fenglin/bbs/msg_service_send.php

<?php
        require_once "../lib/common.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";

        $uid = (isset($_POST["uid"]) ? intval($_POST["uid"]) : 0);
        $content = (isset($_POST["content"]) ? $_POST["content"] : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if ($_SESSION["BBS_uid"] == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有登录";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) || $uid == $BBS_sys_uid)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有权限";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $content = split_line($content, "", 256, 10);
        $r_content = check_badwords($content, "****");
        if ($content != $r_content)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "内容不符合要求";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Secure SQL statement
        $content = mysqli_real_escape_string($db_conn, $content);

        $sql = "SELECT UID FROM user_list WHERE UID = $uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (mysqli_num_rows($rs) == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "用户不存在";
        }
        mysqli_free_result($rs);

        $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
                        VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
                        client_addr() . "')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
1	sysadm	1.1	<?php
2			require_once "../lib/common.inc.php";
3			require_once "../lib/db_open.inc.php";
4			require_once "../lib/str_process.inc.php";
5			require_once "./session_init.inc.php";
6			require_once "./check_sub.inc.php";
7
8	sysadm	1.4	$uid = (isset($_POST["uid"]) ? intval($_POST["uid"]) : 0);
9			$content = (isset($_POST["content"]) ? $_POST["content"] : "");
10	sysadm	1.1
11			$result_set = array(
12			"return" => array(
13			"code" => 0,
14			"message" => "",
15			"errorFields" => array(),
16			)
17			);
18
19			header("Content-Type:application/json; charset=utf-8");
20
21			// Validate input data
22			if ($_SESSION["BBS_uid"] == 0)
23			{
24			$result_set["return"]["code"] = -1;
25			$result_set["return"]["message"] = "没有登录";
26
27			mysqli_close($db_conn);
28			exit(json_encode($result_set));
29			}
30
31			if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) \|\| $uid == $BBS_sys_uid)
32			{
33			$result_set["return"]["code"] = -1;
34			$result_set["return"]["message"] = "没有权限";
35
36			mysqli_close($db_conn);
37			exit(json_encode($result_set));
38	sysadm	1.2	}
39	sysadm	1.1
40	sysadm	1.4	$content = split_line($content, "", 256, 10);
41			$r_content = check_badwords($content, "****");
42	sysadm	1.1	if ($content != $r_content)
43			{
44			$result_set["return"]["code"] = -1;
45			$result_set["return"]["message"] = "内容不符合要求";
46
47			mysqli_close($db_conn);
48			exit(json_encode($result_set));
49			}
50
51			// Secure SQL statement
52			$content = mysqli_real_escape_string($db_conn, $content);
53
54			$sql = "SELECT UID FROM user_list WHERE UID = $uid";
55
56			$rs = mysqli_query($db_conn, $sql);
57			if ($rs == false)
58			{
59			$result_set["return"]["code"] = -2;
60			$result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
61
62			mysqli_close($db_conn);
63			exit(json_encode($result_set));
64			}
65
66			if (mysqli_num_rows($rs) == 0)
67			{
68			$result_set["return"]["code"] = -1;
69			$result_set["return"]["message"] = "用户不存在";
70			}
71			mysqli_free_result($rs);
72
73			$sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
74			VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
75			client_addr() . "')";
76
77			$rs = mysqli_query($db_conn, $sql);
78			if ($rs == false)
79			{
80			$result_set["return"]["code"] = -2;
81			$result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
82
83			mysqli_close($db_conn);
84			exit(json_encode($result_set));
85			}
86
87			mysqli_close($db_conn);
88			exit(json_encode($result_set));
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1