www.gusucode.com > 2030网博士成品网站管理系统 PHP网站源码程序 > 2030/guestbook/post.php
<?php define("ROOTPATH", "../"); include(ROOTPATH."includes/common.inc.php"); include(ROOTPATH."guestbook/includes/guestbook.inc.php"); include("language/".$sLan.".php"); $act = $_POST['act']; switch($act){ //企业留言表单提交 case "formsend": $nowtime=time(); //获取留言提交者的IP信息 $ip=$_SERVER["REMOTE_ADDR"]; //定义同一IP两次提交的时间间隔,以防止恶意提交 $gettime=60; $msql->query("select dtime from {P}_guestbook where ip='$ip' order by id desc"); if($msql->next_record()){ $predtime=$msql->f('dtime'); } $distime=$nowtime-$predtime; if($distime<=$gettime){ echo $strNotice1 . $gettime . $strNotice6; exit; } //获取表单数据 $title=htmlspecialchars($_POST["title"]); $name=htmlspecialchars($_POST["name"]); $headpic=htmlspecialchars($_POST["headpicsel"]); $email=htmlspecialchars($_POST["email"]); $qq=htmlspecialchars($_POST["qq"]); $homepage=htmlspecialchars($_POST["homepage"]); $mood=htmlspecialchars($_POST["mood"]); $body=htmlspecialchars($_POST["body"]); $secret=htmlspecialchars($_POST["secret"]); $checkimgcode=htmlspecialchars($_POST["checkimgcode"]); //标题长度校验 $titlelen=utf8_strlen($title, 1); if($titlelen<3 || $titlelen>20){ echo $strNotice2; exit; } //姓名长度校验 $namelen=utf8_strlen($name, 1); if($namelen<2 || $namelen>15){ echo $strNotice3; exit; } //电子邮件校验 if($email!=''){ if (!eregi("^[_.0-9a-z-]+@([0-9a-z][0-9a-z-]+.)+[a-z]{2,3}$",$email)) { echo $strNotice4; exit; } } //留言内容长度校验 $bodylen=utf8_strlen($body, 1); if($body=='' || $bodylen>500){ echo $strNotice5; exit; } //图形验证码 if($checkimgcode!="no"){ $ImgCode=$_POST["ImgCode"]; $Ic=$_COOKIE["CODEIMG"]; $Ic=strrev($Ic)+5*2-9; $Ic=substr ($Ic,0,4); if($ImgCode=="" || $Ic!=$ImgCode){ echo $strIcErr; exit; } } //校验结束,处理数据 $headpicurl="guestbook/templates/images/headpics/".$headpic.".gif"; $moodurl="guestbook/templates/images/mood/".$mood.".gif"; //读取配置信息,判断发布状态 $msql->query("select value from {P}_guestbook_config where xuhao='3'"); if($msql->next_record()){ $iffb=$msql->f('value'); } //入库 $msql -> query ("insert into {P}_guestbook set `title`='$title', `name`='$name', `headpic`='$headpicurl', `email`='$email', `qq`='$qq', `homepage`='$homepage', `mood`='$moodurl', `body`='$body', `secret`='$secret', `dtime`='$nowtime', `uptime`='$nowtime', `ip`='$ip', `iffb`='$iffb' "); echo "OK"; exit; break; } ?>