iem_shop
view | history | commit | commitdiff
wangtengyu
2018-12-07 f459412e0dac4ed94106da043b4c6f8576bfe496
commit | author | age
3e083b 1 <?php
B 2
3 /**
4  *  提交用户评论
5 */
6
7 define('IN_ECS', true);
8
9 require(dirname(__FILE__) . '/includes/init.php');
10 require(ROOT_PATH . 'includes/cls_json.php');
11 if (!isset($_REQUEST['cmt']) && !isset($_REQUEST['act']))
12 {
13     /* 只有在没有提交评论内容以及没有act的情况下才跳转 */
14     ecs_header("Location: ./\n");
15     exit;
16 }
17 $_REQUEST['cmt'] = isset($_REQUEST['cmt']) ? json_str_iconv($_REQUEST['cmt']) : '';
18
19 $json   = new JSON;
20 $result = array('error' => 0, 'message' => '', 'content' => '');
21
22 if (empty($_REQUEST['act']))
23 {
24     /*
25      * act 参数为空
26      * 默认为添加评论内容
27      */
28     $cmt  = $json->decode($_REQUEST['cmt']);
29     $cmt->page = 1;
30     $cmt->id   = !empty($cmt->id)   ? intval($cmt->id) : 0;
31     $cmt->type = !empty($cmt->type) ? intval($cmt->type) : 0;
32
33     if (empty($cmt) || !isset($cmt->type) || !isset($cmt->id))
34     {
35         $result['error']   = 1;
36         $result['message'] = $_LANG['invalid_comments'];
37     }
38     elseif (!is_email($cmt->email))
39     {
40         $result['error']   = 1;
41         $result['message'] = $_LANG['error_email'];
42     }
43     else
44     {
45         if ((intval($_CFG['captcha']) & CAPTCHA_COMMENT) && gd_version() > 0)
46         {
47             /* 检查验证码 */
48             include_once('includes/cls_captcha.php');
49
50             $validator = new captcha();
51             if (!$validator->check_word($cmt->captcha))
52             {
53                 $result['error']   = 1;
54                 $result['message'] = $_LANG['invalid_captcha'];
55             }
56             else
57             {
58                 $factor = intval($_CFG['comment_factor']);
59                 if ($cmt->type == 0 && $factor > 0)
60                 {
61                     /* 只有商品才检查评论条件 */
62                     switch ($factor)
63                     {
64                         case COMMENT_LOGIN :
65                             if ($_SESSION['user_id'] == 0)
66                             {
67                                 $result['error']   = 1;
68                                 $result['message'] = $_LANG['comment_login'];
69                             }
70                             break;
71
72                         case COMMENT_CUSTOM :
73                             if ($_SESSION['user_id'] > 0)
74                             {
75                                 $sql = "SELECT o.order_id FROM " . $ecs->table('order_info') . " AS o ".
76                                        " WHERE user_id = '" . $_SESSION['user_id'] . "'".
77                                        " AND (o.order_status = '" . OS_CONFIRMED . "' or o.order_status = '" . OS_SPLITED . "') ".
78                                        " AND (o.pay_status = '" . PS_PAYED . "' OR o.pay_status = '" . PS_PAYING . "') ".
79                                        " AND (o.shipping_status = '" . SS_SHIPPED . "' OR o.shipping_status = '" . SS_RECEIVED . "') ".
80                                        " LIMIT 1";
81
82
83                                  $tmp = $db->getOne($sql);
84                                  if (empty($tmp))
85                                  {
86                                     $result['error']   = 1;
87                                     $result['message'] = $_LANG['comment_custom'];
88                                  }
89                             }
90                             else
91                             {
92                                 $result['error'] = 1;
93                                 $result['message'] = $_LANG['comment_custom'];
94                             }
95                             break;
96                         case COMMENT_BOUGHT :
97                             if ($_SESSION['user_id'] > 0)
98                             {
99                                 $sql = "SELECT o.order_id".
100                                        " FROM " . $ecs->table('order_info'). " AS o, ".
101                                        $ecs->table('order_goods') . " AS og ".
102                                        " WHERE o.order_id = og.order_id".
103                                        " AND o.user_id = '" . $_SESSION['user_id'] . "'".
