public function SendMail($smtp, $commentcon, $comment)
{
if (!Is_email($comment['email'])) {
return FALSE;
}
$url = HTTP_ROOT . 'articleshow/' . $comment['aid'] . '#comments-' . $comment['id'];
$title = 'Hi,您在 【' . PROJECT_NAME . '】 的留言有人回复啦!';
$content = $comment['nickname'] . ', 您好!</br>
您曾在' . PROJECT_NAME . '博客上的评论:' . $comment['contents'] . '</br>
有人给您的回应: ' . $commentcon . '</br>
点击查看回应完整內容:<a herf="' . htmlspecialchars($url) . '">点我跳转</a></br>
欢迎再次来访!</br>
(此邮件由系统自动发出,请勿回复!)';
$smtp->send($comment['email'], $title, $content);
}
public function addcomment()
{
if ('POST' != $_SERVER['REQUEST_METHOD']) {
//这里做一个csrf攻击的防范,当然还可以加Referer的验证,如果要最安全还是得用token令牌
header('Allow: POST');
header('HTTP/1.1 405 Method Not Allowed');
header('Content-Type: text/plain');
die('Illegal request!');
}
$fields = array();
$fields['contents'] = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$fields['cid'] = $tomail = isset($_POST['comment_parent']) ? trim($_POST['comment_parent']) : null;
$fields['aid'] = isset($_POST['comment_post_ID']) ? intval($_POST['comment_post_ID']) : null;
$fields['nickname'] = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$fields['email'] = isset($_POST['email']) ? trim($_POST['email']) : null;
$fields['website'] = isset($_POST['url']) ? trim($_POST['url']) : null;
$fields['ctime'] = time();
$fields['ip'] = Request::getClientIP();
if (6 > strlen($fields['email']) || '' == $fields['nickname']) {
AjaxError('请填写昵称和邮箱!');
}
if (!Is_email($fields['email'])) {
AjaxError('请填写有效的邮箱地址!');
}
if ('' == $fields['contents']) {
AjaxError('请写点评论!');
}
$comment = self::$models->Comment;
//$comment->IpLimit($fields['ip']); //防止评论灌水攻击
$comment->SelfXssattack($fields['contents']);
//防止Xss攻击
if (strstr($fields['cid'], '-')) {
$parents = explode('-', $fields['cid']);
$fields['cid'] = $parents[0];
$tomail = $parents[1];
$commentp = $comment->getOneComment('id', $tomail);
$fields['parent'] = $commentp ? $commentp['id'] . ',' . $commentp['nickname'] : '';
$fidname = '<a href="#comment-' . $commentp['id'] . '" rel="nofollow" class="cute">@' . $commentp['nickname'] . '</a>';
} elseif (!empty($fields['cid'])) {
$commentp = $comment->getOneComment('id', $fields['cid']);
$fields['parent'] = $commentp ? $commentp['id'] . ',' . $commentp['nickname'] : '';
$fidname = '<a href="#comment-' . $commentp['id'] . '" rel="nofollow" class="cute">@' . $commentp['nickname'] . '</a>';
} else {
$fields['parent'] = '';
$fidname = '';
}
$result = $comment->InsertComment($fields);
if (!$result) {
AjaxError('评论添加失败,多次失败请联系站长!');
} else {
$comment->Ifuser($fields['nickname'], $fields['email'], $fields['website']);
//记录游客信息
if (EMAIL_SENT_FOR_REPLY && $fields['cid'] > 0 && !empty($commentp)) {
$comment->SendMail(self::$models->SmtpMail, $fields['contents'], $commentp);
}
//邮件
$toid = empty($commentp) ? '#' : $commentp['id'];
echo '<li class="comment even thread-even depth-1 clearfix" id="comment-' . $toid . '><span class="comt-f"></span> ';
echo ' <div class="c-avatar"><img alt=\'\' src=\'' . IMG_TXING . '\' class=\'avatar avatar-50 photo\' height=\'50\' width=\'50\' /><div class="c-main" id="div-comment-' . $toid . '>';
echo ' <p style="color:#8c8c8c;"><span class="c-author">' . $fields['nickname'] . '</span></p><p>' . $fidname . EmojiH($fields['contents']) . '</p>';
echo ' <div class="c-meta">' . wordTime($fields['ctime']) . ' (' . date('Y-m-d H:i:s', $fields['ctime']) . ')';
echo '</div></div></div></li>';
}
}
