fetch_one_array("SELECT * FROM {$db_prefix}sessions WHERE hash='$hash' AND lastactivity+3600>'$timestamp'");
$user = $DB->fetch_one_array("SELECT username,logincount,groupid,password FROM {$db_prefix}users WHERE userid='".$session['uid']."'");
if(getuserhash($session['uid'],$user['username'],$user['password'],$user['logincount']) == $hash && $session['agent'] == md5(addslashes($_SERVER['HTTP_USER_AGENT'])) && $session['groupid'] == $user['groupid']) {
$sax_uid = $session['uid'];
$sax_group = $user['groupid'];
$sax_user = $user['username'];
$sax_pw = $user['password'];
$logincount = $user['logincount'];
$DB->query("UPDATE {$db_prefix}sessions SET lastactivity='$timestamp' WHERE uid='$sax_uid' AND hash='$hash'");
} else {
$DB->query("DELETE FROM {$db_prefix}sessions WHERE lastactivity+3600<'$timestamp' OR hash='$hash'");
}
}
// 身份验证结束
if ($action == 'logout') {
$DB->query("DELETE FROM {$db_prefix}sessions WHERE hash='$hash' OR lastactivity+3600<'$timestamp'");
$hash = '';
$sax_uid = 0;
wap_header('注销身份');
wap_message('注销成功', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
}
// 首页
if (!$action || $action == 'index') {
wap_header($options['name']);
echo "\n";
echo "浏览日志 标签列表 日志分类 日志归档 搜索引擎 最新评论 引用列表 博客主人 博客信息
\n";
if ($sax_uid) {
echo "您好:".$sax_user." 注销 ";
if ($sax_group == 1 || $sax_group == 2) {
echo "添加文章 ";
}
echo "
\n";
} else {
echo "用户登陆 (只有登陆后才能发表评论)
\n";
}
wap_footer();
}
// 文章列表
if (in_array($action, array('list', 'finduser', 'tags', 'dosearch'))) {
$pagenum = $options['wap_article_pagenum'];
if($page) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
//定义相同的查询语句前部分
$query_sql = "SELECT a.articleid,a.title,a.dateline FROM {$db_prefix}articles a WHERE a.visible='1'";
// 查看用户发表的文章
if ($action == 'finduser') {
$userid = intval($_GET['userid']);
$user = $DB->fetch_one_array("SELECT username,articles FROM {$db_prefix}users WHERE userid='$userid'");
$tatol = $user['articles'];
$catename = '查看'.$user['username'].'的文章';
$query_sql .= " AND a.uid='$userid' ORDER BY a.$article_order DESC LIMIT $start_limit, ".$pagenum;
$pageurl = 'index.php?action=finduser&userid='.$userid;
// 查看tags的相关文章
} elseif ($action == 'tags') {
$item = addslashes($_GET['item']);
if ($item) {
$tag = $DB->fetch_one_array("SELECT usenum,aids FROM {$db_prefix}tags WHERE tag='$item'");
if (!$tag) {
wap_header('系统消息');
wap_message('记录不存在', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
}
$tatol = $tag['usenum'];
$query_sql .= " AND a.articleid IN (".$tag['aids'].") ORDER BY a.$article_order DESC LIMIT $start_limit, ".$pagenum;
$pageurl = 'index.php?action=tags&item='.urlencode($item);
$catename = 'Tag:'.htmlspecialchars($item);
} else {
wap_header('系统消息');
wap_message('缺少参数', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
}
// 查看搜索结果的文章
} elseif ($action == 'dosearch') {
$searchid = intval($_GET['searchid']);
if (!$searchid){
wap_message('您指定的搜索不存在或已过期,请返回.', array('title' => '重新搜索', 'link' => 'index.php?action=search'));
} else {
