<link rel="shortcut icon" href="images/favicon.ico" />
<script type="text/javascript" src="js/add_img.js"></script>
</head>
<body>
<?php
define('IN_TG', true);
require dirname(__FILE__) . '/includes/conn.inc.php';
require dirname(__FILE__) . '/includes/global.fun.php';
require dirname(__FILE__) . '/includes/add_dir_fun.php';
require dirname(__FILE__) . '/includes/common.inc.php';
//普通会员也可以添加图片
check_login();
if ($_GET['action'] == 'add_img') {
$clean = array();
$clean['name'] = check_name($_POST['name']);
$clean['url'] = check_photo_url($_POST['url']);
$clean['content'] = $_POST['content'];
$clean['dir_id'] = $_POST['dir_id'];
//开始写入数据库
mysql_query("insert into photo (\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tname,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\turl,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcontent,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdir_id,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdate\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t \t\t\t\t\t\t\tvalues\t\t\t\t\t(\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['name']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_COOKIE['username']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['url']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['content']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['dir_id']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tnow()\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
if (mysql_affected_rows() == 1) {
location('图片添加成功', 'photo_show.php?id=' . $clean['dir_id']);
} else {
alert('图片添加失败');
}
exit;
}
//获取数据
if (isset($_GET['id'])) {
if (!!($row = mysql_fetch_array(mysql_query("select * from add_dir where id='{$_GET['id']}'")))) {
$html = array();
} else {
alert('非法操作');
}
}
//保存图片信息进入数据库
if (@$_GET['action'] == 'addphoto') {
//要删除的时候,需要进行唯一标识符验证,避免恶意删除
if (!!($rows1 = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
//为了防止cookie伪造,要比对一下唯一标识符uniqid
uniqid_check($rows1['bbs_uniqid'], $_COOKIE['uniqid']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//接收数据
$clean = array();
$clean['name'] = mysql_real_escape_string(check_dir_name($_POST['name'], 2, 20));
$clean['url'] = mysql_real_escape_string(check_photo_url($_POST['url']));
$clean['content'] = mysql_real_escape_string($_POST['content']);
$clean['fid'] = mysql_real_escape_string($_POST['fid']);
//写入数据库
query("INSERT INTO bbs_photo (\n bbs_name,\n bbs_url,\n bbs_content,\n bbs_fid,\n bbs_username,\n bbs_date\n )\n VALUES (\n '{$clean['name']}',\n '{$clean['url']}',\n '{$clean['content']}',\n '{$clean['fid']}',\n '{$_COOKIE['username']}',\n NOW()\n )\n ");
if (affected_rows() == 1) {
//关闭数据库
close();
location('图片添加成功!', 'show_photo.php?id=' . $clean['fid']);
} else {
close();
alert('图片添加失败');
}
} else {
alert('非法操作');
}