104                                        " AND og.goods_id = '" . $cmt->id . "'".
105                                        " AND (o.order_status = '" . OS_CONFIRMED . "' or o.order_status = '" . OS_SPLITED . "') ".
106                                        " AND (o.pay_status = '" . PS_PAYED . "' OR o.pay_status = '" . PS_PAYING . "') ".
107                                        " AND (o.shipping_status = '" . SS_SHIPPED . "' OR o.shipping_status = '" . SS_RECEIVED . "') ".
108                                        " LIMIT 1";
109                                  $tmp = $db->getOne($sql);
110                                  if (empty($tmp))
111                                  {
112                                     $result['error']   = 1;
113                                     $result['message'] = $_LANG['comment_brought'];
114                                  }
115                             }
116                             else
117                             {
118                                 $result['error']   = 1;
119                                 $result['message'] = $_LANG['comment_brought'];
120                             }
121                     }
122                 }
123
124                 /* 无错误就保存留言 */
125                 if (empty($result['error']))
126                 {
127                     add_comment($cmt);
128                 }
129             }
130         }
131         else
132         {
133             /* 没有验证码时,用时间来限制机器人发帖或恶意发评论 */
134             if (!isset($_SESSION['send_time']))
135             {
136                 $_SESSION['send_time'] = 0;
137             }
138
139             $cur_time = gmtime();
140             if (($cur_time - $_SESSION['send_time']) < 30) // 小于30秒禁止发评论
141             {
142                 $result['error']   = 1;
143                 $result['message'] = $_LANG['cmt_spam_warning'];
144             }
145             else
146             {
147                 $factor = intval($_CFG['comment_factor']);
148                 if ($cmt->type == 0 && $factor > 0)
149                 {
150                     /* 只有商品才检查评论条件 */
151                     switch ($factor)
152                     {
153                         case COMMENT_LOGIN :
154                             if ($_SESSION['user_id'] == 0)
155                             {
156                                 $result['error']   = 1;
157                                 $result['message'] = $_LANG['comment_login'];
158                             }
159                             break;
160
161                         case COMMENT_CUSTOM :
162                             if ($_SESSION['user_id'] > 0)
163                             {
164                                 $sql = "SELECT o.order_id FROM " . $ecs->table('order_info') . " AS o ".
165                                        " WHERE user_id = '" . $_SESSION['user_id'] . "'".
166                                        " AND (o.order_status = '" . OS_CONFIRMED . "' or o.order_status = '" . OS_SPLITED . "') ".
167                                        " AND (o.pay_status = '" . PS_PAYED . "' OR o.pay_status = '" . PS_PAYING . "') ".
168                                        " AND (o.shipping_status = '" . SS_SHIPPED . "' OR o.shipping_status = '" . SS_RECEIVED . "') ".
169                                        " LIMIT 1";
170
171
172                                  $tmp = $db->getOne($sql);
173                                  if (empty($tmp))
174                                  {
175                                     $result['error']   = 1;
176                                     $result['message'] = $_LANG['comment_custom'];
177                                  }
178                             }
179                             else
180                             {
181                                 $result['error'] = 1;
182                                 $result['message'] = $_LANG['comment_custom'];
183                             }
184                             break;
185
186                         case COMMENT_BOUGHT :
187                             if ($_SESSION['user_id'] > 0)
188                             {
189                                 $sql = "SELECT o.order_id".
190                                        " FROM " . $ecs->table('order_info'). " AS o, ".
191                                        $ecs->table('order_goods') . " AS og ".
192                                        " WHERE o.order_id = og.order_id".
193                                        " AND o.user_id = '" . $_SESSION['user_id'] . "'".
194                                        " AND og.goods_id = '" . $cmt->id . "'".
195                                        " AND (o.order_status = '" . OS_CONFIRMED . "' or o.order_status = '" . OS_SPLITED . "') ".
196                                        " AND (o.pay_status = '" . PS_PAYED . "' OR o.pay_status = '" . PS_PAYING . "') ".
197                                        " AND (o.shipping_status = '" . SS_SHIPPED . "' OR o.shipping_status = '" . SS_RECEIVED . "') ".
