gusucode.com > weenCompany闻名企业网站系统 4.0.0 繁体中英文 UTF8源码程序 > modules/m4_guestbook/guestbook.php
<?php // +---------------------------------------------+ // | Copyright 2007 - 2008 weenCompany | // | http://www.weentech.com | // | This file may not be redistributed. | // +---------------------------------------------+ if(!defined('IN_WEENCOMPANY')) die('File not found!'); // ############################## INSERT MESSAGE ############################### function m4_InsertMessage($language) { global $DB, $sdlanguage; // get message lenth setting $getmessagelength = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 4 AND title = '內容字符長度'"); $messagelength = $getmessagelength['value']; if(!strlen($_POST['m4_username'])) { $errors[] = $language['no_username']; } if(!strlen($_POST['m4_message'])) { $errors[] = $language['no_message']; } if(strlen($_POST['m4_message']) > $messagelength) { $errors[] = $language['message_too_long'] . ' ' . $messagelength . ' ' . $language['characters']; } if(strlen($_POST['m4_website'])) { // get rid of any trailing slash (doesn't work with ereg pattern) if(substr($_POST['m4_website'], -1) == '/') { $_POST['m4_website'] = substr($_POST['m4_website'], 0, -1); } // add http if (needed with the ereg pattern) if(substr($_POST['m4_website'], 0, 3) == 'www') { $_POST['m4_website'] = 'http://' . $_POST['m4_website']; } if(!ereg("^(http|https|ftp)\://((([a-zA-Z0-9\-]+\.){1,}[a-zA-Z]{2,4})|(localhost))(:[0-9]+){0,1}(/[a-zA-Z0-9\-\_\,\./\+&%\$#\=~]+)*$", $_POST['m4_website'])) { $errors[] = $language['url_invalid']; // doesn't accept links without http, needs to be fixed so it does } if(strlen($_POST['m4_websitename']) == 0) { $errors[] = $language['no_site_name'] . '<br />'; } } // Check Visual Verify Code if set $vvc = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 4 AND title = '驗證碼'"); if($vvc[0] == 1) { $vvcid = $_POST['m4_vvcid']; $code = $_POST['m4_verifycode']; if(!ValidVisualVerifyCode($vvcid, $code)) { $errors[] = $sdlanguage['incorrect_vvc_code']; } } if(!isset($errors)) { // check for repeat posting $lastentry = $DB->query_first("SELECT username, message FROM " . TABLE_PREFIX . "m4_guestbook ORDER BY messageid DESC LIMIT 1"); if($lastentry['username'] == $_POST['m4_username'] AND $lastentry['message'] == $_POST['m4_message']) { echo $language['repeat_comment'] . '<br />'; } else { $getoncheck = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 4 AND title = '審核發佈'"); $checkedon = $getoncheck['value']; $DB->query("INSERT INTO " . TABLE_PREFIX . "m4_guestbook (noactivated, username, websitename, website, message, datecreated) VALUES ('".$checkedon."', '".$_POST['m4_username']."', '".$_POST['m4_websitename']."', '".$_POST['m4_website']."', '".$_POST['m4_message']."', " . time() . ")"); } m4_DisplayMessages(0, $language); } else { foreach($errors as $key => $value) { echo $value . '<br /><br />'; } m4_SubmitMessage($language); } } // ############################## SUBMIT MESSAGE ############################### function m4_SubmitMessage($language) { global $DB, $categoryid, $userinfo, $inputsize, $sdlanguage; $vvc = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 4 AND title = '驗證碼'"); echo '<form method="post" action="' . RewriteLink('index.php?categoryid=' . $categoryid . '&m4_action=insertmessage') . '"> <table width="100%" border="0" cellspacing="0" cellpadding="0">'; if($userinfo['loggedin']) { echo '<input type="hidden" name="m4_username" value="' . $userinfo['username'] . '" />'; } else { echo '<tr> <td valign="top" width="100">' . $language['name'] . '</td> <td style="padding-left: 10px; padding-bottom: 10px;"><input type="text" size="' . $inputsize . '" name="m4_username" value="' . $_POST['m4_username'] . '" /> <font color=red>*</font></td> </tr>'; } echo '<tr> <td valign="top" width="100">' . $language['website_name'] . '</td> <td style="padding-left: 10px; padding-bottom: 10px;"><input type="text" size="' . $inputsize . '" name="m4_websitename" value="' . $_POST['m4_websitename'] . '" /></td> </tr> <tr> <td valign="top" width="100">' . $language['website_url'] . '</td> <td style="padding-left: 10px; padding-bottom: 10px;"><input type="text" size="' . $inputsize . '" name="m4_website" value="' . $_POST['m4_website'] . '" /></td> </tr> <tr> <td valign="top" width="100">' . $language['message'] . '</td> <td style="padding-left: 10px; padding-bottom: 10px;"><textarea name="m4_message" rows="5" cols="' . $inputsize . '">' . $_POST['m4_message'] . '</textarea> <font color=red>*</font></td> </tr>'; if($vvc[0]) { $vvcid = CreateVisualVerifyCode(); echo '<tr> <td valign="top" width="100"></td> <td style="padding-left: 10px; padding-bottom: 10px;"><input type="hidden" name="m4_vvcid" value="' . $vvcid . '"/> <img src="includes/vvc.php?vvcid=' . $vvcid . '"/></td> </tr> <tr> <td style="padding-left: 10px; padding-bottom: 10px;" colspan="2">' . $sdlanguage['enter_verify_code'] . '</td> </tr> <tr> <td valign="top" width="100"></td> <td style="padding-left: 10px; padding-bottom: 10px;"><input type="text" size="'.