$search = $DB->fetch_one_array("SELECT * FROM {$db_prefix}searchindex WHERE searchid='$searchid'");
if (!$search || $search['searchfrom'] != 'article') {
wap_message('您指定的搜索不存在或已过期,请返回.', array('title' => '重新搜索', 'link' => 'index.php?action=search'));
}
$tatol = $search['tatols'];
$query_sql .= " AND a.articleid IN (".$search['ids'].") ORDER BY a.".$search['sortby']." ".$search['orderby']." LIMIT $start_limit, ".$pagenum;
$pageurl = 'index.php?action=dosearch&searchid='.$searchid;
$catename = '搜索:'.$search['keywords'];
}
// 查看首页文章
} else {
$catename = '全部文章';
$tatol = $stats['article_count'];
// 检查是否设置$cid参数
$cateadd = '';
$cid = intval($_GET['cid']);
if ($cid) {
$cateadd = " AND a.cid='$cid' ";
$query_sql .= " AND a.cid='$cid' ";
$r = $DB->fetch_one_array("SELECT name,articles FROM {$db_prefix}categories WHERE cid='$cid'");
$catename = '分类:'.$r['name'];
$tatol = $r['articles'];
}
$setdate = intval($_GET['setdate']);
if ($setdate && strlen($setdate) == 6) {
$setyear = substr($setdate,0,4);
if ($setyear >= 2038 || $setyear <= 1970) {
$setyear = sadate('Y');
$setmonth = sadate('m');
$start = $end = 0;
} else {
$setmonth = substr($setdate,-2);
list($start, $end) = explode('-', gettimestamp($setyear,$setmonth));
$catename = $setyear.'年'.$setmonth.'月的文章';
}
} else {
$setyear = sadate('Y');
$setmonth = sadate('m');
$start = $end = 0;
}
//*******************************//
$startadd = $start ? " AND a.dateline >= '".correcttime($start)."' " : '';
$endadd = $end ? " AND a.dateline < '".correcttime($end)."' " : '';
//*******************************//
if($setdate) {
$query = $DB->query("SELECT COUNT(*) FROM {$db_prefix}articles a WHERE a.visible='1' ".$cateadd.$startadd.$endadd);
$tatol = $DB->result($query, 0);
}
//*******************************//
$query_sql .= $startadd.$endadd." ORDER BY a.stick DESC, a.$article_order DESC LIMIT $start_limit, ".$pagenum;
$pageurl = 'index.php?action=list&cid='.$cid.'&setdate='.$setdate;
}
// 执行查询
wap_header($catename);
if ($tatol) {
$query = $DB->query($query_sql);
$multipage = multi($tatol, $pagenum, $page, $pageurl);
echo "\n";
while ($article = $DB->fetch_array($query)) {
echo "".trimmed_title($article['title'], $options['wap_article_title_limit'])." (".sadate('m-d',$article['dateline']).")
\n";
echo "".$tatol."篇文章
\n";
echo $multipage;
} else {
echo "没有任何日志
\n";
}
echo "返回主页
\n";
wap_footer();
}
// 标签列表
if ($action == 'tagslist') {
$pagenum = $options['wap_tags_pagenum'];
if($page) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
$order = in_array($_GET['order'], array('tagid', 'usenum')) ? $_GET['order'] : 'tagid';
$multipage = multi($stats['tag_count'], $pagenum, $page, 'index.php?action=tagslist&order='.$order);
wap_header("标签列表");
if ($stats['tag_count']) {
if ($order == 'usenum') {
echo "查看最新标签
\n";
} else {
echo "查看热门标签
\n";
}
echo "\n";
$query = $DB->query("SELECT tag,usenum FROM {$db_prefix}tags ORDER BY $order DESC LIMIT $start_limit, ".$pagenum);
while ($tag = $DB->fetch_array($query)) {
echo "".htmlspecialchars($tag['tag'])." (".$tag['usenum'].")
