pm_many.php

在传统CMS文章内容管理功能基础上

<?php
/*
[BBWPS!] (C)2006-2010 小蜜蜂版权所有.
This is NOT a freeware, use is subject to license terms
*/
error_reporting(0);
if(!function_exists("checkRequire")){
	exit("Forbidden");
}
$p=new Template("./template/member");
$db=new DB($hostname,$username,$password,$database);
$action = $_GET['act'];
if($action=="send"){
	$pmTitle = $_POST['title'];
	$pmContent = $_POST['content'];
	$sql = "select username from ".$prefix."members where";
	if(!$_POST['title']||!$_POST['content']){
		MsgError($langAdminArray["mem_unempty"]);
	}
	$sql.=" username like '%$_POST[username]%' and";
	$sql.=" email like '%$_POST[email]%' and";
	$sql.=" vipnum={$_POST['vipnum']}";
	$sql=str_replace("*","%",$sql);
	$countRes = $db->query($sql,true);
	while ($countRow = $db->fetch_array($countRes)) {
		$pmSql = "insert into ".$prefix."pmbox values('','{$langAdminArray["mem_system_msg"]}','$countRow[username]','".time()."','$pmTitle','$pmContent',0,1)";
		$db->update($pmSql);
	}
	ExeSuccess($langAdminArray["bank_succ"],$_POST[returnurl]);
}elseif($action=="search"){
	$sql = "select count(uid) from ".$prefix."members where";
	$sql.=" username like '$_POST[username]' and";
	$sql.=" email like '$_POST[email]' and";
	$sql.=" vipnum={$_POST['vipnum']}";
	$sql=str_replace("*","%",$sql);
	$countRes = $db->query($sql,true);
	$countRow = $db->fetch_array($countRes);
	$sqlPermit="select * from {$prefix}permitgroup";
	$db->query($sqlPermit,true);
	while($rsPermit=$db->fetch_array()){
		$rsPermit["pgid"]==$_POST['vipnum']?$selected="selected":$selected="";
		$stringPermit.="<option value=\"{$rsPermit["pgid"]}\" {$selected}>{$rsPermit["pgname"]}</option>";
		$arr_permit[$rsPermit["pgid"]]=$rsPermit["pgname"];
	}
	$p->set_file("file1","pm_many.html");
	$p->set_var("result",$countRow['count(uid)']);
	$p->set_var("permitgroup",$stringPermit);
	$p->set_var($_POST);
	$p->parse("out","file1");
	$p->p("out");
}else {
	//=======================================================
	//显示平台的会员组
	$sqlPermit="select * from {$prefix}permitgroup";
	$db->query($sqlPermit,true);
	while($rsPermit=$db->fetch_array()){
		$stringPermit.="<option value=\"{$rsPermit["pgid"]}\">{$rsPermit["pgname"]}</option>";
		$arr_permit[$rsPermit["pgid"]]=$rsPermit["pgname"];
	}
	//=======================================================
	$p->set_file("file1","pm_many.html");
	if($to!=null||$to!=""){
		$p->set_var("to",$to);
		$p->set_var("unable","disabled");
	}
	$p->set_var("title",$title);
	$p->set_var("returnurl",$returnurl);
	$p->set_var("permitgroup",$stringPermit);
	$p->parse("out","file1");
	$p->p("out");
}
?>