看到论坛上这么多的朋友想要留言本功能。
我就把我做留言本的方法共享出来。请仔细阅读以下内容。
我只说缺点:
1.以后升级新版本可能会不方便。
2.由于这几天才开始仔细研究SB,所以安全上可能不会很高并且代码肯定清理得不够干净,希望高手指点修正。
3.实际上是一篇文章,并没有与文章分开。
4.改的地方有点多,已经记不清楚了,不要盲目的复制,请看清楚再弄,修改前记得备份。
下面开始修改。
第一步:
在后台发表一篇文章,标题为“留言本”,内容随便。发表时让日志隐藏,这样前台就不会显示。
第二步:
模板修改&创建
把如下代码存为模板文件,名为guestbook.php
复制内容到剪贴板
代码:
<!--<?php
if(!defined('SABLOG_ROOT')) {
exit('Access Denied');
}
print <<<EOT
-->
<script type="text/javascript">
window.onload=function(){
fiximage('$options[attachments_thumbs_size]');
}
</script>
<script type="text/javascript" src="include/ajax.js"></script>
<h2 class="title">留言本</h2>
<!--
EOT;
if (!$article['allowread']) {print <<<EOT
-->
<div class="needpwd"><form action="./?action=guestbook" method="post">留言本被加密了。请输入密码后查看、签写留言。
<input class="formfield" type="password" name="readpassword" style="margin-right:5px;" /> <button class="formbutton" type="submit">提交</button></form></div>
<!--
EOT;
} else {print <<<EOT
-->
<div class="content">$article[content]</div>
<!--
EOT;
if ($article['comments']) {print <<<EOT
-->
<h2 class="title"><span style="FLOAT:right;padding-bottom: 2px;font-size: 12px;">共有$article[comments]条</span>访客留言</h2>
<!--
EOT;
foreach($commentdb as $key => $comment){print <<<EOT
--><a name="cm$comment[commentid]"></a><p class="lesscontent" id="comm_$comment[commentid]">$comment[content]</p>
<p class="lessdate">Post by $comment[author] on $comment[dateline] <img style="cursor: hand" onclick="addquote('comm_$comment[commentid]','$comment[quoteuser]')" src="templates/$options[templatename]/img/quote.gif" border="0" alt="引用此留言" /> <font color="#000000">#<strong>$comment[cmtorderid]</strong></font></p>
<!--
EOT;
}print <<<EOT
-->
$multipage
<!--
EOT;
}
if (!$article['closecomment']) {
print <<<EOT
-->
<a name="addcomment"></a>
<h2 class="title">发表留言</h2>
<form method="post" name="form" id="form" action="post.php" onsubmit="return checkform();">
<input type="hidden" name="articleid" value="$article[articleid]" />
<input type="hidden" name="formhash" value="$formhash" />
<div class="formbox">
<!--
EOT;
if ($sax_uid) {
print <<<EOT
--> <p>已经登陆为 <b>$sax_user</b> [<a href="post.php?action=logout">注销</a>]</p>
<!--
EOT;
} else {print <<<EOT
-->
<p>
<label for="username">
名字 (必填):
<input name="username" id="username" type="text" value="$_COOKIE[comment_username]" tabindex="1" class="formfield" style="width: 210px;" /></label>
</p>
<p>
<label for="password">
密码 (游客不需要密码):
<input name="password" id="password" type="password" value="" tabindex="2" class="formfield" style="width: 210px;" /></label>
</p>
<p>
<label for="url">
网址或电子邮件 (选填):