\n";
echo "共有".$stats['tag_count']."个标签
\n";
echo $multipage;
} else {
echo "没有任何标签
\n";
}
echo "返回日志列表 返回主页
\n";
wap_footer();
}
// 博客主人
if ($action == 'users') {
$tatol = $DB->num_rows($DB->query("SELECT userid FROM {$db_prefix}users WHERE groupid='1' OR groupid='2'"));
wap_header('博客主人');
if ($tatol) {
echo "\n";
$query = $DB->query("SELECT userid,username,articles FROM {$db_prefix}users WHERE groupid='1' OR groupid='2' ORDER BY articles DESC");
while ($user = $DB->fetch_array($query)) {
echo "".$user['username']." (文章:".$user['articles'].")
\n";
echo "共有".$tatol."个主人
\n";
} else {
echo "没有任何主人
\n";
}
echo "返回日志列表 返回主页
\n";
wap_footer();
}
// 博客主人
if ($action == 'showuser') {
wap_header("博客主人");
$userid = intval($_GET['userid']);
// 获取文章信息
if (!$userid) {
wap_message('缺少参数', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
} else {
$user = $DB->fetch_one_array("SELECT userid,username,url,articles FROM {$db_prefix}users WHERE userid='".$userid."'");
if (!$user) {
wap_message('记录不存在', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
}
}
$user['articles'] = $user['articles'] ? $user['articles'] : '从未发表';
echo "查看".$user['username']."的文章
\n";
echo "\n";
echo "名字:".$user['username']."
\n";
echo "返回日志列表 返回主页
\n";
wap_footer();
}
// 日志分类
if ($action == 'categories') {
wap_header('日志分类');
echo "\n";
if (empty($catecache)) {
echo '没有任何分类';
} else {
$pagenum = 10;
if($page) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
$multipage = multi($stats['cate_count'], $pagenum, $page, 'index.php?action=categories');
$catecache = @array_slice($catecache,$start_limit,$pagenum);
foreach($catecache AS $data){
echo "".$data['name']." (".$data['articles'].")
\n";
echo $multipage;
echo "返回日志列表 返回主页
\n";
wap_footer();
}
// 日志归档
if ($action == 'archives') {
wap_header('日志归档');
echo "\n";
if (empty($archivecache)) {
echo '没有任何归档';
} else {
$monthname = array('','一月','二月','三月','四月','五月','六月','七月','八月','九月','十月','十一月','十二月');
$pagenum = 10;
if($page) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
$multipage = multi(count($archivecache), $pagenum, $page, 'index.php?action=archives');
$archivecache = @array_slice($archivecache,$start_limit,$pagenum);
foreach($archivecache AS $key => $val){
$v = explode('-', $key);
$e_month = ($v[1] < 10) ? str_replace('0', '', $v[1]) : $v[1];
echo "".$monthname[$e_month].", ".$v[0]." (".$val.")
\n";
echo $multipage;
echo "返回日志列表 返回主页
\n";
wap_footer();
}
// 搜索引擎
if ($action == 'search') {
wap_header('搜索引擎');
$keywords = addslashes(trim($_POST['keywords'] ? $_POST['keywords'] : $_GET['keywords']));
if (!$keywords || strlen($keywords) < $options['search_keywords_min_len']) {
echo "注意:只搜索文章标题和内容,不对评论进行搜索.关键字不能少于".$options['search_keywords_min_len']."个字节.
