【php开源代码栏目提醒】:网学会员为需要php开源代码的朋友们搜集整理了post_thread.php相关资料,希望对各位网友有所帮助!
<?
/******************************************************************************\
* Copyright (C) 2002 B Squared (b^2) by Josh Sherman <josh@cleancode.org> *
* *
* This script displays the contents for the 'Post Thread' page. Don't *
* forget the 12 space indent for all content pages. *
* *
* Last modified : September 24th, 2002 (JJS) *
\******************************************************************************/
/* Disallow direct access to this file */
$file_name = "post_thread.php";
/* Get the negative length of $file_name */
$file_name_length = -(strlen($file_name));
/* Check if the values match, if so, redirect */
if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name)
header("Location: ../index.php");
/* Get the variables we need */
$user_ip = GetVars("REMOTE_ADDR");
$action = GetVars("action");
$email = GetVars("email");
$include_sig = GetVars("include_sig");
$step = GetVars("step");
/* Parse any user input */
CheckVars(&$step, 1);
CheckVars(&$user_ip, 15);
/* Determine which step to use */
if ($action == "Edit Thread")
$step = 1;
else if ($action == "Post Thread")
$step = 3;
/* Strip out all escape characters */
if ($step == 1)
{
$title = stripslashes(htmlspecialchars($title));
$message = str_replace("<BR>", "", $message);
$message = stripslashes(htmlspecialchars($message));
}
/* Along with replacing the </ br>'s */
if ($step == 2)
{
$title = stripslashes(htmlspecialchars($title));
$message = stripslashes(htmlspecialchars($message));
$message = nl2br($message);
$message = str_replace("<br />", "<BR>", $message);
}
/* And also adding <BR>'s */
if ($step == 3)
{
$title = htmlspecialchars($title);
$message = htmlspecialchars($message);
$message = str_replace("<BR>", "<BR>", $message);
}
/* Pull the forum list */
$SQL = "SELECT * FROM " . TABLE_PREFIX . "forums;";
$results = ExeSQL($SQL);
/* Grab the data, and load it in an array */
while ($row = mysql_fetch_array($results))
$forum_list[] = $row["forum_id"];
/* Check to see if the forum the user is requesting is real */
if (!(in_array($forum_id, $forum_list)))
{
/* If not, let them know */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
require ("./content/view_forums.php");
return;
}
/* Check that the user isn't trying to mess with the $step variable */
if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 ) )
$step = 1;
/* Make sure the user isn't feeding information via the query string, thwart all attempts!! */
if ( ( ( $title == "" || $message == "" ) && ( $step == 3 ) ) || strlen($QUERY_STRING) >= 50 ||
( ( $step == 2 && $QUERY_STRING != "pid=post_thread&step=2" ) ||
( $step == 3 && $QUERY_STRING != "pid=post_thread" ) ) ||
( $step != 1 && ( strlen(trim($title)) == 0 || strlen(trim($message)) == 0 ) ) )
{
/* If so, bitch at them */
echo " <CENTER class=\"error_message\">Malformed request detected!</CENTER><BR>\n";
$step = 1;
}
/*发表文章分成以下几个步骤 */
switch ($step)
{
/* 第1步,显示发表文章的表单 */
default:
case 1:
ShowPostThreadForm( $username, $password, $email, $title, $message, $include_sig, $user_id, $forum_id );
break;
/* 显示发表文章的预览信息 */
case 2:
/* Display the top part */
echo " <FORM action=\"?pid=post_thread\" method=\"POST\" name=\"post_thread\">\n"
. " <TABLE cellpadding=\"5\" cellspacing=\"0\" width=\"100%\" border class=\"table_border\">\n"
. " <TR class=\"table_header\">\n"
. " <TD colspan=\"2\">New Thread Preview</TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_1 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\"><B>Title:</B></TD>\n"
. " <TD width=\"50%\">\n"
. " $title\n"
. " <INPUT type=\"hidden\" name=\"title\" value=\"$title\">\n"
. " </TD>\n"
. " </TR>\n"
. " <TR bgcolor=\"" . TABLE_COLOR_2 . "\" class=\"regular_text\">\n"
. " <TD width=\"25%\" valign=\"top\"><B>Message:</B></TD>\n"
. " <TD width=\"50%\">\n";
/* 添加用户的签名 */
$SQL = "SELECT user_signature FROM " . TABLE_PREFIX . "users WHERE user_id='$user_id';";
$results = ExeSQL($SQL);
/* 获取签名 */
while ($row =
mysql_fetch_array($results))
$signature = $row["user_signature"];
/* 如果有,则添加*/
if ($signature != "" && $include_sig == "yes")
$display_message = $message . "<BR><BR>" . $signature;
else
$display_message = $message;
/* 显示提交按钮,包括Edit Thread和Post Thread */
echo " $display_message\n"
. " <INPUT type=\"hidden\" name=\"message\" value=\"$message\">\n"
. " </TD>\n"
. " </TR>\n"
. " </TABLE>\n"
. " <INPUT type=\"hidden\" name=\"include_sig\" value=\"$include_sig\">\n"
. " <INPUT type=\"hidden\" name=\"forum_id\" value=\"$forum_id\">\n"
. " <INPUT type=\"hidden\" name=