" M; y% p+ [3 d1 m' o% T0 x出现在评论处,小问题。放出来怕笑话呢。。: D) H( P; z4 R! J; U
01 }elseif($do == 'view'){
' J! i8 q( h+ ^( L02
9 K- [8 p6 k) T; d. ?* x03 require_once(dirname(__FILE__)."/global.php");- X& ?9 c. Z6 ]& f& u
04 require_once(MYMPS_INC."/member.class.php");
& { n& e, V% D8 a, m7 a8 e! Z05 require_once(MYMPS_INC."/ip.class.php");
( X+ W; o6 A2 l$ e7 ]06 6 C: @2 a/ I" _. i7 B5 o6 D
07 if(!empty($part)&&$action == 'write'){
" y' \" m1 a0 F3 i9 P& }08 if(if_other_site_post()){# C8 Z; ~1 G, u6 [+ b1 c. `
09 $msgs[]="请不要尝试从站外提交数据!";
7 N3 b# ]3 {# p+ G9 r! }10 show_msg($msgs);' z* z9 ^3 T9 t6 @
11 exit();
: |# {& v, ?5 Z1 U3 K3 d+ ~; X3 B, A12 }8 J3 U" Y! ]3 b7 I( Q4 d) O* T
13
- }; h+ e% F( C14
6 R$ O; }, q. m+ s1 e% k+ J3 A15 //mymps_chk_randcode();
2 @$ O l& b m3 s6 Y16
2 s. S& v/ ]: |3 ]8 |17 $content = $_POST[content];$ W, V( T2 n7 c1 h6 R5 q
18 if(empty($content)){write_msg("请填写评论内容!");exit();}
) X% s' ?; E/ B. ?19 if(strlen($content)>255){write_msg("请不要填写超过127个汉字!");exit();}: T5 n$ B' |% a# m' p3 {% V& l
20 $result = verify_badwords_filter($mymps_global[cfg_if_comment_verify],'',$_POST[content]);3 I- `& q: g: o$ Y% {
21 $content = textarea_post_change($result[content]);$ c0 P) Z; Q7 r+ q
22 $comment_level = $result[level];% ~% U! N+ |$ a; t7 e% J
23 $userid = $_GET['userid'];
" h" x; W6 k4 y6 c24
- D9 |3 B) A# z! b* N: [# N25 - v( s4 i8 h/ R, w6 v7 v* ]
7 c3 s/ r( |' q1 y9 ~$ B- d
26 $db->query("INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')");5 f& |, [+ k. U+ Z" u( z
27 echo "INSERT INTO `{$db_mymps}".$part."_comment` (".$part."id,content,pubtime,ip,comment_level,userid)VALUES('$id','$content','".time()."','".GetIP()."','$comment_level','".$_POST[userid]."')";//userid和getip都没处理好。出现问题了。" d. {# G* { V/ q
28 if($comment_level == '1'){
- k& v) ?+ X) H# u$ s; X' h# ?2 Q29 write_msg("您的评论提交成功!","?part=".$part."&id=".$id);
5 S) b7 ?# e4 W7 @0 Y( v9 c30 }) d0 {0 | H4 X" `" H3 f: h1 ~& Y
31 else{, l. s. s. p8 P% Q
32 write_msg("您提交的留言可能含有违禁词语,审核通过后显示!","?part=".$part."&id=".$id);$ e$ U+ t. E( b' g+ ~+ Y' m/ L1 w+ Q' u
33 }+ t) l, G- ~; g6 F& j* T( u
34 exit();
% V9 D2 ^7 c& D4 P) o35 }
) g2 X7 @1 s$ F, l; v. ?3 k( @) m结果出现问题了,3 g* n0 q8 ]! [) Y. L
& d8 d7 o9 i% B) }
接下来就是
9 ?7 ?3 D- |* g5 I2 g2 N2 [# N+ r0 [* D
直接爆出管理员账号加MD5…
# {0 N+ V% o3 D& j) @ |