function write_req($_POST) { global $_SESSION; # get vars foreach ($_POST as $key => $value) { ${$key} = $value; } $user = $_SESSION["USER_NAME"]; # validate input require_lib("validate"); $v = new validate(); if (!isset($to)) { $v->addError("", "No user specified"); } else { foreach ($to as $arr => $arrval) { $v->isOk($arrval, "string", 1, 200, "Invalid recipient: {$arrval}"); } } $v->isOk($des, "string", 1, 200, "Invalid description."); $v->isOk($user, "string", 1, 200, "Invalid user."); # display errors, if any if ($v->isError()) { $confirmCust = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $confirmCust .= "<li class=err>" . $e["msg"]; } return "{$confirmCust}</li></li>" . get_req(); } $id += 0; $date = date("Y-m-d"); $time = date("H:i:s"); db_conn('cubit'); if (in_array("_ALL_", $to)) { $to = ""; $rslt = db_exec("SELECT username FROM users"); // if users found if (pg_num_rows($rslt) > 0) { while ($row = pg_fetch_array($rslt)) { $to[] = $row["username"]; } } } # write to db // create the list of users the messages should get sent to $msg_results = ""; foreach ($to as $arr => $arrval) { db_conn('cubit'); $Sql = "INSERT INTO req (sender, recipient, message, timesent, viewed)\r\n\t\t\tVALUES ('{$user}','{$arrval}','{$des}',CURRENT_TIMESTAMP, 0)"; $Rslt = db_exec($Sql) or errDie("Unable to add to database.", SELF); if (pg_cmdtuples($Rslt) < 1) { return "Unable to access database."; } else { // if it isn't noticed that person has new messages, notify him $rslt = db_exec("SELECT * from req_new WHERE for_user='******' "); if (pg_num_rows($rslt) == 0) { db_exec("INSERT INTO req_new VALUES('{$arrval}')"); } $msg_results .= "<tr class=datacell><td>Your message has been sent to {$arrval}</td></tr>"; } db_conn('crm'); $Sl = "INSERT INTO token_actions (token,action,donedate,donetime,doneby,donebyid)\r\n\t\tVALUES ('{$id}','Sent message to {$arrval}','{$date}','{$time}','" . USER_NAME . "','" . USER_ID . "')"; $Ry = db_exec($Sl) or errDie("Unable to insert query action."); } $OUTPUT .= "<script> window.opener.parent.mainframe.location.reload(); window.close(); </script>"; return $OUTPUT; $write_req = "\r\n\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width='50%'>\r\n\t<tr><th>Message proccessed</th></tr>\r\n\t{$msg_results}\r\n\t</table>"; return $write_req; }
function write_req($_POST) { global $_SESSION; # get vars extract($_POST); $user = $_SESSION["USER_NAME"]; # validate input require_lib("validate"); $v = new validate(); if (!isset($to)) { $v->addError("", "No user specified"); } else { foreach ($to as $arr => $arrval) { $v->isOk($arrval, "string", 1, 200, "Invalid recipient: {$arrval}"); } } // $v->isOk ($des,"string", 1,200, "Invalid message."); $v->isOk($des, "text", 1, 200, "Invalid message."); $v->isOk($user, "string", 1, 200, "Invalid user."); # display errors, if any if ($v->isError()) { $confirmCust = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $confirmCust .= "<li class='err'>" . $e["msg"] . "</li>"; } return $confirmCust . get_req(); } db_conn('cubit'); // if should send to all, clear the $to list, and add all users // it is cleared just incase sum1 selected All option together with another one // since this could cause the same message sent to the same users twice!!!! if (in_array("_ALL_", $to)) { $to = ""; $rslt = db_exec("SELECT username FROM users"); // if users found if (pg_num_rows($rslt) > 0) { while ($row = pg_fetch_array($rslt)) { $to[] = $row["username"]; } } } # write to db // create the list of users the messages should get sent to $msg_results = ""; foreach ($to as $arr => $arrval) { $Sql = "\n\t\t\tINSERT INTO req (\n\t\t\t\tsender, recipient, message, timesent, viewed\n\t\t\t) VALUES (\n\t\t\t\t'{$user}', '{$arrval}', '{$des}', CURRENT_TIMESTAMP, 0\n\t\t\t)"; $Rslt = db_exec($Sql) or errDie("Unable to add to database.", SELF); if (pg_cmdtuples($Rslt) < 1) { return "Unable to access database."; } else { // if it isn't noticed that person has new messages, notify him $rslt = db_exec("SELECT * from req_new WHERE for_user='******' "); if (pg_num_rows($rslt) == 0) { db_exec("INSERT INTO req_new VALUES('{$arrval}')"); } $msg_results .