Server : Apache
System : Linux iZ2vcgyutqttsd1p850kl8Z 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64
User : www ( 1000)
PHP Version : 5.6.40
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
Directory :  /www/wwwroot/saimikebio.com/ecshopjcw/
Upload File :
Current Directory [ Writeable ] Root Directory [ Writeable ]


Current File : /www/wwwroot/saimikebio.com/ecshopjcw/message.php
<?php

/**
 * ECSHOP  管理中心管理员留言程序
 * ============================================================================
 * * 版权所有 2005-2012 上海商派网络科技有限公司,并保留所有权利。
 * 网站地址: http://www.ecshop.com;
 * ----------------------------------------------------------------------------
 * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和
 * 使用;不允许对程序代码以任何形式任何目的的再发布。
 * ============================================================================
 * $Author: liubo $
 * $Id: message.php 17217 2011-01-19 06:29:08Z liubo $
*/

define('IN_ECS', true);

require(dirname(__FILE__) . '/includes/init.php');

/* act操作项的初始化 */
$_REQUEST['act'] = trim($_REQUEST['act']);
if (empty($_REQUEST['act']))
{
    $_REQUEST['act'] = 'list';
}

/*------------------------------------------------------ */
//-- 留言列表页面
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'list')
{
    $smarty->assign('full_page',   1);
    $smarty->assign('ur_here',     $_LANG['msg_list']);
    $smarty->assign('action_link', array('text' => $_LANG['send_msg'], 'href' => 'message.php?act=send'));

    $list = get_message_list();

    $smarty->assign('message_list', $list['item']);
    $smarty->assign('filter',       $list['filter']);
    $smarty->assign('record_count', $list['record_count']);
    $smarty->assign('page_count',   $list['page_count']);

    $sort_flag  = sort_flag($list['filter']);
    $smarty->assign($sort_flag['tag'], $sort_flag['img']);

    assign_query_info();
    $smarty->display('message_list.htm');
}

/*------------------------------------------------------ */
//-- 翻页、排序
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'query')
{
    $list = get_message_list();

    $smarty->assign('message_list', $list['item']);
    $smarty->assign('filter',       $list['filter']);
    $smarty->assign('record_count', $list['record_count']);
    $smarty->assign('page_count',   $list['page_count']);

    $sort_flag  = sort_flag($list['filter']);
    $smarty->assign($sort_flag['tag'], $sort_flag['img']);

    make_json_result($smarty->fetch('message_list.htm'), '',
        array('filter' => $list['filter'], 'page_count' => $list['page_count']));
}

/*------------------------------------------------------ */
//-- 留言发送页面
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'send')
{
    /* 获取管理员列表 */
    $admin_list = $db->getAll('SELECT user_id, user_name FROM ' .$ecs->table('admin_user'));

    $smarty->assign('ur_here',     $_LANG['send_msg']);
    $smarty->assign('action_link', array('href' => 'message.php?act=list', 'text' => $_LANG['msg_list']));
    $smarty->assign('action',      'add');
    $smarty->assign('form_act',    'insert');
    $smarty->assign('admin_list',  $admin_list);

    assign_query_info();
    $smarty->display('message_info.htm');
}

/*------------------------------------------------------ */
//-- 处理留言的发送
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'insert')
{
    $rec_arr = $_POST['receiver_id'];

    /* 向所有管理员发送留言 */
    if ($rec_arr[0] == 0)
    {
        /* 获取管理员信息 */
        $result = $db->query('SELECT user_id FROM ' .$ecs->table('admin_user') . 'WHERE user_id !=' . $_SESSION['admin_id']);
        while ($rows = $db->FetchRow($result))
        {
            $sql = "INSERT INTO " .$ecs->table('admin_message'). " (sender_id, receiver_id, sent_time, " .
                            "read_time, readed, deleted, title, message) ".
                        "VALUES ('".$_SESSION['admin_id']."', '".$rows['user_id']."', '" .gmtime(). "', ".
                            "0, '0', '0', '$_POST[title]', '$_POST[message]')";
            $db->query($sql);
        }

        /*添加链接*/
        $link[0]['text'] = $_LANG['back_list'];
        $link[0]['href'] = 'message.php?act=list';

        $link[1]['text'] = $_LANG['continue_send_msg'];
        $link[1]['href'] = 'message.php?act=send';

        sys_msg($_LANG['send_msg'] . "&nbsp;" . $_LANG['action_succeed'],0, $link);

        /* 记录管理员操作 */
        admin_log(admin_log($_LANG['send_msg']), 'add', 'admin_message');
    }
    else
    {
        /* 如果是发送给指定的管理员 */
        foreach ($rec_arr AS $key => $id)
        {
            $sql = "INSERT INTO " .$ecs->table('admin_message'). " (sender_id, receiver_id, ".
                        "sent_time, read_time, readed, deleted, title, message) ".
                   "VALUES ('".$_SESSION['admin_id']."', '$id', '".gmtime()."', ".
                        "'0', '0', '0', '$_POST[title]', '$_POST[message]')";
            $db->query($sql);
        }
        admin_log(addslashes($_LANG['send_msg']), 'add', 'admin_message');