<input type="text" name="url" id="url" value="$_COOKIE[comment_url]" tabindex="3" class="formfield" style="width: 210px;" /></label>
</p>
<!--
EOT;
}print <<<EOT
-->
<p>留言内容 (必填):
<textarea name="content" id="content" cols="54" rows="8" tabindex="4" onkeydown="ctlent(event);" class="formfield">$_COOKIE[cmcontent]</textarea>
</p>
<!--
EOT;
if ($options['seccode'] && $sax_group != 1 && $sax_group !=2) {print <<<EOT
-->
<p>
<label for="clientcode">
验证码(*):
<input name="clientcode" id="clientcode" value="" tabindex="5" class="formfield" size="6" maxlength="6" /> <img id="seccode" class="codeimg" src="include/seccode.php" alt="单击图片换张图片" border="0" onclick="this.src='include/seccode.php?update=' + Math.random()" /></label>
</p>
<!--
EOT;
}print <<<EOT
-->
<p><input type="hidden" name="action" value="addguestbook" />
<button type="submit" id="submit" name="submit" class="formbutton">提交</button></p>
</div>
</form>
<!--
EOT;
} else {print <<<EOT
--><p align="center"><strong>本文因为某种原因此时不允许访客留言</strong></p>
<!--
EOT;
}}
?>保存完毕后,打开模板文件index.php
把
复制内容到剪贴板
代码:
} elseif (in_array($action, array('archives', 'tagslist', 'comments', 'trackbacks', 'search', 'links'))) {改为
复制内容到剪贴板
代码:
} elseif (in_array($action, array('archives', 'tagslist', 'comments', 'trackbacks', 'search', 'links', 'guestbook'))) {在顶部链接的代码那加入
复制内容到剪贴板
代码:
<li{$current_page_item[guestbook]}><a href="./?action=guestbook">留言本</a></li>3.修改程序文件
打开根目录程序文件index.php
在
复制内容到剪贴板
代码:
require_once PrintEot('index');
footer();
?>之前加上
复制内容到剪贴板
代码:
// 显示留言本
elseif ($_GET['action'] == 'guestbook') {
session_start();
$articleid = intval(5);//这里的5为你刚才添加的留言的文章的ID号!!!
// 获取文章信息
$article = $DB->fetch_one_array("SELECT a.*,c.name as cname,u.username
FROM {$db_prefix}articles a
LEFT JOIN {$db_prefix}categories c ON c.cid=a.cid
LEFT JOIN {$db_prefix}users u ON a.uid=u.userid
WHERE articleid='$articleid'");
if ($_POST['readpassword'] && ($article['readpassword'] == addslashes($_POST['readpassword']))) {
$_SESSION['readpassword_'.$articleid] = addslashes($_POST['readpassword']);
}
//设置文章的分类名、作者、TAG、标题成为meta\title信息
$options['meta_keywords'] = $article['cname'].','.$article['username'].','.($article['keywords'] ? $article['keywords'].',' : '').$article['title'].','.$options['meta_keywords'];
$options['meta_description'] = $article['cname'].','.$article['username'].','.($article['keywords'] ? $article['keywords'].',' : '').$article['title'].','.$options['meta_description'];
$options['title_keywords'] = ' - '.$article['cname'].','.($article['keywords'] ? $article['keywords'].',' : '').$article['username'].','.$options['title_keywords'];
//隐藏变量,默认模板用不着,方便那些做模板可以单独显示月份和号数的的朋友.
