InitGP(array('atc_content'), 'P', 0);
$atc_content = trim(Char_cv($atc_content));
if (!$atc_content || !$msg_title || !$pwuser) {
Showmsg('msg_empty');
} elseif (strlen($msg_title) > 75 || strlen($atc_content) > 1500) {
Showmsg('msg_subject_limit');
}
require_once R_P . 'require/bbscode.php';
$wordsfb = L::loadClass('FilterUtil');
if (($banword = $wordsfb->comprise($msg_title)) !== false) {
Showmsg('title_wordsfb');
}
if (($banword = $wordsfb->comprise($atc_content, false)) !== false) {
Showmsg('content_wordsfb');
}
$msgq && Qcheck($_POST['qanswer'], $_POST['qkey']);
$rt = $db->get_one("SELECT uid,banpm,msggroups FROM pw_members WHERE username="******",{$groupid},") !== false || strpos(",{$rt['banpm']},", ",{$windid},") !== false) {
$errorname = $pwuser;
Showmsg('msg_refuse');
}
require_once R_P . 'require/msg.php';
$msg = array('toUser' => $pwuser, 'fromUid' => $winduid, 'fromUser' => $windid, 'subject' => $msg_title, 'content' => stripslashes($atc_content));
if ($ifsave) {
$db->update('INSERT INTO pw_msg SET ' . pwSqlSingle(array('touid' => $rt['uid'], 'fromuid' => $winduid, 'username' => $pwuser, 'type' => 'sebox', 'ifnew' => 0, 'mdate' => $timestamp), false));
$mid = $db->insert_id();
$db->update('INSERT INTO pw_msgc SET ' . pwSqlSingle(array('mid' => $mid, 'title' => $msg_title, 'content' => stripslashes($atc_content)), false));
}
list(, $_LoginInfo) = pwNavBar();
list(, , , , $hasSafeCv) = $loginInfo;
if ($db_ifsafecv && $hasSafeCv || $db_gdcheck & 2 || $_LoginInfo['qcheck']) {
require_once PrintEot('header_login_pop');
ajax_footer();
}
}
if ($ajax && $ajaxstep == 2) {
if ($db_gdcheck & 2) {
$checkCode = GdConfirm(S::getGp('gdcode', 'P'), true);
!$checkCode && showLoginAjaxMessage('gdcodeerror');
}
if ($db_ckquestion & 2) {
list($qanswer, $questionKey) = array(S::getGp('qanswer', 'P'), S::getGp('qkey', 'P'));
$checkAnswer = Qcheck($qanswer, $questionKey, true);
!$checkAnswer && showLoginAjaxMessage('ckquestionerror');
}
} else {
PostCheck(0, $db_gdcheck & 2, $db_ckquestion & 2 && $db_question, 0);
}
$jumpurl = str_replace(array('=', '&'), array('=', '&'), $jumpurl);
if (!$pwuser || !$pwpwd) {
Showmsg('login_empty');
}
$md5_pwpwd = md5($pwpwd);
$safecv = $db_ifsafecv ? questcode($question, $customquest, $answer) : '';
$logininfo = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt, true);
if (!is_array($logininfo)) {
if ($logininfo == 'login_jihuo') {
$regEmail = getRegEmail($pwuser);
function PostCheck($verify = 1, $gdcheck = 0, $qcheck = 0, $refer = 1)
{
global $pwServer;
$verify && checkVerify();
if ($refer && $pwServer['REQUEST_METHOD'] == 'POST') {
$referer_a = @parse_url($pwServer['HTTP_REFERER']);
if ($referer_a['host']) {
list($http_host) = explode(':', $pwServer['HTTP_HOST']);
if ($referer_a['host'] != $http_host) {
Showmsg('undefined_action');
}
}
}
$gdcheck && GdConfirm($_POST['gdcode']);
$qcheck && Qcheck($_POST['qanswer'], $_POST['qkey']);
}
/**
* POST请求检查
*
* @global array $pwServer
* @param int $checkHash 是否检查请求hash
* @param int $checkGd 是否检查验证码
* @param int $checkQuestion 是否检查安全问题
* @param int $checkReferer 是否检查refer
*/
function PostCheck($checkHash = 1, $checkGd = 0, $checkQuestion = 0, $checkReferer = 1)
{
global $pwServer;
$checkHash && checkVerify();
if ($checkReferer && $pwServer['REQUEST_METHOD'] == 'POST') {
$refererParsed = @parse_url($pwServer['HTTP_REFERER']);
if ($refererParsed['host']) {
list($httpHost) = explode(':', $pwServer['HTTP_HOST']);
if ($refererParsed['host'] != $httpHost) {
Showmsg('undefined_action');
}
}
}
$checkGd && GdConfirm($_POST['gdcode']);
$checkQuestion && Qcheck($_POST['qanswer'], $_POST['qkey']);
}
