ShowMsg("成功添加回复话题!", "viewthread.php?id={$id}&tid={$tid}"); exit; } else { if ($action == "edit" && ($ismaster || $cfg_ml->M_ID == $uid)) { $svali = GetCkVdValue(); if (strtolower($vdcode) != $svali || $svali == "") { ShowMsg("认证码错误!", "-1"); exit; } $subject = cn_substrR(trim(HtmlReplace($subject, 2)), 80); if (CountStrLen($subject) > 80) { ShowMsg("主题字数应该在3-80个汉字!", "-1"); exit; } $threads = cn_substrR(eregi_replace("<(iframe|script)", "", $threads), 2000); if (CountStrLen($threads) < 3 || CountStrLen($threads) > $cfg_group_words) { ShowMsg("主题内容字数应该在3-{$cfg_group_words}个汉字!", "-1"); exit; } if (empty($threads)) { $threads = $message; } if (ereg("{$cfg_notallowstr}", $subject) || ereg("{$cfg_notallowstr}", $threads)) { ShowMsg("含有非法字符!.", "-1"); exit; } if ($first) { $types = ereg_replace("[^0-9]", "", $types); if ($types < 1) { $types = 0; }
ShowMsg("未登录前不充许该操作!", "-1"); exit; } if ($id < 1) { ShowMsg("错误,未定义的操作!", "-1"); exit; } if ($action == "save") { $svali = GetCkVdValue(); if (strtolower($vdcode) != $svali || $svali == "") { ShowMsg("认证码错误!", "-1"); exit; } $subject = cn_substrR(trim(HtmlReplace($subject), 2), 80); $text = preg_replace("#<(iframe|script)#i", "", $text); if (CountStrLen($text) < 3 || CountStrLen($text) > 1000) { ShowMsg("内容字数应该在3-1000个汉字!", "-1"); exit; } if (preg_match("#{$cfg_notallowstr}#", $subject) || preg_match("#{$cfg_notallowstr}#", $text)) { ShowMsg("含有非法字符!", "-1"); exit; } $subject = preg_replace("/{$cfg_replacestr}/", "***", $subject); $text = preg_replace("/{$cfg_replacestr}/", "***", $text); $userip = GetIP(); $SetQuery = "INSERT INTO #@__group_guestbook(gid,title,uname,userid,stime,message,ip) "; $SetQuery .= "VALUES('{$id}','{$subject}','" . $cfg_ml->M_UserName . "','" . $cfg_ml->M_ID . "','" . time() . "','{$text}','{$userip}');"; if ($db->ExecuteNoneQuery($SetQuery)) { ShowMsg("留言成功!", "guestbook.php?id={$id}"); exit;
} else { $SetQuery = "UPDATE #@__group_notice SET title='{$subject}',notice='{$notice}',stime='" . time() . "',ip='{$userip}' WHERE id='{$nid}';"; $db->ExecuteNoneQuery($SetQuery); $msg = "已经更改公告!"; } } ShowMsg($msg, ''); } else { if ($action == "add") { $notice = eregi_replace("<(iframe|script)", "", $notice); $subject = cn_substrR(HtmlReplace($subject, 2), 80); $userip = GetIP(); if (empty($subject)) { $msg = "请填写公告标题!"; } else { if (empty($notice) || CountStrLen($notice > 100)) { $msg = "请填写规定长度的公告内容!"; } else { $SetQuery = "INSERT INTO #@__group_notice(uname,userid,title,notice,stime,gid,ip) VALUES('" . $cfg_ml->M_UserName . "','" . $cfg_ml->M_ID . "','" . $subject . "','" . $notice . "','" . time() . "','{$id}','" . $userip . "');"; $db->ExecuteNoneQuery($SetQuery); $msg = "已经更改公告!"; } } ShowMsg($msg, ''); } } $SetQuery = ''; //公告信息 $row = $db->GetOne("SELECT `id`,`title`,`notice` FROM `#@__group_notice` WHERE `gid`=" . $id); if (is_array($row)) { $nid = $row['id'];