function auth_check_comment($content) { global $comment; $emember_auth = Emember_Auth::getInstance(); $emember_config = Emember_Config::getInstance(); if ($emember_config->getValue('eMember_protect_comments_separately')) { $id = $comment->comment_ID; if ($emember_auth->is_protected_comment($id)) { if ($emember_auth->isLoggedIn()) { $expires = $emember_auth->getUserInfo('account_state'); if ($expires == 'expired') { return get_renewal_link(); } if (!$emember_auth->is_subscription_expired()) { if ($emember_auth->is_permitted_comment($id)) { return $content; } else { //return '<br/><b>' . EMEMBER_CONTENT_RESTRICTED .'</b>'; return wp_emember_format_message(EMEMBER_CONTENT_RESTRICTED); } } else { return get_renewal_link(); } } else { if (isset($_GET['event']) && $_GET['event'] == 'login') { return get_login_link(); } else { if (isset($emember_auth->hasmore[$id])) { unset($emember_auth->hasmore[$id]); return $content; } } return get_login_link(); } } else { if (isset($emember_auth->hasmore[$id])) { unset($emember_auth->hasmore[$id]); } return $content; } } else { $post = get_post($comment->comment_post_ID); if ($post->post_type == 'page') { return check_page_content($comment->comment_post_ID, $content); } else { return check_post_content($comment->comment_post_ID, $content); } } }
if (!!($rows = fetch_array("SELECT bbs_uniqid,bbs_post_time FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) { //为了防止cookie伪造,要比对一下唯一标识符uniqid uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']); //限制发帖时间 global $system; limit_time('发帖', time(), $rows['bbs_post_time'], $system['post_time']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建空数组,用来存放提交的合法数据 $clean = array(); //可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。 //唯一标识符第二个作用,登录cookie验证 $clean['username'] = mysql_real_escape_string($_COOKIE['username']); $clean['type'] = mysql_real_escape_string($_POST['type']); $clean['title'] = mysql_real_escape_string(check_post_title($_POST['title'], 2, 40)); $clean['content'] = mysql_real_escape_string(check_post_content($_POST['content'], 10)); //写入数据库 query("INSERT INTO bbs_article (\n bbs_username,\n bbs_title,\n bbs_type,\n bbs_content,\n bbs_date\n )\n VALUES(\n '{$clean['username']}',\n '{$clean['title']}',\n '{$clean['type']}',\n '{$clean['content']}',\n NOW()\n )\n "); if (affected_rows() == 1) { $clean['id'] = mysql_insert_id(); //间隔时间写在cookie里面容易失效,写在数据库又占用资源 //setcookie('post_time',time()); $clean['time'] = time(); query("UPDATE bbs_users SET bbs_post_time='{$clean['time']}' WHERE bbs_username='******'username']}'"); //关闭数据库 close(); //清除session //session_destroy(); //跳转到首页 location('恭喜您发帖成功!', 'article.php?id=' . $clean['id']); } else {