www.gusucode.com > seacms 海洋PHP影视视频网站建站系统 v6.61PHP源码程序 > seacms 海洋PHP影视视频网站建站系统 v6.61/海洋cms V6.61/海洋cms V6.61/upload/comment/api/send.php
<?php session_start(); require_once("../../include/common.php"); require_once(sea_INC.'/main.class.php'); require_once(sea_INC."/filter.inc.php"); if(!isset($action)) { $action = ''; } $ischeck = $cfg_feedbackcheck=='Y' ? 0 : 1; $id = (isset($gid) && is_numeric($gid)) ? $gid : 0; $itype = (isset($ctype) && is_numeric($ctype)) ? $ctype : 0; $cparent = (isset($cparent) && is_numeric($cparent)) ? $cparent : 0; if(empty($id)) { echo "err"; exit(); } if($action=='send') { $validate = $captcha; if($cfg_feedback_ck=='1') { $svali = strtolower(trim(GetCkVdValue())); if(strtolower($validate) != $svali || $svali=='') { ResetVdValue(); if($validate!=$svali) { echo "<script>alert('验证码错误!');</script>"; exit(); } } } $tmpname = empty($tmpname) ? '' : $tmpname; $ip = GetIP(); $dtime = time(); $msg = $talkwhat; $itype = $ctype; //检查评论间隔时间; if(!empty($cfg_comment_times)) { $row = $dsql->GetOne("SELECT dtime FROM `sea_comment` WHERE `ip` = '$ip' ORDER BY `id` desc "); if($dtime - $row['dtime'] < $cfg_comment_times) { echo "<script>alert('评论太快,请休息一下再来评论!');</script>"; exit(); } } //检查留言IP /*if(!empty($cfg_banIPS)) { $myarr = explode ('|',$cfg_banIPS); for($i=0;$i<count($myarr);$i++) { if($ip==$myarr[$i]) { echo "<script>alert('您所在的IP不能评论!');</script>"; exit(); } } }*/ $msg = cn_substrR(TrimMsg(unescape($msg)),1000); $tmpname = cn_substrR(HtmlReplace(unescape($tmpname),2),20); $tmpname = _Replace_Badword($tmpname); //检查禁止词语 if(!empty($cfg_banwords)) { $myarr = explode ('|',$cfg_banwords); for($i=0;$i<count($myarr);$i++) { $userisok = strpos($username, $myarr[$i]); $msgisok = strpos($msg, $myarr[$i]); if(is_int($userisok)||is_int($msgisok)) { echo "<script>alert('您发表的评论中有禁用词语!');</script>"; exit(); } } } //保存评论内容 $uid =$_SESSION['sea_user_id']; $uid = RemoveXSS(stripslashes($uid)); $uid = addslashes(cn_substr($uid,20)); $tmpname=$_SESSION['sea_user_name']; $tmpname = RemoveXSS(stripslashes($tmpname)); $tmpname = addslashes(cn_substr($tmpname,20)); if($msg!='') { $msg = _Replace_Badword($msg); $inquery = "INSERT INTO `sea_comment`(`v_id`,`uid`,`username`,`ip`,`ischeck`,`reply`,`agree`,`anti`,`dtime`,`msg`,`m_type`) VALUES ('$id','$uid','$tmpname','$ip',$ischeck,$cparent,0,0,'$dtime','$msg','$itype'); "; $rs = $dsql->ExecuteNoneQuery($inquery); if(!$rs) { echo $dsql->GetError(); exit(); } } delfile("../../data/cache/review/$itype/$id.js"); echo "<script>parent.success();</script>"; exit(); }elseif($action=='2') { $addagree = "update `sea_comment` set agree=agree+1 where id=".$id; $dsql->ExecuteNoneQuery($addagree); $rs = $dsql->GetOne("select v_id,typeid from sea_comment where id=".$id); delfile("../../data/cache/review/".$rs['typeid']."/".$rs['v_id'].".js"); } elseif($action=='3') { $addagree = "update `sea_comment` set anti=anti+1 where id=".$id; $dsql->ExecuteNoneQuery($addagree); $rs = $dsql->GetOne("select v_id,typeid from sea_comment where id=".$id); delfile("../../data/cache/review/".$rs['typeid']."/".$rs['v_id'].".js"); }