Empire CMS 防灌水，防垃圾留言

网站上有个留言板，最近服务器被人黑上了，常常一大堆垃圾。就像下面这样的：

What's the last date I can post this to to arrive in time for Christmas? <a href=" http://soundcloud.com/groups/zyprexa-buy ">Zyprexa Buy</a> 楼 Electronic enlargement .<a href=" http://soundcloud.com/groups/order-zyban ">Order Zyban</a> Cut the chicken into quarters. Saute the chicken to brown in a little oil, put inside. Put oil in a heavy<a href=" http://soundcloud.com/groups/zyprexa-10 ">Zyprexa 10</a> Colorado CO New Jersey NJ<a href=" http://soundcloud.com/groups/online-zyprexa ">Online Zyprexa</a> transaction with an entry in the Eligibility Clarification Code (309-C9) field on the Insurance<a href=" http://soundcloud.com/groups/purchase-zyprexa ">Purchase Zyprexa</a> And for each prescription item on the receipt:

为了防止垃圾留言，给后台管理人员减少工作量，我建议匹配内容，过滤留言，但是有个队员不同意，认为开启验证码是比较合理的。

当时我手头有更重要的事情，于是就按排他去做了。

依我的习惯，如果要我提建议性的留言的话，我不会去填带验证码的内容，尤其是很难看清的验证码。甚至如某邮箱网站注册时要三遍，五遍的输入注册码，很是考验人耐性，并且浪费别人时间。

结果，开启验证码一个星期后，后台无留言。

于是又关闭，但垃圾又来了。

还是回到了我最初提的建议上，因为这个垃圾的长像很有特色，而用户的评论也很有特色，所以，只要正则匹配一下就可以了。这个办法供有这方面需求的朋友参考。

具体方法如下。

修改文件:  e\enews\gbookfun.php

修改后如下：

// 发表留言function AddGbook($add) {global $empire, $dbtbpre, $level_r, $public_r;// 验证IPeCheckAccessDoIp ( 'gbook' );CheckCanPostUrl (); // 验证来源$bid = ( int ) getcvar ( 'gbookbid' );if (empty ( $bid )) {$bid = intval ( $add [bid] );}$name = RepPostStr ( trim ( $add [name] ) );$email = RepPostStr ( $add [email] );$call = RepPostStr ( $add [call] );$lytext = RepPostStr ( $add [lytext] );if (empty ( $bid ) || empty ( $name ) || ! trim ( $lytext )) {printerror ( "EmptyGbookname", "history.go(-1)", 1 );}// 匹配，如果有注删机灌水，则直接略掉if (! preg_match ( $pattern, $lytext )) {// 验证码$keyvname = 'checkgbookkey';if ($public_r ['gbkey_ok']) {ecmsCheckShowKey ( $keyvname, $add ['key'], 1 );}$lasttime = getcvar ( 'lastgbooktime' );if ($lasttime) {if (time () - $lasttime < $public_r ['regbooktime']) {printerror ( "GbOutTime", "", 1 );}}// 版面是否存在$br = $empire->fetch1 ( "select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='$bid';" );if (empty ( $br [bid] )) {printerror ( "EmptyGbook", "history.go(-1)", 1 );}// 权限if ($br ['groupid']) {$user = islogin ();if ($level_r [$br [groupid]] [level] > $level_r [$user [groupid]] [level]) {printerror ( "HaveNotEnLevel", "history.go(-1)", 1 );}}$lytime = date ( "Y-m-d H:i:s" );$ip = egetip ();$userid = ( int ) getcvar ( 'mluserid' );$username = RepPostVar ( getcvar ( 'mlusername' ) );$sql = $empire->query ( "insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('$name','$email','$call','$lytime','$lytext','','$bid','$ip','$br[checked]','$userid','$username');" );ecmsEmptyShowKey ( $keyvname ); // 清空验证码if ($sql) {esetcookie ( "lastgbooktime", time (), time () + 3600 * 24 ); // 设置最后发表时间$reurl = DoingReturnUrl ( "../tool/gbook/?bid=$bid", $add ['ecmsfrom'] );printerror ( "AddGbookSuccess", $reurl, 1 );} else {printerror ( "DbError", "history.go(-1)", 1 );}}else{printerror ( "HavePlCloseWords", "history.go(-1)", 1 );}}

ps: 因为不同的内容，正则匹配的表达式不一样，这里，我用变量$pattern代替。