! `) ?# S- R3 u5 E7 ^6 e; T* w3 a/ z
出现在评论处,小问题。放出来怕笑话呢。。
5 T! I5 Z+ g2 D9 `0 w01 }elseif($do == 'view'){
2 T4 x3 }% @5 x a# b02 $ K9 J6 i, D2 w( h, p) Q+ L
03 require_once(dirname(__FILE__)."/global.php");& [/ q5 E+ |$ i& C8 @- ]
04 require_once(MYMPS_INC."/member.class.php");3 A! Q0 i' [" ]* v1 |
05 require_once(MYMPS_INC."/ip.class.php");
4 L1 a: N6 l+ [4 J5 X4 {9 V06 # ^4 {; Q/ m$ c4 r
07 if(!empty($part)&&$action == 'write'){; ~' n! Z& B; `0 N0 G
08 if(if_other_site_post()){% R6 \1 }; E, z1 l
09 $msgs[]="请不要尝试从站外提交数据!";
' Y# E, I- K% R" [( L2 Y A10 show_msg($msgs);
' S& h( |6 V7 w% L11 exit();) H( \; x l k% d' S/ @2 a
12 }* W8 V% Y* `: U1 s1 E+ _4 e
13
! v0 X2 L! ]3 R/ b) E4 s14 + f8 V. ?7 Y- j0 u8 B) p2 s& j- E
15 //mymps_chk_randcode();: M$ o; s" C9 m; ]; d
16
6 ~+ A% }" [% e3 G& m' V' b17 $content = $_POST[content];9 D: d* Q* B9 ~0 ]
18 if(empty($content)){write_msg("请填写评论内容!");exit();}
2 _7 b* |+ e% I5 I0 I. T$ J6 t19 if(strlen($content)>255){write_msg("请不要填写超过127个汉字!");exit();}% m* G/ k3 c, @* Z. S$ c' f
20 $result = verify_badwords_filter($mymps_global[cfg_if_comment_verify],'',$_POST[content]);1 i0 v4 g! j7 C, @8 z+ l
21 $content = textarea_post_change($result[content]); e2 m+ g) \! L/ b7 i& b
22 $comment_level = $result[level];
9 j& h# p( \, @% H3 g f* ~23 $userid = $_GET['userid'];6 U" k: G4 |# d& m8 W X
24
9 t; K4 z9 b* A" I* h25 $ K& P# v6 S/ I+ ^
( E6 `% T. U a! P* |( Z
26 $db->query("INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')");
4 y* q" D4 {7 Z3 [27 echo "INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')";//userid和getip都没处理好。出现问题了。
4 J$ a# x/ z" P% W+ T, w& h28 if($comment_level == '1'){; _& W# {2 D, Z8 y% c. M4 T
29 write_msg("您的评论提交成功!","?part=".$part."&id=".$id);6 C2 ~* U9 ]) ?$ A8 a9 Z$ S; q2 ^9 s
30 }; E' H/ v+ x# s9 @7 k/ U2 Y
31 else{
+ Z" A4 t9 r: \8 f% D32 write_msg("您提交的留言可能含有违禁词语,审核通过后显示!","?part=".$part."&id=".$id);
/ C- J$ ?$ u- A" E% `. J& d33 }. h1 O3 T( Y. {$ R8 c& y% W4 u
34 exit();4 X2 l7 ~8 d: x& F' F, `
35 }
: F! P9 v/ @7 w) P! m结果出现问题了,
% l3 j1 B' o6 f6 @2 {& U& Z& }
8 j! c* c: @- |! Y* l, Q接下来就是
- S6 `4 W6 Q. P' \; D" m
7 N% k6 J9 L! o9 P直接爆出管理员账号加MD5…% L6 e& C3 |6 p( V6 d! c* n% T5 o
|