        $link[0]['text'] = $_LANG['back_list'];
        $link[0]['href'] = 'message.php?act=list';
        $link[1]['text'] = $_LANG['continue_send_msg'];
        $link[1]['href'] = 'message.php?act=send';

        sys_msg($_LANG['send_msg'] . "&nbsp;" . $_LANG['action_succeed'],0, $link);
    }
}
/*------------------------------------------------------ */
//-- 留言编辑页面
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'edit')
{
    $id = intval($_REQUEST['id']);

    /* 获取管理员列表 */
    $admin_list = $db->getAll('SELECT user_id, user_name FROM ' .$ecs->table('admin_user'));

    /* 获得留言数据*/
    $sql = 'SELECT message_id, receiver_id, title, message'.
           'FROM ' .$ecs->table('admin_message'). " WHERE message_id='$id'";
    $msg_arr = $db->getRow($sql);

    $smarty->assign('ur_here',     $_LANG['edit_msg']);
    $smarty->assign('action_link', array('href' => 'message.php?act=list', 'text' => $_LANG['msg_list']));
    $smarty->assign('form_act',    'update');
    $smarty->assign('admin_list',  $admin_list);
    $smarty->assign('msg_arr',     $msg_arr);

    assign_query_info();
    $smarty->display('message_info.htm');
}
elseif ($_REQUEST['act'] == 'update')
{
    /* 获得留言数据*/
    $msg_arr = array();
    $msg_arr = $db->getRow('SELECT * FROM ' .$ecs->table('admin_message')." WHERE message_id='$_POST[id]'");

    $sql = "UPDATE " .$ecs->table('admin_message'). " SET ".
           "title = '$_POST[title]',".
           "message = '$_POST[message]'".
           "WHERE sender_id = '$msg_arr[sender_id]' AND sent_time='$msg_arr[send_time]'";
    $db->query($sql);

    $link[0]['text'] = $_LANG['back_list'];
    $link[0]['href'] = 'message.php?act=list';

    sys_msg($_LANG['edit_msg'] . ' ' . $_LANG['action_succeed'],0, $link);

    /* 记录管理员操作 */
    admin_log(addslashes($_LANG['edit_msg']), 'edit', 'admin_message');
}

/*------------------------------------------------------ */
//-- 留言查看页面
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'view')
{
    $msg_id = intval($_REQUEST['id']);

    /* 获得管理员留言数据 */
    $msg_arr = array();
    $sql     = "SELECT a.*, b.user_name ".
               "FROM " .$ecs->table('admin_message')." AS a ".
               "LEFT JOIN " .$ecs->table('admin_user')." AS b ON b.user_id = a.sender_id ".
               "WHERE a.message_id = '$msg_id'";
    $msg_arr = $db->getRow($sql);
    $msg_arr['title']   = nl2br(htmlspecialchars($msg_arr['title']));
    $msg_arr['message'] = nl2br(htmlspecialchars($msg_arr['message']));

    /* 如果还未阅读 */
    if ($msg_arr['readed'] == 0)
    {
        $msg_arr['read_time'] = gmtime(); //阅读日期为当前日期

        //更新阅读日期和阅读状态
        $sql = "UPDATE " .$ecs->table('admin_message'). " SET ".
               "read_time = '" . $msg_arr['read_time'] . "', ".
               "readed = '1' ".
               "WHERE message_id = '$msg_id'";
        $db->query($sql);
    }

    //模板赋值,显示
    $smarty->assign('ur_here',     $_LANG['view_msg']);
    $smarty->assign('action_link', array('href' => 'message.php?act=list', 'text' => $_LANG['msg_list']));
    $smarty->assign('admin_user',  $_SESSION['admin_name']);
    $smarty->assign('msg_arr',     $msg_arr);

    assign_query_info();
    $smarty->display('message_view.htm');
}

/*------------------------------------------------------ */
//--留言回复页面
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'reply')
{
    $msg_id = intval($_REQUEST['id']);

    /* 获得留言数据 */
    $msg_val = array();
    $sql     = "SELECT a.*, b.user_name ".
               "FROM " .$ecs->table('admin_message')." AS a ".
               "LEFT JOIN " .$ecs->table('admin_user')." AS b ON b.user_id = a.sender_id ".
               "WHERE a.message_id = '$msg_id'";
    $msg_val = $db->getRow($sql);

    $smarty->assign('ur_here',     $_LANG['reply_msg']);
    $smarty->assign('action_link', array('href' => 'message.php?act=list', 'text' => $_LANG['msg_list']));

