<%@page contentType="text/html;charset=UTF-8" %> <%@page import="jcms.util.SafeUtil"%> <%@page import="java.util.Vector"%> <%@page import="java.util.ArrayList"%> <%@page import="jcms.extramodule.comment.CommentFun"%> <%@page import="jcms.makenewpage.ArticleFile"%> <%@page import="com.hanweb.common.util.Convert"%> <%@page import="jcms.blf.module.comment.Jcms_Comment_InfoBLF"%> <%@page import="jcms.entity.SearchInfoEntity"%> <%@page import="jcms.util.SysInit"%> <%@page import="com.hanweb.common.log.LogWriter"%> <%@page import="jcms.make.makepage.ModalFile"%> <%@page import="java.io.File"%> <%@page import="com.hanweb.taglib.listview.ListTable"%> <%@page import="jcms.util.AccessUtil"%> <%@ include file="./config.jsp" %> <% if(!AccessUtil.checkAccess(request)){ //阻止跨站点请求伪造 out.print(Convert.getAlterScript("location.href='../../';")); return; } response.setHeader("Pragma","No-cache"); response.setHeader("Cache-Control","no-cache"); response.setDateHeader("Expires", 0); //评论是否过期 boolean isClosed = false; String strColID = Convert.getParameter(request, "i_colid", "0", true, true); if(SafeUtil.isSqlAndXss(strColID)) { out.println("参数包含非法字符,禁止访问"); return; } String strInfoID = Convert.getParameter(request, "i_infoid", "0", true, true); if(SafeUtil.isSqlAndXss(strInfoID)) { out.println("参数包含非法字符,禁止访问"); return; } if(!strColID.matches("[0-9\\-]+") || !strInfoID.matches("[0-9\\-]+")){ out.println("参数包含非法字符,禁止访问"); return; } Convert convert = new Convert(); int colId = Convert.getStringValueInt(strColID); int infoId = Convert.getStringValueInt(strInfoID); colId = colId < 0 ? 0 : colId; infoId = infoId < 0 ? 0 : infoId; String c_uuid = Convert.getParameter(request,"c_uuid","",true,true); if(SafeUtil.isSqlAndXss(c_uuid)) { out.println("参数包含非法字符,禁止访问"); return; } // type = 1 表示调查结评论 type=0 表示文章评论 int nType = Convert.getParameterInt(request,"type",0); String strOnload = Convert.getParameter(request,"onload","chdiv(1,document.getElementById('origincomment'))",true,true); String strSpeakArea=""; String strUserName = (String)session.getAttribute("username"); strUserName = Convert.getValue(strUserName); String strToPath = application.getRealPath("") + "/jcms_files/jcms"+strAppID + "/web"+strWebID+"/site/module/comment/"; String strIniPath = strToPath + "config/init.xml"; String libOut = ""; libOut += ""; libOut += ""; libOut += ""; libOut += ""; libOut += ""; String strModalHtml = ""; // webtype = 1内网、webtype = 2内网 String strWebType = xmlFile.getContent("webtype", strToPath+"config/config.xml"); String pagecount=xmlFile.getContent("count",strIniPath); if("0".equals(pagecount)) pagecount = "10"; strWebType = Convert.getValue(strWebType); if(strWebType.length() == 0){ strWebType = "1"; } // jcms的服务名 String strAppPath = xmlFile.getContent("web_in_servername", strIniPath); strAppPath = Convert.getValue(strAppPath); if(strAppPath.length() == 0){ strAppPath = "jcms"; } // 评论开放方式 0、关闭 1、开放 String strOpen = xmlFile.getContent("openstyle", strIniPath); strOpen = Convert.getValue(strOpen); int verificationcode = Convert.getStringValueInt(xmlFile.getContent("verificationcode",strIniPath.replaceAll("\\\\","/"))); // 验证码 String strCode = ""; if (verificationcode==1){ strCode = "验证码:" +" " +" (*)     " +"\"看不清点我\""; } else{ strCode = " "; } String strTpl_OpenStyle = ""; if(strOpen.equals("0")){ strTpl_OpenStyle = "disabled"; } // 替换模板文件中的路径 String strReplace = "/"+strAppPath+"/jcms_files/jcms"+strAppID + "/web"+strWebID+"/site/"; String strReplace1 = strReplace+"view/"; String strConfPath = "/" + SysInit.getM_strAppPath() + "/jcms_files/jcms" + strAppID + "/web" + strWebID + "/site/view/"; // 获取模板文件 strModalHtml = CommentFun.getModal(strWebID, strAppID , application.getRealPath("")); if(strModalHtml.length() == 0) { strModalHtml=convert.readInputStream(strToPath+"defaulttemplate/comment.html" ,"UTF-8"); strModalHtml = Convert.replaceStringNoCase(strModalHtml,"",libOut); } else { strModalHtml = Convert.replaceStringNoCase(strModalHtml,"",libOut); } CommentFun commentFun = new CommentFun(strWebID,strAppID); Jcms_Comment_InfoBLF blf = new Jcms_Comment_InfoBLF(strAppID,strWebID); ArrayList al = new ArrayList(); String strComment =xmlFile.getContent("listtpl", strIniPath); // 评论开放方式 //String strComment = convert.readInputStream(strToPath+"tpl/comment.html","UTF-8"); String strFrom1 = ""; String strFrom2 = ""; int nPos1 = -1; int nPos2 = -1; String strAll = ""; StringBuffer hidBuf = new StringBuffer(); //分页表单中用到的隐含变量 int answerstart=strComment.indexOf(""); //int answerend=strModalHtml.indexOf("",answerstart); if(answerstart>=0) { String strAnswer = xmlFile.getContent("answertpl", strIniPath); StringBuffer suffer = new StringBuffer(); suffer.append("
"); suffer.append(""); suffer.append(""); suffer.append(""); suffer.append(""); suffer.append(""); suffer.append(""); suffer.append(""); suffer.append(""); suffer.append(""); suffer.append(""); suffer.append(strAnswer); suffer.append("
"); suffer.append(""); strSpeakArea=suffer.toString(); suffer.delete(0,suffer.length()); } if(strModalHtml.length() > 0) { nPos1 = strModalHtml.indexOf(strFrom1); nPos2 = strModalHtml.indexOf(strFrom2, nPos1); } Vector v_tpl = new Vector(11); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); v_tpl.add(""); Vector v_tpl_value = new Vector(11); //文章链接 String strUrl = ""; // 获取信息实体 SearchInfoEntity en = blf.getTb(colId, infoId, strWebID); if(en == null){ v_tpl_value.add(""); v_tpl_value.add(""); v_tpl_value.add(""); v_tpl_value.add(""); v_tpl_value.add(strUserName); v_tpl_value.add(strTpl_OpenStyle); v_tpl_value.add(""); v_tpl_value.add(""); v_tpl_value.add(""); v_tpl_value.add(""); v_tpl_value.add(strCode); for (int j=0; j= 0 && nPos2 > 0) { strAll = strModalHtml.substring(0,nPos1) + strComment + strModalHtml.substring(nPos2+strFrom2.length()); strAll = strComment; } else { strAll = strModalHtml; } if(strWebType.trim().equals("2")) { strAll = Convert.replaceString(strAll ,strReplace ,"/"); } out.println(strAll); return; } else { String strTimeoutoff = xmlFile.getContent("b_expiredtime", strIniPath); if(strTimeoutoff.equals("1")) { String strTimeout = xmlFile.getContent("expiredtime", strIniPath); int day=Convert.getStringValueInt(strTimeout); java.text.SimpleDateFormat format=new java.text.SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); java.util.Date articleDate =format.parse(en.getC_createdate()); java.util.Calendar oldcal=java.util.Calendar.getInstance(); java.util.Calendar calnow=java.util.Calendar.getInstance(); oldcal.setTime(articleDate); oldcal.add(java.util.Calendar.DAY_OF_YEAR, day); if(calnow.after(oldcal)) { isClosed = true; //out.println(Convert.getAlterScript("alert('对不起评论已过期');")); //return; } } } if("0".equals(strOpen) || isClosed){ strSpeakArea += ""; } // 获取文章的标题和发布时间(自定义信息为创建时间 String deployTime = ""; String strTitle = Convert.getValue(en.getVc_title()); if(en.getI_type() == 3){ deployTime = Convert.getValue(en.getC_createdate()); }else{ deployTime = Convert.getValue(en.getC_deploytime()); } if(deployTime.length() >0) { strUrl = ArticleFile.getArtFileName(deployTime, ""+colId, ""+infoId); // 访问路径 } String vc_url = strConfPath + strUrl; strComment += "
\n"; hidBuf.append("\n"); hidBuf.append("\n"); hidBuf.append("\n"); hidBuf.append("\n"); strComment += hidBuf.toString(); strComment += "\n"; strComment += "\n"; strComment += "
