Exemplo n.º 1
0
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
require_once dirname(__FILE__) . "/../include/common.inc.php";
require_once DEDEINC . '/memberlogin.class.php';
$htmltitle = "错误提交";
$aid = isset($aid) && is_numeric($aid) ? $aid : 0;
if (empty($dopost)) {
    $row = $dsql->GetOne(" SELECT a.`title`,b.`typename` FROM `#@__archives` a left join `#@__arctype` b on(a.typeid=b.id) WHERE a.`id` ='{$aid}'");
    if (!$row) {
        ShowMsg("谢谢您对本网站的支持,我们会尽快处理您的建议!", "javascript:window.close();");
        exit;
    }
    $title = $row['typename'] . "-" . $row['title'];
    require_once DEDEROOT . "/templets/plus/erraddsave.htm";
    $url = $_SERVER["HTTP_REFERER"];
    echo $url;
} elseif ($dopost == "saveedit") {
    $cfg_ml = new MemberLogin();
    $title = HtmlReplace($title);
    $type = isset($type) && is_numeric($type) ? $type : 0;
    $mid = isset($cfg_ml->M_ID) ? $cfg_ml->M_ID : 0;
    $err = trimMsg(cn_substr($err, 2000), 1);
    $oktxt = trimMsg(cn_substr($erradd, 2000), 1);
    $time = time();
    $query = "INSERT INTO `#@__erradd`(aid,mid,title,type,errtxt,oktxt,sendtime)\r\n                  VALUES ('{$aid}','{$mid}','{$title}','{$type}','{$err}','{$oktxt}','{$time}'); ";
    $dsql->ExecuteNoneQuery($query);
    ShowMsg("谢谢您对本网站的支持,我们会尽快处理您的建议!", "javascript:window.close();");
    exit;
}
Exemplo n.º 2
0
 } else {
     $validate = strtolower($validate);
 }
 $svali = GetCkVdValue();
 if ($validate == '' || $validate != $svali) {
     ShowMsg("验证码不正确!", "");
     exit;
 }
 $ip = GetIP();
 $dtime = time();
 $uname = trimMsg($uname);
 $email = trimMsg($email);
 $homepage = trimMsg($homepage);
 $homepage = preg_replace("#http:\\/\\/#", '', $homepage);
 $qq = trimMsg($qq);
 $msg = trimMsg(cn_substrR($msg, 1024), 1);
 $tid = empty($tid) ? 0 : intval($tid);
 $reid = empty($reid) ? 0 : intval($reid);
 if ($msg == '' || $uname == '') {
     showMsg('你的姓名和留言内容不能为空!', '-1');
     exit;
 }
 $title = HtmlReplace(cn_substrR($title, 60), 1);
 if ($title == '') {
     $title = '无标题';
 }
 if ($reid != 0) {
     $row = $dsql->GetOne("SELECT msg FROM `#@__guestbook` WHERE id='{$reid}' ");
     $msg = "<div class=\\'rebox\\'>" . addslashes($row['msg']) . "</div>\n" . $msg;
 }
 $query = "INSERT INTO `#@__guestbook`(title,tid,mid,uname,email,homepage,qq,face,msg,ip,dtime,ischeck)\r\n                  VALUES ('{$title}','{$tid}','{$g_mid}','{$uname}','{$email}','{$homepage}','{$qq}','{$img}','{$msg}','{$ip}','{$dtime}','{$needCheck}'); ";