www.gusucode.com > 仿51.com的php源码 1.1 > ProcessInterface_Comment.php
<?php header ("Cache-Control: no-cache, must-revalidate"); header ("Pragma: no-cache"); ?> <?php //include("user/CheckLogined.php"); include("include/dbclass.php"); include("include/global.php"); $dbc=new DbConn(); $uid=$_COOKIE["uid"]; $user=$_GET["user"]; $diary_id=$_GET["diary"]; if($_GET["action"]=="Save") { if($gb_time-$_COOKIE['wtime']<30) { echo "<script language='javascript'>alert('为防止恶意灌水,签写留言间隔为30秒!请您稍后再试');history.back();</script>"; exit(); } $f_DiaryComment_CommentObjId=$_POST["f_DiaryComment_CommentObjId"]; $f_DiaryComment_ObjTitle=$_POST["f_DiaryComment_ObjTitle"]; $f_DiaryComment_AddDate=$_POST["f_DiaryComment_AddDate"]; $f_DiaryComment_Memo=$_POST["f_DiaryComment_Memo"]; $f_DiaryComment_ObjTitle=iconv('utf-8', 'gbk',$f_DiaryComment_ObjTitle); $f_DiaryComment_Memo=iconv('utf-8', 'gbk',$f_DiaryComment_Memo); $lv=false; $s=""; $filter=$rs1["filterTxt"]; $filter = explode(",",$filter); for($i=0;$i<count($filter);$i++){ if(ereg($filter[$i],$f_DiaryComment_Memo)){ $s=$s.$filter[$i]; $lv=true;break; } } if($lv) { echo "<script>alert('你的留言含有不良内容:".$s."');history.back();;</script>"; exit(); } setcookie("wtime",$gb_time,$gb_time+30); if ($f_DiaryComment_Memo==null) { echo "0"; exit(); } $user=$_GET["user"]; $sqlck="select id from Diary where User_Account='$user' and Diary_UnixTimestamp='$f_DiaryComment_CommentObjId'"; $rs1=$dbc->getRs($sqlck); if($rs1==null) { echo "0"; exit(); } if($uid==null) { echo "1"; exit(); } //查看是不是有形像了 $sqlck="select face,LeaveWordPrivilege from userdata where User_Account='$user' "; $rs=$dbc->getRs($sqlck); if($rs["LeaveWordPrivilege"]==2) { echo "6"; exit(); } //查看不是有VIP或好友才能留言了 if($rs["LeaveWordPrivilege"]==1) { $sqlf="select id,OrderType from myfriend where User_Account='$user' and myfriendname='$uid'"; $rs1=$dbc->getRs($sqlf); if((int)$_COOKIE["vip"]==0 ) { echo "5"; exit(); } if($rs1["OrderType"]==2) { echo "8"; exit(); } if($rs1["id"]==null) { echo "5"; exit(); } } if($rs["LeaveWordPrivilege"]==0) { $sqlf="select id,OrderType from myfriend where User_Account='$user' and myfriendname='$uid'"; $rs1=$dbc->getRs($sqlf); if($rs1["OrderType"]==2) { echo "8"; exit(); } } $sqluid="select face from userdata where User_Account='$uid' "; $rs2=$dbc->getRs($sqluid); if($rs2["face"]=="images/nophoto.gif") { echo "2"; exit(); } $sqlin="insert into DiaryComment (DiaryComment_CommentObjId,DiaryComment_ObjTitle,DiaryComment_UserName,DiaryComment_AddDate,DiaryComment_Memo,DiaryComment_Name) values ('$f_DiaryComment_CommentObjId','$f_DiaryComment_ObjTitle','$user','$f_DiaryComment_AddDate','$f_DiaryComment_Memo','$uid')"; $dbc->Execute($sqlin); echo "9"; exit(); } ?>