= "<tr class='datacell'><td>Your message has been sent to {$arrval}</td></tr>"; } } $write_req = "\n\t\t<table cellpadding='2' cellspacing='0' class='shtable'>\n\t\t\t<tr>\n\t\t\t\t<th>Message proccessed</th>\n\t\t\t</tr>\n\t\t\t<tr class='even'>\n\t\t\t\t<td>{$msg_results}</td>\n\t\t\t</tr>\n\t\t</table>\n\t\t<p>\n\t\t<table cellpadding='2' cellspacing='0' class='shtable'>\n\t\t\t<tr>\n\t\t\t\t<th>Quick Links</th>\n\t\t\t</tr>\n\t\t\t<tr class='odd'>\n\t\t\t\t<td><a href='" . SELF . "'>Send another message</a></td>\n\t\t\t</tr>\n\t\t\t<tr class='odd'>\n\t\t\t\t<td><a href='view_req.php'>View Messages</a></td>\n\t\t\t</tr>\n\t\t</table>"; return $write_req; }
<?php include 'PolicyManage/Public.php'; $arr_req = get_req(); if (!array_key_exists("Action", $arr_req) || $arr_req["Action"] != "Login") { echo "1|错误号:20001,no action!"; } else { #req: Action=Login&Account=ggg&Password=jj&Remember=1&_= #rsp: 1|错误号:20005,登录名不存在或密码错误!。 # if ($_SESSION["user_name"]) { echo "1|OK"; #header("Location:NewMain.php"); } else { if (!array_key_exists("Account", $arr_req) || !array_key_exists("Password", $arr_req)) { echo "1|错误号:20002,没有登录名或密码!"; exit; } $mysqli = sql_connect(); $sql = "select u.id id, user, company_id, comname from user u left join company c on u.company_id=c.id where u.user='******' and u.password='******'"; $result = $mysqli->query("{$sql}"); if (!$result) { echo "1|错误号:20003,系统异常!"; exit; } if ($row = $result->fetch_array()) { $_SESSION["user_id"] = $row["id"]; $_SESSION["user_name"] = $row["user"]; #$_SESSION["company_id"] = $row["company_id"]; $_SESSION["user_company"] = $row["comname"]; #echo $_SESSION["user_id"]." j: ".$_SESSION["user_name"]." ".$_SESSION["user_company"];
function get_req($id, $level = 1, $end = false) { global $requeriments, $lang, $user, $planetrow, $resource; $get_req = ''; if (is_array($requeriments[$id])) { $n = 0; $t = sizeof($requeriments[$id]); foreach ($requeriments[$id] as $id1 => $level1) { $n++; if (!$end) { $get_req .= "<div style=\"background-image:url('./img/techtree/tree_miss.png');width:" . ($level - 1) * 32 . "px;height:19px;left:0px;position:absolute;\"></div>\n"; } else { $get_req .= "<div style=\"width:" . ($level - 1) * 32 . "px;height:19px;left:0px;position:absolute;\"></div>\n"; } if ($n == $t) { $get_req .= "<div style=\"background-image:url('./img/techtree/tree_bot.png');width:32px;height:19px;left:" . ($level - 1) * 32 . "px;position:absolute;\"></div>\n"; $end = true; } else { $get_req .= "<div style=\"background-image:url('./img/techtree/tree_branch.png');width:32px;height:19px;left:" . ($level - 1) * 32 . "px;position:absolute;\"></div>\n"; } if ($user[$resource[$id1]] > 0) { $clevel = $user[$resource[$id1]] * 1; } else { $clevel = $planetrow[$resource[$id1]] * 1; } $get_req .= "<div style=\"background:none;width:auto;height:19px;left:" . $level * 32 . "px;position:absolute;\">"; $get_req .= colourNumber(1 + $clevel - $level1, $clevel . " / " . $level1 . " - " . $lang['tech'][$id1]); $get_req .= "</div><br />\n"; $get_req .= "\n\n"; $get_req .= get_req($id1, $level + 1, $end); } } return $get_req; }