3 _5 ?0 g* S1 L! l7 x1 H
出现在评论处,小问题。放出来怕笑话呢。。. Z8 e' j: y! u* n* x' _
01 }elseif($do == 'view'){* H2 Q9 S5 C, J! P$ V! p' J6 @
02
2 S5 `/ W* C0 D: \' S1 K- r03 require_once(dirname(__FILE__)."/global.php");
3 i+ a( t1 Y9 O. R. ` l7 H" J( l, u8 j04 require_once(MYMPS_INC."/member.class.php");; n* h5 r" U' l4 p. [- u$ U7 D/ R
05 require_once(MYMPS_INC."/ip.class.php");* D& { n- p. n; K. Z
06
/ _$ `. d) _2 V k07 if(!empty($part)&&$action == 'write'){* O: o( J8 P. |9 n3 i9 D
08 if(if_other_site_post()){# ?& t3 Q# Q* G* a" H0 O( E
09 $msgs[]="请不要尝试从站外提交数据!";
9 @. Q3 |3 d* I# c6 x10 show_msg($msgs);+ N2 L7 g- g; l- x
11 exit();' q3 b9 d! |' ~) I' l) z8 |: j
12 }+ @; ?, c i/ A4 i4 i
13 " y1 U, c4 I/ h& ]) Q
14 ( _7 b1 m* P8 q0 U$ b( V
15 //mymps_chk_randcode();
9 H+ f E2 V) K$ J, @16 5 A" C; D, U" q$ t
17 $content = $_POST[content];
2 j% I' g; }* J l- N+ o$ b18 if(empty($content)){write_msg("请填写评论内容!");exit();}
L+ G& O; {8 W, d& W1 S: U19 if(strlen($content)>255){write_msg("请不要填写超过127个汉字!");exit();}
5 c" ^/ g+ j( Q9 w' Y0 w: t# {20 $result = verify_badwords_filter($mymps_global[cfg_if_comment_verify],'',$_POST[content]);
4 R. y; n3 v# @4 X x7 v% P21 $content = textarea_post_change($result[content]);" W }0 ~0 x: ~% F
22 $comment_level = $result[level];
: _7 v- q- S. O' U7 A23 $userid = $_GET['userid'];
' _4 c- u3 Y- T" t' f- ^5 y24 , t6 \3 f3 z2 o2 z! F* F
25 / V/ n% t! d2 o+ v Y5 C- g8 S. n
- R: x8 r8 Y2 n+ r% |3 a/ d26 $db->query("INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')");! q' P& P% n. D8 f
27 echo "INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')";//userid和getip都没处理好。出现问题了。. }" F ^9 b7 r. w4 g# D$ X8 b
28 if($comment_level == '1'){
% F8 i6 m2 P2 ^& j# t5 ]3 E* N29 write_msg("您的评论提交成功!","?part=".$part."&id=".$id);& A9 ^! L, J% a( Y$ o$ I
30 }
8 U P8 ]0 R, B8 ] d' l1 I31 else{1 z& I% G2 m1 t/ t8 L/ n
32 write_msg("您提交的留言可能含有违禁词语,审核通过后显示!","?part=".$part."&id=".$id);
4 h/ D6 b1 Y+ |: j; |. G3 a( V33 }
c) y1 { T/ D+ |7 V34 exit();9 F* E6 G2 U( L. E- i
35 }
7 U7 T& [' s5 l! {结果出现问题了,, J: ~- v4 l" W& E6 j v
+ l. a3 r8 f( g" u接下来就是
/ t. f0 c& U' n
: P8 @+ P [2 h& {3 o直接爆出管理员账号加MD5…
' T7 [" t7 l; t/ _6 P! w |