<?php
//發表留言
function AddGbook($add){
	global $empire,$dbtbpre,$level_r,$public_r;
	//驗證本時間允許操作
	eCheckTimeCloseDo('gbook');
	//驗證IP
	eCheckAccessDoIp('gbook');
	CheckCanPostUrl();//驗證來源
	if($add['bid'])
	{
		$bid=(int)$add['bid'];
	}
	else
	{
		$bid=(int)getcvar('gbookbid');
	}
	$name=RepPostStr(trim($add[name]));
	$email=RepPostStr($add[email]);
	$mycall=RepPostStr($add[mycall]);
	$lytext=RepPostStr($add[lytext]);
	if(empty($bid)||empty($name)||empty($email)||!trim($lytext))
	{
		printerror("EmptyGbookname","history.go(-1)",1);
    }
	if(!chemail($email))
	{
		printerror("EmailFail","history.go(-1)",1);
	}
	//驗證碼
	$keyvname='checkgbookkey';
	if($public_r['gbkey_ok'])
	{
		ecmsCheckShowKey($keyvname,$add['key'],1);
	}
	$lasttime=getcvar('lastgbooktime');
	if($lasttime)
	{
		if(time()-$lasttime<$public_r['regbooktime'])
		{
			printerror("GbOutTime","",1);
		}
	}
	//版面是否存在
	$br=$empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='$bid';");
	if(empty($br[bid]))
	{
		printerror("EmptyGbook","history.go(-1)",1);
	}
	//權限
	if($br['groupid'])
	{
		$user=islogin();
		if($level_r[$br[groupid]][level]>$level_r[$user[groupid]][level])
		{
			printerror("HaveNotEnLevel","history.go(-1)",1);
		}
	}
	$lytime=date("Y-m-d H:i:s");
	$ip=egetip();
	$eipport=egetipport();
	$userid=(int)getcvar('mluserid');
	$username=RepPostVar(getcvar('mlusername'));
	$sql=$empire->query("insert into {$dbtbpre}enewsgbook(name,email,`mycall`,lytime,lytext,retext,bid,ip,checked,userid,username,eipport) values('$name','$email','$mycall','$lytime','$lytext','','$bid','$ip','$br[checked]','$userid','$username','$eipport');");
	ecmsEmptyShowKey($keyvname);//清空驗證碼
	if($sql)
	{
		esetcookie("lastgbooktime",time(),time()+3600*24);//設置最後發表時間
		$reurl=DoingReturnUrl("../tool/gbook/?bid=$bid",$add['ecmsfrom']);
		printerror("AddGbookSuccess",$reurl,1);
	}
	else
	{printerror("DbError","history.go(-1)",1);}
}
?>