/**
* 检查hash值,验证用户数据安全性
*/
final private function check_hash() {
if(preg_match('/^public_/', ROUTE_A) || ROUTE_M =='admin' && ROUTE_C =='index' || in_array(ROUTE_A, array('login'))) {
return true;
}
if(isset($_GET['pc_hash']) && $_SESSION['pc_hash'] != '' && ($_SESSION['pc_hash'] == $_GET['pc_hash'])) {
return true;
} elseif(isset($_POST['pc_hash']) && $_SESSION['pc_hash'] != '' && ($_SESSION['pc_hash'] == $_POST['pc_hash'])) {
return true;
} else {
showmessage(L('hash_check_false'),HTTP_REFERER);
}
}
phpcms给函数进行了hash验证,因此,现在方法是这样写的:
public function public_mobile_getjson_ids() {//publc是后来加上去的
$modelid = intval($_GET['modelid']);
$id = intval($_GET['id']);
$this->db->set_model($modelid);
$tablename = $this->db->table_name;
$this->db->table_name = $tablename.'_data';
$r = $this->db->get_one(array('id'=>$id),'mobile_type');
if($r['mobile_type']) {
$relation = str_replace('|', ',', $r['mobile_type']);
$relation = trim($relation,',');
$where = "id IN($relation)";
$infos = array();
$this->mobile_db = pc_base::load_model ( 'mobile_type_model' );
$datas = $this->mobile_db->select($where,'id,type_name');
//$this->db->table_name = $tablename;
//$datas = $this->db->select($where,'id,title');
foreach($datas as $_v) {
$_v['sid'] = 'v'.$_v['id'];
if(strtolower(CHARSET)=='gbk') $_v['type_name'] = iconv('gbk', 'utf-8', $_v['type_name']);
$infos[] = $_v;
}
echo json_encode($infos);
}
}
js部分的getJSON是这样写的:
//显示添加机型
function show_mobiletype(modelid,id) {
$.getJSON("?m=content&c=content&a=public_mobile_getjson_ids&modelid="+modelid+"&id="+id, function(json){
var newrelation_ids = '';
if(json==null) {
alert('没有添加相关文章');
return false;
}
$.each(json, function(i, n){
newrelation_ids += "<li id='"+n.sid+"'>·<span>"+n.type_name+"</span><a href='javascript:;' onclick="remove_relation('"+n.sid+"',"+n.id+")"></a></li>";
});
$('#mobile_type_text').html(newrelation_ids);
});
}
就好了。要注意phpcms里面调用远程地址,方法前加上public啊!!