fenglin/bbs/msg_service_send.php

<?php
        require_once "../lib/common.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
        $content = (isset($data["content"]) ? $data["content"] : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if ($_SESSION["BBS_uid"] == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有登录";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) || $uid == $BBS_sys_uid)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有权限";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $r_content = check_badwords(split_line($content, "", 256, 10), "****");
        if ($content != $r_content)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "内容不符合要求";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Secure SQL statement
        $content = mysqli_real_escape_string($db_conn, $content);

        $sql = "SELECT UID FROM user_list WHERE UID = $uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (mysqli_num_rows($rs) == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "用户不存在";
        }
        mysqli_free_result($rs);

        $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
                        VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
                        client_addr() . "')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	sysadm	1.1	<?php
2			require_once "../lib/common.inc.php";
3			require_once "../lib/db_open.inc.php";
4			require_once "../lib/str_process.inc.php";
5			require_once "./session_init.inc.php";
6			require_once "./check_sub.inc.php";
7
8			$data = json_decode(file_get_contents("php://input"), true);
9
10			$uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
11			$content = (isset($data["content"]) ? $data["content"] : "");
12
13			$result_set = array(
14			"return" => array(
15			"code" => 0,
16			"message" => "",
17			"errorFields" => array(),
18			)
19			);
20
21			header("Content-Type:application/json; charset=utf-8");
22
23			// Validate input data
24			if ($_SESSION["BBS_uid"] == 0)
25			{
26			$result_set["return"]["code"] = -1;
27			$result_set["return"]["message"] = "没有登录";
28
29			mysqli_close($db_conn);
30			exit(json_encode($result_set));
31			}
32
33			if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) \|\| $uid == $BBS_sys_uid)
34			{
35			$result_set["return"]["code"] = -1;
36			$result_set["return"]["message"] = "没有权限";
37
38			mysqli_close($db_conn);
39			exit(json_encode($result_set));
40	sysadm	1.2	}
41	sysadm	1.1
42			$r_content = check_badwords(split_line($content, "", 256, 10), "****");
43			if ($content != $r_content)
44			{
45			$result_set["return"]["code"] = -1;
46			$result_set["return"]["message"] = "内容不符合要求";
47
48			mysqli_close($db_conn);
49			exit(json_encode($result_set));
50			}
51
52			// Secure SQL statement
53			$content = mysqli_real_escape_string($db_conn, $content);
54
55			$sql = "SELECT UID FROM user_list WHERE UID = $uid";
56
57			$rs = mysqli_query($db_conn, $sql);
58			if ($rs == false)
59			{
60			$result_set["return"]["code"] = -2;
61			$result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
62
63			mysqli_close($db_conn);
64			exit(json_encode($result_set));
65			}
66
67			if (mysqli_num_rows($rs) == 0)
68			{
69			$result_set["return"]["code"] = -1;
70			$result_set["return"]["message"] = "用户不存在";
71			}
72			mysqli_free_result($rs);
73
74			$sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
75			VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
76			client_addr() . "')";
77
78			$rs = mysqli_query($db_conn, $sql);
79			if ($rs == false)
80			{
81			$result_set["return"]["code"] = -2;
82			$result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
83
84			mysqli_close($db_conn);
85			exit(json_encode($result_set));
86			}
87
88			mysqli_close($db_conn);
89			exit(json_encode($result_set));
90			?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1