www.gusucode.com > PHPDisk E-Core企业级网盘系统 v3.0PHP源码程序 > PHPDisk E-Core企业级网盘系统 v3.0/PHPDisk_ECore_v3.0.20160809/PHPDisk_E-Core_v3.0.20160809/upload/modules/message.inc.php
<?php /** # Project: PHPDISK File Storage Solution # This is NOT a freeware, use is subject to license terms. # # Site: http://www.phpdisk.com # # $Id: message.inc.php 67 2016-08-05 07:26:31Z along $ # # Copyright (C) 2008-2016 PHPDisk Team. All Rights Reserved. # */ if(!defined('IN_PHPDISK') || !defined('IN_MYDISK')) { exit('[PHPDisk] Access Denied'); } switch($action){ case 'inbox': $msg_title = __('msg_inbox'); if($task =='delete'){ $msgid = (int)gpc('msgid','G',0); $rs = $db->fetch_one_array("select * from {$tpf}messages where msgid='$msgid' and touserid='$pd_uid'"); if($rs['in_sendbox']){ $db->query_unbuffered("update {$tpf}messages set is_del=1 where msgid='$msgid' and touserid='$pd_uid'"); }else{ $db->query_unbuffered("delete from {$tpf}messages where msgid='$msgid' and touserid='$pd_uid'"); $db->query_unbuffered("delete from {$tpf}msg_file where msgid='$msgid'"); } redirect(urr("mydisk","item=message&menu=profile&action={$action}"),'',0); }else{ $perpage = 20; $sql_do = " {$tpf}messages m, {$tpf}users u where m.touserid='$pd_uid' and m.userid=u.userid and m.is_del=0"; $rs = $db->fetch_one_array("select count(*) as total_num from {$sql_do}"); $total_num = $rs['total_num']; $start_num = ($pg-1) * $perpage; $q = $db->query("select m.*,u.username from {$sql_do} order by msgid desc limit $start_num,$perpage"); $msg_array = array(); while($rs = $db->fetch_array($q)){ $rs['a_space'] = urr("space","username=".rawurlencode($rs['username'])); $rs['a_view_content'] = urr("mydisk","item=message&action=view&msgid={$rs['msgid']}"); $rs['a_delete'] = urr("mydisk","item=message&action=inbox&task=delete&msgid={$rs['msgid']}"); $rs['content'] = preg_replace("/<.+?>/i","",str_replace('<br>',LF,$rs['content'])); $rs['ctn_total'] = strlen($rs['content']); $rs['short_content'] = $rs['is_new'] ? '<b>'.cutstr($rs['content'],50).'</b>' : cutstr($rs['content'],50); $rs['short_content'] = $rs['is_reply'] ? "<img src=\"images/icon_reply.gif\" align=\"absmiddle\" border=\"0\"> ".$rs['short_content'] : $rs['short_content']; $rs['in_time'] = custom_time("Y-m-d H:i",$rs['in_time']); $msg_array[] = $rs; } $db->free($q); unset($rs); $page_nav = multi($total_num, $perpage, $pg, urr("mydisk","item=message&action=$action")); $a_sendmsg = urr("mydisk","item=message&menu=profile&action=sendmsg"); require_once template_echo('message',$user_tpl_dir); } break; case 'sendbox': $msg_title = __('msg_sendbox'); if($task =='delete'){ $msgid = (int)gpc('msgid','G',0); $rs = $db->fetch_one_array("select * from {$tpf}messages where msgid='$msgid' and userid='$pd_uid'"); if($rs['is_del']){ $db->query_unbuffered("delete from {$tpf}messages where msgid='$msgid' and userid='$pd_uid'"); $db->query_unbuffered("delete from {$tpf}msg_file where msgid='$msgid'"); }else{ $db->query_unbuffered("update {$tpf}messages set in_sendbox=0 where msgid='$msgid' and userid='$pd_uid'"); } redirect(urr("mydisk","item=message&menu=profile&action={$action}"),'',0); }else{ $perpage = 20; $sql_do = " {$tpf}messages m,{$tpf}users u where m.touserid=u.userid and m.userid='$pd_uid' and m.in_sendbox=1"; $rs = $db->fetch_one_array("select count(*) as total_num from {$sql_do}"); $total_num = $rs['total_num']; $start_num = ($pg-1) * $perpage; $q = $db->query("select * from {$sql_do} order by m.msgid desc limit $start_num,$perpage"); $msg_array = array(); while($rs = $db->fetch_array($q)){ $rs['a_space'] = urr("space","username=".rawurlencode($rs['username'])); $rs['a_view_content'] = urr("mydisk","item=message&action=view&msgid={$rs['msgid']}"); $rs['a_delete'] = urr("mydisk","item=message&action=sendbox&task=delete&msgid={$rs['msgid']}"); $rs['content'] = preg_replace("/<.+?>/i","",str_replace('<br>',LF,$rs['content'])); $rs['ctn_total'] = strlen($rs['content']); $rs['short_content'] = cutstr($rs['content'],50); $rs['in_time'] = custom_time("Y-m-d H:i",$rs['in_time']); $msg_array[] = $rs; } $db->free($q); unset($rs); $page_nav = multi($total_num, $perpage, $pg, urr("mydisk","item=message&action=$action")); $a_sendmsg = urr("mydisk","item=message&menu=profile&action=sendmsg"); require_once template_echo('message',$user_tpl_dir); } break; case 'view': $msgid = (int)gpc('msgid','G',0); $ref = $_SERVER['HTTP_REFERER']; $db->query_unbuffered("update {$tpf}messages set is_new=0 where msgid='$msgid' and touserid='$pd_uid'"); $rs = $db->fetch_one_array("select m.