<%-- * [功能] 工具管理：：外挂模块 —— 留言本 * Description: 留言本前台显示留言页面 --%> <%@page import="com.hanweb.jcms.plugins.messagebook.entity.Jcms_MessagebooktplmodalEntity"%> <%@page import="com.hanweb.jcms.plugins.messagebook.service.Jcms_MessagebookconfigBLF"%> <%@page import="com.hanweb.common.util.file.LocalFileUtil"%> <%@page import="com.hanweb.jcms.plugins.messagebook.entity.Jcms_MessagebookinitEntity"%> <%@page import="com.hanweb.jcms.plugins.messagebook.service.Jcms_MessagebookinitBLF"%> <%@page import="com.hanweb.jcms.service.website.Jcms_WebinfomationBLF"%> <%@page import="java.util.HashMap"%> <%@page import="java.util.Map"%> <%@page import="org.apache.commons.lang.StringUtils"%> <%@page import="com.hanweb.jcms.service.info.filter.Filter"%> <%@page import="com.hanweb.jcms.plugins.messagebook.entity.Jcms_MessagebookinfoEntity"%> <%@page import="com.hanweb.jcms.plugins.messagebook.service.Jcms_MessagebookreplyBLF"%> <%@page import="com.hanweb.jcms.plugins.messagebook.service.Jcms_MessagebookinfoBLF"%> <%@page import="com.hanweb.jcms.util.HTMLFilter"%> <%@page import="com.hanweb.jcms.plugins.messagebook.service.Jcms_MessagebookcolumnBLF"%> <%@page import="com.hanweb.jcms.build.service.makepage.ModalFile"%> <%@page import="com.hanweb.common.util.StringUtil"%> <%@page import="com.hanweb.common.util.SpringUtil"%> <%@page import="com.hanweb.jcms.plugins.messagebook.service.AssitedMessagebook"%> <%@page import="com.hanweb.common.util.NumberUtil"%> <%@page import="com.hanweb.jcms.plugins.messagebook.service.Jcms_MessagebookmodalBLF"%> <%@page import="com.hanweb.common.util.mvc.Script"%> <%@page import="com.hanweb.jcms.util.AccessUtil"%> <%@page contentType="text/html;charset=UTF-8"%> <%@page import="java.io.File"%> <%@page import="java.util.Vector,java.util.ArrayList"%> <%! public boolean canAccess(String strPara){ boolean bl = true; strPara = strPara.toLowerCase(); if (strPara.indexOf("%")>=0 || strPara.indexOf("|")>=0 || strPara.indexOf("+")>=0 || strPara.indexOf("&")>=0 || strPara.indexOf("alert")>=0 || strPara.indexOf("script")>=0 || strPara.indexOf("\"")>=0 || strPara.indexOf("\'")>=0 || strPara.indexOf("<")>=0 || strPara.indexOf("set")>=0 || strPara.indexOf("exec")>=0 || strPara.indexOf("delete")>=0 || strPara.indexOf("update")>=0 || strPara.indexOf("declare")>=0 || strPara.indexOf("cast")>=0){ bl = false; } return bl; } %> <% String url = StringUtil.getStringTrim(request.getRequestURL()); request.setCharacterEncoding("UTF-8"); LocalFileUtil fileUtil = LocalFileUtil.getInstance(); Script script = Script.getInstanceOnly(); if(!AccessUtil.checkAccess(request)){ //阻止跨站点请求伪造 out.print(script.addScript("location.href='../../';").getScript()); return; } String strAppID = "1"; String strDomain = request.getServerName(); String strUrl = request.getRequestURL().toString(); Jcms_WebinfomationBLF wblf = Jcms_WebinfomationBLF.getInstance(); int webid = wblf.findWebID(); if(webid<=0){ return; } int nColumnId = NumberUtil.getInt(request.getParameter("ColumnID"));//获取每个类别的Id //模板文件 String strModalHtml = ""; String strWriteUrl = "write.jsp"; String strReplyUrl = "reply.jsp"; String strCanBeShow = ""; String strTopic = "display: none;"; String strModulePath = ""; if(strUrl.indexOf("jcms_files")!=-1){ strModulePath = fileUtil.getAbsolutePath("jcms_files/jcms1/module/web/messagebook/"); }else{ strModulePath = fileUtil.getAbsolutePath("web/messagebook/"); } Jcms_MessagebookmodalBLF blf = Jcms_MessagebookmodalBLF.getInstance().init(strAppID, webid); //模板实例的ID String strModalObjectID = blf.getModalObjId(""+webid,nColumnId); AssitedMessagebook gbBLF = SpringUtil.getBean(AssitedMessagebook.class); // 公用方法 // XMLFile xmlFile = new XMLFile(); // String strWebType = xmlFile.getContent( "webtype", strConfigPath ); // 1 内网； 2 外网 Jcms_MessagebookconfigBLF messagebookconfigBLF = SpringUtil.getBean(Jcms_MessagebookconfigBLF.class); String[][] configData = messagebookconfigBLF.findConfigByWebId(webid); if(configData == null){ out.println("请先安装留言板扩展功能!" ); return; } String strWebType = configData[0][6]; strWebType = StringUtil.getStringTrim(strWebType); // String strWeb_in_servername = xmlFile.getContent( "web_in_servername", strConfigPath ); // 引用名 String strWeb_in_servername = configData[0][7]; strWeb_in_servername = StringUtil.getStringTrim(strWeb_in_servername); // int nOpenType = NumberUtil.getInt(xmlFile.getContent("IsOpen",strIniPath)); // 开放方式\ Jcms_MessagebookinitBLF messagebookinitBLF = SpringUtil.getBean(Jcms_MessagebookinitBLF.class); Jcms_MessagebookinitEntity iEntity = messagebookinitBLF.findInitEntity(webid); if(iEntity==null){ return; } int nOpenType = iEntity.getI_isopen(); // String strBeginTime = xmlFile.getContent("BeginTime",strIniPath); // 开放时间始 String strBeginTime = iEntity.getVc_begintime(); strBeginTime = StringUtil.getStringTrim(strBeginTime); strBeginTime = strBeginTime.length()==0?"":strBeginTime; // String strEndTime = xmlFile.getContent("EndTime",strIniPath); // 开放的结束时间 String strEndTime = iEntity.getVc_endtime(); strEndTime = StringUtil.getStringTrim(strEndTime); strEndTime = strEndTime.length()==0?"":strEndTime; // String strIsReply = xmlFile.getContent("IsReply",strIniPath); // 是否允许回复 String strIsReply = StringUtil.getString(iEntity.getI_isreply()); strIsReply = StringUtil.getStringTrim(strIsReply); strIsReply = strIsReply.length()==0?"":strIsReply; /* 留言开放判断 */ String msg = gbBLF.openStatus(""+nOpenType, strBeginTime, strEndTime); if(msg.length() > 0){ out.println(msg); return; } if(nOpenType == 3) { // int limitNum = NumberUtil.getInt(xmlFile.getContent("limitnum", strIniPath)); int limitNum = iEntity.getI_limitnum(); if(limitNum > 0) { // 进行留言数量检查 int num = gbBLF.getCurrentLeaveWords(webid, strAppID); if(num >= limitNum){ strCanBeShow = "display: none;"; strTopic = ""; //out.println(Convert.getAlterScript("location.href='./messagebook_msg.jsp?num="+limitNum+"'")); } } } // 类别ID // int nColumnId = NumberUtil.getInt(request.getParameter("ColumnID")); String strLdapThin = StringUtil.getSafeString(request.getParameter("LdapThin")); if(strLdapThin==""){ strLdapThin="0"; } String nWriteId = StringUtil.getSafeString(request.getParameter("writeid")); String defaultModalHtml = ""; int nModalObjectID; ModalFile mfile = ModalFile.getInstance().init( strAppID ); String strImgPath = ""; if(strModalObjectID.length() == 0){ defaultModalHtml = strModulePath + "html/messagebook.html"; strImgPath = strModulePath + "html/images/"; String strCssPath = strModulePath + "css/"; // 读取模板实例源文件 String strHTML = fileUtil.readFileToString(defaultModalHtml, "UTF-8"); strModalHtml = StringUtil.getStringTrim(strHTML); //copy模板图片 fileUtil.copyDirectory(strImgPath, strModulePath + "images/"); fileUtil.copyDirectory(strCssPath, strModulePath + "css/"); }else{ nModalObjectID = NumberUtil.getInt( strModalObjectID ); if( nModalObjectID > 0 ){ mfile.setWebID( webid ); mfile.setSysPath(); java.util.Hashtable htReturn = mfile.getModalHTML( nModalObjectID ); if( htReturn != null && htReturn.size()>0 ) { strModalHtml = htReturn.get("modalHTML").toString(); //板板文件 strImgPath = htReturn.get("imagePath").toString(); //图片路径 //copy模板图片 mfile.copyImageFile(strImgPath, strModulePath + "images/", strModalHtml); } } } if( strModalHtml.length() <= 0 ) { out.println("模板文件不存在!" ); return; } //------------------------------ 留言页面 ----------------------------------- // String strComment = fileUtil.readFileToString( strModulePath+"tpl/que_messagebook.html","UTF-8"); Jcms_MessagebooktplmodalEntity tplEntity = blf.findTplModal(webid); String strComment = tplEntity.getVc_que_messagebook_html().replaceAll("<","<") .replaceAll(">",">"); String strFrom1 = ""; int nPos1 = strModalHtml.indexOf( strFrom1 ); int nPos2 = strModalHtml.indexOf( strFrom2, nPos1 ); String strAll = ""; //------------------------------- end 留言页面 ------------------------------ Vector v_tpl = new Vector(6); v_tpl.add("{Tpl_write}"); v_tpl.add("{Tpl_column}"); v_tpl.add("{Tpl_page}"); v_tpl.add("{Tpl_comment}"); v_tpl.add("{Tpl_canBeShow}"); v_tpl.add("{Tpl_topic}"); Vector v_tpl_value = new Vector(6); Jcms_MessagebookcolumnBLF gcBLF = Jcms_MessagebookcolumnBLF.getInstance().init(strAppID, webid); String strColumn = gcBLF.getClassOptions(""+nColumnId, 1); if(strColumn == null || strColumn.length() == 0){ out.println("暂时尚未设置类别!" ); return; } // 获取表单提交变量 String strKeywords = HTMLFilter.isNull(StringUtil.getSafeString(request.getParameter("fn_Keywords"),true),"",false); String strScope = HTMLFilter.isNull(StringUtil.getSafeString(request.getParameter("fn_Scope"),true),"",false); String strSearchStartTime = HTMLFilter.isNull(StringUtil.getSafeString(request.getParameter("starttime"),true),"",false); String strSearchEndTime = HTMLFilter.isNull(StringUtil.getSafeString(request.getParameter("endtime"),true),"",false); if(!canAccess(strScope) || !canAccess(strSearchStartTime) || !canAccess(strSearchEndTime)){ out.println("参数包含非法字符，禁止访问"); return; } String replayContent = ""; // 跳转到当前类别 if(nColumnId > 0){ strWriteUrl = strWriteUrl+"?ColumnID="+nColumnId; } /* 组织查询条件 */ Map map = new HashMap(); StringBuffer strConditionBuf = new StringBuffer(128); if(StringUtils.isBlank(strScope)) { //默认检索标题 strScope = "vc_title"; } if( !strKeywords.trim().equals("") ) { strConditionBuf.append(" AND "+strScope+" LIKE :strScopeVal"); map.put("strScopeVal", "%" + strKeywords + "%"); } if( strSearchStartTime.length() >0 && strSearchEndTime.length() > 0 ) { strConditionBuf.append(" AND c_date >= :startime").append(" AND c_date <= :endtime"); map.put("startime", strSearchStartTime + " 00:00:00"); map.put("endtime", strSearchEndTime + " 23:59:59"); } else if( strSearchStartTime.length() >0 && strSearchEndTime.length() == 0 ) { strConditionBuf.append(" AND c_date >= :startime"); map.put("startime", strSearchStartTime + " 00:00:00"); } else if( strSearchStartTime.length() ==0 && strSearchEndTime.length() > 0 ) { strConditionBuf.append(" AND c_date <= :endtime"); map.put("endtime", strSearchEndTime + " 23:59:59"); } /* 获取留言信息 */ Jcms_MessagebookinfoBLF infoBLF = Jcms_MessagebookinfoBLF.getInstance().init(strAppID, webid); ArrayList list = infoBLF.getEntities(""+nColumnId, strLdapThin, nWriteId, strConditionBuf.toString(), map); if(strConditionBuf.length() > 