edit_message.php

通达OA部分源代码

<?
include_once "myconnect.php";
include "logincheck.php";

function RTESafe($strText) {
	//returns safe code for preloading in the RTE
	$tmpString = trim($strText);
	
	//convert all types of single quotes
	$tmpString = str_replace(chr(145), chr(39), $tmpString);
	$tmpString = str_replace(chr(146), chr(39), $tmpString);
	$tmpString = str_replace("'", "&#39;", $tmpString);
	
	//convert all types of double quotes
	$tmpString = str_replace(chr(147), chr(34), $tmpString);
	$tmpString = str_replace(chr(148), chr(34), $tmpString);
//	$tmpString = str_replace("\"", "\"", $tmpString);
	
	//replace carriage returns & line feeds
	$tmpString = str_replace(chr(10), " ", $tmpString);
	$tmpString = str_replace(chr(13), " ", $tmpString);
	
	return $tmpString;
}
$errcnt=0;
if(count($_POST)<>0)		//IF SOME FORM WAS POSTED DO VALIDATION
{
//		ob_start();
		if(!get_magic_quotes_gpc())
		{
			$comments=str_replace("$","\$",addslashes($_REQUEST["comments"]));

		}
		else
		{
			$comments=str_replace("$","\$",$_REQUEST["comments"]);
		}


	//die("select * from sbjks_members where sbuser_name='$username'");
	if ( strlen(trim($comments)) == 0 )
	{
		$errs[$errcnt]="Comments must be provided";
   		$errcnt++;
	}
/*	elseif(preg_match ("/[;<>&]/", $_REQUEST["comments"]))
	{
		$errs[$errcnt]="Comments can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}*/
	if($errcnt==0)
	{
		
		$query_insert="update sbbleads_comments set 
		sb_comment='$comments' where sb_id=".$_POST["id"];
		
		$rs_insert=mysql_query($query_insert);
		if(mysql_affected_rows()>0)
		{
			header("Location: view_topic.php?topic_id=".$_POST["topic_id"]."&msg=".urlencode("Reply has been posted."));
			die();
		}
		else
		{
			header("Location: view_topic.php?topic_id=".$_POST["topic_id"]."&msg=".urlencode("Some error occurred, Please try again!"));
			die();
		}
	}			//end if-errcnt==0
}			//end if count-post

function main()
{
$config=mysql_fetch_array(mysql_query("select * from sbbleads_config"));
global $errs, $errcnt;
$id=$_REQUEST["id"];

$comment_sql="select * from sbbleads_comments where sb_id=$id";
$comment=mysql_fetch_array(mysql_query($comment_sql));

if(!$comment)
{
echo "<p>&nbsp;</p><p>&nbsp;</p><br><br><br><div align='center'><font size=2 color='#333333' face='Arial, Helvetica, sans-serif'>Comment not found. Click <a href='list_topics.php' class='insidelink'>here</a> to continue</font></div><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p>";
return;
}

$uname="";
$comments=$comment["sb_comment"];
?>
<script language="JavaScript" type="text/javascript" src="richtext.js"></script>

<script language="JavaScript">
function validate()
{
	updateRTEs();
		if(document.form1.comments.value=="")
		{
			alert('Post your Reply.');
			document.form1.comments.focus();
			return false;
		}
/*		if(document.form1.comments.value.match(/[&<>]+/))
		{
			alert("Please remove Invalid characters from Comments (e.g. &  < >)");
			document.form1.comments.focus();
			return(false);
		}*/
return true;
}
</script>
<table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
  <tr> 
    <td   valign="top" > 
      <table width="100%" height="100%" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr> 
          <td height="100%" align="left" valign="top"> <TABLE width="80%" border=0 align="center" 
                                cellPadding=1 cellSpacing=5 borderColor=#0099ff>
              <TBODY>
                <TR > 
                  <TD width="95%" height=20>&nbsp;<font color="#FF0000" size="2" face="Arial, Helvetica, sans-serif"> 
                    <?
				if(count($_POST)>0)
				{
				
						if( $errcnt != 0 )
						{
				?>
                    </font>
                    <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
                      <tr> 
                        <td colspan="2"><font color="#FF0000" size="2" face="Arial, Helvetica, sans-serif" class="red"><strong>Your 
                          Request cannot be processed due to following Reasons</strong></font></td>
                      </tr>
                      <?
				
