write.php

转载： 1、留言内容不良词语过滤 2、版主可修改留言内容 3、能把留言删除到回收站 4、可批量删除留言 5、留言前可先预览 6、UBB 标签代码支持 7、随机选择头像和表情

<?php
#####################################
##  名 称 ：雨虹留言板  YHPbook    ##
##  设 计 ：绿叶软件营 -> 蓝鸟     ##
##  展 示 ：http://lvsoft.126.com  ##
##  电 邮 : lvsoft@tom.com         ##
#####################################

require("include/config.php");
require($datapath."/prepare.php");
require("include/sendmail.php");
require("global.php");

if($_POST['act'] == "addto"){       /// 发送留言
	if($gb_time-$_COOKIE['wtime']<30)   error("为防止恶意灌水，签写留言间隔为30秒！请您稍后再试。");

	$name=$_POST['name'];
	$goss=$_POST['goss'];
	$number=$_POST['number'];
	$email=$_POST['mail'];
	$url=$_POST['url'];
	$face=$_POST['face'];
	$emot=$_POST['emot'];
	$locale=$_POST['locale'];
	$content=$_POST['content'];
	$hid=$_POST['hid'];
	$tz=$_POST['tz'];

	$name=Chop($name);
	$name=htmlspecialchars($name);
	$content=message($content);
	if($content=="" or $name=="") error("你的称呼或留言内容不能不写");
	if(strlen($name)>20) error("你的称呼不能多于20个字符");
	if(!CheckAdmin() and $name==$config[bookbz]) error("你不能用版主名进行留言，请重新填写。");

	if($goss<1 or $goss>7) $number="";
	if($number!=""){
		if($goss==1 or $goss==3 or $goss==6 or $goss==7){
			if(!checkQ($number)) error("你填写的即时通讯号码或ID有错！");
		}elseif($goss==4){
			if(checkY($number)) error("你填写的即时通讯号码或ID有错！");
		}else{
			if(!checkmail($number)) error("你填写的即时通讯号码或ID有错！！");
		}
	}
	if($email=="") $email="";
	if($email<>""){
		if(!checkmail($email)) error("你的 Email 有错！");
	}
	if(strlen($email)>60) error("你的 Email 不能多于60个字符");
	$email=htmlspecialchars($email);
	$url=ereg_replace("http:\/\/","",$url);
	if($url=="") $url="";
	if($url<>""){
		if(!checkurl($url)) error("你的主页地址有错！");
	}
	if(strlen($url)>100) error("你的主页地址不能多于100个字符");
	if(strlen($content)>$config[strlen]) error("你的留言内容过长");
	$filter=file($datapath."/filter.php");
	$filter = chop($filter[0]);
	$filter = explode(",",$filter);
	for($i=0;$i<count($filter);$i++){
		if(ereg($filter[$i],$name)){$lv=true;break;}
	}
	if($lv)	error("你的称呼含有被禁止的文字！");
	$lv=false;
	for($i=0;$i<count($filter);$i++){
		if(ereg($filter[$i],$content)){$lv=true;break;}
	}
	if($lv)	error("你的留言内容含有被禁止的文字！");

	if(!checktu($face)) error("你选择的头像ID错误");
	if($face<1 or $face>6) error("你选择的头像ID错误");
	if(!checktu($emot)) error("你选择的表情ID错误");
	if($emot<1 or $emot>26) error("你选择的表情ID错误");
	if($hid <> "on") $hid="";
	if($tz <> "on") $tz="";

	$file="${datapath}/book.php";
	$list=file("$file");
	$count=chop($list[0]);
	list($num,$mk)=explode("|",$count);
	$num++;
	$on=count($list);
	if($on>=$config[size]){
		$on=$config[size];
		$num=$config[size];
	}
	$locale = ipwhere($gb_ip);
	list($id) = explode("\t",$list[1]);
	$id++;

	$writemsg="$num|$mk\n$id\t$name\t$goss\t$number\t$email\t$url\t$face\t$emot\t$locale\t$gb_ip\t$content\t$gb_time\t$hid\t$tz\t\t\t\t\n";

	for($i=1;$i<$on;$i++){
		$writemsg.=$list[$i];
	}
		
	$fp=fopen($file,"w");
	flock($fp,LOCK_EX);
	fwrite($fp,$writemsg);
	fclose($fp);

	$newly=file($datapath."/new.txt");
	list($newno,$newtime) = explode("\t",$newly[0]);
	$new_time = date(Ymd);
	if(($newtime == $new_time) and ($newno <> "")){
		$newno++;
		$newno = $newno."\t".$newtime;
	}else{
		$newno = "1\t".$new_time;
	}
	$fp=fopen($datapath."/new.txt","w");
	flock($fp,LOCK_EX);
	fwrite($fp,$newno);
	fclose($fp);

	if($config[mailto] and $name!=$config[bookbz]){   /// 邮件通知
		$time=date("Y-m-d.H:i",$gb_time);
		$message="\n下面是留言板的新留言\n";
		$message.="-------------------------------------------------\n\n";
		$message.="留言内容：\n$content\n\n";
		$message.="称  呼：$name\n";
		$message.="IP地址：$gb_ip\n";
		$message.="留言时间：$time\n\n";
		$message.="-------------------------------------------------\n";
		$message.="宇海网络服务公司   http://www.yhai.com\n";
		$message.="域名注册、虚拟主机、集团邮局、网页制作、网站推广\n\n";
		SendMail($config[email],"留言板新留言",$message,$config[bookbz],$config[bookname]);
	}
	setcookie("wtime",$gb_time,$gb_time+30);

	success("留言成功","谢谢你的留言，即将返回留言簿","./");

