fenglin/bbs/msg_service_send.php

<?php
        require_once "../lib/common.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "./session_init.inc.php";
        require_once "./check_sub.inc.php";

        $uid = (isset($_POST["uid"]) ? intval($_POST["uid"]) : 0);
        $content = (isset($_POST["content"]) ? $_POST["content"] : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if ($_SESSION["BBS_uid"] == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有登录";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) || $uid == $BBS_sys_uid)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "没有权限";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $content = split_line($content, "", 256, 10);

        $bw_count = 0;
        $r_content = check_badwords($content, "****", $bw_count);
        if ($bw_count > 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "内容不符合要求";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Secure SQL statement
        $content = mysqli_real_escape_string($db_conn, $content);

        $sql = "SELECT UID FROM user_list WHERE UID = $uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (mysqli_num_rows($rs) == 0)
        {
                $result_set["return"]["code"] = -1;
                $result_set["return"]["message"] = "用户不存在";
        }
        mysqli_free_result($rs);

        $sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
                        VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
                        client_addr() . "')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
1	sysadm	1.1	<?php
2			require_once "../lib/common.inc.php";
3			require_once "../lib/db_open.inc.php";
4			require_once "../lib/str_process.inc.php";
5			require_once "./session_init.inc.php";
6			require_once "./check_sub.inc.php";
7
8	sysadm	1.4	$uid = (isset($_POST["uid"]) ? intval($_POST["uid"]) : 0);
9			$content = (isset($_POST["content"]) ? $_POST["content"] : "");
10	sysadm	1.1
11			$result_set = array(
12			"return" => array(
13			"code" => 0,
14			"message" => "",
15			"errorFields" => array(),
16			)
17			);
18
19			header("Content-Type:application/json; charset=utf-8");
20
21			// Validate input data
22			if ($_SESSION["BBS_uid"] == 0)
23			{
24			$result_set["return"]["code"] = -1;
25			$result_set["return"]["message"] = "没有登录";
26
27			mysqli_close($db_conn);
28			exit(json_encode($result_set));
29			}
30
31			if (!$_SESSION["BBS_priv"]->checkpriv(0, S_MSG) \|\| $uid == $BBS_sys_uid)
32			{
33			$result_set["return"]["code"] = -1;
34			$result_set["return"]["message"] = "没有权限";
35
36			mysqli_close($db_conn);
37			exit(json_encode($result_set));
38	sysadm	1.2	}
39	sysadm	1.1
40	sysadm	1.4	$content = split_line($content, "", 256, 10);
41	sysadm	1.5
42			$bw_count = 0;
43			$r_content = check_badwords($content, "****", $bw_count);
44			if ($bw_count > 0)
45	sysadm	1.1	{
46			$result_set["return"]["code"] = -1;
47			$result_set["return"]["message"] = "内容不符合要求";
48
49			mysqli_close($db_conn);
50			exit(json_encode($result_set));
51			}
52
53			// Secure SQL statement
54			$content = mysqli_real_escape_string($db_conn, $content);
55
56			$sql = "SELECT UID FROM user_list WHERE UID = $uid";
57
58			$rs = mysqli_query($db_conn, $sql);
59			if ($rs == false)
60			{
61			$result_set["return"]["code"] = -2;
62			$result_set["return"]["message"] = "Query user error: " . mysqli_error($db_conn);
63
64			mysqli_close($db_conn);
65			exit(json_encode($result_set));
66			}
67
68			if (mysqli_num_rows($rs) == 0)
69			{
70			$result_set["return"]["code"] = -1;
71			$result_set["return"]["message"] = "用户不存在";
72			}
73			mysqli_free_result($rs);
74
75			$sql = "INSERT INTO bbs_msg(fromUID, toUID, content, send_dt, send_ip)
76			VALUES(" . $_SESSION["BBS_uid"] . ", $uid, '$content', NOW(),'" .
77			client_addr() . "')";
78
79			$rs = mysqli_query($db_conn, $sql);
80			if ($rs == false)
81			{
82			$result_set["return"]["code"] = -2;
83			$result_set["return"]["message"] = "Insert msg error: " . mysqli_error($db_conn);
84
85			mysqli_close($db_conn);
86			exit(json_encode($result_set));
87			}
88
89			mysqli_close($db_conn);
90			exit(json_encode($result_set));
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1