Commit 46c419eed2b0661f35981f7d6cb6fba32a4bb12e
1 parent
37d6de1b
【留言板】发表留言相关 数据验证实现
Showing
3 changed files
with
72 additions
and
10 deletions
trunk/Message/Api/Controller/Message/MessInputController.class.php
| ... | ... | @@ -8,7 +8,7 @@ |
| 8 | 8 | |
| 9 | 9 | namespace Api\Controller\Message; |
| 10 | 10 | |
| 11 | -use Common\Model\RightModel; | |
| 11 | +use Common\Model\MessagesModel; | |
| 12 | 12 | |
| 13 | 13 | class MessInputController extends \Api\Controller\AbstractController |
| 14 | 14 | { |
| ... | ... | @@ -20,20 +20,55 @@ class MessInputController extends \Api\Controller\AbstractController |
| 20 | 20 | protected $_require_login = false; |
| 21 | 21 | |
| 22 | 22 | |
| 23 | - public function Index_get() | |
| 23 | + public function Index_post() | |
| 24 | 24 | { |
| 25 | - $this->_result = "您已留言成功,请等待审核。"; | |
| 25 | + | |
| 26 | + session_start(); | |
| 27 | + | |
| 28 | + $data = $this->checkFields( I('post.') ); | |
| 29 | + | |
| 30 | + if( !$data ){ | |
| 31 | + $this->_result = "数据验证失败"; | |
| 32 | + die; | |
| 33 | + } | |
| 34 | + | |
| 35 | + $messagesModel = new MessagesModel(); | |
| 36 | + | |
| 37 | + $messagesModel->m_uid = $_SESSION['userid']; | |
| 38 | + $messagesModel->m_title = $data['title']; | |
| 39 | + $messagesModel->m_content = $data['message']; | |
| 40 | + $messagesModel->m_ip = $_SERVER['REMOTE_ADDR']; | |
| 41 | + | |
| 42 | + //$this->_result = "您已留言成功,请等待审核。"; | |
| 26 | 43 | |
| 27 | 44 | } |
| 28 | 45 | |
| 29 | 46 | /** |
| 30 | 47 | * 验证提交参数字段合法性 |
| 31 | 48 | * |
| 32 | - * @param array $post | |
| 49 | + * @param array $postData | |
| 33 | 50 | * @return bool |
| 34 | 51 | */ |
| 35 | - private function checkFields($post = []) | |
| 52 | + private function checkFields($postData = []) | |
| 36 | 53 | { |
| 37 | - return true; | |
| 54 | + $parrent = "/\ |\/|\~|\!|\@|\#|\\$|\%|\^|\&|\*|\(|\)|\_|\+|\{|\}|\:|\<|\>|\?|\[|\]|\,|\.|\/|\;|\\' | \`|\-|\=|\\\|\|/"; | |
| 55 | + $data = []; | |
| 56 | + | |
| 57 | + if( empty($postData['title']) || strlen($postData['title'])>80 ){ | |
| 58 | + $this->_result = "标题不能为空且标题长度必须小于80。"; | |
| 59 | + return false; | |
| 60 | + | |
| 61 | + }else{ | |
| 62 | + $data['title'] = preg_replace( $parrent, "", $postData['title']); | |
| 63 | + } | |
| 64 | + | |
| 65 | + if( empty($postData['message']) || strlen($postData['message'])>500 ){ | |
| 66 | + $this->_result = "留言内容不能为空且长度必须小于500。"; | |
| 67 | + return false; | |
| 68 | + }else{ | |
| 69 | + $data['message'] = preg_replace( $parrent, "", $postData['message'] ); | |
| 70 | + } | |
| 71 | + | |
| 72 | + return $data; | |
| 38 | 73 | } |
| 39 | 74 | } | ... | ... |
trunk/www/apidocassets/javascript/mess_front.js
| ... | ... | @@ -10,7 +10,31 @@ |
| 10 | 10 | function inputCheck( src ) |
| 11 | 11 | { |
| 12 | 12 | // 发表留言场景 |
| 13 | - if( src == 'mess' ){} | |
| 13 | + if( src == 'mess' ){ | |
| 14 | + var title = $('#txtTitle').val(); | |
| 15 | + var content = $('#txtCon').val(); | |
| 16 | + | |
| 17 | + if( title == '' || title.length >80){ | |
| 18 | + return false; | |
| 19 | + } | |
| 20 | + | |
| 21 | + if( content !='' && content.length <=500){ | |
| 22 | + var pattern = new RegExp("[`~!@#$^&*()=|{}':;',\\[\\].<>/?~!@#¥……&*()——|{}【】‘;:”“'。,、?]"); | |
| 23 | + var message = ""; | |
| 24 | + for(var i=0;i<content.length;i++) | |
| 25 | + { | |
| 26 | + message += content.substr(i, 1).replace(pattern, ''); | |
| 27 | + } | |
| 28 | + | |
| 29 | + $("#message").val( message ); | |
| 30 | + | |
| 31 | + }else{ | |
| 32 | + return false; | |
| 33 | + } | |
| 34 | + | |
| 35 | + return true; | |
| 36 | + } | |
| 37 | + | |
| 14 | 38 | |
| 15 | 39 | // 登录场景 |
| 16 | 40 | if( src == 'login' ){ |
| ... | ... | @@ -35,6 +59,8 @@ function jumpSubmit() |
| 35 | 59 | return false; |
| 36 | 60 | } |
| 37 | 61 | |
| 62 | + $("#frm_input").submit(); | |
| 63 | + | |
| 38 | 64 | } |
| 39 | 65 | |
| 40 | 66 | /** | ... | ... |
trunk/www/mess_front/input.PHP
| ... | ... | @@ -20,7 +20,7 @@ |
| 20 | 20 | </head> |
| 21 | 21 | <body> |
| 22 | 22 | <div class="con"> |
| 23 | - <form action="http://lys.com/wx5019b9c455ea9c81/Message/Api/Message/MessInput" method="post" id="frm_input"> | |
| 23 | + <form action="http://lys.com/wx5019b9c455ea9c81/Message/Api/Message/MessInput/Index" method="post" id="frm_input"> | |
| 24 | 24 | <table> |
| 25 | 25 | <caption><h2>发表留言</h2></caption> |
| 26 | 26 | <!--<tr> |
| ... | ... | @@ -32,13 +32,14 @@ |
| 32 | 32 | <tr> |
| 33 | 33 | <td>标题:</td> |
| 34 | 34 | <td> |
| 35 | - <input name="txtTitle" id="txtTitle" type="text" maxlength="80" > | |
| 35 | + <input name="title" id="txtTitle" type="text" maxlength="80" > | |
| 36 | 36 | </td> |
| 37 | 37 | </tr> |
| 38 | 38 | <tr> |
| 39 | 39 | <td>留言内容:</td> |
| 40 | 40 | <td> |
| 41 | - <textarea rows="8" cols="40" name="txtCon" id="txtCon" ></textarea> | |
| 41 | + <textarea rows="8" cols="40" name="content" id="txtCon" ></textarea> | |
| 42 | + <input type="hidden" value="" name="message" id="message" > | |
| 42 | 43 | </td> |
| 43 | 44 | </tr> |
| 44 | 45 | <tr> | ... | ... |