\n";
echo "关键字中可使用通配符 "*"
";
echo "关键字:
\n";
echo "确定\n";
echo "\n";
echo " \n";
echo " \n";
echo "
\n";
} else {
$searchindex = array('id' => 0, 'dateline' => '0');
$query = $DB->query("SELECT searchid, dateline, ('".$options['search_post_space']."'<>'0' AND $timestamp-dateline<".$options['search_post_space'].") AS flood, searchfrom='article' AND keywords='$keywords' AS indexvalid FROM {$db_prefix}searchindex WHERE ('".$options['search_post_space']."'<>'0' AND ipaddress='$onlineip' AND $timestamp-dateline<".$options['search_post_space'].") ORDER BY flood");
while($index = $DB->fetch_array($query)) {
if($index['indexvalid'] && $index['dateline'] > $searchindex['dateline']) {
$searchindex = array('id' => $index['searchid'], 'dateline' => $index['dateline']);
break;
} elseif($index['flood']) {
wap_message('对不起,您在 '.$options['search_post_space'].' 秒内只能进行一次搜索.', array('title' => '重新搜索', 'link' => 'index.php?action=search'));
}
}
if($searchindex['id']) {
$searchid = $searchindex['id'];
} else {
$keywords = str_replace("_","\_",$keywords);
$keywords = str_replace("%","\%",$keywords);
if(preg_match("(AND|\+|&|\s)", $keywords) && !preg_match("(OR|\|)", $keywords)) {
$andor = ' AND ';
$sqltxtsrch = '1';
$keywords = preg_replace("/( AND |&| )/is", "+", $keywords);
} else {
$andor = ' OR ';
$sqltxtsrch = '0';
$keywords = preg_replace("/( OR |\|)/is", "+", $keywords);
}
$keywords = str_replace('*', '%', addcslashes($keywords, '%_'));
foreach(explode('+', $keywords) AS $text) {
$text = trim($text);
if($text) {
$sqltxtsrch .= $andor;
$sqltxtsrch .= "(content LIKE '%".str_replace('_', '\_', $text)."%' OR title LIKE '%".$text."%')";
}
}
//搜索文章
$tatols = $ids = 0;
$query = $DB->query("SELECT articleid FROM {$db_prefix}articles WHERE visible='1' AND ($sqltxtsrch) ORDER BY dateline desc");
while($article = $DB->fetch_array($query)) {
$ids .= ','.$article['articleid'];
$tatols++;
}
$DB->free_result($query);
$DB->query("INSERT INTO {$db_prefix}searchindex (keywords, dateline, sortby, orderby, tatols, ids, searchfrom, ipaddress) VALUES ('".char_cv($keywords)."', '$timestamp', 'dateline', 'desc', '$tatols', '$ids', 'article', '$onlineip')");
$searchid = $DB->insert_id();
}
wap_message('搜索成功完成', array('title' => '查看搜索结果', 'link' => 'index.php?action=dosearch&searchid='.$searchid));
}
echo "返回日志列表 返回主页
\n";
wap_footer();
}
// 最新评论
if ($action == 'comments') {
$articleid = intval($_GET['articleid']);
$query_sql = "SELECT c.articleid,c.author,c.commentid,c.dateline,c.content, a.title FROM {$db_prefix}comments c LEFT JOIN {$db_prefix}articles a ON (a.articleid=c.articleid) WHERE a.visible='1' AND c.visible='1'";
if ($articleid) {
$query_sql .= " AND c.articleid='$articleid'";
$article = $DB->fetch_one_array("SELECT title,comments FROM {$db_prefix}articles WHERE articleid='$articleid'");
$tatol = $article['comments'];
$pageurl = 'index.php?action=comments&articleid='.$articleid;
} else {
$tatol = $stats['comment_count'];
$pageurl = 'index.php?action=comments';
}
wap_header('最新评论');
if ($tatol) {
$pagenum = $options['wap_comment_pagenum'];
if($page) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
