$er_langpackage = new errorlp(); $er_lp_action = $er_langpackage->er_refuse_action; $er_lp_guest = $er_langpackage->er_refuse_guest; if (!empty($limit_ip_list)) { if (is_string($limit_ip_list)) { $limit_ip_list = array($limit_ip_list); } foreach ($limit_ip_list as $ip_rs) { if (preg_match("/{$ip_rs}/", $_SERVER['REMOTE_ADDR'])) { echo $er_langpackage->er_refuse_ip; exit; } } } //限制时间段访问站点 limit_time($limit_guest_time, "guest"); function limit_time($limit_time, $type = '') { if (!empty($limit_time)) { global $er_lp_action; global $er_lp_guest; $str = $er_lp_action; if ($type == 'guest') { $str = $er_lp_guest; } if (is_string($limit_time)) { $limit_time = array($limit_time); } foreach ($limit_time as $time_rs) { $time_array = explode("-", $time_rs); $limit_min_time = strtotime($time_array[0]);
close(); //session_destroy(); //跳转到首页 alert('发帖失败'); } } else { alert('非法登录'); } } //处理楼中回帖 if (@$_GET['action'] == 're_art') { if (!!($rows = fetch_array("SELECT bbs_uniqid,bbs_repost_time FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) { //为了防止cookie伪造,要比对一下唯一标识符uniqid uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']); //限制回帖时间 limit_time('回复', time(), $rows['bbs_repost_time'], $system['repost_time']); //创建空数组,用来存放提交的合法数据 $clean = array(); $clean['fid'] = mysql_real_escape_string($_POST['fid']); $clean['reid'] = mysql_real_escape_string($_POST['reid']); $clean['username'] = mysql_real_escape_string($_COOKIE['username']); $clean['content'] = mysql_real_escape_string($_POST['content']); //写入数据库 query("INSERT INTO bbs_re_article (\n bbs_fid,\n bbs_username,\n bbs_content,\n bbs_date\n )\n VALUES(\n '{$clean['fid']}',\n '{$clean['username']}',\n '{$clean['content']}',\n NOW()\n )\n "); if (affected_rows() == 1) { //setcookie('article_name',time()); $clean['time'] = time(); query("UPDATE bbs_users SET bbs_repost_time='{$clean['time']}' WHERE bbs_username='******'username']}'"); //累积评论 query("UPDATE bbs_article SET bbs_commentcount=bbs_commentcount+1 WHERE bbs_reid=0 AND bbs_id='{$clean['reid']}'"); //关闭数据库
* 注意:此文件由tpl_engine编译型模板引擎编译生成。 * 如果您的模板要进行修改,请修改 templates/default/modules/poll/poll_send.html * 如果您的模型要进行修改,请修改 models/modules/poll/poll_send.php * * 修改完成之后需要您进入后台重新编译,才会重新生成。 * 如果您开启了debug模式运行,那么您可以省去上面这一步,但是debug模式每次都会判断程序是否更新,debug模式只适合开发调试。 * 如果您正式运行此程序时,请切换到service模式运行! * * 如有您有问题请到官方论坛(http://tech.jooyea.com/bbs/)提问,谢谢您的支持。 */ //引入公共模块 require "foundation/fpages_bar.php"; require "foundation/module_poll.php"; require "api/base_support.php"; //限制时间段访问站点 limit_time($limit_action_time); //语言包引入 $pol_langpackage = new polllp(); //变量区 $user_id = get_sess_userid(); $user_info = api_proxy("user_self_by_uid", "integral", $user_id); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>blog</title> <base href='<?php echo $siteDomain; ?> ' />
if (!isset($_COOKIE['username'])) { location('请先登录', 'login.php'); } global $system; //将帖子写入数据库 if (@$_GET['action'] == 'post') { //为防止恶意注册,跨站攻击 if ($system['code'] == 1) { check_code($_POST['code'], $_SESSION['code']); } if (!!($rows = fetch_array("SELECT bbs_uniqid,bbs_post_time FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) { //为了防止cookie伪造,要比对一下唯一标识符uniqid uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']); //限制发帖时间 global $system; limit_time('发帖', time(), $rows['bbs_post_time'], $system['post_time']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建空数组,用来存放提交的合法数据 $clean = array(); //可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。 //唯一标识符第二个作用,登录cookie验证 $clean['username'] = mysql_real_escape_string($_COOKIE['username']); $clean['type'] = mysql_real_escape_string($_POST['type']); $clean['title'] = mysql_real_escape_string(check_post_title($_POST['title'], 2, 40)); $clean['content'] = mysql_real_escape_string(check_post_content($_POST['content'], 10)); //写入数据库 query("INSERT INTO bbs_article (\n bbs_username,\n bbs_title,\n bbs_type,\n bbs_content,\n bbs_date\n )\n VALUES(\n '{$clean['username']}',\n '{$clean['title']}',\n '{$clean['type']}',\n '{$clean['content']}',\n NOW()\n )\n "); if (affected_rows() == 1) { $clean['id'] = mysql_insert_id(); //间隔时间写在cookie里面容易失效,写在数据库又占用资源