pm.php

极限网络智能办公系统 Office Automation V3.0官方100％源代码.

<?php

/*
	[Discuz!] (C)2001-2007 Comsenz Inc.
	This is NOT a freeware, use is subject to license terms

	$RCSfile: pm.php,v $
	$Revision: 1.53.2.6 $
	$Date: 2007/03/21 15:52:05 $
*/

define('CURSCRIPT', 'pm');
define('NOROBOT', TRUE);

require_once './include/common.inc.php';
require_once DISCUZ_ROOT.'./include/discuzcode.func.php';

$discuz_action = 101;

if(empty($discuz_uid)) {
	showmessage('not_loggedin', NULL, 'NOPERM');
} else {
	if($action == 'noprompt') {
		$db->query("UPDATE {$tablepre}pms SET new='2' WHERE msgtoid='$discuz_uid' AND folder='inbox' AND delstatus!='2' AND new='1'");
		$db->query("UPDATE {$tablepre}members SET newpm='0' WHERE uid='$discuz_uid'");
		if($supe['status'] && $xspacestatus) {
			supe_dbconnect();
			$supe['db']->query("UPDATE {$supe[tablepre]}members SET newpm='0' WHERE uid='$discuz_uid'");
		}
		showmessage('pm_noprompt_succeed', dreferer());
	}
	if($maxpmnum == 0) {
		showmessage('group_nopermission', NULL, 'NOPERM');
	}
}

$query = $db->query("SELECT COUNT(*) FROM {$tablepre}pms WHERE msgfromid='$discuz_uid' AND folder='outbox'");
$pm_outbox = $db->result($query, 0);

$query = $db->query("SELECT COUNT(*) FROM {$tablepre}pms WHERE msgtoid='$discuz_uid' AND folder='inbox' AND delstatus!='2'");
$pm_inbox = $db->result($query, 0);

$query = $db->query("SELECT COUNT(*) FROM {$tablepre}pms WHERE msgtoid='$discuz_uid' AND folder='inbox' AND delstatus!='2' AND new>0");
$pm_inbox_newpm = $db->result($query, 0);

$pm_total = $pm_outbox + $pm_inbox;

@$storage_percent = round((100 * $pm_total / $maxpmnum) + 1).'%';

$ftdisabled = $allowsearch != 2 ? 'disabled' : '';
$folder = isset($folder) ? $folder : 'inbox';
$filter = isset($filter) ? $filter : '';
$action = isset($action) ? $action : '';

if(empty($action)) {

	$page = max(1, intval($page));
	$start_limit = ($page - 1) * $tpp;
	$announce_pmlist = array();

	switch($folder) {

		case 'outbox':
			$pmnum = $pm_outbox;
			$query = $db->query("SELECT p.*, m.username AS msgto FROM {$tablepre}pms p
				LEFT JOIN {$tablepre}members m ON m.uid=p.msgtoid
				WHERE p.msgfromid='$discuz_uid' AND p.folder='outbox'
				ORDER BY p.dateline DESC LIMIT $start_limit, $tpp");
			break;

		case 'track':
			$query = $db->query("SELECT COUNT(*) FROM {$tablepre}pms WHERE msgfromid='$discuz_uid' AND folder='inbox' AND delstatus!='1'");
			$pmnum = $db->result($query, 0);

			$query = $db->query("SELECT p.*, m.username AS msgto FROM {$tablepre}pms p
				LEFT JOIN {$tablepre}members m ON m.uid=p.msgtoid
				WHERE p.msgfromid='$discuz_uid' AND p.folder='inbox' AND delstatus!='1'
				ORDER BY p.dateline DESC LIMIT $start_limit, $tpp");
			break;

		default:
			$folder = 'inbox';
			if($filter == 'newpm') {
				$pmnum = $pm_inbox_newpm;
				$filteradd = 'AND new>0';
			} else {
				$pmnum = $pm_inbox;
				$filteradd ='';
			}

			$readapmids = !empty($_DCOOKIE['readapmid']) ? explode('D', $_DCOOKIE['readapmid']) : array();
			$query = $db->query("SELECT id as pmid, subject, groups, starttime as dateline FROM {$tablepre}announcements WHERE type=2 AND starttime<='$timestamp' ORDER BY displayorder, starttime DESC, id DESC");
			while($announce = $db->fetch_array($query)) {
				if(empty($announce['groups']) || in_array($groupid, explode(',', $announce['groups']))) {
					$announce['announce'] = TRUE;
					$announce['dateline'] = gmdate("$dateformat", $announce['dateline'] + $timeoffset * 3600);
					$announce['subject'] = !in_array($announce['pmid'], $readapmids) ? "<b>$announce[subject]</b>" : $announce['subject'];
					$announce_pmlist[] = $announce;
				}
			}

			$query = $db->query("SELECT * FROM {$tablepre}pms WHERE msgtoid='$discuz_uid' AND folder='inbox' $filteradd AND delstatus!='2' ORDER BY dateline DESC LIMIT $start_limit, $tpp");
	}
	$filterurl = ($filter == 'newpm' && $folder == 'inbox') ? 'filter=newpm' :'';
	$multipage = multi($pmnum, $tpp, $page, "pm.php?folder=$folder&$filterurl");

