fenglin/bbs/msg_service_send.php

<?php
        require_once "../lib/common.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
        $content = (isset($data["content"]) ? $data["content"] : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if ($_SESSION["BBS_uid"] == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有登录";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) || $uid == $BBS_sys_uid)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有权限";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $r_content = check_badwords(split_line($content, "", 256, 10), "****");
        if ($content != $r_content)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "内容不符合要求";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Secure SQL statement
        $content = mysqli_real_escape_string($db_conn, $content);

        $sql = "SELECT UID FROM user_list WHERE UID = $uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (mysqli_num_rows($rs) == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "用户不存在";
        }
        mysqli_free_result($rs);

        $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
                        VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
                        client_addr() . "')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	<?php
2	require_once "../lib/common.inc.php";
3	require_once "../lib/db_open.inc.php";
4	require_once "../lib/str_process.inc.php";
5	require_once "./session_init.inc.php";
6	require_once "./check_sub.inc.php";
7
8	$data = json_decode(file_get_contents("php://input"), true);
9
10	$uid = (isset($data["uid"]) ? intval($data["uid"]) : 0);
11	$content = (isset($data["content"]) ? $data["content"] : "");
12
13	$result_set = array(
14	"return" => array(
15	"code" => 0,
16	"message" => "",
17	"errorFields" => array(),
18	)
19	);
20
21	header("Content-Type:application/json; charset=utf-8");
22
23	// Validate input data
24	if ($_SESSION["BBS_uid"] == 0)
25	{
26	$result_set["return"]["code"] = -1;
27	$result_set["return"]["message"] = "没有登录";
28
29	mysqli_close($db_conn);
30	exit(json_encode($result_set));
31	}
32
33	if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) \|\| $uid == $BBS_sys_uid)
34	{
35	$result_set["return"]["code"] = -1;
36	$result_set["return"]["message"] = "没有权限";
37
38	mysqli_close($db_conn);
39	exit(json_encode($result_set));
40	}
41
42	$r_content = check_badwords(split_line($content, "", 256, 10), "****");
43	if ($content != $r_content)
44	{
45	$result_set["return"]["code"] = -1;
46	$result_set["return"]["message"] = "内容不符合要求";
47
48	mysqli_close($db_conn);
49	exit(json_encode($result_set));
50	}
51
52	// Secure SQL statement
53	$content = mysqli_real_escape_string($db_conn, $content);
54
55	$sql = "SELECT UID FROM user_list WHERE UID = $uid";
56
57	$rs = mysqli_query($db_conn, $sql);
58	if ($rs == false)
59	{
60	$result_set["return"]["code"] = -2;
61	$result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
62
63	mysqli_close($db_conn);
64	exit(json_encode($result_set));
65	}
66
67	if (mysqli_num_rows($rs) == 0)
68	{
69	$result_set["return"]["code"] = -1;
70	$result_set["return"]["message"] = "用户不存在";
71	}
72	mysqli_free_result($rs);
73
74	$sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
75	VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
76	client_addr() . "')";
77
78	$rs = mysqli_query($db_conn, $sql);
79	if ($rs == false)
80	{
81	$result_set["return"]["code"] = -2;
82	$result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
83
84	mysqli_close($db_conn);
85	exit(json_encode($result_set));
86	}
87
88	mysqli_close($db_conn);
89	exit(json_encode($result_set));
90	?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1