand(0,$height),$pointColor); + } + + @imagestring($im, 5, 5, 3, $randval, $stringColor); + $this->output($im,$type); + } + + // 更复杂的验证码 + function image3($length=4,$type='png',$width=50,$height=60,$fontface='fpnf.ttf',$verifyName='verify') { + $code = $this->rand_string($length,4); + $width = ($length*25)>$width?$length*25:$width; + $authCode = new Zend_Session_Namespace('Auth_Code'); + $authCode->imagecode = $randval; + + $im=imagecreatetruecolor($width,$height); + $borderColor = imagecolorallocate($im, 100, 100, 100); //边框色 + $bkcolor=imagecolorallocate($im,250,250,250); + imagefill($im,0,0,$bkcolor); + @imagerectangle($im, 0, 0, $width-1, $height-1, $borderColor); + // 干扰 + for($i=0;$i<15;$i++){ + $fontcolor=imagecolorallocate($im,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255)); + imagearc($im,mt_rand(-10,$width),mt_rand(-10,$height),mt_rand(30,300),mt_rand(20,200),55,44,$fontcolor); + } + for($i=0;$i<255;$i++){ + $fontcolor=imagecolorallocate($im,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255)); + imagesetpixel($im,mt_rand(0,$width),mt_rand(0,$height),$fontcolor); + } + if(!is_file($fontface)) { + $fontface = dirname(__FILE__)."/".$fontface; + } + for($i=0;$i<$length;$i++){ + $fontcolor=imagecolorallocate($im,mt_rand(0,120),mt_rand(0,120),mt_rand(0,120)); //这样保证随机出来的颜色较深。 + $codex= substr($code,$i,1); + imagettftext($im,mt_rand(16,20),mt_rand(-60,60),40*$i+20,mt_rand(30,35),$fontcolor,$fontface,$codex); + } + $this->output($im,$type); + } + + function output($im,$type='png') + { + header("Content-type: image/".$type); + $ImageFun='Image'.$type; + $ImageFun($im); + imagedestroy($im); + } + + /** + +---------------------------------------------------------- + * 产生随机字串,可用来自动生成密码 默认长度6位 字母和数字混合 + +---------------------------------------------------------- + * @param string $len 长度 + * @param string $type 字串类型 + * 0 字母 1 数字 其它 混合 + * @param string $addChars 额外字符 + +---------------------------------------------------------- + * @return string + +---------------------------------------------------------- + */ + function rand_string($len=6,$type='',$addChars='') { + $str =''; + switch($type) { + case 0: + $chars='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.$addChars; + break; + case 1: + $chars= str_repeat('0123456789',3); + break; + case 2: + $chars='ABCDEFGHIJKLMNOPQRSTUVWXYZ'.$addChars; + break; + case 3: + $chars='abcdefghijklmnopqrstuvwxyz'.$addChars; + break; + default : + // 默认去掉了容易混淆的字符oOLl和数字01,要添加请使用addChars参数 + $chars='ABCDEFGHIJKMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz23456789'.$addChars; + break; + } + if($len>10 ) {//位数过长重复字符串一定次数 + $chars= $type==1? str_repeat($chars,$len) : str_repeat($chars,5); + } + if($type!=4) { + $chars = str_shuffle($chars); + $str = substr($chars,0,$len); + }else{ + // 中文随机字 + for($i=0;$i<$len;$i++){ + $str.= substr($chars, floor(mt_rand(0,mb_strlen($chars,'utf-8')-1)),1); + } + } + return $str; + } + +} \ No newline at end of file