    $smarty->assign('action',      'reply');
    $smarty->assign('form_act',    're_msg');
    $smarty->assign('msg_val',     $msg_val);

    assign_query_info();
    $smarty->display('message_info.htm');
}

/*------------------------------------------------------ */
//--留言回复的处理
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 're_msg')
{
    $sql = "INSERT INTO " .$ecs->table('admin_message'). " (sender_id, receiver_id, sent_time, ".
                "read_time, readed, deleted, title, message) ".
           "VALUES ('".$_SESSION['admin_id']."', '$_POST[receiver_id]', '" . gmtime() . "', ".
                "0, '0', '0', '$_POST[title]', '$_POST[message]')";
    $db->query($sql);

    $link[0]['text'] = $_LANG['back_list'];
    $link[0]['href'] = 'message.php?act=list';

    sys_msg($_LANG['send_msg'] . ' ' . $_LANG['action_succeed'],0, $link);

    /* 记录管理员操作 */
    admin_log(addslashes($_LANG['send_msg']), 'add', 'admin_message');
}

/*------------------------------------------------------ */
//-- 批量删除留言记录
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'drop_msg')
{
    if (isset($_POST['checkboxes']))
    {
        $count = 0;
        foreach ($_POST['checkboxes'] AS $key => $id)
        {
            $sql = "UPDATE " .$ecs->table('admin_message'). " SET ".
                   "deleted = '1'".
                   "WHERE message_id = '$id' AND (sender_id='$_SESSION[admin_id]' OR receiver_id='$_SESSION[admin_id]')";
            $db->query($sql);

            $count++;
        }

        admin_log('', 'remove', 'admin_message');
        $link[] = array('text' => $_LANG['back_list'], 'href' => 'message.php?act=list');
        sys_msg(sprintf($_LANG['batch_drop_success'], $count), 0, $link);
    }
    else
    {
        sys_msg($_LANG['no_select_msg'], 1);
    }
}

/*------------------------------------------------------ */
//-- 删除留言
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'remove')
{
    $id = intval($_GET['id']);

    $sql = "UPDATE ".$ecs->table('admin_message')." SET deleted=1 ".
            " WHERE message_id=$id AND (sender_id='$_SESSION[admin_id]' OR receiver_id='$_SESSION[admin_id]')";
    $db->query($sql);

    $url = 'message.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']);

    ecs_header("Location: $url\n");
    exit;
}

/**
 *  获取管理员留言列表
 *
 * @return void
 */
function get_message_list()
{
    /* 查询条件 */
    $filter['sort_by']    = empty($_REQUEST['sort_by'])    ? 'sent_time' : trim($_REQUEST['sort_by']);
    $filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']);
    $filter['msg_type']   = empty($_REQUEST['msg_type'])   ? 0 : intval($_REQUEST['msg_type']);

    /* 查询条件 */
    switch ($filter['msg_type'])
    {
        case 1:
            $where = " a.receiver_id='" .$_SESSION['admin_id']. "'";
            break;
        case 2:
           $where = " a.sender_id='".$_SESSION['admin_id']."' AND a.deleted='0'";
           break;
        case 3:
           $where = " a.readed='0' AND a.receiver_id='".$_SESSION['admin_id']."' AND a.deleted='0'";
           break;
        case 4:
           $where = " a.readed='1' AND a.receiver_id='".$_SESSION['admin_id']."' AND a.deleted='0'";
           break;
        default:
           $where = " (a.receiver_id='".$_SESSION['admin_id']."' OR a.sender_id='" .$_SESSION['admin_id']. "') AND a.deleted='0'";
    }

    $sql = "SELECT COUNT(*) FROM ".$GLOBALS['ecs']->table('admin_message')." AS a WHERE 1 AND ". $where;
    $filter['record_count'] = $GLOBALS['db']->getOne($sql);

    /* 分页大小 */
    $filter = page_and_size($filter);

    $sql = "SELECT a.message_id,a.sender_id,a.receiver_id,a.sent_time,a.read_time,a.deleted,a.title,a.message,b.user_name".
            " FROM ".$GLOBALS['ecs']->table('admin_message')." AS a,".$GLOBALS['ecs']->table('admin_user')." AS b ".
            " WHERE a.sender_id=b.user_id AND $where ".
            " ORDER BY ".$filter['sort_by']." ".$filter['sort_order'].
            " LIMIT ". $filter['start'] .", $filter[page_size]";
    $row = $GLOBALS['db']->getAll($sql);

    foreach ($row AS $key=>$val)
    {
        $row[$key]['sent_time'] = local_date($GLOBALS['_CFG']['time_format'], $val['sent_time']);
        $row[$key]['read_time'] = local_date($GLOBALS['_CFG']['time_format'], $val['read_time']);
    }

    $arr = array('item' => $row, 'filter' => $filter, 'page_count' => $filter['page_count'], 'record_count' => $filter['record_count']);

    return $arr;
}

?>