	$pmlist = array();
	while($pm = $db->fetch_array($query)) {
		$pm['dateline'] = gmdate("$dateformat $timeformat", $pm['dateline'] + $timeoffset * 3600);
		$pm['subject'] = $pm['new'] ? "<b>$pm[subject]</b>" : $pm['subject'];
		$pmlist[] = $pm;
	}
	$pmlist = array_merge($announce_pmlist, $pmlist);

} elseif($action == 'view') {

	$pm_inbox_newpm = $pm_inbox_newpm > 0 ? $pm_inbox_newpm - 1 : 0;

	if($folder != 'announce') {

		if($pm_total > $maxpmnum) {
			showmessage('pm_box_isfull', 'pm.php');
		}

		$codecount = 0;

		$query = $db->query("SELECT p.*, m.username AS msgto FROM {$tablepre}pms p
					LEFT JOIN {$tablepre}members m ON m.uid=p.msgtoid
					WHERE pmid='$pmid' AND (msgtoid='$discuz_uid' OR msgfromid='$discuz_uid')");
		if(!$pm = $db->fetch_array($query)) {
			showmessage('pm_nonexistence');
		}

		if($pm['new'] && !($pm['msgfromid'] == $discuz_uid && $pm['msgtoid'] != $discuz_uid && $pm['folder'] == 'inbox')) {
			$db->query("UPDATE {$tablepre}pms SET new='0' WHERE pmid='$pmid'");
		}

		$folder = $folder == 'track' ? $folder : $pm['folder'];

		$pm['dateline'] = gmdate("$dateformat $timeformat", $pm['dateline'] + $timeoffset * 3600);
		$pm['message'] = discuzcode($pm['message'], 0, 0);
		$announcepm = FALSE;

	} else {

		$query = $db->query("SELECT * FROM {$tablepre}announcements WHERE id='$pmid' AND type=2 AND starttime<='$timestamp' AND (endtime='0' OR endtime>'$timestamp')");
		if(!$pm = $db->fetch_array($query)) {
			showmessage('pm_nonexistence');
		}
		if($pm['groups'] && !in_array($groupid, explode(',', $pm['groups']))) {
			showmessage('pm_nonexistence');
		}
		$folder = 'inbox';
		$pm['dateline'] = gmdate("$dateformat", $pm['starttime'] + $timeoffset * 3600);
		$pm['message'] = nl2br(discuzcode($pm['message'], 0, 0, 1, 1, 1, 1, 1));
		$pm['msgtoid'] = $discuz_uid;
		$pm['msgto'] = $discuz_user;
		$announcepm = TRUE;
		if(!empty($_DCOOKIE['readapmid']) && !in_array($pmid, explode('D', $_DCOOKIE['readapmid']))) {
			$_DCOOKIE['readapmid'] .= 'D'.$pmid;
		} else {
			$_DCOOKIE['readapmid'] = $pmid;
		}
		dsetcookie('readapmid', $_DCOOKIE['readapmid'], 2592000);

	}
	ajaxtemplate('pm_view_ajax');

} elseif($action == 'send') {

	if(!$adminid && $newbiespan && (!$lastpost || $timestamp - $lastpost < $newbiespan * 3600)) {
		$query = $db->query("SELECT regdate FROM {$tablepre}members WHERE uid='$discuz_uid'");
		if($timestamp - ($db->result($query, 0)) < $newbiespan * 3600) {
			showmessage('pm_newbie_span');
		}
	}

	if($pm_total > $maxpmnum) {
		showmessage('pm_box_isfull', 'pm.php');
	}

	checklowerlimit($creditspolicy['pm'], -1);

	$subject = !empty($subject) ? cutstr(dhtmlspecialchars(censor(trim($subject))), 75) : '';
	$message = !empty($message) ? trim(censor($message)) : '';
	$do = isset($do) ? $do : '';

	$seccodecheck = substr(sprintf('%05b', $seccodestatus), -4, 1);
	$secqaacheck = $secqaa['status'][3] && (!$secqaa['minposts'] || $posts < $secqaa['minposts']);

	if(!submitcheck('pmsubmit', 0, $seccodecheck, $secqaacheck)) {

		$buddylist = array();
		$query = $db->query("SELECT b.buddyid, m.username AS buddyname FROM {$tablepre}buddys b
					LEFT JOIN {$tablepre}members m ON m.uid=b.buddyid
					WHERE b.uid='$discuz_uid'");
		while($buddy = $db->fetch_array($query)) {
			$buddylist[] = $buddy;
		}

		$subject = $message = '';

		if(isset($pmid)) {
			$query = $db->query("SELECT * FROM {$tablepre}pms WHERE pmid='$pmid' AND (msgtoid='$discuz_uid' OR msgfromid='$discuz_uid')");
			$pm = $db->fetch_array($query);