$article['month'] = sadate('M', $article['dateline']);
$article['day'] = sadate('d', $article['dateline']);
$article['dateline'] = sadate($options['normaltime'], $article['dateline']);
if ($article['readpassword'] && ($_SESSION['readpassword_'.$articleid] != $article['readpassword']) && $sax_group != 1 && $sax_group != 2) {
$article['allowread'] = false;
} else {
$article['allowread'] = true;
$DB->unbuffered_query("UPDATE {$db_prefix}articles SET views=views+1 WHERE articleid='$articleid'");
// 跳转
$goto = $_GET['goto'];
$article_comment_num = intval($options['article_comment_num']);
if ($goto == 'newcm') {
//跳转到评论
$cmid = intval($_GET['cmid']);
if ($options['comment_order']) {
$cmnum = '#cm'.$cmid;
if ($article_comment_num) {
$cpost = $DB->fetch_one_array("SELECT COUNT(*) as comments FROM {$db_prefix}comments WHERE articleid='$articleid' AND commentid<='$cmid'");
if (($cpost['comments'] / $article_comment_num) <= 1 ) {
$page = 1;
} else {
$page = @ceil(($cpost['comments']) / $article_comment_num);
}
} else {
$page = 1;
}
if ($options['showmsg']) {
message('正在读取.请稍侯.', getarticleurl($articleid, $page).$cmnum);
} else {
@header('Location: '.getarticleurl($articleid, $page).$cmnum);
}
} else {
if ($options['showmsg']) {
message('正在读取.请稍侯.', getarticleurl($articleid).'#comment');
} else {
@header('Location: '.getarticleurl($articleid).'#comment');
}
}
}
//处理PHP高亮
$article['content'] = preg_replace("/\s*\[php\](.+?)\[\/php\]\s*/ies", "phphighlite('\\1')", $article['content']);
// 留言内容
if ($article['comments']) {
$commentsql = '';
if($article_comment_num) {
if($page) {
$cmtorderid = ($page - 1) * $article_comment_num;
$start_limit = ($page - 1) * $article_comment_num;
} else {
//$cmtorderid = 0; //评论内容后面的数字,原程序为升序,这里修改为降序。
$cmtorderid = $article[comments]+1;
$start_limit = 0;
$page = 1;
}
$multipage = multi($article['comments'], $article_comment_num, $page, "./?action=guestbook");
$commentsql = " LIMIT $start_limit, $article_comment_num";
}
$cmtorder = $options['comment_order'] ? 'DESC' : 'DESC';//[color=Red]这个就没有怎么修改了,方便以后查看。[/color] $query = $DB->query("SELECT commentid,author,url,dateline,content FROM {$db_prefix}comments WHERE articleid='$articleid' ORDER BY commentid $cmtorder $commentsql");
$commentdb=array();
while ($comment=$DB->fetch_array($query)) {
$cmtorderid--;//评论内容后面的数字,原程序为升序,这里修改为降序。
$comment['cmtorderid'] = $cmtorderid;
$comment['quoteuser'] = $comment['author'];
if ($comment['url']) {
if (isemail($comment['url'])) {
//分解邮件地址并采用javascript输出
$frontlen = strrpos($comment['url'], '@');
$front = substr($comment['url'], 0, $frontlen);
$emaillen = strlen($comment['url']);
$back = substr($comment['url'], $frontlen+1, $emaillen);
$comment['author'] = "<a href=\"javascript:navigate('mai' + 'lto:' + '".$front."' + '@' + '".$back."')\" target=\"_blank\">".$comment['author']."</a>";
} else {
$comment['author'] = '<a href="'.$comment['url'].'" target="_blank">'.$comment['author'].'</a>';
}
}
$comment['content'] = html_clean($comment['content']);
$comment['dateline'] = "<a href='###'>".sadate($options['comment_timeformat'], $comment['dateline'])."</a>";
$commentdb[]=$comment;
}
unset($comment);
$DB->free_result($query);
}
}
$options['title'] = $article['title'];
$pagefile = 'guestbook';
}打开根目录程序文件post.php
在
复制内容到剪贴板
代码:
//搜索
if ($_POST['action'] == 'search') {前增加下面的代码
复制内容到剪贴板
代码:
//添加留言
if($_POST['action'] == 'addguestbook') {
$cookietime = $timestamp+2592000;
$articleid = intval(5);//这里的5为你刚才添加的留言的文章的ID号!!!
