require dirname(__FILE__) . "/global.php"; if (isset($_POST['do'], $_POST['fid'], $_POST['title'], $_POST['content']) && $_POST['do'] == "Topic") { if ($userGroup[$loginArr['group']]['topic'] == 0) { die("0 " . $userGroup[$loginArr['group']]['name'] . "不能发表主题帖"); } $postTime = time(); if (isset($_COOKIE['lastPostTime']) && $postTime - $_COOKIE['lastPostTime'] < 15) { die("0 您的发帖速度太快了!"); } $title = ltrim(filterCode($_POST['title'])); $title_len = getStrlen($title); if ($title_len < 3 || $title_len > 32) { die("0 帖子标题:至少3个字符,不超过32个字符"); } if (!filterCheck($title)) { die("0 帖子标题中含有系统不允许的关键词"); } $content = filterCode(htmlToUBB($_POST['content']), false); $checkContent = checkPostContent($content, 5, 22); if ($checkContent != "") { die("0 " . $checkContent); } $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname); $forumArr = $DB->fetch_one_array("SELECT `fid`,`moderator` FROM `" . $table_forum . "` WHERE `fid`='" . $_POST['fid'] . "'"); if (empty($forumArr['fid'])) { echo "0 该吧不存在或者已被删除"; } else { if ($loginArr['state'] == 1) { $authorid = $loginArr['uid']; $author = $loginArr['name'];
<?php require dirname(__FILE__) . "/global.php"; require dirname(__FILE__) . "/class/class_Main.php"; if (isset($_GET['do'], $_POST['bar'], $_POST['intro']) && $_GET['do'] == "create") { $barName = strAddslashes(trim($_POST['bar'])); $barIntro = filterCode($_POST['intro']); if ($create_allow != 1) { echo "0 很抱歉,系统当前禁止创建新吧!"; } else { if (empty($barName) || getStrlen($barName) > 15 || !wordCheck($barName) || !filterCheck($barName)) { echo "0 很抱歉,您无权创建这个吧!换一个吧名吧 ^_^"; } else { $intro_length = getStrlen($barIntro); if ($intro_length < 10 || $intro_length > 90) { echo "0 很抱歉,该吧简介的长度不符合要求 ^_^"; } else { $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname); $FSQL = "SELECT `fid` FROM `" . $table_forum . "` WHERE lower(`name`)='" . strtolower($barName) . "'"; $forumId = $DB->fetch_one($FSQL); if (!empty($forumId)) { if ($site_rewrite) { echo "1 ./bar-" . $forumId . "-1.html"; } else { echo "1 ./forum.php?fid=" . $forumId; } } else { $TSQL = "SELECT `fid` FROM `" . $table_temp . "` WHERE lower(`name`)='" . strtolower($barName) . "'"; $tempId = $DB->fetch_one($TSQL); if (!empty($tempId)) { echo "0 该吧已创建,正在审核中。";