public function add_comment($db)
{
if (is_string($user = user::login($db))) {
return $user;
}
if (is_string($group = user::group($db, $user['gid']))) {
return $group;
}
if (!$group['iscomment']) {
return prompt::error(305, $group['gname'] . '不能发布评论!');
}
if (isset($_POST['pid']) && isset($_POST['hascomment']) && isset($_POST['comment_content'])) {
$hascomment = trim($_POST['hascomment']);
//if($hascomment !== '1' && $hascomment !== '0') return prompt::error(305, '模板错误!');
$aid = trim($_POST['aid']);
if (!($aid = (int) $aid)) {
return prompt::error(305, '模板错误!');
}
$pid = trim($_POST['pid']);
$hascomment = (int) $hascomment;
$pid = (int) $pid;
$comment = filter($_POST['comment_content']);
if ($comment === '') {
return prompt::error(305, '评论内容不能为空!');
}
} else {
return prompt::error(305, '非法访问!');
}
if (!$hascomment) {
$sql = "update article set hascomment=1 where aid={$aid}";
$db->update($sql, 1);
}
$uid = $user['uid'];
$username = $user['username'];
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "insert into comment (`pid`, `aid`, `comment`, `uid`, `username`, `ip`, `posttime`) values ('{$pid}', '{$aid}', '{$comment}', '{$uid}', '{$username}', '{$ip}', now())";
$db->insert($sql);
}
