ShowMsg("成功添加回复话题!", "viewthread.php?id={$id}&tid={$tid}");
exit;
} else {
if ($action == "edit" && ($ismaster || $cfg_ml->M_ID == $uid)) {
$svali = GetCkVdValue();
if (strtolower($vdcode) != $svali || $svali == "") {
ShowMsg("认证码错误!", "-1");
exit;
}
$subject = cn_substrR(trim(HtmlReplace($subject, 2)), 80);
if (CountStrLen($subject) > 80) {
ShowMsg("主题字数应该在3-80个汉字!", "-1");
exit;
}
$threads = cn_substrR(eregi_replace("<(iframe|script)", "", $threads), 2000);
if (CountStrLen($threads) < 3 || CountStrLen($threads) > $cfg_group_words) {
ShowMsg("主题内容字数应该在3-{$cfg_group_words}个汉字!", "-1");
exit;
}
if (empty($threads)) {
$threads = $message;
}
if (ereg("{$cfg_notallowstr}", $subject) || ereg("{$cfg_notallowstr}", $threads)) {
ShowMsg("含有非法字符!.", "-1");
exit;
}
if ($first) {
$types = ereg_replace("[^0-9]", "", $types);
if ($types < 1) {
$types = 0;
}
ShowMsg("未登录前不充许该操作!", "-1");
exit;
}
if ($id < 1) {
ShowMsg("错误,未定义的操作!", "-1");
exit;
}
if ($action == "save") {
$svali = GetCkVdValue();
if (strtolower($vdcode) != $svali || $svali == "") {
ShowMsg("认证码错误!", "-1");
exit;
}
$subject = cn_substrR(trim(HtmlReplace($subject), 2), 80);
$text = preg_replace("#<(iframe|script)#i", "", $text);
if (CountStrLen($text) < 3 || CountStrLen($text) > 1000) {
ShowMsg("内容字数应该在3-1000个汉字!", "-1");
exit;
}
if (preg_match("#{$cfg_notallowstr}#", $subject) || preg_match("#{$cfg_notallowstr}#", $text)) {
ShowMsg("含有非法字符!", "-1");
exit;
}
$subject = preg_replace("/{$cfg_replacestr}/", "***", $subject);
$text = preg_replace("/{$cfg_replacestr}/", "***", $text);
$userip = GetIP();
$SetQuery = "INSERT INTO #@__group_guestbook(gid,title,uname,userid,stime,message,ip) ";
$SetQuery .= "VALUES('{$id}','{$subject}','" . $cfg_ml->M_UserName . "','" . $cfg_ml->M_ID . "','" . time() . "','{$text}','{$userip}');";
if ($db->ExecuteNoneQuery($SetQuery)) {
ShowMsg("留言成功!", "guestbook.php?id={$id}");
exit;
} else {
$SetQuery = "UPDATE #@__group_notice SET title='{$subject}',notice='{$notice}',stime='" . time() . "',ip='{$userip}' WHERE id='{$nid}';";
$db->ExecuteNoneQuery($SetQuery);
$msg = "已经更改公告!";
}
}
ShowMsg($msg, '');
} else {
if ($action == "add") {
$notice = eregi_replace("<(iframe|script)", "", $notice);
$subject = cn_substrR(HtmlReplace($subject, 2), 80);
$userip = GetIP();
if (empty($subject)) {
$msg = "请填写公告标题!";
} else {
if (empty($notice) || CountStrLen($notice > 100)) {
$msg = "请填写规定长度的公告内容!";
} else {
$SetQuery = "INSERT INTO #@__group_notice(uname,userid,title,notice,stime,gid,ip) VALUES('" . $cfg_ml->M_UserName . "','" . $cfg_ml->M_ID . "','" . $subject . "','" . $notice . "','" . time() . "','{$id}','" . $userip . "');";
$db->ExecuteNoneQuery($SetQuery);
$msg = "已经更改公告!";
}
}
ShowMsg($msg, '');
}
}
$SetQuery = '';
//公告信息
$row = $db->GetOne("SELECT `id`,`title`,`notice` FROM `#@__group_notice` WHERE `gid`=" . $id);
if (is_array($row)) {
$nid = $row['id'];