$inputsize.'" name="m4_verifycode"/> <font color=red>*</font></td> </tr>'; } echo '<tr> <td></td> <td style="padding-left: 10px; padding-bottom: 10px;"><input type="submit" name="m4_Submit" value="' . strip_tags($language['submit_message']) . '" /> <input type="reset" value="' . strip_tags($language['reset']) . '"></td> </tr> </table> </form>'; } // ############################# DISPLAY GUESTBOOK ############################# function m4_DisplayMessages($start, $language) { global $DB, $categoryid, $userinfo, $inputsize, $sdlanguage; // load guestbook settings $getsettings = $DB->query("SELECT title, value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid = 4"); for($i = 0; $setting = $DB->fetch_array($getsettings); $i++) { $settings[$setting['title']] = $setting['value']; } $messagelimit = $settings['顯示條目數']; // number of messages to display per page $wordwrap = $settings['換行字符數']; if(in_array(4, $userinfo['modulesubmitids'])) { echo '<center><a href="' . RewriteLink('index.php?categoryid=' . $categoryid . '&m4_action=submitmessage') . '">' . $language['sign_guestbook'] . '</a></center> <br /><br />'; } else { echo '<center>' . $sdlanguage['no_post_access'] . '</center> <br /><br />'; } $getmessages = $DB->query("SELECT * FROM " . TABLE_PREFIX . "m4_guestbook ORDER BY messageid DESC LIMIT $start, " . ($messagelimit +1) . ""); $rows = $DB->get_num_rows($getmessages); for($i = 0; $i < $rows AND $i < $messagelimit; $i++) { $message = $DB->fetch_array($getmessages); $username = $message['username']; $websitename = $message['websitename']; if($message['noactivated']){ $comment = $language['message_checking']; }else{ $comment = nl2br($message['message']); } if($wordwrap) { $username = cws_wordwrap($username, $wordwrap, "<br />", 1); $websitename = cws_wordwrap($websitename, $wordwrap, "<br />", 1); $comment = cws_wordwrap($comment, $wordwrap, "<br />", 1); } if($settings['允許表情符號']) { $comment = AddSmilies($comment); } echo '<table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="70" valign="top" style="padding-right: 10px; padding-bottom: 10px;">' . $language['name'] . '</td> <td valign="top">'.$username.'</td> </tr>'; if($settings['顯示發表日期']) { echo '<tr> <td width="70" valign="top" style="padding-right: 10px; padding-bottom: 10px;">' . $language['date'] . '</td> <td valign="top">'.DisplayDate($message['datecreated']).'</td> </tr>'; } if(strlen($message['website']) > 0) { echo '<tr> <td width="70" valign="top" style="padding-right: 10px; padding-bottom: 10px;">' . $language['website'] . '</td> <td valign="top"><a href="'.$message['website'].'" target="_blank">'.$websitename.'</a></td> </tr>'; } echo '<tr> <td width="70" valign="top" style="padding-right: 10px;">' . $language['message'] . '</td> <td valign="top">'.$comment.'</td> </tr> </table>'; if( (($i + 1) < $rows) AND (($i + 1) < $messagelimit) ) { echo '<br /><hr /><br />'; } } // end for loop // previous and next section if($start > 0 OR $rows > $messagelimit) { echo '<br /><hr /><br /> <table width="100%" cellpadding="0" cellspacing="0" border="0"> <tr>'; if($start > 0) { echo '<td><a href="' . RewriteLink('index.php?categoryid=' . $categoryid . '&m4_start=' . ($start - $messagelimit)) . '">' . $language['previous'] . '</a></td>'; } if($rows > $messagelimit) { $start += $messagelimit; echo '<td align="right"><a href="' . RewriteLink('index.php?categoryid=' . $categoryid . '&m4_start=' . $start) . '">' . $language['next'] . '</a></td>'; } echo '</tr></table>'; } } // ############################ VALIDATE VARIABLES ############################# $m4_action = isset($_GET['m4_action']) ? $_GET['m4_action'] : (isset($_POST['m4_action']) ? $_POST['m4_action'] : ''); $m4_start = (isset($_GET['m4_start']) AND ereg("^[0-9]+$", $_GET['m4_start'])) ? $_GET['m4_start'] : ((isset($_POST['m4_start']) AND ereg("^[0-9]+$", $_POST['m4_start'])) ? $_POST['m4_start'] : 0); // ########################### LOAD MODULE LANGUAGE ############################ $m4_language = GetLanguage(4); // ############################## SELECT FUNCTION ############################## if($m4_action == 'insertmessage' AND in_array(4, $userinfo['modulesubmitids'])) { m4_InsertMessage($m4_language); } else if($m4_action == 'submitmessage' AND in_array(4, $userinfo['modulesubmitids'])) { m4_SubmitMessage($m4_language); } else { m4_DisplayMessages($m4_start, $m4_language); } unset($m4_action, $m4_start, $m4_language); ?>