$query_sql .= " ORDER BY commentid DESC LIMIT $start_limit, $pagenum";
$multipage = multi($tatol, $pagenum, $page, $pageurl);
$query = $DB->query($query_sql);
if ($articleid) {
echo "\"".$article['title']." \"的评论
\n";
}
while ($comment=$DB->fetch_array($query)) {
echo "\n";
if (!$articleid) {
echo "文章:".$comment['title']." 编辑 ]
\n";
}
unset($comment);
echo "共有".$tatol."条评论
\n";
echo $multipage;
$DB->free_result($query);
} else {
echo "没有任何评论
\n";
}
echo "";
if ($articleid) {
if (!$sax_uid || !$hash) {
echo "立即登陆发表评论 发表评论 返回文章 返回日志列表 返回主页
\n";
wap_footer();
}
// 引用列表
if ($action == 'trackbacks' && $options['enable_trackback']) {
$articleid = intval($_GET['articleid']);
if ($articleid) {
$article = $DB->fetch_one_array("SELECT title,trackbacks FROM {$db_prefix}articles WHERE visible='1' AND articleid='".$articleid."'");
$tatol = $article['trackbacks'];
$pageurl = 'index.php?action=trackbacks&articleid='.$articleid;
$add_query = "AND t.articleid='$articleid'";
} else {
$tatol = $stats['trackback_count'];
$pageurl = 'index.php?action=trackbacks';
$add_query = '';
}
wap_header('最新引用');
if ($tatol) {
$pagenum = $options['wap_trackback_pagenum'];
if($page) {
$start_limit = ($page - 1) * $pagenum;
} else {
$start_limit = 0;
$page = 1;
}
$multipage = multi($tatol, $pagenum, $page, $pageurl);
$query = $DB->query("SELECT t.trackbackid,t.title,t.dateline,t.url,t.blog_name,a.title as article FROM {$db_prefix}trackbacks t LEFT JOIN {$db_prefix}articles a ON (a.articleid=t.articleid) WHERE a.visible='1' AND t.visible='1' ".$add_query." ORDER BY trackbackid DESC LIMIT ".$start_limit.", ".$pagenum);
if ($articleid) {
echo "\"".$article['title']." \"的引用
\n";
}
while ($trackback = $DB->fetch_array($query)) {
echo "\n";
echo "标题:".$trackback['title']." ".$trackback['blog_name']."
\n";
}
unset($trackback);
$DB->free_result($query);
echo "共有".$tatol."条引用
\n";
echo $multipage;
} else {
echo "没有任何引用
";
}
echo "";
if ($articleid) {
echo "返回文章 返回日志列表 返回主页
\n";
wap_footer();
}
// 博客信息
if ($action == 'statistics') {
wap_header('博客信息');
echo "\n";
echo "分类数量: ".$stats['cate_count']."
\n";
echo "返回日志列表 返回主页
\n";
wap_footer();
}
// 浏览日志
if ($action == 'show') {
$articleid = intval($_GET['id']);
// 获取文章信息
if (!$articleid) {
wap_header('系统消息');
wap_message('缺少参数', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
} else {
$article = $DB->fetch_one_array("SELECT a.articleid,a.cid,a.uid,a.title,a.content,a.keywords,a.dateline,a.views,a.comments,a.trackbacks,a.closecomment,a.readpassword,a.attachments,c.name as cname,u.username
FROM {$db_prefix}articles a
LEFT JOIN {$db_prefix}categories c ON c.cid=a.cid
LEFT JOIN {$db_prefix}users u ON a.uid=u.userid
WHERE a.visible='1' AND articleid='$articleid'");
if (!$article) {
wap_header('系统消息');
wap_message('记录不存在', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
}
$DB->unbuffered_query("UPDATE {$db_prefix}articles SET views=views+1 WHERE articleid='$articleid'");
}
wap_header($article['title']);
echo "\n";
echo "作者:".$article['username']." ".$article['cname']."
\n";
echo "本文需要输入密码才能浏览,请通过HTTP浏览器浏览.
