//开始发帖 if ($_GET['action'] == 'post') { //验证验证码是否输入正确 if (!empty($global_clean['code'])) { if (!($_POST['code'] == $_SESSION['code'])) { alert('验证码错误,请重新输入'); } } //开始检测是否过度发帖 if (time() - $_COOKIE['post_time'] < $global_clean['re_time']) { alert('发帖过度频繁'); } $clean = array(); $clean['username'] = $_COOKIE['username']; $clean['type'] = $_POST['type']; $clean['title'] = check_post_title($_POST['title'], 2, 40); $clean['content'] = check_post_contenr($_POST['content'], 2); //开始写入数据库 mysql_query("insert into article \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t(username,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttitle,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcontent,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdate\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t\t\t values \r\n\t\t\t\t\t\t\t\t\t\t\t\t('{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['title']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['type']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['content']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\tnow()\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\t\t ") or die('数据库插入出错' . mysql_error()); //判断是否插入成功,用mysql_affected_row()进行判断 if (mysql_affected_rows() == 1) { //发帖成功,开始生成cookie,用于限时发帖 setcookie('post_time', time()); location('恭喜你,发帖成功', "index.php"); } else { location('很遗憾,发帖失败!', 'post.php'); } mysql_close(); } //引入header.php头文件 require dirname(__FILE__) . '/includes/header.inc.php';
} if (!!($rows = fetch_array("SELECT bbs_uniqid,bbs_repost_time FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) { //为了防止cookie伪造,要比对一下唯一标识符uniqid uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']); //限制回帖时间 limit_time('回帖', time(), $rows['bbs_repost_time'], $system['repost_time']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建空数组,用来存放提交的合法数据 $clean = array(); //可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。 //唯一标识符第二个作用,登录cookie验证 $clean['reid'] = mysql_real_escape_string($_POST['reid']); $clean['username'] = mysql_real_escape_string($_COOKIE['username']); $clean['type'] = mysql_real_escape_string($_POST['type']); $clean['title'] = mysql_real_escape_string(check_post_title($_POST['title'], 2, 40)); $clean['content'] = mysql_real_escape_string($_POST['content']); //写入数据库 query("INSERT INTO bbs_article (\n bbs_reid,\n bbs_username,\n bbs_title,\n bbs_type,\n bbs_content,\n bbs_date\n )\n VALUES(\n '{$clean['reid']}',\n '{$clean['username']}',\n '{$clean['title']}',\n '{$clean['type']}',\n '{$clean['content']}',\n NOW()\n )\n "); if (affected_rows() == 1) { //setcookie('article_name',time()); $clean['time'] = time(); query("UPDATE bbs_users SET bbs_repost_time='{$clean['time']}' WHERE bbs_username='******'username']}'"); //累积评论 query("UPDATE bbs_article SET bbs_commentcount=bbs_commentcount+1 WHERE bbs_reid=0 AND bbs_id='{$clean['reid']}'"); //关闭数据库 close(); //清除session //session_destroy(); //跳转到首页 location('恭喜您回帖成功!', 'article.php?id=' . $clean['reid']);