if (strpos($temp, '<') !== false || strpos($temp, '>') !== false || strpos($temp, '(') !== false || strpos($temp, '"') !== false) { exit('Request Bad url'); } } // 加载核心函数 require_once SABLOG_ROOT . 'include/func/global.func.php'; $action = addslashes($_POST['action'] ? $_POST['action'] : $_GET['action']); $php_self = char_cv($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']); $timestamp = time(); //登陆存活期一个月 $login_life = 2592000; // 防止 PHP 5.1.x 使用时间函数报错 if (PHP_VERSION > '5.1') { @date_default_timezone_set('UTC'); } define('IS_ROBOT', isrobot()); $referer = getreferer(); // 加载数据库配置信息 require_once SABLOG_ROOT . 'config.php'; // 检查防刷新或代理访问 if ($attackevasive) { require_once SABLOG_ROOT . 'include/fense.inc.php'; } // 加载数据库类 require_once SABLOG_ROOT . 'include/class/mysql.class.php'; // 初始化数据库类 $DB = new DB_MySQL(); $DB->connect($servername, $dbusername, $dbpassword, $dbname, $usepconnect); unset($servername, $dbusername, $dbpassword, $dbname, $usepconnect); // 获得IP地址 if (getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
// this function does its own _GETs. Maybe it should $mpval = get_mpid_attr_decode($db, $db2, ""); } # front page if (!$vrand) { // generate the random number and note it down into the main user table $vrand = rand(10, 10000000); //$db->query("drop table if exists pw_dyn_glenrothes_use"); //$db->query("create table pw_dyn_glenrothes_use (ltime timestamp, vrand int, vpostcode varchar(20), vconstituency varchar(40), referrer varchar(200), ipnumber varchar(25), vdash varchar(7))"); if (!isrobot()) { //$hithere = "<h1>hithere $vrand</h1>"; $db->query("INSERT INTO pw_dyn_glenrothes_use (ltime, vrand, vpostcode, vconstituency, referrer, ipnumber, vdash)\n VALUES (NOW(), {$vrand}, '', '', '{$referrer}', '{$ipnumber}', '{$vdash}')"); } } else { $vrand = (int) $vrand; if (!isrobot() and preg_match("/.*?house=z/", $referrer)) { header("Content-Type: text/html; charset=UTF-8"); print "<h1>hit counters</h1>\n"; WriteHitCounters($db); exit(0); } } // no matching MP found if (!$mpval) { header("Content-Type: text/html; charset=UTF-8"); print $hithere; WriteFrontPage($vpostcode, $vrand); exit(0); } $mpprop = $mpval["mpprop"]; $vconstituency = $mpprop["constituency"];