\n";
} else {
if ($article['keywords']) {
$tags = $tmark = '';
$tagdb = explode(',', $article['keywords']);
for($i=0; $i".htmlspecialchars($tagdb[$i])."";
$tmark = ', ';
}
echo "标签:".$tags."".$attach['filename']." ";
$tmark = ', ';
}
}
}
if ($attachs) {
echo '附件:'.$attachs.'\n";
if ($article['trackbacks'] && $options['enable_trackback']) {
echo "查看引用 查看评论 立即登陆发表评论 发表评论
\n";
}
echo "返回日志列表 返回主页
\n";
wap_footer();
}
//登陆
if ($action == 'login') {
wap_header('用户登陆');
if (!$do || $do != 'login') {
echo "用户:
\n";
echo "密码:
\n";
echo "确定\n";
echo "\n";
echo " \n";
echo "
\n";
echo "返回日志列表 返回主页
\n";
} elseif ($do == 'login') {
// 登陆验证
$username = addslashes(trim($_POST['username'] ? $_POST['username'] : $_GET['username']));
$password = md5($_POST['password'] ? $_POST['password'] : $_GET['password']);
if (strlen($username) > 20) {
wap_message('登陆失败', array('title' => '重新登陆', 'link' => 'index.php?action=login'));
}
$user = $DB->fetch_one_array("SELECT userid,username,logincount,groupid,password FROM {$db_prefix}users WHERE username='$username'");
if ($user['userid'] && $user['password'] == $password) {
$DB->unbuffered_query("UPDATE {$db_prefix}users SET logincount=logincount+1, logintime='$timestamp', loginip='$onlineip' WHERE userid='".$user['userid']."'");
$hash = getuserhash($user['userid'], $user['username'], $user['password'], $user['logincount']+1);
$DB->query("DELETE FROM {$db_prefix}sessions WHERE uid='".$user['userid']."' OR lastactivity+3600<'$timestamp' OR hash='$hash'");
$DB->query("INSERT INTO {$db_prefix}sessions (hash,uid,groupid,ipaddress,agent,lastactivity) VALUES ('$hash', '".$user['userid']."', '".$user['groupid']."', '$onlineip', '".md5(addslashes($_SERVER['HTTP_USER_AGENT']))."', '$timestamp')");
if ($user['groupid'] == 1 || $user['groupid'] == 2) {
loginresult($username,'Succeed');
}
wap_message('登陆成功', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
} else {
$hash = '';
$DB->query("DELETE FROM {$db_prefix}sessions WHERE lastactivity+3600<'$timestamp'");
if ($user['groupid'] == 1 || $user['groupid'] == 2 || $sax_group == 1 || $sax_group == 2) {
loginresult($username,'Failed');
}
wap_message('登陆失败', array('title' => '重新登陆', 'link' => 'index.php?action=login'));
}
}
wap_footer();
}
// 添加评论
if ($action == 'addcomment') {
wap_header('添加评论');
$articleid = intval($articleid);
if (!$articleid) {
wap_message('缺少必要参数', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
} else {
$article = $DB->fetch_one_array("SELECT title, cid, closecomment FROM {$db_prefix}articles WHERE articleid='$articleid'");
if ($article['closecomment']) {
wap_message('本文因为某种原因此时不允许访客进行评论', array('title' => '返回日志列表', 'link' => 'index.php?action=list'));
}
}
if($do == 'addcomment') {
if ($options['banip_enable']) {
$options['ban_ip'] = str_replace(',', ',', $options['ban_ip']);
$ban_ips = explode(',', $options['ban_ip']);
if (is_array($ban_ips) && count($ban_ips)) {
foreach ($ban_ips AS $ban_ip) {
$ban_ip = str_replace( '\*', '.*', preg_quote($ban_ip, "/") );
if (preg_match("/^$ban_ip/", $onlineip)) {
wap_message('您的IP已经被系统禁止发表评论.');
}
}
}
}
//如果没有登陆
if (!$sax_uid || !$hash) {
wap_message('只有登陆后才能发表评论.', array('title' => '立即登陆', 'link' => 'index.php?action=login'));
} else {
//如果已登陆
$user = $DB->fetch_one_array("SELECT userid,username,logincount,groupid,password,url FROM {$db_prefix}users WHERE userid='$sax_uid'");
