if ($settingInfo['rewrite'] == 0) {
$gourl = "index.php?load={$load}";
}
if ($settingInfo['rewrite'] == 1) {
$gourl = "rewrite.php/{$load}";
}
if ($settingInfo['rewrite'] == 2) {
$gourl = "{$load}";
}
if ($settingInfo['rewrite'] == 1) {
$base_rewrite = "http://" . $_SERVER['HTTP_HOST'] . substr($PHP_SELF, 0, strpos($PHP_SELF, "f2blog_ajax.php"));
} else {
$base_rewrite = "";
}
//过滤IP
$allow_reply = filter_ip(getip());
$openwin_width = "560";
$openwin_height = "450";
if ($page < 1) {
$page = 1;
}
$start_record = ($page - 1) * $per_page;
$sql = "select distinct a.*,b.id as member_id,b.nickname,b.isHiddenEmail,b.email as member_email,b.homePage as member_homepage from " . $DBPrefix . "guestbook as a left join " . $DBPrefix . "members as b on a.author=b.username where parent='0' order by postTime {$settingInfo['gbookOrder']}";
$nums_sql = "select count(id) as numRows from " . $DBPrefix . "guestbook where parent='0'";
$total_num = getNumRows($nums_sql);
$query_sql = $sql . " Limit {$start_record},{$per_page}";
$query_result = $DMC->query($query_sql);
$arr_parent = $DMC->fetchQueryAll($query_result);
?>
<div class="pageContent" style="OVERFLOW: hidden; LINE-HEIGHT: 140%; HEIGHT: 18px; TEXT-ALIGN: right">
<div class="page" style="float:left"><span id="load_ajax_msg"></span>
<br/><a href="index.php"><?php
echo $strErrorBack;
?>
</a></div>
</div>
</div>
</div><br/><br/>
<?php
} else {
$arr_array = $DMF->fetchQueryAll($result);
$fa = $arr_array[0];
$strFeadLogs = $strFeadAll . $fa['name'] . $strLogss;
$strViewLogs = $strView . $fa['name'] . $strLogss;
$extra = tb_extra($id, $fa['postTime']);
if (!filter_ip(getip()) or $fa['isTrackback'] == 0) {
//为禁止IP时,不给看引用地址
$tb_url = "";
} else {
$tb_url = $settingInfo['blogUrl'] . "trackback.php?tbID={$id}&extra={$extra}";
}
$postTime = $fa['postTime'];
$searchSql = searchSQL($job, $seekname);
$prevsql = "SELECT id,logTitle FROM " . $DBPrefix . "logs WHERE postTime < '" . $postTime . "' and saveType=1 {$searchSql} ORDER BY postTime DESC LIMIT 1";
$prevLog = $DMF->fetchArray($DMF->query($prevsql));
$previd = $prevLog['id'];
$prevtitle = "{$strPrevLog}{$strHomeLog}: " . $prevLog['logTitle'];
$nextsql = "SELECT id,logTitle FROM " . $DBPrefix . "logs WHERE postTime > '" . $postTime . "' and saveType=1 {$searchSql} ORDER BY postTime ASC LIMIT 1";
$nextLog = $DMF->fetchArray($DMF->query($nextsql));
$nextid = $nextLog['id'];
$nexttitle = "{$strNextLog}{$strHomeLog}: " . $nextLog['logTitle'];
<?php
include_once "include/function.php";
//过滤IP
if (!filter_ip(getip())) {
header("HTTP/1.0 404 Not Found");
exit;
}
$postid = $_REQUEST['postid'];
$id = $_REQUEST['id'];
//判断是否正常进入该页
if ($_GET['load'] == "read" && $postid != "" && $id != "") {
//评论
$Title = "{$strCommentsReplyTitle}";
$posturl = "{$PHP_SELF}?load=" . $_GET['load'] . "&page=" . $_GET['page'];
} else {
if ($_GET['load'] == "guestbook" && $postid != "") {
//留言
$Title = "{$strGuestBookReplyTitle}";
$posturl = "{$PHP_SELF}?load=" . $_GET['load'] . "&page=" . $_GET['page'];
} else {
//非法进入
header("HTTP/1.0 404 Not Found");
exit;
}
}
//读取验证码的图片
$validate_image = "include/image_firefox.inc.php";
//保存留言内容
if ($_GET['action'] == "save") {
$check_info = true;
echo $strErrorNoExistsLog;
?>
<br /><a href="index.php"><?php
echo $strErrorBack;
?>
</a></div>
</div>
</div>
</div><br /><br />
<?php
} else {
$fa = $arr_array;
$strFeadLogs = $strFeadAll . $fa['name'] . $strLogss;
$strViewLogs = $strView . $fa['name'] . $strLogss;
//使用Ajax技术
if (!filter_ip(getip()) or $fa['isTrackback'] == 0 or $settingInfo['allowTrackback'] == 0) {
//为禁止IP时,不给看引用地址
$tb_allow = "";
} else {
if (strpos(";{$settingInfo['ajaxstatus']};", "T") > 0) {
$tb_allow = "{$strTrackbackSession}";
} else {
$tb_allow = "NoAjax";
$extra = substr(md5($id . $fa['postTime']), 0, 6);
$tb_url = $settingInfo['blogUrl'] . "trackback.php?tbID={$id}&extra={$extra}";
}
}
$postTime = $fa['postTime'];
//读取上下分页
if ($settingInfo['readpagebar'] == 1) {
include "cache/cache_logsTitle.php";
<?php
if (!defined('IN_F2BLOG')) {
die('Access Denied.');
}
$logId = empty($_GET['logId']) ? "" : $_GET['logId'];
$isTrackback = getFieldValue($DBPrefix . "logs", "id='{$logId}'", "isTrackback");
if (!filter_ip(getip()) or $isTrackback == 0) {
//为禁止IP时,不给看引用地址
echo $strTrackbackSessionError;
} else {
//取得随机数
$tb_extra = tb_extra(10);
$tbDate = time();
//写入数据库
$sql = "insert into " . $DBPrefix . "tbsession(extra,tbDate,logId) values('{$tb_extra}','{$tbDate}','{$logId}')";
$DMC->query($sql);
//返回内容
$home_url = "http://" . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], "f2blog_ajax.php"));
echo $home_url . "trackback.php?tbID={$logId}&extra={$tb_extra}";
}
$excerpt = $_REQUEST['excerpt'];
$url = $_REQUEST['url'];
$blog_name = $_REQUEST['blog_name'];
if ($url == "") {
tb_xml_error("Invalid URL.");
}
if ($excerpt == "") {
tb_xml_error("We require all Trackbacks to provide an excerption.");
} else {
if (strlen($excerpt) > 100) {
$excerpt = substr($excerpt, 100) . " ...";
}
$excerpt = encode($excerpt);
}
//检查过滤
if (!filter_ip($userdetail['ip'])) {
tb_xml_error("Your IP address is banned from sending trackbacks.");
}
if (replace_filter($excerpt) || replace_filter($title) || replace_filter($blog_name)) {
tb_xml_error("The trackback content contains some words that are not welcomed on our site. You may edit your post and send it again. Sorry for the inconvenience.");
}
$trytb = $DMF->numRows($DMF->query("SELECT * FROM " . $DBPrefix . "trackbacks WHERE ip='" . getip() . "' AND postTime+30>='" . time() . "'"));
if ($trytb > 0) {
tb_xml_error("Error.");
}
$spam = $settingInfo['isTbApp'];
// 1为开启审核
if ($spam == 0 or strpos($url, ";" . $settingInfo['ttSiteList']) >= 1) {
$isApp = 1;
} else {
$isApp = 0;