198                                        " LIMIT 1";
199                                  $tmp = $db->getOne($sql);
200                                  if (empty($tmp))
201                                  {
202                                     $result['error']   = 1;
203                                     $result['message'] = $_LANG['comment_brought'];
204                                  }
205                             }
206                             else
207                             {
208                                 $result['error']   = 1;
209                                 $result['message'] = $_LANG['comment_brought'];
210                             }
211                     }
212                 }
213                 /* 无错误就保存留言 */
214                 if (empty($result['error']))
215                 {
216                     add_comment($cmt);
217                     $_SESSION['send_time'] = $cur_time;
218                 }
219             }
220         }
221     }
222 }
223 else
224 {
225     /*
226      * act 参数不为空
227      * 默认为评论内容列表
228      * 根据 _GET 创建一个静态对象
229      */
230     $cmt = new stdClass();
231     $cmt->id   = !empty($_GET['id'])   ? intval($_GET['id'])   : 0;
232     $cmt->type = !empty($_GET['type']) ? intval($_GET['type']) : 0;
233     $cmt->page = isset($_GET['page'])   && intval($_GET['page'])  > 0 ? intval($_GET['page'])  : 1;
234     $cmt->comment_level = !empty($_GET['comment_level']) ? intval($_GET['comment_level'])  : 0;  //代码增加  
235 }
236
237 if ($result['error'] == 0)
238 {
239     $comments = assign_comment($cmt->id, $cmt->type, $cmt->page, $cmt->comment_level);  //代码修改 增加一个 $cmt->comment_level    
240
241     $smarty->assign('comment_type', $cmt->type);
242     $smarty->assign('comment_level',    $cmt->comment_level);  //代码增加  
243     $smarty->assign('id',           $cmt->id);
244     $smarty->assign('username',     $_SESSION['user_name']);
245     $smarty->assign('email',        $_SESSION['email']);
246     $smarty->assign('comments',     $comments['comments']);
247     $smarty->assign('pager',        $comments['pager']);
248
249     /* 验证码相关设置 */
250     if ((intval($_CFG['captcha']) & CAPTCHA_COMMENT) && gd_version() > 0)
251     {
252         $smarty->assign('enabled_captcha', 1);
253         $smarty->assign('rand', mt_rand());
254     }
255
256     $result['message'] = $_CFG['comment_check'] ? $_LANG['cmt_submit_wait'] : $_LANG['cmt_submit_done'];
257     $result['content'] = $smarty->fetch("library/comments_list.lbi");
258 }
259
260 echo $json->encode($result);
261
262 /*------------------------------------------------------ */
263 //-- PRIVATE FUNCTION
264 /*------------------------------------------------------ */
265
266 /**
267  * 添加评论内容
268  *
269  * @access  public
270  * @param   object  $cmt
271  * @return  void
272  */
273 function add_comment($cmt)
274 {
275     /* 评论是否需要审核 */
276     $status = 1 - $GLOBALS['_CFG']['comment_check'];
277
278     $user_id = empty($_SESSION['user_id']) ? 0 : $_SESSION['user_id'];
279     $email = empty($cmt->email) ? $_SESSION['email'] : trim($cmt->email);
280     $user_name = empty($cmt->username) ? $_SESSION['user_name'] : trim($cmt->username);
281     $email = htmlspecialchars($email);
282     $user_name = htmlspecialchars($user_name);
283
284     /* 保存评论内容 */
285     $sql = "INSERT INTO " .$GLOBALS['ecs']->table('comment') .
286            "(comment_type, id_value, email, user_name, content, comment_rank, add_time, ip_address, status, parent_id, user_id) VALUES " .
287            "('" .$cmt->type. "', '" .$cmt->id. "', '$email', '$user_name', '" .$cmt->content."', '".$cmt->rank."', ".gmtime().", '".real_ip()."', '$status', '0', '$user_id')";
288
289     $result = $GLOBALS['db']->query($sql);
290     clear_cache_files('comments_list.lbi');
291     /*if ($status > 0)
292     {
293         add_feed($GLOBALS['db']->insert_id(), COMMENT_GOODS);
294     }*/
295     return $result;
296 }
297
298 ?>