public function addcomment() { if ('POST' != $_SERVER['REQUEST_METHOD']) { //这里做一个csrf攻击的防范,当然还可以加Referer的验证,如果要最安全还是得用token令牌 header('Allow: POST'); header('HTTP/1.1 405 Method Not Allowed'); header('Content-Type: text/plain'); die('Illegal request!'); } $fields = array(); $fields['contents'] = isset($_POST['comment']) ? trim($_POST['comment']) : null; $fields['cid'] = $tomail = isset($_POST['comment_parent']) ? trim($_POST['comment_parent']) : null; $fields['aid'] = isset($_POST['comment_post_ID']) ? intval($_POST['comment_post_ID']) : null; $fields['nickname'] = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $fields['email'] = isset($_POST['email']) ? trim($_POST['email']) : null; $fields['website'] = isset($_POST['url']) ? trim($_POST['url']) : null; $fields['ctime'] = time(); $fields['ip'] = Request::getClientIP(); if (6 > strlen($fields['email']) || '' == $fields['nickname']) { AjaxError('请填写昵称和邮箱!'); } if (!Is_email($fields['email'])) { AjaxError('请填写有效的邮箱地址!'); } if ('' == $fields['contents']) { AjaxError('请写点评论!'); } $comment = self::$models->Comment; //$comment->IpLimit($fields['ip']); //防止评论灌水攻击 $comment->SelfXssattack($fields['contents']); //防止Xss攻击 if (strstr($fields['cid'], '-')) { $parents = explode('-', $fields['cid']); $fields['cid'] = $parents[0]; $tomail = $parents[1]; $commentp = $comment->getOneComment('id', $tomail); $fields['parent'] = $commentp ? $commentp['id'] . ',' . $commentp['nickname'] : ''; $fidname = '<a href="#comment-' . $commentp['id'] . '" rel="nofollow" class="cute">@' . $commentp['nickname'] . '</a>'; } elseif (!empty($fields['cid'])) { $commentp = $comment->getOneComment('id', $fields['cid']); $fields['parent'] = $commentp ? $commentp['id'] . ',' . $commentp['nickname'] : ''; $fidname = '<a href="#comment-' . $commentp['id'] . '" rel="nofollow" class="cute">@' . $commentp['nickname'] . '</a>'; } else { $fields['parent'] = ''; $fidname = ''; } $result = $comment->InsertComment($fields); if (!$result) { AjaxError('评论添加失败,多次失败请联系站长!'); } else { $comment->Ifuser($fields['nickname'], $fields['email'], $fields['website']); //记录游客信息 if (EMAIL_SENT_FOR_REPLY && $fields['cid'] > 0 && !empty($commentp)) { $comment->SendMail(self::$models->SmtpMail, $fields['contents'], $commentp); } //邮件 $toid = empty($commentp) ? '#' : $commentp['id']; echo '<li class="comment even thread-even depth-1 clearfix" id="comment-' . $toid . '><span class="comt-f"></span> '; echo ' <div class="c-avatar"><img alt=\'\' src=\'' . IMG_TXING . '\' class=\'avatar avatar-50 photo\' height=\'50\' width=\'50\' /><div class="c-main" id="div-comment-' . $toid . '>'; echo ' <p style="color:#8c8c8c;"><span class="c-author">' . $fields['nickname'] . '</span></p><p>' . $fidname . EmojiH($fields['contents']) . '</p>'; echo ' <div class="c-meta">' . wordTime($fields['ctime']) . ' (' . date('Y-m-d H:i:s', $fields['ctime']) . ')'; echo '</div></div></div></li>'; } }
" class='avatar avatar-50 photo' height='50' width='50' /> <a href="<?php echo Route('articleshow/' . $comment['aid']) . "#comment-" . $comment['id']; ?> " title="悄悄告诉你,这个是基佬"> <strong><?php echo $comment['nickname']; ?> </strong> </a> <span class="separator">・</span><?php echo wordTime($comment['ctime']); ?> </div> <div class="widgent_ui_comments_content"><?php echo EmojiH($comment['contents']); ?> </div> <div class="widget_ui_comments_title"> <p>评论于<a href="<?php echo Route('articleshow/' . $comment['aid']); ?> "><?php echo $comment['title']; ?> </a></p> </div> </li> <?php } ?>
<div class="c-main" id="div-comment-<?php echo $son['id']; ?> "><p class="jiyou" style="color:#8c8c8c;margin-bottom:6px;"> <span class="c-author"><?php echo $son['nickname']; ?> </span> <?php if ($son['email'] == '*****@*****.**') { echo "<a title=\"Alice博客管理员\"><img src=\"http://www.liaosam.com/wp-content/themes/liaosam/images/2.png\" style=\"margin-top: -3px;\" class=\"box-hide box-show\"></a>"; } ?> <div style="margin:8px 0 4px;"> <?php echo $son['pid'] ? "<a href=\"#comment-" . $son['pid'] . "\" rel=\"nofollow\" class=\"cute\">@" . $son['pnickname'] . "</a>" . EmojiH($son['contents']) : EmojiH($son['contents']); ?> </div> <div class="c-meta"><?php echo wordTime($son['ctime']) . "<a class='comment-reply-link' href='/articleshow/" . $son['aid'] . "?replytocom=" . $son['id'] . "#respond' onclick='return addComment.moveForm(\"div-comment-" . $son['id'] . "\", \"" . $comment['id'] . '-' . $son['id'] . "\", \"respond\", \"" . $son['aid'] . "\")'>回复</a>"; ?> </div> </div> </div> </li><!-- #comment-## --> <?php } echo "</ul>"; } echo "</li>"; }