$username = trim($_POST['username']);
$password = $_POST['password'];
$url = trim($_POST['url']);
$content = addslashes(trim($_POST['content']));
//把评论内容保存到cookie里以免丢失
setcookie('cmcontent', $content, $cookietime);
if (!$articleid) {
message('缺少必要参数', './?action=guestbook');
}
//禁止IP
if ($options['banip_enable'] && $options['ban_ip']) {
$options['ban_ip'] = str_replace(',', ',', $options['ban_ip']);
$ban_ips = explode(',', $options['ban_ip']);
if (is_array($ban_ips) && count($ban_ips)) {
foreach ($ban_ips AS $ban_ip) {
$ban_ip = str_replace( '\*', '.*', preg_quote($ban_ip, "/") );
if (preg_match("/^$ban_ip/", $onlineip)) {
message('您的IP已经被系统禁止发表留言.', './?action=guestbook');
}
}
}
}
if ($options['seccode'] && $sax_group != 1 && $sax_group !=2) {
$clientcode = $_POST['clientcode'];
session_start();
if (!$clientcode || strtolower($clientcode) != strtolower($_SESSION['code'])) {
unset($_SESSION['code']);
message('验证码错误,请返回重新输入.', './?action=guestbook');
}
}
//如果没有登陆
if (!$sax_uid) {
if(!$username || strlen($username) > 30) {
message('用户名为空或用户名太长.', './?action=guestbook');
}
$name_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#','$','(',')','%','@','+','?',';','^');
foreach($name_key as $value){
if (strpos($username,$value) !== false){
message('此用户名包含不可接受字符或被管理员屏蔽,请选择其它用户名.', './?action=guestbook');
}
}
$username = char_cv($username);
//用户名和密码都非空
if ($username && $password) {
$user = $DB->fetch_one_array("SELECT userid,username,password,logincount,url FROM {$db_prefix}users WHERE username='$username'");
$password = md5($_POST['password']);
if($user['userid'] && $user['password'] == $password) {
$DB->unbuffered_query("UPDATE {$db_prefix}users SET logincount=logincount+1, logintime='$timestamp', loginip='$onlineip' WHERE userid='".$user['userid']."'");
$logincount = $user['logincount']+1;
setcookie('sax_auth', authcode("$user[userid]\t$password\t$logincount"), $cookietime);
//自动读取作者资料
$sax_uid = $user['userid'];
$username = addslashes($user['username']);
$url = addslashes($user['url']);
} else {
message('验证失败,请登陆后再发表或重新输入正确的用户名和密码.','./?action=guestbook');
}
//如果只有用户名没有密码
} elseif ($username && !$password) {
if ($options['censoruser']) {
$options['censoruser'] = str_replace(',', ',', $options['censoruser']);
$banname=explode(',',$options['censoruser']);
foreach($banname as $value){
if (strpos($username,$value) !== false && !$DB->fetch_one_array("SELECT userid FROM {$db_prefix}users WHERE username='$username'")){
message('此用户名包含不可接受字符或被管理员屏蔽.您不能使用这个用户名发表留言.', './?action=guestbook');
}
}
}
$r = $DB->fetch_one_array("SELECT userid FROM {$db_prefix}users WHERE username='$username'");
if($r['userid']) {
message('该用户名已存在,如果是您注册的,请先登陆.', './?action=guestbook');
}
unset($r);
//把用户名和URL信息保存到cookie
setcookie('comment_username',$username,$cookietime);
setcookie('comment_url',$url,$cookietime);
$url = char_cv($url);
}
} else {
//如果已登陆
$user = $DB->fetch_one_array("SELECT userid,username,logincount,groupid,password,url FROM {$db_prefix}users WHERE userid='$sax_uid'");
if ($user['userid'] && $user['password'] == $sax_pw && $user['logincount'] == $logincount && $user['groupid'] == $sax_group) {
$username = addslashes($user['username']);
$url = addslashes($user['url']);
} else {
message('读取用户信息出错,请重新登陆.', $loginurl);
}
}
