<?php
include_once("inc/connect.php");
stop_outside_post();
$email =php_sava(addslashes(isset($_POST['email'])?$_POST['email']:''));
$mobile =php_sava(addslashes(isset($_POST['mobile'])?$_POST['mobile']:''));
$name =php_sava(addslashes(isset($_POST['name'])?$_POST['name']:''));
$an =php_sava(addslashes(isset($_POST['an'])?$_POST['an']:''));
$ip = get_real_ip();
$time =date("Y-m-d");
if(empty($mobile) || empty($email) || empty($name) || empty($an)){
die('submit=false');
}else{
$tsql = "Select * from lzlj_an where ip='$ip'";
$r = mysql_query($tsql);
if( mysql_num_rows($r) ){
die('submit=false');
}else{
$sql ="Insert into lzlj_an(mobile,email,name,an,ip,dtime) value('$mobile','$email','$name','$an','$ip','$time')";
mysql_query($sql) or die('submit=false');
die('submit=true');
}
}
function php_sava($str)
{
$farr = array(
"/s+/",
"/<(/?)(script|i?frame|style|html|body|title|link|meta|?|%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+s*=([^>]*>)/isU",
);
$tarr = array(
" ",
"<\1\2\3>", //如果要直接清除不安全的标签,这里可以留空
"\1\2",
);
$str = preg_replace( $farr,$tarr,$str);
return $str;
}
function stop_outside_post(){
$ServerName = @$_SERVER['SERVER_NAME'];
$Sub_from = @$_SERVER["HTTP_REFERER"];
$Sub_len = strlen($ServerName);
$Checkfrom = substr($Sub_from,7,$Sub_len);
if($Checkfrom!= $ServerName){
die("警告!你正在从外部提交数据或直接访问c.php文件!请立即终止!!");
}
}
function get_real_ip(){
$ip=false;
if(!empty($_SERVER["HTTP_CLIENT_IP"])){
$ip = $_SERVER["HTTP_CLIENT_IP"];
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ips = explode (", ", $_SERVER['HTTP_X_FORWARDED_FOR']);
if ($ip) { array_unshift($ips, $ip); $ip = FALSE; }
for ($i = 0; $i < count($ips); $i++) {
if (!eregi ("^(10|172.16|192.168).", $ips[$i])) {
$ip = $ips[$i];
break;
}
}
}
return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);
}
?>
本站原创www.111cn.net/phper/php.html