<%-- * [功能] 工具管理::外挂模块 —— 留言本 * Description: 留言本前台显示留言页面 --%> <%@page import="jcms.util.SafeUtil"%> <%@page contentType="text/html;charset=UTF-8"%> <%@page import="java.io.File"%> <%@page import="java.util.Vector,java.util.ArrayList"%> <%@page import="jcms.entity.module.Jcms_MessagebookinfoEntity"%> <%@page import="jcms.blf.module.messagebook.Jcms_MessagebookmodalBLF"%> <%@page import="jcms.blf.module.messagebook.Jcms_MessagebookcolumnBLF"%> <%@page import="jcms.blf.module.messagebook.Jcms_MessagebookinfoBLF"%> <%@page import="jcms.blf.module.messagebook.Jcms_MessagebookreplyBLF"%> <%@page import="jcms.blf.module.messagebook.AssitedMessagebook"%> <%@page import="com.hanweb.common.util.Convert"%> <%@page import="jcms.make.makepage.ModalFile"%> <%@page import="jcms.util.AccessUtil"%> <%@page import="jcms.util.HTMLFilter"%> <%@page import="org.apache.commons.lang.StringUtils"%> <%@ include file="./config.jsp" %> <%! public boolean canAccess(String strPara){ boolean bl = true; strPara = strPara.toLowerCase(); if (strPara.indexOf("%")>=0 || strPara.indexOf("|")>=0 || strPara.indexOf("+")>=0 || strPara.indexOf("&")>=0 || strPara.indexOf("alert")>=0 || strPara.indexOf("script")>=0 || strPara.indexOf("\"")>=0 || strPara.indexOf("\'")>=0 || strPara.indexOf("<")>=0 || strPara.indexOf("set")>=0 || strPara.indexOf("exec")>=0 || strPara.indexOf("delete")>=0 || strPara.indexOf("update")>=0 || strPara.indexOf("declare")>=0 || strPara.indexOf("cast")>=0){ bl = false; } return bl; } %> <% if(!AccessUtil.checkAccess(request)){ //阻止跨站点请求伪造 out.print(Convert.getAlterScript("location.href='../../';")); return; } //模板文件 String strModalHtml = ""; String strWriteUrl = "write.jsp"; String strReplyUrl = "reply.jsp"; String strCanBeShow = ""; String strTopic = "display: none;"; String strModulePath = application.getRealPath("") + "/jcms_files/jcms1/web" + strWebID + "/site/" + "module/messagebook/"; Jcms_MessagebookmodalBLF blf = new Jcms_MessagebookmodalBLF(strAppID, strWebID); //模板实例的ID String strModalObjectID = blf.getModalObjId(strWebID); String strPath = strModulePath + "config" + File.separator ; String strIniPath = strPath + "init.xml"; String strConfigPath = strPath + "config.xml"; AssitedMessagebook gbBLF = new AssitedMessagebook(); // 公用方法 String strWebType = xmlFile.getContent( "webtype", strConfigPath ); // 1 内网; 2 外网 strWebType = Convert.getValue(strWebType); String strWeb_in_servername = xmlFile.getContent( "web_in_servername", strConfigPath ); // 引用名 strWeb_in_servername = Convert.getValue(strWeb_in_servername); int nOpenType = Convert.getStringValueInt(xmlFile.getContent("IsOpen",strIniPath)); // 开放方式 String strBeginTime = xmlFile.getContent("BeginTime",strIniPath); // 开放时间始 strBeginTime = Convert.getValue(strBeginTime); strBeginTime = strBeginTime.length()==0?"":strBeginTime; String strEndTime = xmlFile.getContent("EndTime",strIniPath); // 开放的结束时间 strEndTime = Convert.getValue(strEndTime); strEndTime = strEndTime.length()==0?"":strEndTime; String strIsReply = xmlFile.getContent("IsReply",strIniPath); // 是否允许回复 strIsReply = Convert.getValue(strIsReply); strIsReply = strIsReply.length()==0?"":strIsReply; /* 留言开放判断 */ String msg = gbBLF.openStatus(""+nOpenType, strBeginTime, strEndTime); if(msg.length() > 0){ out.println(msg); return; } if(nOpenType == 3) { int limitNum = Convert.getStringValueInt(xmlFile.getContent("limitnum", strIniPath)); if(limitNum > 0) { // 进行留言数量检查 int num = gbBLF.getCurrentLeaveWords(Convert.getStringValueInt(strWebID), strAppID); if(num >= limitNum){ strCanBeShow = "display: none;"; strTopic = ""; //out.println(Convert.getAlterScript("location.href='./messagebook_msg.jsp?num="+limitNum+"'")); } } } // 类别ID int nColumnId = Convert.getParameterInt(request, "ColumnID", 0); String strLdapThin = Convert.getParameter(request,"LdapThin","0",true,true); String nWriteId = Convert.getParameter(request, "writeid","",true,true); if(SafeUtil.isSqlAndXss(strLdapThin)) { out.println("参数包含非法字符,禁止访问"); return; } if(SafeUtil.isSqlAndXss(nWriteId)) { out.println("参数包含非法字符,禁止访问"); return; } String