0) strConditionBuf.delete(0,strConditionBuf.length()); /* 替换显示 */ if(list == null || list.size() == 0) { //如果没有留言记录 v_tpl_value.add(strWriteUrl); v_tpl_value.add(strColumn); v_tpl_value.add(""); v_tpl_value.add("没有留言内容！"); v_tpl_value.add(strCanBeShow); v_tpl_value.add(strTopic); for (int j=0; j= 0 && nPos2 >= 0){ strAll = strModalHtml.substring(0,nPos1) + strComment + strModalHtml.substring( nPos2+strFrom2.length() ); }else{ strAll = strModalHtml; } String strReplace = "/"+strWeb_in_servername+"/jcms_files/jcms"+strAppID + "/web"+webid+"/site/"; if( url.indexOf("jcms_files/jcms")==-1 ) { strAll = StringUtil.replace( strAll ,strReplace ,"/"); strAll = StringUtil.replace( strAll ,"web1/site/module" ,"module"); } out.println(strAll); return; } //留言内容显示的样式 // String TitleListStyle = xmlFile.getContent("TitleListStyle",strIniPath ); String TitleListStyle = iEntity.getVc_titleliststyle(); TitleListStyle = StringUtil.getStringTrim(TitleListStyle); //每页显示留言的记录数 // String strCount = xmlFile.getContent("count",strIniPath ); String strCount = StringUtil.getString(iEntity.getI_count()); int nCount = NumberUtil.getInt(strCount,1); if(nCount == 0) nCount = 1; String strHead = ""; String strForTr = ""; String strEnd = ""; String strForContent = ""; int LENGTH_OF_VECTOR = 15; Vector v_comment = new Vector(LENGTH_OF_VECTOR); //根据sql语句中的次序依次替换留言标签中的各个标签 v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); //想要回复 v_comment.add(""); v_comment.add(""); v_comment.add(""); //新增回复提示 wh 2006-10-23 v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); v_comment.add(""); /* 分页处理 */ int totalNum = list.size(); // 总的记录数 int nPageCount = nCount; //每页显示的记录数 int nPage = gbBLF.getPages(totalNum, nPageCount); //总页数 int nCurrentPage = NumberUtil.getInt(request.getParameter("currpage"),1); //当前页 if(nCurrentPage < 1) nCurrentPage = 1; if(nCurrentPage > nPage){ nCurrentPage = nPage; } int nMin = 0; //取数据的最小值 int nMax = 0; //取数据的最大值 if(nCurrentPage == nPage) { nMin = (nCurrentPage - 1)*nPageCount; nMax = totalNum; }else { nMin = (nCurrentPage - 1)*nPageCount; nMax = nCurrentPage*nPageCount; } /* end 分页处理 */ Vector v_coment_value = new Vector(LENGTH_OF_VECTOR); StringBuffer sbComment = new StringBuffer( 256 ); String strAuthor = ""; //作者 String strTitle = ""; //留言主题 String strLeaveWord = ""; //留言时间 String strLeaveWordTime = ""; //留言时间 String strRevertcue = ""; //回复提示 新增回复提示 String strPhone = ""; //用户电话 新增用户电话 String strEmail = ""; //用户电子邮件 新增用户电子邮件 String strContent = ""; //留言内容 int nWriteCount = 0; //当前留言条数 String strWantReply = ""; String strisrply = "未回复"; String str_style = ""; String strWriteID = ""; String strScript = ""; String strAddress = ""; //留言地址 String strReplayTime = ""; //回复时间 String strIp = ""; //回复IP String strreplayuser = ""; //回复机构 String strProvince = ""; String strDeptname = ""; int nStart = TitleListStyle.indexOf( "" ); int nEnd = TitleListStyle.indexOf( "" ); if( nStart != -1 && nEnd != -1 && nEnd > nStart ) { strHead = TitleListStyle.substring(0,nStart ); strForTr = TitleListStyle.substring( nStart+10,nEnd ); strEnd = TitleListStyle.substring( nEnd+11 ); // [0,0] [0,1] [0,2] [0,3] [0,4] [0,5] [0,6] [0,7] [0,8] // i_id,i_toid,vc_author,vc_title,t_content,vc_province,vc_email,vc_qq,vc_deptname,vc_ip,c_date,vc_telphone"); Jcms_MessagebookreplyBLF replayBLF =Jcms_MessagebookreplyBLF.getInstance().init(strAppID, webid); for( int k=nMin; k 0){ strisrply="已回复"; replayContent = StringUtil.getStringTrim(strReData[0][1]); replayContent = AssitedMessagebook.nl2br(replayContent); strReplayTime = StringUtil.getStringTrim(strReData[0][2]); strReplayTime = strReplayTime.substring(0,strReplayTime.length()); strRevertcue = StringUtil.getStringTrim(strReData[0][4]); // 管理员回复提示 if(replayContent.length() > 0){ strreplayuser = StringUtil.getStringTrim(strReData[0][3]); } strReData=null; } else { strisrply="未回复"; strReData=null; } nWriteCount = Jcms_MessagebookinfoBLF.getCount(strAppID,""+webid,strWriteID, ""+nColumnId); // 回复条数 if(strIsReply.equals("0")) strWantReply="我要回复"; //敏感词过滤 Filter filter = SpringUtil.getBean(Filter.class); strAuthor = filter.filterWord(strAuthor); //过滤词 strTitle = filter.filterWord(strTitle); //过滤词 strLeaveWord = filter.filterWord(strLeaveWord); //过滤词 strAddress = filter.filterWord(strAddress); //过滤词 v_coment_value.add( strAuthor ); //作者 v_coment_value.add( strPhone ); //用户电话 v_coment_value.add( strEmail ); //用户Email v_coment_value.add( strTitle ); //留言主题 v_coment_value.add( strLeaveWord ); //留言内容 v_coment_value.add( strLeaveWordTime ); //留言时间 v_coment_value.add( strReplyUrl+"?WriteID="+strWriteID ); v_coment_value.add( ""+(k+1) ); v_coment_value.add( strWantReply ); v_coment_value.add( strisrply ); v_coment_value.add( str_style ); v_coment_value.add( strRevertcue ); //if(entity.getI_ispass() != 4 && !(entity.getI_ispass() == 3 && entity.getI_status() == -1)) { if((entity.getI_ispass() != 1 && entity.getI_status() == -1)) { v_coment_value.add( "" ); } else { v_coment_value.add( replayContent ); } v_coment_value.add( strAddress ); //if(entity.getI_ispass() != 4 && !(entity.getI_ispass() == 3 && entity.getI_status() == -1)) { if((entity.getI_ispass() != 1 && entity.getI_status() == -1)) { v_coment_value.add( "" ); } else { v_coment_value.add( strReplayTime ); } v_coment_value.add( strIp ); v_coment_value.add( strreplayuser ); strForContent = strForTr; strContent = strForContent; //TitleListStyle 主题列表 //if(entity.getI_ispass() != 4) { if(strContent.indexOf("回复：") != -1) { strContent = strContent.replaceAll("回复：", ""); } if(strContent.indexOf("回复时间：") != -1) { strContent = strContent.replaceAll("回复时间：", ""); } //} for( int j=0;j之外的 strScript = strHead + sbComment + strEnd; } //String strPage = gbBLF.getPagination(nPage, nCurrentPage, totalNum, nPageCount,webid, ""+nColumnId); //转换分页条样式 String urlPage = "./que_messagebook.jsp?webid=" + webid + "&ColumnID=" + nColumnId; String strHidden = ""; strHidden += ""; strHidden += ""; strHidden += ""; strHidden += ""; String strPage = gbBLF.getPaginationView(urlPage, totalNum, nPageCount, nCurrentPage, strHidden); v_tpl_value.add(strWriteUrl); v_tpl_value.add(strColumn); v_tpl_value.add(""); v_tpl_value.add( strScript ); v_tpl_value.add(strCanBeShow); v_tpl_value.add(strTopic); for (int j=0; j\n"; strComment += ""; //分页 strComment += strPage; if( nPos1 >=0 && nPos2>=0) strAll = strModalHtml.substring(0,nPos1) + strComment + strModalHtml.substring( nPos2+strFrom2.length() ); else strAll = strModalHtml; String strReplace = "/"+strWeb_in_servername+"/jcms_files/jcms"+strAppID + "/web"+webid+"/site/"; if( url.indexOf("jcms_files/jcms")==-1 ) { strAll = StringUtil.replace( strAll ,strReplace ,"/"); strAll = StringUtil.replace( strAll ,"web1/site/module" ,"module"); } //String cssstyle = "
"; out.println( strAll); //附件JS out.println(" "); %>