}else{     /// 显示填写留言页
	$azx=online();
	if(CheckAdmin()){
		$bz=$config[bookbz];$url=$config[homeurl];$email=$config[email];
		$ms=" [版主模式]";
	}else{
		$url="http://";
	}

	mt_srand(microtime()*1000000);
    $face = mt_rand(1,6);
	$emot = mt_rand(1,26);
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="keywords" content="宇海网络 | http://www.yhai.com | 域名注册、虚拟主机、集团邮局、网页制作、网站推广">
<title><?echo $config[bookname];?></title>
<link rel="stylesheet" href="images/style.css">
<script language='JavaScript1.2' src='images/clue.js' type='text/javascript'></script>
<script language='JavaScript1.2' src='images/ubb.js' type='text/javascript'></script>
<SCRIPT LANGUAGE="JavaScript">
<!--
function ctrl(){
	if(event.keyCode==13 && event.ctrlKey){
		submits();
	}
}

function vaildForm(thisForm){
if ((thisForm.name.value == '')||(thisForm.content.value=='')) {
	alert ('姓名和留言是必须填写的!');
	return false;
}else if(thisForm.mail.value!=''&&((thisForm.mail.value.indexOf('@',0)<0)||(thisForm.mail.value.indexOf('.',0)<0))) {
	alert ('请正确填写邮件地址！');
	return false;
}
else{
	document.form.action = "write.php";
	document.form.target = "_self";
	document.form.submits.disabled = true;
	return true;
}
}

function submits(){
	thisform = document.form;
	if(vaildForm(thisform)){
		document.form.submit()
	}
}
//-->
</SCRIPT>
</head>
<body bgcolor="#9BCBFB">
<div align="center">
	<table border="0" width="600">
<br>
		<tr>
			<td>
<div align="center">
  <center>
  <table border="0" cellspacing="0" width="500" bgcolor="#000000">
    <tr>
      <td width="498">
        <table border="0" cellpadding="2" cellspacing="0" width="100%">
          <tr>
            <td width="100%" colspan="2" align="center" height="23" background="images/table.gif"><font color="#FFFFFF"><?echo$config[bookname];?></font></td>   
          </tr>
          <tr>
            <td width="100%" colspan="2" height="1"></td>
          </tr>
          <tr>
            <td width="74%" bgcolor="#EFEFEF" height="17">&nbsp;当前位置: <a href="<?echo$config[homeurl];?>"><?echo$config[homename];?></a> &gt;&gt; <a href="./">查看留言</a>  -&gt; 添加留言</td>         
            <td width="26%" bgcolor="#EFEFEF" height="17">　</td>
          </tr>
        </table>
      </td>
    </tr>
  </table>
  </center>
</div>
<div align="center">
  <center>
<table cellpadding="0" cellspacing="0" width="500" height="5">
  <tr>
    <td width="100%"></td>
  </tr>
</table>
  </center>
</div>
<div align="center">
  <center>
  <table border="0" cellspacing="0" width="500" bgcolor="#000000" cellpadding="0">
    <tr>
      <td width="100%">
  <table border="0" cellpadding="3" cellspacing="1" width="100%">
    <form name="form" method="post" action="write.php" target="_self" onsubmit="return vaildForm(this)">
    <input type="hidden" name="act" value="addto">
    <input type="hidden" name="face" value="<?echo $face;?>">
    <input type="hidden" name="emot" value="<?echo $emot;?>">
    <tr>
      <td width="105" bgcolor="#DAEFE1">
      <table border="0" cellpadding="0" cellspacing="0" bordercolor="#4F4F4F" width="100%">
        <tr>
          <td width="100%" class="shadow" align="center">你的昵称(必须)</td>
        </tr>
      </table>
      </td>
      <td width="377" colspan="2" bgcolor="#DAEFE1">
      <input type="text" size="32" name="name" onmouseover="this.style.backgroundColor='#FFFFFF'" onmouseout="this.style.backgroundColor=''" class="input" maxLength="20" value="<?echo$bz;?>"><?echo$ms;?></td>
    </tr>
    <tr>
      <td width="105" bgcolor="#DAEFE1">
      <table border="0" cellpadding="0" cellspacing="0" bordercolor="#4F4F4F" width="100%">
        <tr>
          <td width="100%" class="shadow" align="center">即时通讯(可选)</td>
        </tr>
      </table>
      </td>
      <td width="377" colspan="2" bgcolor="#DAEFE1">
	  <select name="goss">
	  <option value="2">MSN</option>
	  <option value="1">ICQ</option>