forked from dedecms/DedeCMS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathguestbook.php
executable file
·100 lines (95 loc) · 3.56 KB
/
guestbook.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php
/**
*
* 留言板
*
* @version $Id: guestbook.php 1 10:09 2010-11-10 $
* @package DedeCMS.Site
* @founder IT柏拉图, https://weibo.com/itprato
* @author DedeCMS团队
* @copyright Copyright (c) 2007 - 2021, 上海卓卓网络科技有限公司 (DesDev, Inc.)
* @license http://help.dedecms.com/usersguide/license.html
* @link http://www.dedecms.com
*/
require_once(dirname(__FILE__).'/guestbook/guestbook.inc.php');
require_once(DEDEINC.'/datalistcp.class.php');
if(empty($action)) $action = '';
//修改留言
if($action=='admin')
{
include_once(dirname(__FILE__).'/guestbook/edit.inc.php');
exit();
}
//保存留言
else if($action=='save')
{
if(!empty($_COOKIE['GUEST_BOOK_POS'])) $GUEST_BOOK_POS = $_COOKIE['GUEST_BOOK_POS'];
else $GUEST_BOOK_POS = 'guestbook.php';
if(empty($validate)) $validate=='';
else $validate = strtolower($validate);
$svali = GetCkVdValue();
if($validate=='' || $validate!=$svali)
{
ShowMsg("验证码不正确!","");
exit();
}
$ip = GetIP();
$dtime = time();
$uname = trimMsg($uname);
$email = trimMsg($email);
$homepage = trimMsg($homepage);
$homepage = preg_replace("#http:\/\/#", '', $homepage);
$qq = trimMsg($qq);
$msg = trimMsg(cn_substrR($msg, 1024), 1);
$tid = empty($tid) ? 0 : intval($tid);
$reid = empty($reid) ? 0 : intval($reid);
$img = HtmlReplace($img);
$needCheck=intval($needCheck);
if($msg=='' || $uname=='') {
showMsg('你的姓名和留言内容不能为空!','-1');
exit();
}
$title = HtmlReplace( cn_substrR($title,60), 1 );
if($title=='') $title = '无标题';
if($reid != 0)
{
$row = $dsql->GetOne("SELECT msg FROM `#@__guestbook` WHERE id='$reid' ");
$msg = "<div class=\\'rebox\\'>".addslashes($row['msg'])."</div>\n".$msg;
}
$msg = addslashes($msg);
$query = "INSERT INTO `#@__guestbook`(title,tid,mid,uname,email,homepage,qq,face,msg,ip,dtime,ischeck)
VALUES ('$title','$tid','{$g_mid}','$uname','$email','$homepage','$qq','$img','$msg','$ip','$dtime','$needCheck'); ";
$dsql->ExecuteNoneQuery($query);
$gid = $dsql->GetLastID();
if($needCheck==1)
{
require_once(DEDEINC."/oxwindow.class.php");
$msg = "
<font color='red'><b>成功发送或回复留言!</b></font> <a href='guestbook.php' style='font-size:14px;font-weight:bold'><u>我已经知道了,点击此返回>></u></a>";
$wintitle = "留言发布成功提示";
$wecome_info = "留言发布成功:";
$win = new OxWindow();
$win->Init("","js/blank.js","post");
$win->AddTitle("提示:");
$win->AddMsgItem("<div style='padding:20px;line-height:300%;font-size:14px'>$msg</div>");
$winform = $win->GetWindow("hand");
$win->Display();
}
else {
ShowMsg('成功发送一则留言,但需审核后才能显示!','guestbook.php',0,3000);
}
exit();
}
//显示所有留言
else
{
setcookie('GUEST_BOOK_POS',GetCurUrl(),time()+3600,'/');
if($g_isadmin) $sql = 'SELECT * FROM `#@__guestbook` ORDER BY id DESC';
else $sql = 'SELECT * FROM `#@__guestbook` WHERE ischeck=1 ORDER BY id DESC';
$dlist = new DataListCP();
$dlist->pageSize = 10;
$dlist->SetParameter('gotopagerank',$gotopagerank);
$dlist->SetTemplate(DEDETEMPLATE.'/plus/guestbook.htm');
$dlist->SetSource($sql);
$dlist->Display();
}