"; // 获取表单提交变量 String strKeywords = Convert.getParameter(request, "fn_Keywords", "",true,true); if(SafeUtil.isSqlAndXss(strKeywords)) { out.println("参数包含非法字符,禁止访问"); return; } String strScope = Convert.getParameter(request, "fn_Scope","",true,true); if(SafeUtil.isSqlAndXss(strScope)) { out.println("参数包含非法字符,禁止访问"); return; } String strStartTime = Convert.getParameter(request, "starttime","",true,true); if(SafeUtil.isSqlAndXss(strStartTime)) { out.println("参数包含非法字符,禁止访问"); return; } String strEndTime = Convert.getParameter(request, "endtime","",true,true); if(SafeUtil.isSqlAndXss(strEndTime)) { out.println("参数包含非法字符,禁止访问"); return; } hidBuf.append("\n"); hidBuf.append("\n"); hidBuf.append("\n"); hidBuf.append("\n"); // 取出总的查询记录数 int totalNum = blf.getTotalNum(strScope, strKeywords, colId, infoId, strStartTime, strEndTime); int totalhotNum = blf.getHotInfoNum(strScope, strKeywords, colId, infoId, strStartTime, strEndTime); int alltotalNum = blf.getAllTotalNum(strScope, strKeywords, colId, infoId, strStartTime, strEndTime); int replytalNum = blf.getReplyTotalNum(infoId); int hottalNum = blf.getHotTotalNum(infoId); // 存在记录,取出当前页显示的数 if(totalNum > 0) { al = blf.getEnt(strScope, strKeywords, colId, infoId, strStartTime, strEndTime, 1, 3); } if(al == null || al.size() == 0) { v_tpl_value.add(strTitle); if(strWebType.trim().equals("2")) { vc_url = Convert.replaceString(vc_url,strReplace1,"/"); } v_tpl_value.add(vc_url); v_tpl_value.add(""); v_tpl_value.add(""); v_tpl_value.add(strUserName); v_tpl_value.add(strTpl_OpenStyle); v_tpl_value.add("0"); v_tpl_value.add("0"); v_tpl_value.add(""); v_tpl_value.add(strSpeakArea); v_tpl_value.add(strCode); for (int j=0; j= 0 && nPos2 > 0) { strAll = strModalHtml.substring(0,nPos1) + strComment + strModalHtml.substring(nPos2+strFrom2.length()); } else { strAll = strModalHtml; } if(strWebType.trim().equals("2")) { strAll = Convert.replaceString(strAll ,strReplace ,"/"); } out.println(strAll); return; } //IP显示样式 String strIpStyle = xmlFile.getContent("ipstyle", strIniPath); strIpStyle = Convert.getValue(strIpStyle); strIpStyle = strIpStyle.length()==0?"0":strIpStyle; StringBuffer sbComment = new StringBuffer(); String jsCode = "
" + sbComment.toString() + "
"; jsCode+="
"; jsCode += "
"; sbComment = new StringBuffer(); sbComment.append(jsCode); //获得热点新闻评论 String strHotNew = commentFun.getHotComment(strWebID,10); if(hidBuf != null && hidBuf.length() > 0){ hidBuf.delete(0, hidBuf.length()); } v_tpl_value.add(strTitle); if(strWebType.trim().equals("2")) { vc_url = Convert.replaceString(vc_url,strReplace1,"/"); } v_tpl_value.add(vc_url); v_tpl_value.add(sbComment.toString()); v_tpl_value.add(strHotNew); v_tpl_value.add(strUserName); v_tpl_value.add(strTpl_OpenStyle); // 评论可见总数 v_tpl_value.add(""+alltotalNum); // 精华评论数 v_tpl_value.add(""+totalhotNum); // 评论的总数包括未审核的 v_tpl_value.add(""+blf.getAllCommentCount(colId,infoId)); v_tpl_value.add(strSpeakArea); v_tpl_value.add(strCode); for (int j=0; j 0){ v_tpl_value.clear(); } if(v_tpl.size() > 0){ v_tpl.clear(); } if(nPos1 >= 0 && nPos2 > 0){ strAll = strModalHtml.substring(0,nPos1) + strComment + strModalHtml.substring(nPos2+strFrom2.length()); }else{ strAll = (strModalHtml.length() == 0) ? strComment:strModalHtml; } // 替换生成后的路径 if(strWebType.trim().equals("2")) { strAll = Convert.replaceString(strAll ,strReplace ,"/"); } try { if(v_tpl != null) { v_tpl.clear(); v_tpl = null; } if(v_tpl_value != null) { v_tpl_value.clear(); v_tpl_value = null; } } catch (Exception ex) { LogWriter.error("comment.jsp get Exception:"+ex.getMessage()); } out.println(strAll); %> <% if(isClosed){ out.println(Convert.getAlterScript("alert('对不起评论已过期');window.open('','_parent','');window.close();")); } %>