// 检查限制选项
if ($options['audit_comment']) {
$spam = TRUE;
} elseif ($options['spam_enable']) {
//链接次数
if (substr_count($content, 'http://') >= $options['spam_url_num']) {
$spam = TRUE;
}
//禁止词语
if ($options['spam_words']) {
$options['spam_words'] = str_replace(',', ',', $options['spam_words']);
$badwords = explode(',', $options['spam_words']);
if (is_array($badwords) && count($badwords) ) {
foreach ($badwords AS $n) {
if ($n) {
if (preg_match( "/".preg_quote($n, '/' )."/i", $content)) {
$spam = TRUE;
break;
}
}
}
}
}
//内容长度
if (strlen($content) >= $options['spam_content_size']) {
$spam = TRUE;
}
} else {
$spam = FALSE;
}
$visible = $spam ? '0' : '1';
if ($sax_group != 1 && $sax_group != 2) {
$lastposttime = $user['lastpost'] ? $user['lastpost'] : $_COOKIE['comment_post_time'];
if ($options['comment_post_space'] && $timestamp - $lastposttime <= $options['comment_post_space'] && $sax_group != 1){
message('为防止灌水,发表留言时间间隔为'.$options['comment_post_space'].'秒.', './?action=guestbook');
}
}
$article = $DB->fetch_one_array("SELECT closecomment FROM {$db_prefix}articles WHERE articleid='$articleid'");
$result = '';
$result .= checkurl($url);
$result .= checkcontent($content);
if($result){
message($result, getarticleurl($articleid).'#addcomment');
}
$r = $DB->fetch_one_array("SELECT commentid FROM {$db_prefix}comments WHERE articleid='$articleid' AND author='$username' AND content='$content'");
// if($r['commentid']) {
// message('该评论已存在.', getarticleurl($articleid));
// }
unset($r);
$DB->query("INSERT INTO {$db_prefix}comments (articleid, author, url, dateline, content, ipaddress, visible) VALUES ('$articleid', '$username', '$url', '$timestamp', '$content', '$onlineip', '$visible')");
$cmid = $DB->insert_id();
if ($sax_uid) {
$DB->unbuffered_query("UPDATE {$db_prefix}users SET lastpost='$timestamp' WHERE userid='$sax_uid'");
// 更新用户最后发表时间
}
if (!$spam) {
// 如果不是垃圾则更新当前文章评论数
$DB->unbuffered_query("UPDATE {$db_prefix}articles SET comments=comments+1 WHERE articleid='$articleid'");
$DB->unbuffered_query("UPDATE {$db_prefix}statistics SET comment_count=comment_count+1");
require_once(SABLOG_ROOT.'include/cache.php');
newcomments_recache();
statistics_recache();
}
setcookie('comment_post_time',$timestamp);
// 跳转到最新发表的评论
$cmnum = '#cm'.$cmid;
$article_comment_num = intval($options['article_comment_num']);
if ($article_comment_num) {
$cpost = $DB->fetch_one_array("SELECT COUNT(*) as comment FROM {$db_prefix}comments WHERE articleid='$articleid' AND visible='1' AND commentid<='$cmid'");
if (($cpost['comment'] / $article_comment_num) <= 1 ) {
$page = 1;
} else {
$page = @ceil(($cpost['comment']) / $article_comment_num);
}
} else {
$page = 1;
}
if ($spam) {
message('添加留言成功,目前发表留言需要管理员审核才会显示,请耐心等待管理员审核.', './?action=guestbook');
}
setcookie('cmcontent','');
if ($options['comment_order']) { //新评论靠后排序
if ($options['showmsg']) {
message('添加留言成功,返回即可看到您所发表的留言.', './?action=guestbook');
} else {
@header('Location: ./?action=guestbook');
}
} else {
if ($options['showmsg']) {
message('添加留言成功,返回即可看到您所发表的留言.','./?action=guestbook');
} else {
@header('Location: ./?action=guestbook');
}
}
}//添加留言修改完毕,演示地址:
http://www.lawuu.com/?action=guestbook
最后补充一句,如果大家盲目的复制来修改的话,肯定会出错,所以请先看清楚,并且记得备份!有问题跟帖或到博客留言。
[
本帖最后由 mojay 于 2007-12-10 09:27 编辑 ]
