if (!$_POST['topic'] or !$_POST['category'] or !$_POST['detail'] or !$_POST['post_name']) {
echo "<script language='javascript'>";
echo "alert('" . _JAVA_DATA_NULL . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.go(-1)</script>";
exit;
}
if ($_SESSION['login_true'] || $_SESSION['admin_user']) {
} else {
if (USE_CAPCHA) {
check_captcha($_POST['security_code']);
}
}
//����ẹ��ɳ�
$TOPIC = checkban($_POST['topic']);
$DETAIL = banword($_POST['detail']);
$POSTNAME = CheckRude($_POST['post_name']);
if (substr_count($_POST['detail'], '<p>') == 1) {
$temp = preg_replace("/<p>/i", "", $_POST['detail']);
$temp = preg_replace("/<\\/p>/i", "", $temp);
$_POST['detail'] = $temp;
}
$FILE = $_FILES['FILE'];
$FILEATT = $_FILES['FILEATT'];
if ($FILE['size'] > _WEBBOARD_LIMIT_UPLOAD) {
echo "<script language='javascript'>";
echo "alert('" . _WEBBOARD_EDIT_ADD_PIC_WIDTH . " " . _WEBBOARD_LIMIT_UPLOAD / 1024 . " kB " . _WEBBOARD_EDIT_ADD_PIC_WIDTH . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.back()</script>";
exit;
}
if ($msg) {
dalert($msg);
}
}
$content = dhtmlspecialchars(trim($content));
$content = preg_replace("/&([a-z]{1,});/", '', $content);
$len = word_count($content);
if ($len < $MOD['comment_min']) {
dalert(lang($L['comment_msg_min'], array($MOD['comment_min'])));
}
if ($len > $MOD['comment_max']) {
dalert(lang($L['comment_msg_max'], array($MOD['comment_max'])));
}
$BANWORD = cache_read('banword.php');
if ($BANWORD) {
$content = banword($BANWORD, $content, false);
}
$star = intval($star);
in_array($star, array(1, 2, 3)) or $star = 3;
$status = get_status(3, $MOD['comment_check'] == 2 ? $MG['check_add'] : $MOD['comment_check']);
$hidden = isset($hidden) ? 1 : 0;
$content = nl2br($content);
$quotation = '';
$qid = isset($qid) ? intval($qid) : 0;
if ($qid) {
$r = $db->get_one("SELECT ip,hidden,username,content,quotation,addtime FROM {$DT_PRE}comment WHERE itemid={$qid}");
if ($r) {
if ($r['username']) {
$r['name'] = $r['hidden'] ? $MOD['comment_am'] : $r['username'];
} else {
$r['name'] = 'IP:' . hide_ip($r['ip']);
if ($MST['vcompany'] && $MG['vcompany']) {
$V['vcompany'] or dheader('validate.php?action=company&itemid=1');
}
}
if ($_credit < 0 && $MST['credit_less'] && $action == 'add') {
dheader('credit.php?action=less');
}
if ($submit) {
check_post() or dalert($L['bad_data']);
//safe
$BANWORD = cache_read('banword.php');
if ($BANWORD && isset($post)) {
$keys = array('title', 'tag', 'introduce', 'content');
foreach ($keys as $v) {
if (isset($post[$v])) {
$post[$v] = banword($BANWORD, $post[$v]);
}
}
}
}
$MYMODS = array();
if (isset($MG['moduleids']) && $MG['moduleids']) {
$MYMODS = explode(',', $MG['moduleids']);
}
if ($MYMODS) {
foreach ($MYMODS as $k => $v) {
$v = abs($v);
if (!isset($MODULE[$v])) {
unset($MYMODS[$k]);
}
}
<?php
//Show Picture
if ($arr['comment']['picture']) {
$postpicupload = @getimagesize("webboard_upload/" . $arr['comment']['picture'] . "");
if ($postpicupload['0'] > _WEBBOARD_LIMIT_PICWIDTH) {
$PicUpload = "<BR><CENTER><a href='webboard_upload/" . $arr['comment']['picture'] . "' rel='lightbox'><img class='highslide-display-block' src='webboard_upload/" . $arr['comment']['picture'] . "' width='" . _WEBBOARD_LIMIT_PICWIDTH . "' border='0' ></a><BR>[ " . _WEBBOARD_PIC_REAL_WIDTH . " ]</CENTER><BR>";
} else {
$PicUpload = "<BR><CENTER><img src='webboard_upload/" . $arr['comment']['picture'] . "' border='0' ><BR></CENTER><BR>";
}
echo $PicUpload;
} else {
}
?>
<?php
echo banword(stripslashes($arr['comment']['detail']));
?>
<br />
<br />
</td>
</tr>
<tr>
<td valign="top"><?php
if ($VIEWSxx['user'] == $arr['comment']['post_name']) {
if ($VIEWSxx['signature']) {
echo "<img src='images/webboard/sigline.gif' width='363' height='16' /><br>";
?>
<?php
echo stripslashes($VIEWSxx['signature']);
