📄 plfun.php
字号:
<?php
//发表评论
function AddPl($username,$password,$nomember,$key,$saytext,$id,$classid,$repid){
global $empire,$public_r,$class_r,$user_userid,$user_username,$user_password,$user_dopass,$user_tablename,$user_salt,$user_checked,$dbtbpre;
$id=(int)$id;
$repid=(int)$repid;
$classid=(int)$classid;
if($public_r['plkey_ok'])//验证码
{
$checkplkey=getcvar('checkplkey');
if($key<>$checkplkey||empty($checkplkey))
{
printerror("FailKey","history.go(-1)",1);
}
}
$username=RepPostVar($username);
$password=RepPostVar($password);
$muserid=(int)getcvar('mluserid');
$musername=getcvar('mlusername');
if($muserid)//已登陆
{
$username=$musername;
}
else
{
if(empty($nomember))//非匿名
{
//编码转换
$utfusername=doUtfAndGbk($username,0);
$password=doUtfAndGbk($password,0);
//密码
if(empty($user_dopass))
{
$password=md5($password);
}
if($user_dopass==3)//16位md5
{
$password=substr(md5($password),8,16);
}
//双重md5
if($user_dopass==2)
{
$ur=$empire->fetch1("select ".$user_userid.",".$user_salt.",".$user_password.",".$user_checked." from ".$user_tablename." where ".$user_username."='$utfusername' limit 1");
$password=md5(md5($password).$ur[$user_salt]);
$cuser=0;
if($password==$ur[$user_password])
{
$cuser=1;
}
if(empty($ur[$user_userid]))
{
$cuser=0;
}
}
else
{
$ur=$empire->fetch1("select ".$user_userid.",".$user_checked." from ".$user_tablename." where ".$user_username."='$utfusername' and ".$user_password."='$password' limit 1");
$cuser=0;
if($ur[$user_userid])
{
$cuser=1;
}
}
if(empty($cuser))
{
printerror("FailPassword","history.go(-1)",1);
}
if($ur[$user_checked]==0)
{
printerror("NotCheckedUser",'',1);
}
$muserid=$ur[$user_userid];
}
else
{
$muserid=0;
}
}
if(!trim($saytext)||!$id||!$classid)
{
printerror("EmptyPl","history.go(-1)",1);
}
//表存在
if(empty($class_r[$classid][tbname]))
{
printerror("ErrorUrl","history.go(-1)",1);
}
if(strlen($saytext)>$public_r[plsize])
{
printerror("PlSizeTobig","history.go(-1)",1);
}
$saytime=date("Y-m-d H:i:s");
$time=time();
$pltime=getcvar('lastpltime');
if($pltime)
{
if($time-$pltime<$public_r[pltime])
{printerror("PlOutTime","history.go(-1)",1);}
}
//是否关闭评论
$r=$empire->fetch1("select classid,closepl from {$dbtbpre}ecms_".$class_r[$classid][tbname]." where id='$id' and classid='$classid'");
if(empty($r[classid]))
{printerror("ErrorUrl","history.go(-1)",1);}
if($class_r[$r[classid]][openpl])
{printerror("CloseClassPl","history.go(-1)",1);}
//单信息关闭评论
if($r['closepl'])
{
printerror("CloseInfoPl","history.go(-1)",1);
}
$sayip=egetip();
$username=htmlspecialchars($username);
$saytext=nl2br(str_replace(" "," ",htmlspecialchars($saytext)));
if($repid)
{
if(trim($saytext)=="[quote]".$repid."[/quote]")
{
printerror("EmptyPl","history.go(-1)",1);
}
$saytext=RepPlTextQuote($repid,$saytext);
}
//过滤字符
$saytext=ReplacePlWord($saytext);
//审核
if($class_r[$classid][checkpl])
{$checked=1;}
else
{$checked=0;}
$sql=$empire->query("insert into {$dbtbpre}enewspl(username,sayip,saytext,saytime,id,classid,checked,zcnum,fdnum,userid,isgood) values('".$username."','$sayip','".addslashes($saytext)."','$saytime',$id,$classid,$checked,0,0,'$muserid',0);");
//信息表加1
$usql=$empire->query("update {$dbtbpre}ecms_".$class_r[$classid][tbname]." set plnum=plnum+1 where id='$id'");
//设置最后发表时间
$set1=esetcookie("lastpltime",time(),time()+3600*24);
$set2=esetcookie("checkplkey","",0);
if($sql)
{
$reurl=DoingReturnUrl("../pl?classid=$classid&id=$id",$_POST['ecmsfrom']);
printerror("AddPlSuccess",$reurl,1);
}
else
{printerror("DbError","history.go(-1)",1);}
}
//替换回复
function RepPlTextQuote($repid,$saytext){
global $public_r,$empire,$dbtbpre,$fun_r;
$r=$empire->fetch1("select saytext,username,saytime from {$dbtbpre}enewspl where plid='$repid'");
if($r[username])
{
if(!empty($fun_r['plincludewords']))
{
$ypost=str_replace('[!--saytime--]',$r[saytime],str_replace('[!--username--]',$r[username],$fun_r['plincludewords']));
}
else
{
$ypost="Originally posted by <i>".$r[username]."</i> at ".$r[saytime].":<br>";
}
}
$include="<table border=0 width='100%' cellspacing=1 cellpadding=10 bgcolor='#cccccc'><tr><td width='100%' bgcolor='#FFFFFF' style='word-break:break-all'>".$ypost.RepYPlQuote($r[saytext])."</td></tr></table>";
$restr=str_replace("[quote]".$repid."[/quote]",$include,$saytext);
return $restr;
}
//去掉原引用
function RepYPlQuote($text){
$preg_str="/<table (.+?)<\/table>/is";
$text=preg_replace($preg_str,"",$text);
return $text;
}
//替换禁用字符
function ReplacePlWord($newstext){
global $empire,$dbtbpre;
if(empty($newstext))
{return $newstext;}
$sql=$empire->query("select newword,oldword from {$dbtbpre}enewsplwords");
while($r=$empire->fetch($sql))
{
$newstext=str_replace($r[oldword],$r[newword],$newstext);
}
return $newstext;
}
//支持/反对评论
function DoForPl($add){
global $empire,$dbtbpre;
$classid=(int)$add['classid'];
$id=(int)$add['id'];
$plid=(int)$add['plid'];
$dopl=(int)$add['dopl'];
$doajax=(int)$add['doajax'];
if(!$classid||!$id||!$plid)
{
$doajax==1?ajax_printerror():printerror('ErrorUrl','',1);
}
//连续发表
if(getcvar('lastforplid'.$plid))
{
$doajax==1?ajax_printerror():printerror('ReDoForPl','',1);
}
if($dopl==1)
{
$f='zcnum';
$msg='DoForPlGSuccess';
}
else
{
$f='fdnum';
$msg='DoForPlBSuccess';
}
$sql=$empire->query("update {$dbtbpre}enewspl set ".$f."=".$f."+1 where plid='$plid' and id='$id' and classid='$classid'");
if($sql)
{
esetcookie('lastforplid'.$plid,$plid,time()+30*24*3600); //最后发布
if($doajax==1)
{
$nr=$empire->fetch1("select ".$f." from {$dbtbpre}enewspl where plid='$plid' and id='$id' and classid='$classid'");
$num=$add['ajaxarea'].'|'.$nr[$f];
ajax_printerror($num);
}
else
{
printerror($msg,$_SERVER['HTTP_REFERER'],1);
}
}
else
{
$doajax==1?ajax_printerror():printerror('DbError','',1);
}
}
?>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -