} $_post = sc_get_result("SELECT * FROM `forum` WHERE `id` = '%d'", array($_GET['id'])); if ($_post['num_rows'] <= 0) { header("Location: forum.php"); exit; } if (isset($_GET['reply'])) { if ($_SESSION['Center_UserGroup'] == 0) { header("Location: forumview.php?banned&id=" . $_GET['id']); exit; } } if (isset($_GET['reply']) && isset($_POST['content']) && trim($_POST['content'], " ") != '') { $SQL->query("INSERT INTO `forum_reply` ( `post_id`,`content`, `mktime`, `author`) VALUES ('%s','%s',now(),'%d')", array($_post['row']['id'], sc_xss_filter($_POST['content']), $_SESSION['Center_Id'])); if ($_SESSION['Center_Id'] != $_post['row']['author']) { sc_add_notice(sc_get_headurl() . 'forumview.php?id=' . $_post['row']['id'], $_SESSION['Center_Username'] . '在您的帖子中發表回覆', $_SESSION['Center_Id'], $_post['row']['author']); } sc_tag_member(sc_xss_filter($_POST['content']), sc_get_headurl() . 'forumview.php?id=' . $_post['row']['id'], $_SESSION['Center_Username'] . '在論壇提到你', $_SESSION['Center_Id']); header("Location: forumview.php?replying&id=" . $_GET['id']); } $_block = sc_get_result("SELECT * FROM `forum_block` WHERE `id`='%d'", array($_post['row']['block'])); $limit_row = $center['forum']['limit']; if (isset($_GET['page'])) { $limit_start = abs(intval(($_GET['page'] - 1) * $limit_row)); $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `post_id`='%d' ORDER BY `mktime` ASC LIMIT %d,%d", array($_post['row']['id'], $limit_start, $limit_row)); } else { $limit_start = 0; $_reply = sc_get_result("SELECT * FROM `forum_reply` WHERE `post_id`='%d' ORDER BY `mktime` ASC LIMIT %d,%d", array($_post['row']['id'], $limit_start, $limit_row)); } $_author = sc_get_result("SELECT `username` FROM `member` WHERE `id` = '%d'", array($_post['row']['author'])); $view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], $_post['row']['title']);
function sc_tag_member($_content, $_notice_url, $_notice_content, $_id) { preg_match_all('/@[A-Za-z0-9]{0,30}/', $_content, $_tag); foreach ($_tag[0] as $_v) { $_member = sc_get_result("SELECT `id` FROM `member` WHERE `username` = '%s'", array(ltrim($_v, '@'))); sc_add_notice($_notice_url, $_notice_content, $_id, $_member['row']['id']); } return 1; }