DedeV6/src/member/pm.php

<?php

/**
 * 会员短消息
 * 
 * @version        $Id: pm.php 1 8:38 2010年7月9日Z tianya $
 * @package        DedeBIZ.Member
 * @copyright      Copyright (c) 2020, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license
 * @link           https://www.dedebiz.com
 */
require_once(dirname(__FILE__) . "/config.php");
CheckRank(0, 0);
$menutype = 'mydede';
$menutype_son = 'pm';
$id = isset($id) ? intval($id) : 0;
if ($cfg_mb_lit == 'Y') {
    ShowMsg('由于系统开启了精简版会员空间，你不能向其它会员发短信息，不过你可以向他留言！', '-1');
    exit();
}

if (!isset($dopost)) {
    $dopost = '';
}
//检查用户是否被禁言
CheckNotAllow();
$state = (empty($state)) ? 0 : intval($state);

if ($dopost == 'read') {
    $sql = "SELECT * FROM `#@__member_friends` WHERE  mid='{$cfg_ml->M_ID}' AND ftype!='-1' ORDER BY addtime DESC LIMIT 20";
    $friends = array();
    $dsql->SetQuery($sql);
    $dsql->Execute();
    while ($row = $dsql->GetArray()) {
        $friends[] = $row;
    }
    $id = intval($id);
    $row = $dsql->GetOne("SELECT * FROM `#@__member_pms` WHERE id='$id' AND (fromid='{$cfg_ml->M_ID}' OR toid='{$cfg_ml->M_ID}')");
    if (!is_array($row)) {
        $result = array(
            "code" => -1,
            "data" => null,
            "msg" => "对不起，你指定的消息不存在或你没权限查看",
        );
        echo json_encode($result);
        exit();
    }
    $dsql->ExecuteNoneQuery("UPDATE `#@__member_pms` SET hasview=1 WHERE id='$id' AND folder='inbox' AND toid='{$cfg_ml->M_ID}'");
    $dsql->ExecuteNoneQuery("UPDATE `#@__member_pms` SET hasview=1 WHERE folder='outbox' AND toid='{$cfg_ml->M_ID}'");
    $result = array(
        "code" => 200,
        "data" => array(
            "subject" => $row['subject'],
            "message" => $row['message'],
            "sendtime" => MyDate("Y-m-d H:i", $row['sendtime']),
        ),
        "msg" => "",
    );
    echo json_encode($result);
    exit();
}
/*-----------------------
function __savesend(){  }
----------------------*/ else if ($dopost == 'savesend') {
    $svali = GetCkVdValue();
    if (preg_match("/5/", $safe_gdopen)) {
        if (strtolower($vdcode) != $svali || $svali == '') {
            ResetVdValue();
            ShowMsg('验证码错误！', '-1');
            exit();
        }
    }
    $faqkey = isset($faqkey) && is_numeric($faqkey) ? $faqkey : 0;
    if ($safe_faq_msg == 1) {
        if ($safefaqs[$faqkey]['answer'] != $safeanswer || $safeanswer == '') {
            ShowMsg('验证问题答案错误', '-1');
            exit();
        }
    }
    if ($subject == '') {
        ShowMsg("请填写信息标题!", "-1");
        exit();
    }
    $msg = CheckUserID($msgtoid, "用户名", false);
    if ($msg != 'ok') {
        ShowMsg($msg, "-1");
        exit();
    }
    $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE userid LIKE '$msgtoid' ");
    if (!is_array($row)) {
        ShowMsg("你指定的用户不存在,不能发送信息!", "-1");
        exit();
    }
    $subject = cn_substrR(HtmlReplace($subject, 1), 60);
    $message = cn_substrR(HtmlReplace($message, 0), 1024);
    $sendtime = $writetime = time();

    //发给收件人(收件人可管理)
    $inquery1 = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)
      VALUES ('{$cfg_ml->M_LoginID}','{$cfg_ml->M_ID}','{$row['mid']}','{$row['userid']}','inbox','$subject','$sendtime','$writetime','0','0','$message'); ";