defaultModalHtml = ""; int nModalObjectID; ModalFile mfile = new ModalFile( strAppID ); String strImgPath = ""; if(strModalObjectID.length() == 0){ Convert m_convert = new Convert(); defaultModalHtml = strModulePath + "html/messagebook.html"; strImgPath = strModulePath + "html/"; String strCssPath = strModulePath + "html/"; // 读取模板实例源文件 String strHTML = m_convert.readInputStream(defaultModalHtml, "UTF-8"); strModalHtml = Convert.getValue(strHTML); //copy模板图片 //mfile.copyImageFile(strImgPath, strModulePath + "images/", strModalHtml); //mfile.copyImageFile(strCssPath, strModulePath + "css/", strModalHtml); }else{ nModalObjectID = Convert.getStringValueInt( strModalObjectID ); if( nModalObjectID > 0 ){ mfile.setWebID( Convert.getStringValueInt(strWebID) ); mfile.setSysPath( application.getRealPath("") ); java.util.Hashtable htReturn = mfile.getModalHTML( nModalObjectID ); if( htReturn != null && htReturn.size()>0 ) { strModalHtml = htReturn.get("modalHTML").toString(); //板板文件 strImgPath = htReturn.get("imagePath").toString(); //图片路径 //copy模板图片 //mfile.copyImageFile(strImgPath, strModulePath + "images/", strModalHtml); } } } if( strModalHtml.length() <= 0 ) { out.println("模板文件不存在!" ); return; } //------------------------------ 留言页面 ----------------------------------- Convert convert = new Convert(); String strComment = convert.readInputStream( strModulePath+"tpl/que_messagebook.html","UTF-8"); String strFrom1 = ""; int nPos1 = strModalHtml.indexOf( strFrom1 ); int nPos2 = strModalHtml.indexOf( strFrom2, nPos1 ); String strAll = ""; //------------------------------- end 留言页面 ------------------------------ Vector v_tpl = new Vector(6); v_tpl.add("{Tpl_write}"); v_tpl.add("{Tpl_column}"); v_tpl.add("{Tpl_page}"); v_tpl.add("{Tpl_comment}"); v_tpl.add("{Tpl_canBeShow}"); v_tpl.add("{Tpl_topic}"); Vector v_tpl_value = new Vector(6); Jcms_MessagebookcolumnBLF gcBLF = new Jcms_MessagebookcolumnBLF(strAppID, strWebID); String strColumn = gcBLF.getClassOptions(""+nColumnId, 1); if(strColumn == null || strColumn.length() == 0){ out.println("暂时尚未设置类别!" ); return; } // 获取表单提交变量 String strKeywords = HTMLFilter.isNull(Convert.getParameter(request, "fn_Keywords","",true,true),"",false); String strScope = HTMLFilter.isNull(Convert.getParameter(request, "fn_Scope","",false,true),"",false); String strSearchStartTime = HTMLFilter.isNull(Convert.getParameter(request, "starttime","",true,true),"",false); String strSearchEndTime = HTMLFilter.isNull(Convert.getParameter(request, "endtime","",true,true),"",false); if(!canAccess(strScope) || !canAccess(strSearchStartTime) || !canAccess(strSearchEndTime)){ out.println("参数包含非法字符,禁止访问"); return; } String replayContent = ""; // 跳转到当前类别 if(nColumnId > 0){ strWriteUrl = strWriteUrl+"?ColumnID="+nColumnId; } /* 组织查询条件 */ StringBuffer strConditionBuf = new StringBuffer(128); if(StringUtils.isBlank(strScope)) { //默认检索标题 strScope = "vc_title"; } if( !strKeywords.trim().equals("") ) { strConditionBuf.append(" AND "+strScope+" LIKE '%"+strKeywords+"%'"); } if( strSearchStartTime.length() >0 && strSearchEndTime.length() > 0 ) { strConditionBuf.append(" AND c_date >= '" + strSearchStartTime + " 00:00:00'") .append(" AND c_date <= '" + strSearchEndTime + " 23:59:59'"); } else if( strSearchStartTime.length() >0 && strSearchEndTime.length() == 0 ) { strConditionBuf.append(" AND c_date >= '" + strSearchStartTime + " 00:00:00'"); } else if( strSearchStartTime.length() ==0 && strSearchEndTime.length() > 0 ) { strConditionBuf.append(" AND c_date <= '" + strSearchEndTime + " 23:59:59'"); } /* 获取留言信息 */ Jcms_MessagebookinfoBLF infoBLF = new Jcms_MessagebookinfoBLF(strAppID, strWebID); ArrayList list = infoBLF.getEntities(""+nColumnId, strLdapThin, nWriteId, strConditionBuf.toString()); if(strConditionBuf.length() > 0) strConditionBuf.delete(0,strConditionBuf.length()); /* 替换显示 */ if(list == null || list.size() == 0) { //如果没有留言记录 v_tpl_value.add(strWriteUrl); v_tpl_value.add(strColumn); v_tpl_value.add(""); v_tpl_value.add("
没有留言内容!
