index.php

PHPWind7_RC_UTF8 开源php论坛很不错的

<?php
!function_exists('readover') && exit('Forbidden');
$groupid == 'guest' && Showmsg('not_login');

InitGP(array('id','step'),'GP',2);
!$id && Showmsg('illegal_request');
$advertinfo = $db->get_one("SELECT * FROM pw_modules WHERE id=".pwEscape($id));
(!$advertinfo || !$advertinfo['ifhire']) && Showmsg('illegal_request');
$conf 	= unserialize($advertinfo['config']);
!in_array($conf['style'],array('txt','img','flash')) && Showmsg('illegal_request');
$query 	= $db->get_one("SELECT * FROM pw_buyadvert WHERE id=".pwEscape($id)."AND uid=".pwEscape($winduid));
$query && Showmsg('advert_have_buy');
require_once(R_P.'require/credit.php');

$userdb = array(
	'money'		=> $winddb['money'],
	'rvrc'		=> $userrvrc,
	'credit'	=> $winddb['credit'],
	'currency'	=> $winddb['currency']
);
foreach ($credit->get($winduid,'CUSTOM') as $key => $value) {
	$userdb[$key] = $value;
}

if($step==2){
	InitGP(array('days'),'GP',2);
	InitGP(array('link','title'));
	!$days && Showmsg('advert_have_buy');

	if($conf['price'] && $userdb[$conf['creditype']]<$conf['price']*$days){
		Showmsg('advert_lack_credit');
	}
	$link = str_replace(array('&#61;','&amp;'),array('=','&'),$link);
	(strlen($title)>100 || strlen($link)>100) && Showmsg('advert_length_error');
	$config = array();
	$config['days'] = $days;
	if($conf['style']=='txt'){
		!$title && Showmsg('advert_title_empty');
		!preg_match('/^(http|ftp|https|telnet|mms|rtsp):\/\/([.a-zA-Z0-9-])+(:[0-9]+)*([+:%\/\?~=&;\\\(\),._a-zA-Z0-9-])*(#[.a-zA-Z0-9-])*$/is',$link) && Showmsg('advert_link_error');
	}elseif($conf['style']=='img'){
		!$title && Showmsg('advert_discrip_empty');
		InitGP(array('url'));
		$url = str_replace(array('&#61;','&amp;'),array('=','&'),Char_cv($url));
		strlen($url)>100 && Showmsg('advert_length_error');
		!preg_match('/^(http|ftp|https|telnet|mms|rtsp):\/\/([.a-zA-Z0-9-])+(:[0-9]+)*([+:%\/\?~=&;\\\(\),._a-zA-Z0-9-])*\.(gif|jpg|jpeg|png)$/is',$url) && Showmsg('advert_img_error');
		!preg_match('/^(http|ftp|https|telnet|mms|rtsp):\/\/([.a-zA-Z0-9-])+(:[0-9]+)*([+:%\/\?~=&;\\\(\),._a-zA-Z0-9-])*(#[.a-zA-Z0-9-])*$/is',$link) && Showmsg('advert_link_error');
		$config['url']= $url;
	}elseif($conf['style']=='flash'){
		!$title && Showmsg('advert_discrip_empty');
		!preg_match('/^(http|ftp|https|telnet|mms|rtsp):\/\/([.a-zA-Z0-9-])+(:[0-9]+)*([+:%\/\?~=&;\\\(\),._a-zA-Z0-9-])*$/is',$link) && Showmsg('advert_link_error');
	}else{
		Showmsg('illegal_request');;
	}
	$config['link']	= $link;
	$config['title']= $title;
	$config = addslashes(serialize($config));
	$db->query("INSERT INTO pw_buyadvert"
		. " SET " . pwSqlSingle(array(
			'id'	=> $id,
			'uid'	=> $winduid,
			'config'=> $config
	)));
	Showmsg('advert_success');
}else{
	require_once PrintHack('index');ajax_footer();
}
?>