			$pm['subject'] = $message = preg_replace("/^(Re:|Fw:)\s*/", "", $pm['subject']);
			$username = $pm['msgfrom'];

			if($do == 'reply') {
				$subject = "Re: $pm[subject]";
				$message = '[quote]'.dhtmlspecialchars(trim(preg_replace("/(\[quote])(.*)(\[\/quote])/siU", '', $pm['message']))).'[/quote]'."\n";
				$touser = $pm['msgfrom'];
			} elseif($do == 'forward') {
				$pm['dateline'] = gmdate($_DCACHE['settings']['dateformat'].' '.$_DCACHE['settings']['timeformat'], $pm['dateline'] + $timeoffset * 3600);
				$subject = "Fw: $pm[subject]";
				$message = '[quote]'.dhtmlspecialchars($pm['message']).'[/quote]'."\n";
				$touser = '';
			} elseif($folder == 'outbox') {
				$subject = $pm['subject'];
				$message = dhtmlspecialchars($pm['message']);
				$query = $db->query("SELECT username FROM {$tablepre}members WHERE uid='$pm[msgtoid]'");
				$touser = dhtmlspecialchars($db->result($query, 0));
			}

		} elseif(isset($uid)) {

			$query = $db->query("SELECT username FROM {$tablepre}members WHERE uid='$uid'");
			$touser = dhtmlspecialchars($db->result($query, 0));

		} else {

			$touser = isset($touser) ? dhtmlspecialchars($touser) : '';

		}

		if($seccodecheck) {
			$seccode = random(6, 1) + $seccode{0} * 1000000;
		}
		if($secqaacheck) {
			$seccode = random(1, 1) * 1000000 + substr($seccode, -6);
		}

		$smpage = max(1, intval($_COOKIE['smpage']));
		$smmultipage = $_DCACHE['smiliesnum'] > $smcols * $smrows ? multi($_DCACHE['smiliesnum'], $smcols * $smrows, 1, '###', 0, 4, 1, 'getSmilies') : '';

	} else {

		$floodctrl = $floodctrl * 2;
		if($floodctrl && !$disablepostctrl && $timestamp - $lastpost < $floodctrl) {
			showmessage('pm_flood_ctrl');
		}

		if(empty($msgto) && is_array($msgtobuddys)) {
			$msgto = $msgtobuddys;
		} else {
			$msgtoid = 0;
			$query = $db->query("SELECT m.uid, m.username FROM {$tablepre}members m WHERE username='$msgto'");
			while($member = $db->fetch_array($query)) {
				if(!strcasecmp(addslashes($member['username']), $msgto)) {
					$msgtoid = $member['uid'];
					break;
				}
			}

			if(!$msgtoid) {
				showmessage('pm_send_nonexistence');
			}

			if(is_array($msgtobuddys)) {
				$msgto = array_merge($msgtobuddys, array($msgtoid));
			} else {
				$msgto = array($msgtoid);
			}
		}

		if(empty($message) || empty($subject)) {
			showmessage('pm_send_invalid');
		}

		$uids = $comma = '';
		foreach($msgto as $uid) {
			if(!is_numeric($uid)) {
				showmessage('pm_send_invalid');
			} else {
				$uids .= $comma."'$uid'";
				$comma = ',';
			}
		}

		$maxpmsend = ceil($maxpmnum / 10);
		$msgto_count = count($msgto);
		if($msgto_count > $maxpmsend) {
			showmessage('pm_send_toomany');
		} elseif(!$msgto_count) {
			showmessage('pm_send_nonexistence');
		}

		$ignorenum = 0;
		$query = $db->query("SELECT m.username, mf.ignorepm, u.maxpmnum FROM {$tablepre}usergroups u, {$tablepre}members m
			LEFT JOIN {$tablepre}memberfields mf USING(uid)
			WHERE m.uid IN ($uids) AND m.groupid=u.groupid");

		if($msgto_count <> $db->num_rows($query)) {
			showmessage('pm_send_nonexistence');
		}

		while($member = $db->fetch_array($query)) {
			if($member['maxpmnum'] < 1 || preg_match("/(^{ALL}$|(,|^)\s*".preg_quote($discuz_user, '/')."\s*(,|$))/i", $member['ignorepm'])) {
				showmessage('pm_send_ignore');
			}
		}
		if(!$saveoutbox) {

			updatecredits($discuz_uid, $creditspolicy['pm'], -1);

			foreach($msgto as $uid) {
				$db->query("INSERT INTO {$tablepre}pms (
				msgfrom, msgfromid, msgtoid, folder, new, subject, dateline, message )VALUES(
				'$discuz_user', '$discuz_uid', '$uid', 'inbox', '1', '$subject', '$timestamp', '$message')");
			}

			$db->query("UPDATE {$tablepre}members SET newpm='1' WHERE uid IN ($uids)", 'UNBUFFERED');

			if($supe['status'] && $xspacestatus) {
				supe_dbconnect();
				$supe['db']->query("UPDATE {$supe[tablepre]}members SET newpm='1' WHERE uid IN ($uids)", 'UNBUFFERED');
			}

			if($floodctrl) {