public function SendMail($smtp, $commentcon, $comment) { if (!Is_email($comment['email'])) { return FALSE; } $url = HTTP_ROOT . 'articleshow/' . $comment['aid'] . '#comments-' . $comment['id']; $title = 'Hi,您在 【' . PROJECT_NAME . '】 的留言有人回复啦!'; $content = $comment['nickname'] . ', 您好!</br> 您曾在' . PROJECT_NAME . '博客上的评论:' . $comment['contents'] . '</br> 有人给您的回应: ' . $commentcon . '</br> 点击查看回应完整內容:<a herf="' . htmlspecialchars($url) . '">点我跳转</a></br> 欢迎再次来访!</br> (此邮件由系统自动发出,请勿回复!)'; $smtp->send($comment['email'], $title, $content); }
public function addcomment() { if ('POST' != $_SERVER['REQUEST_METHOD']) { //这里做一个csrf攻击的防范,当然还可以加Referer的验证,如果要最安全还是得用token令牌 header('Allow: POST'); header('HTTP/1.1 405 Method Not Allowed'); header('Content-Type: text/plain'); die('Illegal request!'); } $fields = array(); $fields['contents'] = isset($_POST['comment']) ? trim($_POST['comment']) : null; $fields['cid'] = $tomail = isset($_POST['comment_parent']) ? trim($_POST['comment_parent']) : null; $fields['aid'] = isset($_POST['comment_post_ID']) ? intval($_POST['comment_post_ID']) : null; $fields['nickname'] = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null; $fields['email'] = isset($_POST['email']) ? trim($_POST['email']) : null; $fields['website'] = isset($_POST['url']) ? trim($_POST['url']) : null; $fields['ctime'] = time(); $fields['ip'] = Request::getClientIP(); if (6 > strlen($fields['email']) || '' == $fields['nickname']) { AjaxError('请填写昵称和邮箱!'); } if (!Is_email($fields['email'])) { AjaxError('请填写有效的邮箱地址!'); } if ('' == $fields['contents']) { AjaxError('请写点评论!'); } $comment = self::$models->Comment; //$comment->IpLimit($fields['ip']); //防止评论灌水攻击 $comment->SelfXssattack($fields['contents']); //防止Xss攻击 if (strstr($fields['cid'], '-')) { $parents = explode('-', $fields['cid']); $fields['cid'] = $parents[0]; $tomail = $parents[1]; $commentp = $comment->getOneComment('id', $tomail); $fields['parent'] = $commentp ? $commentp['id'] . ',' . $commentp['nickname'] : ''; $fidname = '<a href="#comment-' . $commentp['id'] . '" rel="nofollow" class="cute">@' . $commentp['nickname'] . '</a>'; } elseif (!empty($fields['cid'])) { $commentp = $comment->getOneComment('id', $fields['cid']); $fields['parent'] = $commentp ? $commentp['id'] . ',' . $commentp['nickname'] : ''; $fidname = '<a href="#comment-' . $commentp['id'] . '" rel="nofollow" class="cute">@' . $commentp['nickname'] . '</a>'; } else { $fields['parent'] = ''; $fidname = ''; } $result = $comment->InsertComment($fields); if (!$result) { AjaxError('评论添加失败,多次失败请联系站长!'); } else { $comment->Ifuser($fields['nickname'], $fields['email'], $fields['website']); //记录游客信息 if (EMAIL_SENT_FOR_REPLY && $fields['cid'] > 0 && !empty($commentp)) { $comment->SendMail(self::$models->SmtpMail, $fields['contents'], $commentp); } //邮件 $toid = empty($commentp) ? '#' : $commentp['id']; echo '<li class="comment even thread-even depth-1 clearfix" id="comment-' . $toid . '><span class="comt-f"></span> '; echo ' <div class="c-avatar"><img alt=\'\' src=\'' . IMG_TXING . '\' class=\'avatar avatar-50 photo\' height=\'50\' width=\'50\' /><div class="c-main" id="div-comment-' . $toid . '>'; echo ' <p style="color:#8c8c8c;"><span class="c-author">' . $fields['nickname'] . '</span></p><p>' . $fidname . EmojiH($fields['contents']) . '</p>'; echo ' <div class="c-meta">' . wordTime($fields['ctime']) . ' (' . date('Y-m-d H:i:s', $fields['ctime']) . ')'; echo '</div></div></div></li>'; } }