$er_langpackage = new errorlp();
$er_lp_action = $er_langpackage->er_refuse_action;
$er_lp_guest = $er_langpackage->er_refuse_guest;
if (!empty($limit_ip_list)) {
if (is_string($limit_ip_list)) {
$limit_ip_list = array($limit_ip_list);
}
foreach ($limit_ip_list as $ip_rs) {
if (preg_match("/{$ip_rs}/", $_SERVER['REMOTE_ADDR'])) {
echo $er_langpackage->er_refuse_ip;
exit;
}
}
}
//限制时间段访问站点
limit_time($limit_guest_time, "guest");
function limit_time($limit_time, $type = '')
{
if (!empty($limit_time)) {
global $er_lp_action;
global $er_lp_guest;
$str = $er_lp_action;
if ($type == 'guest') {
$str = $er_lp_guest;
}
if (is_string($limit_time)) {
$limit_time = array($limit_time);
}
foreach ($limit_time as $time_rs) {
$time_array = explode("-", $time_rs);
$limit_min_time = strtotime($time_array[0]);
close();
//session_destroy();
//跳转到首页
alert('发帖失败');
}
} else {
alert('非法登录');
}
}
//处理楼中回帖
if (@$_GET['action'] == 're_art') {
if (!!($rows = fetch_array("SELECT bbs_uniqid,bbs_repost_time FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
//为了防止cookie伪造,要比对一下唯一标识符uniqid
uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']);
//限制回帖时间
limit_time('回复', time(), $rows['bbs_repost_time'], $system['repost_time']);
//创建空数组,用来存放提交的合法数据
$clean = array();
$clean['fid'] = mysql_real_escape_string($_POST['fid']);
$clean['reid'] = mysql_real_escape_string($_POST['reid']);
$clean['username'] = mysql_real_escape_string($_COOKIE['username']);
$clean['content'] = mysql_real_escape_string($_POST['content']);
//写入数据库
query("INSERT INTO bbs_re_article (\n bbs_fid,\n bbs_username,\n bbs_content,\n bbs_date\n )\n VALUES(\n '{$clean['fid']}',\n '{$clean['username']}',\n '{$clean['content']}',\n NOW()\n )\n ");
if (affected_rows() == 1) {
//setcookie('article_name',time());
$clean['time'] = time();
query("UPDATE bbs_users SET bbs_repost_time='{$clean['time']}' WHERE bbs_username='******'username']}'");
//累积评论
query("UPDATE bbs_article SET bbs_commentcount=bbs_commentcount+1 WHERE bbs_reid=0 AND bbs_id='{$clean['reid']}'");
//关闭数据库
* 注意:此文件由tpl_engine编译型模板引擎编译生成。
* 如果您的模板要进行修改,请修改 templates/default/modules/poll/poll_send.html
* 如果您的模型要进行修改,请修改 models/modules/poll/poll_send.php
*
* 修改完成之后需要您进入后台重新编译,才会重新生成。
* 如果您开启了debug模式运行,那么您可以省去上面这一步,但是debug模式每次都会判断程序是否更新,debug模式只适合开发调试。
* 如果您正式运行此程序时,请切换到service模式运行!
*
* 如有您有问题请到官方论坛(http://tech.jooyea.com/bbs/)提问,谢谢您的支持。
*/
//引入公共模块
require "foundation/fpages_bar.php";
require "foundation/module_poll.php";
require "api/base_support.php";
//限制时间段访问站点
limit_time($limit_action_time);
//语言包引入
$pol_langpackage = new polllp();
//变量区
$user_id = get_sess_userid();
$user_info = api_proxy("user_self_by_uid", "integral", $user_id);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>blog</title>
<base href='<?php
echo $siteDomain;
?>
' />
if (!isset($_COOKIE['username'])) {
location('请先登录', 'login.php');
}
global $system;
//将帖子写入数据库
if (@$_GET['action'] == 'post') {
//为防止恶意注册,跨站攻击
if ($system['code'] == 1) {
check_code($_POST['code'], $_SESSION['code']);
}
if (!!($rows = fetch_array("SELECT bbs_uniqid,bbs_post_time FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
//为了防止cookie伪造,要比对一下唯一标识符uniqid
uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']);
//限制发帖时间
global $system;
limit_time('发帖', time(), $rows['bbs_post_time'], $system['post_time']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建空数组,用来存放提交的合法数据
$clean = array();
//可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。
//唯一标识符第二个作用,登录cookie验证
$clean['username'] = mysql_real_escape_string($_COOKIE['username']);
$clean['type'] = mysql_real_escape_string($_POST['type']);
$clean['title'] = mysql_real_escape_string(check_post_title($_POST['title'], 2, 40));
$clean['content'] = mysql_real_escape_string(check_post_content($_POST['content'], 10));
//写入数据库
query("INSERT INTO bbs_article (\n bbs_username,\n bbs_title,\n bbs_type,\n bbs_content,\n bbs_date\n )\n VALUES(\n '{$clean['username']}',\n '{$clean['title']}',\n '{$clean['type']}',\n '{$clean['content']}',\n NOW()\n )\n ");
if (affected_rows() == 1) {
$clean['id'] = mysql_insert_id();
//间隔时间写在cookie里面容易失效,写在数据库又占用资源
