修改错误phpincludeconfigphp; 连接数据库$forbidden_words = array你好 我的 哦哦; 设置违禁词数组if isset$_POSTsubmit 检查是否有 POST 请求 获取表单数据并转义特殊字符 $wenzhang_name = mysqli_real_escape_string$con $_POSTwenzhang_name;
<?php
include('config.php'); // 连接数据库
$forbidden_words = array("你好", "我的", "哦哦"); // 设置违禁词数组
if (isset($_POST['submit'])) { // 检查是否有 POST 请求
// 获取表单数据并转义特殊字符
$wenzhang_name = mysqli_real_escape_string($con, $_POST["wenzhang_name"]);
$wenzhang_neirong = mysqli_real_escape_string($con, $_POST["wenzhang_neirong"]);
$wenzhang_miaoshu = mysqli_real_escape_string($con, $_POST["wenzhang_miaoshu"]);
// 检查违禁词
foreach ($forbidden_words as $word) {
if (strpos($wenzhang_name, $word) !== false || strpos($wenzhang_neirong, $word) !== false || strpos($wenzhang_miaoshu, $word) !== false) {
echo "含有违禁词,请检测后发布。";
exit;
}
}
if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_password'])) {
$user_id = $_COOKIE['user_id'];
$password = $_COOKIE['user_password'];
// 查询数据库中是否存在该用户
$sql = "SELECT * FROM user WHERE user_id = '".$user_id."' AND user_password = '".$password."'";
$result = mysqli_query($con, $sql);
$user_info = mysqli_fetch_assoc($result);
$user_login_id = $user_info['user_login_id'];
if(mysqli_num_rows($result) > 0) {
// 获取注册 IP 地址
$reg_ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'];
// 使用 IP 地址解析 API 获取注册地理位置信息
$reg_addr = "未知地点";
$url = "http://ip-api.com/json/" . $reg_ip;
$data = json_decode(file_get_contents($url), true);
if($data && $data['status'] == 'success') {
$reg_addr = $data['query'];
}
//获取表单数据
$wenzhang_view = 0;
$wenzhang_dianzan = 0;
$wenzhang_time = date("Y-m-d H:i:s"); //设置文章发布时间
$wenzhang_new = $wenzhang_time; //设置文章更新时间为发布时间
$wenzhang_ip = $reg_addr; //获取文章发布地点
$wenzhang_shenhe = "待审核"; //设置文章审查状态为待审核
//查询当前最大ID
$result = mysqli_query($con, "SELECT MAX(wenzhang_id) FROM wenzhang");
$row = mysqli_fetch_array($result);
$max_id = $row[0];
//设置插入数据的ID
if ($max_id == null) {
$wenzhang_id = 1;
} else {
$wenzhang_id = $max_id + 1;
}
//插入数据到数据库
if (!empty($wenzhang_neirong)) {
$sql = "INSERT INTO wenzhang (wenzhang_id, user_login_id, wenzhang_name, wenzhang_neirong, wenzhang_miaoshu, wenzhang_time, wenzhang_new, wenzhang_view, wenzhang_dianzan, wenzhang_ip, wenzhang_shenhe)
VALUES ('$wenzhang_id', '$user_login_id', '$wenzhang_name', '$wenzhang_neirong', '$wenzhang_miaoshu', '$wenzhang_time', '$wenzhang_new', '$wenzhang_view', '$wenzhang_dianzan', '$wenzhang_ip', '$wenzhang_shenhe')";
if (mysqli_query($con, $sql)) {
// 要跳转到的页面URL
$redirectUrl = "https://mcslm.com";
// 使用header()函数将浏览器重定向到指定URL
header("Location: $redirectUrl");
exit;
} else {
echo "发布失败,请重试。";
}
} else {
}
mysqli_close($con);
} else {
// 验证失败,提示用户重新输入
echo "请联系admin@zunjian.top来解决问题</a>";
}
} else {
// 验证失败,提示用户重新输入
echo "请先登录,<a href='https://mcslm.com/login.php'>去登录</a>";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>发布文章</title>
<script src="https://cdn.ckeditor.com/4.16.2/standard/ckeditor.js"></script>
</head>
<body>
<h1>发布文章</h1>
<form method="post" action="">
<label for="wenzhang_name">文章标题:</label>
<input type="text" id="wenzhang_name" name="wenzhang_name" required><br><br>
<label for="wenzhang_neirong">文章内容:</label>
<textarea id="wenzhang_neirong" name="wenzhang_neirong"></textarea><br><br>
<label for="wenzhang_miaoshu">文章描述:</label>
<input type="text" id="wenzhang_miaoshu" name="wenzhang_miaoshu" required><br><br>
<input type="submit" name="submit" value="发布">
</form>
<script>
CKEDITOR.replace('wenzhang_neirong');
</script>
</body>
</html
原文地址: https://www.cveoy.top/t/topic/hUuv 著作权归作者所有。请勿转载和采集!