"); v_tpl_value.add(strCanBeShow); v_tpl_value.add(strTopic); for (int j=0; j= 0 && nPos2 >= 0) strAll = strModalHtml.substring(0,nPos1) + strComment + strModalHtml.substring( nPos2+strFrom2.length() ); else strAll = strModalHtml; String strReplace = "/"+strWeb_in_servername+"/jcms_files/jcms"+strAppID + "/web"+strWebID+"/site/"; if( strWebType.equals("2")) { strAll = Convert.replaceString( strAll ,strReplace ,"/"); } out.println(strAll); return; } //留言内容显示的样式 String TitleListStyle = xmlFile.getContent("TitleListStyle",strIniPath ); TitleListStyle = Convert.getValue(TitleListStyle); //每页显示留言的记录数 String strCount = xmlFile.getContent("count",strIniPath ); int nCount = Convert.getStringValueInt(strCount,1); if(nCount == 0) nCount = 1; String strHead = ""; String strForTr = ""; String strEnd = ""; String strForContent = ""; int LENGTH_OF_VECTOR = 15; Vector v_comment = new Vector(LENGTH_OF_VECTOR); //根据sql语句中的次序依次替换留言标签中的各个标签 v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); //想要回复 v_comment.add(""); v_comment.add(""); v_comment.add(""); //新增回复提示 wh 2006-10-23 v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); /* 分页处理 */ int totalNum = list.size(); // 总的记录数 int nPageCount = nCount; //每页显示的记录数 int nPage = gbBLF.getPages(totalNum, nPageCount); //总页数 int nCurrentPage = Convert.getParameterInt(request, "currpage", 1); //当前页 if(nCurrentPage < 1) nCurrentPage = 1; if(nCurrentPage > nPage){ nCurrentPage = nPage; } int nMin = 0; //取数据的最小值 int nMax = 0; //取数据的最大值 if(nCurrentPage == nPage) { nMin = (nCurrentPage - 1)*nPageCount; nMax = totalNum; }else { nMin = (nCurrentPage - 1)*nPageCount; nMax = nCurrentPage*nPageCount; } /* end 分页处理 */ Vector v_coment_value = new Vector(LENGTH_OF_VECTOR); StringBuffer sbComment = new StringBuffer( 256 ); String strAuthor = ""; //作者 String strTitle = ""; //留言主题 String strLeaveWord = ""; //留言时间 String strLeaveWordTime = ""; //留言时间 String strRevertcue = ""; //回复提示 新增回复提示 String strPhone = ""; //用户电话 新增用户电话 String strEmail = ""; //用户电子邮件 新增用户电子邮件 String strContent = ""; //留言内容 int nWriteCount = 0; //当前留言条数 String strWantReply = ""; String strisrply = "未回复"; String str_style = ""; String strWriteID = ""; String strScript = ""; String strAddress = ""; //留言地址 String strReplayTime = ""; //回复时间 String strIp = ""; //回复IP String strreplayuser = ""; //回复机构 String strProvince = ""; String strDeptname = ""; int nStart = TitleListStyle.indexOf( "" ); int nEnd = TitleListStyle.indexOf( "" ); if( nStart != -1 && nEnd != -1 && nEnd > nStart ) { strHead = TitleListStyle.substring(0,nStart ); strForTr = TitleListStyle.substring( nStart+10,nEnd ); strEnd = TitleListStyle.substring( nEnd+11 ); // [0,0] [0,1] [0,2] [0,3] [0,4] [0,5] [0,6] [0,7] [0,8] // i_id,i_toid,vc_author,vc_title,t_content,vc_province,vc_email,vc_qq,vc_deptname,vc_ip,c_date,vc_telphone"); Jcms_MessagebookreplyBLF replayBLF = new Jcms_MessagebookreplyBLF(strAppID, strWebID); for( int k=nMin; k 0){ strisrply="已回复"; replayContent = Convert.getValue(strReData[0][1]); replayContent = AssitedMessagebook.nl2br(replayContent); strReplayTime = Convert.getValue(strReData[0][2]); strReplayTime = strReplayTime.substring(0,strReplayTime.length()); strRevertcue = Convert.getValue(strReData[0][4]); // 管理员回复提示 if(replayContent.length() > 0){ strreplayuser = Convert.getValue(strReData[0][3]); } strReData=null; } else { strisrply="未回复"; strReData=null; } nWriteCount = Jcms_MessagebookinfoBLF.getCount(strAppID,strWebID,strWriteID, ""+nColumnId); // 回复条数 if(strIsReply.equals("0")) strWantReply="我要回复"; //敏感词过滤 strAuthor = filter.filterWord(strAuthor); //过滤词 strTitle = filter.filterWord(strTitle); //过滤词 strLeaveWord = filter.filterWord(strLeaveWord); //过滤词 strAddress = filter.filterWord(strAddress); //过滤词 v_coment_value.add( strAuthor ); //作者 v_coment_value.add( strPhone ); //用户电话 v_coment_value.add( strEmail ); //用户Email v_coment_value.add( strTitle ); //留言主题 v_coment_value.add( strLeaveWord ); //留言内容 v_coment_value.add( strLeaveWordTime ); //留言时间 v_coment_value.add( strReplyUrl+"?WriteID="+strWriteID ); v_coment_value.add( ""+(k+1) ); v_coment_value.add( strWantReply ); v_coment_value.add( strisrply ); v_coment_value.add( str_style ); v_coment_value.add( strRevertcue ); //if(entity.getI_ispass() != 4 && !(entity.getI_ispass() == 3 && entity.getI_status() == -1)) { if((entity.getI_ispass() != 1 && entity.getI_status() == -1)) { v_coment_value.add( "" ); } else { v_coment_value.add( replayContent ); } v_coment_value.add( strAddress ); //if(entity.getI_ispass() != 4 && !(entity.getI_ispass() == 3 && entity.getI_status() == -1)) { if((entity.getI_ispass() != 1 && entity.getI_status() == -1)) { v_coment_value.add( "" ); } else { v_coment_value.add( strReplayTime ); } v_coment_value.add( strIp ); v_coment_value.add( strreplayuser ); strForContent = strForTr; strContent = strForContent; //TitleListStyle 主题列表 //if(entity.getI_ispass() != 4) { if(strContent.indexOf("回复:") != -1) { strContent = strContent.replaceAll("回复:", ""); } if(strContent.indexOf("回复时间:") != -1) { strContent = strContent.replaceAll("回复时间:", ""); } //} for( int j=0;j之外的 strScript = strHead + sbComment + strEnd; } //String strPage = gbBLF.getPagination(nPage, nCurrentPage, totalNum, nPageCount,strWebID, ""+nColumnId); //转换分页条样式 String urlPage = "./que_messagebook.jsp?strWebID=" + strWebID + "&ColumnID=" + nColumnId; String strHidden = ""; strHidden += ""; strHidden += ""; strHidden += ""; strHidden += ""; String strPage = gbBLF.getPaginationView(urlPage, totalNum, nPageCount, nCurrentPage, strHidden); v_tpl_value.add(strWriteUrl); v_tpl_value.add(strColumn); v_tpl_value.add(""); v_tpl_value.add( strScript ); v_tpl_value.add(strCanBeShow); v_tpl_value.add(strTopic); for (int j=0; j\n"; strComment += ""; //分页 strComment += strPage; if( nPos1 >=0 && nPos2>=0) strAll = strModalHtml.substring(0,nPos1) + strComment + strModalHtml.substring( nPos2+strFrom2.length() ); else strAll = strModalHtml; String strReplace = "/"+strWeb_in_servername+"/jcms_files/jcms"+strAppID + "/web"+strWebID+"/site/"; if( strWebType.equals("2")) { strAll = Convert.replaceString( strAll ,strReplace ,"/"); } //String cssstyle = "
"; out.println( strAll); //附件JS out.println(" "); %>