fenglin/bbs/msg_service_send.php

<?php
        require_once "../lib/common.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";

        $uid = (isset($_POST["uid"]) ? intval($_POST["uid"]) : 0);
        $content = (isset($_POST["content"]) ? $_POST["content"] : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if ($_SESSION["BBS_uid"] == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有登录";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) || $uid == $BBS_sys_uid)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有权限";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $content = split_line($content, "", 256, 10);

        $bw_count = 0;
        $r_content = check_badwords($content, "****", $bw_count);
        if ($bw_count > 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "内容不符合要求";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Secure SQL statement
        $content = mysqli_real_escape_string($db_conn, $content);

        $sql = "SELECT UID FROM user_list WHERE UID = $uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (mysqli_num_rows($rs) == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "用户不存在";
        }
        mysqli_free_result($rs);

        $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
                        VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
                        client_addr() . "')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
1	<?php
2	require_once "../lib/common.inc.php";
3	require_once "../lib/db_open.inc.php";
4	require_once "../lib/str_process.inc.php";
5	require_once "./session_init.inc.php";
6	require_once "./check_sub.inc.php";
7
8	$uid = (isset($_POST["uid"]) ? intval($_POST["uid"]) : 0);
9	$content = (isset($_POST["content"]) ? $_POST["content"] : "");
10
11	$result_set = array(
12	"return" => array(
13	"code" => 0,
14	"message" => "",
15	"errorFields" => array(),
16	)
17	);
18
19	header("Content-Type:application/json; charset=utf-8");
20
21	// Validate input data
22	if ($_SESSION["BBS_uid"] == 0)
23	{
24	$result_set["return"]["code"] = -1;
25	$result_set["return"]["message"] = "没有登录";
26
27	mysqli_close($db_conn);
28	exit(json_encode($result_set));
29	}
30
31	if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) \|\| $uid == $BBS_sys_uid)
32	{
33	$result_set["return"]["code"] = -1;
34	$result_set["return"]["message"] = "没有权限";
35
36	mysqli_close($db_conn);
37	exit(json_encode($result_set));
38	}
39
40	$content = split_line($content, "", 256, 10);
41
42	$bw_count = 0;
43	$r_content = check_badwords($content, "****", $bw_count);
44	if ($bw_count > 0)
45	{
46	$result_set["return"]["code"] = -1;
47	$result_set["return"]["message"] = "内容不符合要求";
48
49	mysqli_close($db_conn);
50	exit(json_encode($result_set));
51	}
52
53	// Secure SQL statement
54	$content = mysqli_real_escape_string($db_conn, $content);
55
56	$sql = "SELECT UID FROM user_list WHERE UID = $uid";
57
58	$rs = mysqli_query($db_conn, $sql);
59	if ($rs == false)
60	{
61	$result_set["return"]["code"] = -2;
62	$result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
63
64	mysqli_close($db_conn);
65	exit(json_encode($result_set));
66	}
67
68	if (mysqli_num_rows($rs) == 0)
69	{
70	$result_set["return"]["code"] = -1;
71	$result_set["return"]["message"] = "用户不存在";
72	}
73	mysqli_free_result($rs);
74
75	$sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
76	VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
77	client_addr() . "')";
78
79	$rs = mysqli_query($db_conn, $sql);
80	if ($rs == false)
81	{
82	$result_set["return"]["code"] = -2;
83	$result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
84
85	mysqli_close($db_conn);
86	exit(json_encode($result_set));
87	}
88
89	mysqli_close($db_conn);
90	exit(json_encode($result_set));
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1