InitGP(array('atc_content'), 'P', 0); $atc_content = trim(Char_cv($atc_content)); if (!$atc_content || !$msg_title || !$pwuser) { Showmsg('msg_empty'); } elseif (strlen($msg_title) > 75 || strlen($atc_content) > 1500) { Showmsg('msg_subject_limit'); } require_once R_P . 'require/bbscode.php'; $wordsfb = L::loadClass('FilterUtil'); if (($banword = $wordsfb->comprise($msg_title)) !== false) { Showmsg('title_wordsfb'); } if (($banword = $wordsfb->comprise($atc_content, false)) !== false) { Showmsg('content_wordsfb'); } $msgq && Qcheck($_POST['qanswer'], $_POST['qkey']); $rt = $db->get_one("SELECT uid,banpm,msggroups FROM pw_members WHERE username="******",{$groupid},") !== false || strpos(",{$rt['banpm']},", ",{$windid},") !== false) { $errorname = $pwuser; Showmsg('msg_refuse'); } require_once R_P . 'require/msg.php'; $msg = array('toUser' => $pwuser, 'fromUid' => $winduid, 'fromUser' => $windid, 'subject' => $msg_title, 'content' => stripslashes($atc_content)); if ($ifsave) { $db->update('INSERT INTO pw_msg SET ' . pwSqlSingle(array('touid' => $rt['uid'], 'fromuid' => $winduid, 'username' => $pwuser, 'type' => 'sebox', 'ifnew' => 0, 'mdate' => $timestamp), false)); $mid = $db->insert_id(); $db->update('INSERT INTO pw_msgc SET ' . pwSqlSingle(array('mid' => $mid, 'title' => $msg_title, 'content' => stripslashes($atc_content)), false));
} list(, $_LoginInfo) = pwNavBar(); list(, , , , $hasSafeCv) = $loginInfo; if ($db_ifsafecv && $hasSafeCv || $db_gdcheck & 2 || $_LoginInfo['qcheck']) { require_once PrintEot('header_login_pop'); ajax_footer(); } } if ($ajax && $ajaxstep == 2) { if ($db_gdcheck & 2) { $checkCode = GdConfirm(S::getGp('gdcode', 'P'), true); !$checkCode && showLoginAjaxMessage('gdcodeerror'); } if ($db_ckquestion & 2) { list($qanswer, $questionKey) = array(S::getGp('qanswer', 'P'), S::getGp('qkey', 'P')); $checkAnswer = Qcheck($qanswer, $questionKey, true); !$checkAnswer && showLoginAjaxMessage('ckquestionerror'); } } else { PostCheck(0, $db_gdcheck & 2, $db_ckquestion & 2 && $db_question, 0); } $jumpurl = str_replace(array('=', '&'), array('=', '&'), $jumpurl); if (!$pwuser || !$pwpwd) { Showmsg('login_empty'); } $md5_pwpwd = md5($pwpwd); $safecv = $db_ifsafecv ? questcode($question, $customquest, $answer) : ''; $logininfo = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt, true); if (!is_array($logininfo)) { if ($logininfo == 'login_jihuo') { $regEmail = getRegEmail($pwuser);
function PostCheck($verify = 1, $gdcheck = 0, $qcheck = 0, $refer = 1) { global $pwServer; $verify && checkVerify(); if ($refer && $pwServer['REQUEST_METHOD'] == 'POST') { $referer_a = @parse_url($pwServer['HTTP_REFERER']); if ($referer_a['host']) { list($http_host) = explode(':', $pwServer['HTTP_HOST']); if ($referer_a['host'] != $http_host) { Showmsg('undefined_action'); } } } $gdcheck && GdConfirm($_POST['gdcode']); $qcheck && Qcheck($_POST['qanswer'], $_POST['qkey']); }
/** * POST请求检查 * * @global array $pwServer * @param int $checkHash 是否检查请求hash * @param int $checkGd 是否检查验证码 * @param int $checkQuestion 是否检查安全问题 * @param int $checkReferer 是否检查refer */ function PostCheck($checkHash = 1, $checkGd = 0, $checkQuestion = 0, $checkReferer = 1) { global $pwServer; $checkHash && checkVerify(); if ($checkReferer && $pwServer['REQUEST_METHOD'] == 'POST') { $refererParsed = @parse_url($pwServer['HTTP_REFERER']); if ($refererParsed['host']) { list($httpHost) = explode(':', $pwServer['HTTP_HOST']); if ($refererParsed['host'] != $httpHost) { Showmsg('undefined_action'); } } } $checkGd && GdConfirm($_POST['gdcode']); $checkQuestion && Qcheck($_POST['qanswer'], $_POST['qkey']); }