*,u.username from {$tpf}messages m,{$tpf}users u where u.userid=m.touserid and msgid='$msgid' limit 1"); if($rs['userid'] == $pd_uid){ $can_reply = 0; $sql_do = "{$tpf}messages m,{$tpf}users u where u.userid=m.touserid and msgid='$msgid' limit 1"; }else{ $can_reply = 1; $sql_do = "{$tpf}messages m,{$tpf}users u where u.userid=m.userid and msgid='$msgid' limit 1"; } $msg_array = $db->fetch_one_array("select m.*,u.username from {$sql_do}"); $msg_array['content'] = html_entity_decode($msg_array['content']); require_once template_echo('message',$user_tpl_dir); break; case 'reply': $msgid = (int)gpc('msgid','GP',0); $username = trim(gpc('username','GP','')); if($task =='reply'){ form_auth(gpc('formhash','P',''),formhash()); $msg_content = trim(gpc('msg_content','P','')); $save_box = (int)gpc('save_box','P',0); $file_ids = gpc('file_ids','P',array()); $rs = $db->fetch_one_array("select userid from {$tpf}users where username='$username'"); if(!$rs['userid']){ $error = true; $sysmsg[] = __('send_user_not_found'); }else{ $touserid = $rs['userid']; } if(checklength($msg_content,2,1000)){ $error = true; $sysmsg[] = __('msg_min_max'); } if(!$error){ $db->query_unbuffered("update {$tpf}messages set is_reply=1 where msgid='$msgid' and touserid='$pd_uid'"); $ins = array( 'reply_id' => $msgid, 'userid' => $pd_uid, 'touserid' => $touserid, 'content' => htmlspecialchars($msg_content), 'is_new' => 1, 'in_sendbox' => $save_box, 'in_time' => $timestamp, ); $db->query("insert into {$tpf}messages set ".$db->sql_array($ins).";"); $msgid = $db->insert_id(); if(count($file_ids)){ $vals = ''; for($i=0;$i<count($file_ids);$i++){ $num = @$db->result_first("select count(*) from {$tpf}msg_file where msgid='$msgid' and file_id='{$file_ids[$i]}'"); if(!$num){ $vals .= "($touserid,$msgid,$file_ids[$i]),"; } } $vals = $vals ? substr($vals,0,-1) : ''; $db->query_unbuffered("insert into {$tpf}msg_file(touserid,msgid,file_id) values $vals ;"); } redirect(urr("mydisk","item=message&menu=profile&action=inbox"),__('send_msg_success')); }else{ redirect('back',$sysmsg); } }else{ require_once template_echo('message',$user_tpl_dir); } break; case 'sendmsg': if($task =='sendmsg'){ form_auth(gpc('formhash','P',''),formhash()); $username = trim(gpc('username','P',0)); $msg_content = trim(gpc('msg_content','P','')); $save_box = (int)gpc('save_box','P',0); $file_ids = gpc('file_ids','P',array()); $rs = $db->fetch_one_array("select userid from {$tpf}users where username='$username'"); if(!$rs['userid']){ $error = true; $sysmsg[] = __('send_user_not_found'); }else{ $touserid = $rs['userid']; } /*$rs = $db->fetch_one_array("select count(*) as total from {$tpf}buddys where userid='$pd_uid' and touserid='$touserid'"); if(!$rs['total']){ $error = true; $sysmsg[] = __('not_your_buddy'); } unset($rs);*/ if(checklength($msg_content,2,1000)){ $error = true; $sysmsg[] = __('msg_min_max'); } if(!$error){ $ins = array( 'userid' => $pd_uid, 'touserid' => $touserid, 'content' => htmlspecialchars($msg_content), 'is_new' => 1, 'in_sendbox' => $save_box, 'in_time' => $timestamp, ); $db->query("insert into {$tpf}messages set ".$db->sql_array($ins).";"); $msgid = $db->insert_id(); if(count($file_ids)){ $vals = ''; for($i=0;$i<count($file_ids);$i++){ $num = @$db->result_first("select count(*) from {$tpf}msg_file where msgid='$msgid' and file_id='{$file_ids[$i]}'"); if(!$num){ $vals .= "($touserid,$msgid,$file_ids[$i]),"; } } $vals = $vals ? substr($vals,0,-1) : ''; $db->query_unbuffered("insert into {$tpf}msg_file(touserid,msgid,file_id) values $vals ;"); } redirect(urr("mydisk","item=message&menu=profile&action=inbox"),__('send_msg_success')); }else{ redirect('back',$sysmsg); } }else{ $username = trim(gpc('username','G','')); $file_id = (int)gpc('file_id','G',0); $q = $db->query("select b.*,u.username from {$tpf}users u,{$tpf}buddys b where u.userid=b.touserid and b.userid='$pd_uid'"); $sel_users = array(); while($rs = $db->fetch_array($q)){ $sel_users[] = $rs; } $db->free($q); unset($rs); $run_script = ''; if($file_id){ $rs =$db->fetch_one_array("select file_name,file_extension from {$tpf}files where file_id='$file_id' and userid='$pd_uid'"); if($rs){ $tmp_ext = $rs[file_extension] ? '.'.$rs[file_extension] : ''; $txt = str_replace("'","\'",file_icon($rs[file_extension]).$rs[file_name].$tmp_ext); } $run_script = '<script>add_file_addr(\''.$txt.'\','.$file_id.')</script>'; } require_once template_echo('message',$user_tpl_dir); } break; } ?>