    //保留到自己的发件箱(自己可管理)
    $inquery2 = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)
      VALUES ('{$cfg_ml->M_LoginID}','{$cfg_ml->M_ID}','{$row['mid']}','{$row['userid']}','outbox','$subject','$sendtime','$writetime','0','0','$message'); ";
    $dsql->ExecuteNoneQuery($inquery1);
    $dsql->ExecuteNoneQuery($inquery2);
    ShowMsg("成功发送一条信息!", "pm.php?dopost=outbox");
    exit();
}
/*-----------------------
function __del(){  }
----------------------*/ else if ($dopost == 'del') {
    $ids = preg_replace("#[^0-9,]#", "", $ids);
    if ($folder == 'inbox') {
        $boxsql = "SELECT * FROM `#@__member_pms` WHERE id IN($ids) AND folder LIKE 'inbox' AND toid='{$cfg_ml->M_ID}'";
        $dsql->SetQuery($boxsql);
        $dsql->Execute();
        $query = '';
        while ($row = $dsql->GetArray()) {
            if ($row && $row['isadmin'] == 1) {
                $query = "Update `#@__member_pms` set writetime='0' WHERE id='{$row['id']}' AND folder='inbox' AND toid='{$cfg_ml->M_ID}' AND isadmin='1';";
                $dsql->ExecuteNoneQuery($query);
            } else {
                $query = "DELETE FROM `#@__member_pms` WHERE id in($ids) AND toid='{$cfg_ml->M_ID}' AND folder LIKE 'inbox'";
            }
        }
    } else if ($folder == 'outbox') {
        $query = "Delete From `#@__member_pms` WHERE id in($ids) AND fromid='{$cfg_ml->M_ID}' AND folder LIKE 'outbox' ";
    } else {
        $query = "Delete From `#@__member_pms` WHERE id in($ids) AND fromid='{$cfg_ml->M_ID}' Or toid='{$cfg_ml->M_ID}' AND folder LIKE 'outbox' Or (folder LIKE 'inbox' AND hasview='0')";
    }
    $dsql->ExecuteNoneQuery($query);
    ShowMsg("成功删除指定的消息!", "pm.php?folder=" . $folder);
    exit();
}
/*-----------------------
function __man(){  }
----------------------*/ else {
    if (!isset($folder)) {
        $folder = 'inbox';
    }
    require_once(DEDEINC . "/datalistcp.class.php");
    $wsql = '';
    if ($folder == 'outbox') {
        $wsql = " `fromid`='{$cfg_ml->M_ID}' AND folder LIKE 'outbox' ";
        $tname = "发件箱";
    } elseif ($folder == 'inbox') {
        $query = "SELECT * FROM `#@__member_pms` WHERE folder LIKE 'outbox' AND isadmin='1'";
        $dsql->SetQuery($query);
        $dsql->Execute();
        while ($row = $dsql->GetArray()) {
            $row2 = $dsql->GetOne("SELECT * FROM `#@__member_pms` WHERE fromid = '$row[id]' AND toid='{$cfg_ml->M_ID}'");
            if (!is_array($row2)) {
                $row3 = "INSERT INTO
                `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)
                VALUES ('admin','{$row['id']}','{$cfg_ml->M_ID}','{$cfg_ml->M_LoginID}','inbox','{$row['subject']}','{$row['sendtime']}','{$row['writetime']}','{$row['hasview']}','{$row['isadmin']}','{$row['message']}')";
                $dsql->ExecuteNoneQuery($row3);
            }
        }
        if ($state === 1) {
            $wsql = " toid='{$cfg_ml->M_ID}' AND folder='inbox' AND writetime!='' and hasview=1";
            $tname = "收件箱";
        } else if ($state === -1) {
            $wsql = "toid='{$cfg_ml->M_ID}' AND folder='inbox' AND writetime!='' and hasview=0";
            $tname = "收件箱";
        } else {
            $wsql = " toid='{$cfg_ml->M_ID}' AND folder='inbox' AND writetime!=''";
            $tname = "收件箱";
        }
    } else {
        $wsql = " `fromid` ='{$cfg_ml->M_ID}' AND folder LIKE 'outbox'";
        $tname = "已发信息";
    }

    $query = "SELECT * FROM `#@__member_pms` WHERE $wsql ORDER BY sendtime DESC";
    $dlist = new DataListCP();
    $dlist->pageSize = 20;
    $dlist->SetParameter("dopost", $dopost);
    $dlist->SetTemplate(DEDEMEMBER . '/templets/pm-main.htm');
    $dlist->SetSource($query);
    $dlist->Display();
}