//开始发帖
if ($_GET['action'] == 'post') {
//验证验证码是否输入正确
if (!empty($global_clean['code'])) {
if (!($_POST['code'] == $_SESSION['code'])) {
alert('验证码错误,请重新输入');
}
}
//开始检测是否过度发帖
if (time() - $_COOKIE['post_time'] < $global_clean['re_time']) {
alert('发帖过度频繁');
}
$clean = array();
$clean['username'] = $_COOKIE['username'];
$clean['type'] = $_POST['type'];
$clean['title'] = check_post_title($_POST['title'], 2, 40);
$clean['content'] = check_post_contenr($_POST['content'], 2);
//开始写入数据库
mysql_query("insert into article \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t(username,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttitle,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcontent,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdate\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t values \r\n\t\t\t\t\t\t\t\t\t\t\t\t('{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['title']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['type']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['content']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\tnow()\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t ") or die('数据库插入出错' . mysql_error());
//判断是否插入成功,用mysql_affected_row()进行判断
if (mysql_affected_rows() == 1) {
//发帖成功,开始生成cookie,用于限时发帖
setcookie('post_time', time());
location('恭喜你,发帖成功', "index.php");
} else {
location('很遗憾,发帖失败!', 'post.php');
}
mysql_close();
}
//引入header.php头文件
require dirname(__FILE__) . '/includes/header.inc.php';
}
if (!!($rows = fetch_array("SELECT bbs_uniqid,bbs_repost_time FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
//为了防止cookie伪造,要比对一下唯一标识符uniqid
uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']);
//限制回帖时间
limit_time('回帖', time(), $rows['bbs_repost_time'], $system['repost_time']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建空数组,用来存放提交的合法数据
$clean = array();
//可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。
//唯一标识符第二个作用,登录cookie验证
$clean['reid'] = mysql_real_escape_string($_POST['reid']);
$clean['username'] = mysql_real_escape_string($_COOKIE['username']);
$clean['type'] = mysql_real_escape_string($_POST['type']);
$clean['title'] = mysql_real_escape_string(check_post_title($_POST['title'], 2, 40));
$clean['content'] = mysql_real_escape_string($_POST['content']);
//写入数据库
query("INSERT INTO bbs_article (\n bbs_reid,\n bbs_username,\n bbs_title,\n bbs_type,\n bbs_content,\n bbs_date\n )\n VALUES(\n '{$clean['reid']}',\n '{$clean['username']}',\n '{$clean['title']}',\n '{$clean['type']}',\n '{$clean['content']}',\n NOW()\n )\n ");
if (affected_rows() == 1) {
//setcookie('article_name',time());
$clean['time'] = time();
query("UPDATE bbs_users SET bbs_repost_time='{$clean['time']}' WHERE bbs_username='******'username']}'");
//累积评论
query("UPDATE bbs_article SET bbs_commentcount=bbs_commentcount+1 WHERE bbs_reid=0 AND bbs_id='{$clean['reid']}'");
//关闭数据库
close();
//清除session
//session_destroy();
//跳转到首页
location('恭喜您回帖成功!', 'article.php?id=' . $clean['reid']);