				for ($i=0;$i<$errcnt;$i++)
				{
				?>
                      <tr> 
                        <td width="6%"><font color="#FF0000" size="2" face="Arial, Helvetica, sans-serif"><strong><font  class="red"><?php echo $i+1; ?></font></strong></font></td>
                        <td width="94%"><font color="#FF0000" size="2" face="Arial, Helvetica, sans-serif"  class="red"><?php echo  $errs[$i]; ?> 
                          </font></td>
                      </tr>
                      <?
				}//end for
				?>
                    </table>
                    <font color="#FF0000" size="2" face="Arial, Helvetica, sans-serif">
                    <?
					}	//end else-errcnt==0
				
				
				}
				
                  ?>
                    </font> </TD>
                </TR>
                <TR > 
                  <TD valign="top" > <table width="100%" border="0" cellspacing="10" cellpadding="2" class="maintablestyle">
                      <form name="form1" method="post" action="edit_message.php" onSubmit="return validate();">
                        <tr valign="middle" bgcolor="#004080"> 
                          <td height="25" colspan="3" class="titlestyle"><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Edit 
                            Reply</strong></font></td>
                        </tr>
                        <tr valign="top"> 
                          <td width="40%" bgcolor="#F5F5F5"  class="yescolor"> 
                            <div align="right"><font size="2" face="Arial, Helvetica, sans-serif" class='normal'><strong>Reply</strong></font></div></td>
                          <td width="6" align="left" ><FONT color="#FF0000" 
                        size=2 face="Arial, Helvetica, sans-serif" class='red'>*&nbsp;</FONT></td>
                          <TD width="60%"> <font size="2" face="Arial, Helvetica, sans-serif"> 
                            <script language="JavaScript" type="text/javascript">
<!--


<?
$content = $comments;
$content = RTESafe($content);
?>//Usage: initRTE(imagesPath, includesPath, cssFile)
initRTE("images/", "", "");

//Usage: writeRichText(fieldname, html, width, height, buttons)
writeRichText('comments', '<?=$content?>', 450, 200, true, false);

//uncomment the following to see a demo of multiple RTEs on one page
//document.writeln('<br><br>');
//writeRichText('rte2', 'read-only text', 450, 100, true, false);
//-->
</script>
                            </font> <noscript>
                            <p><font size="2" face="Arial, Helvetica, sans-serif"><b>Javascript 
                              must be enabled to use this form.</b></font></p>
                            </noscript></TD>
                        </tr>
                        <tr valign="top"> 
                          <td width="40%" bgcolor="#F5F5F5"  class="yescolor"><font class='normal'> 
                            <input name="id" type="hidden" id="id" value="<? echo $comment["sb_id"]; ?>">
                            <input name="topic_id" type="hidden" id="topic_id" value="<? echo $comment["sb_art_id"]; ?>">
                            </font></td>
                          <td width="6" ><font color="#FF0000" size="2" face="Arial, Helvetica, sans-serif">&nbsp;</font></td>
                          <td width="60%" ><font size="2" face="Arial, Helvetica, sans-serif" class='normal'> 
                            <input type="submit" name="Submit" value="Update">
                            </font></td>
                        </tr>
                      </form>
                    </table></TD>
                </TR>
               
                <TR> 
                  <TD valign="top" >&nbsp;</TD>
                </TR>
              </TBODY>
            </TABLE></td>
        </tr>
      </table>
      </td>
  </tr>
</table>
<?php
}

include "template.php";
?>