if ($user['userid'] && $user['password'] == $sax_pw && getuserhash($user['userid'],$user['username'],$user['password'],$user['logincount']) == $hash && $user['logincount'] == $logincount && $user['groupid'] == $sax_group) {
$username = addslashes($user['username']);
$url = addslashes($user['url']);
} else {
$DB->query("DELETE FROM {$db_prefix}sessions WHERE lastactivity+3600<'$timestamp' OR hash='$hash'");
wap_message('读取用户信息出错,请重新登陆.', array('title' => '重新发表', 'link' => 'index.php?action=addcomment&articleid='.$articleid));
}
}
$content = addslashes(trim($_POST['content'] ? $_POST['content'] : $_GET['content']))." \n\n<自 WAP 发表>";
// 检查限制选项
if ($options['audit_comment']) {
$spam = TRUE;
//禁止IP
} elseif ($options['banip_enable']) {
$options['ban_ip'] = str_replace(',', ',', $options['ban_ip']);
$ban_ips = explode(',', $options['ban_ip']);
if (is_array($ban_ips) && count($ban_ips)) {
foreach ($ban_ips AS $ban_ip) {
$ban_ip = str_replace( '\*', '.*', preg_quote($ban_ip, "/") );
if (preg_match("/^$ban_ip/", $onlineip)) {
$spam = TRUE;
break;
}
}
}
} elseif ($options['spam_enable']) {
//链接次数
if (substr_count($content, 'http://') >= $options['spam_url_num']) {
$spam = TRUE;
}
//禁止词语
if ($options['spam_words']) {
$options['spam_words'] = str_replace(',', ',', $options['spam_words']);
$badwords = explode(',', $options['spam_words']);
if (is_array($badwords) && count($badwords) ) {
foreach ($badwords AS $n) {
if ($n) {
if (preg_match( "/".preg_quote($n, '/' )."/i", $content)) {
$spam = TRUE;
break;
}
}
}
}
}
//内容长度
if (strlen($content) >= $options['spam_content_size']) {
$spam = TRUE;
}
} else {
$spam = FALSE;
}
$visible = $spam ? '0' : '1';
if ($options['comment_post_space'] && $timestamp - $user['lastpost'] <= $options['comment_post_space']){
wap_message('为防止灌水,发表评论时间间隔为'.$options['comment_post_space'].'秒.', array('title' => '重新发表', 'link' => 'index.php?action=addcomment&articleid='.$articleid));
}
$result = '';
$result .= checkurl($url);
$result .= checkcontent($content);
if($result){
wap_message($result, array('title' => '重新发表', 'link' => 'index.php?action=addcomment&articleid='.$articleid));
}
$username = char_cv($username);
$r = $DB->fetch_one_array("SELECT commentid FROM {$db_prefix}comments WHERE articleid='$articleid' AND author='$username' AND content='$content'");
if($r['commentid']) {
wap_message('该评论已存在', array('title' => '重新发表', 'link' => 'index.php?action=addcomment&articleid='.$articleid));
}
unset($r);
$msg = '添加评论成功, '.($spam ? '目前发表评论需要管理员审核才会显示,请耐心等待管理员审核...' : '返回即可看到您所发表的评论');
$DB->query("INSERT INTO {$db_prefix}comments (articleid, author, url, dateline, content, ipaddress, visible) VALUES ('$articleid', '$username', '$url', '$timestamp', '$content', '$onlineip', '$visible')");
$cmid = $DB->insert_id();
if ($sax_uid && $hash) {
$DB->unbuffered_query("UPDATE {$db_prefix}users SET lastpost='$timestamp' WHERE userid='$sax_uid'");
}
if (!$spam) {
// 更新当前文章评论数
$DB->unbuffered_query("UPDATE {$db_prefix}articles SET comments=comments+1 WHERE articleid='$articleid'");
$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET comment_count=comment_count+1");
require_once(SABLOG_ROOT.'include/cache.php');
newcomments_recache();
statistics_recache();
}
wap_message($msg, array('title' => '查看评论', 'link' => 'index.php?action=comments&articleid='.$articleid));
} else {
echo "文章:".$article['title']."
\n";
if ($sax_uid && $hash) {
echo "已经登陆为:".$sax_user." 注销
\n";
echo "评论内容(*):
\n";
echo "确定\n";
echo "\n";
echo " \n";
echo "
\n";
} else {
echo "只有登陆后才能发表评论
\n";
echo "立即登陆
";
}
echo "返回日志列表 返回主页
\n";
}
wap_footer();
}
// 添加文章
if ($action == 'add') {
wap_header("添加文章");
if ($sax_group == 1 || $sax_group == 2 && $hash) {
// 添加文章
if($do == 'add') {
$title = trim($_POST['title'] ? $_POST['title'] : $_GET['title']);
$content = addslashes($_POST['content'] ? $_POST['content'] : $_GET['content']);
$cid = intval($cid);
if($title == '' || strlen($title) > 120) {
wap_message('标题不能为空并且不能多于120个字节', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
if(!$cid) {
wap_message('你还没有选择分类', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
if(!$content) {
wap_message('内容不能为空', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
$title = char_cv($title);
$r = $DB->num_rows($DB->query("SELECT articleid FROM {$db_prefix}articles WHERE title='$title' and cid='$cid' and content='$content'"));
if($r) {
wap_message('数据库中已存在相同的数据', array('title' => '重新发表', 'link' => 'index.php?action=addarticle'));
}
// 插入数据部分
$DB->query("INSERT INTO {$db_prefix}articles (cid, uid, title, content, dateline) VALUES ('$cid', '$sax_uid', '$title', '$content 自 WAP 发表 ', '$timestamp')");
$articleid = $DB->insert_id();
$DB->unbuffered_query("UPDATE {$db_prefix}users SET articles=articles+1 WHERE userid='$sax_uid'");
$DB->unbuffered_query("UPDATE {$db_prefix}categories SET articles=articles+1 WHERE cid='$cid'");
$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET article_count=article_count+1");
require_once(SABLOG_ROOT.'include/cache.php');
archives_recache();
categories_recache();
statistics_recache();
getlog();
wap_message('添加文章成功', array('title' => '查看文章', 'link' => 'index.php?action=show&id='.$articleid));
} else {
echo "标题:
\n";
echo "分类:\n";
echo ""."选择分类"." \n";
$query = $DB->query("SELECT * FROM {$db_prefix}categories ORDER BY displayorder");
while ($cate = $DB->fetch_array($query)) {
echo "".$cate['name']." \n";
}
echo "
\n";
echo "内容:
\n";
echo "确定\n";
echo "\n";
echo " \n";
echo "
\n";
echo "返回日志列表 返回主页
\n";
}
} else {
wap_message('你没有权限进行此操作');
}
wap_footer();
}
// 管理评论
if ($action == 'editcomment') {
wap_header("管理评论");
if ($sax_group == 1 && $hash) {
$commentid = intval($commentid);
// 获取文章信息
if (!$commentid) {
wap_message('缺少参数');
} else {
$comment = $DB->fetch_one_array("SELECT author,articleid,content FROM {$db_prefix}comments WHERE commentid='$commentid'");
if (!$comment) {
wap_message('记录不存在');
}
}
if($act == 'edit') {
$do = in_array($do, array('hidden', 'delete')) ? $do : 'hidden';
if($do == 'hidden') {
$DB->query("UPDATE {$db_prefix}comments SET visible='0' WHERE commentid='$commentid'");
$msg = '评论已隐藏';
} else {
$DB->query("DELETE FROM {$db_prefix}comments WHERE commentid='$commentid'");
$msg = '评论已删除';
}
$DB->unbuffered_query("UPDATE {$db_prefix}articles SET comments=comments-1 WHERE articleid='".$comment['articleid']."'");
$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET comment_count=comment_count-1");
require_once(SABLOG_ROOT.'include/cache.php');
newcomments_recache();
statistics_recache();
getlog();
wap_message($msg, array('title' => '返回评论列表', 'link' => "index.php?action=comments&articleid=".$comment['articleid']));
} else {
echo "\n";
echo "作者:".$comment['author']."
\n";
echo "操作:\n";
echo "隐藏 \n";
echo "删除 \n";
echo "
\n";
echo "确定\n";
echo "\n";
echo " \n";
echo "
\n";
echo "返回日志列表 返回主页
\n";
}
} else {
wap_message('你没有权限进行此操作');
}
wap_footer();
}
?>