<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>多用户留言系统--写短信</title> <?php require ROOT_PATH.'includes/title.inc.php'; ?> <script type="text/javascript" src="js/code.js"></script> <script type="text/javascript" src="js/message.js"></script> </head> <body> <div id="message"> <h3>写短信</h3> <form method="post" action="?action=write"> <input type="hidden" name="touser" value="<?php echo $_html['touser']?>" /> <dl> <dd><input type="text" value="TO:<?php echo $_html['touser']?>" class="text" /></dd> <dd><textarea name="content"></textarea></dd> <dd>验 证 码:<input type="text" name="code" class="text yzm" /> <img src="code.php" id="code" /> <input type="submit" class="submit" value="发送短信" /></dd> </dl> </form> </div> </body> </html>
模版页面中的内容
<?php session_start(); //定义个常量,用来授权调用includes里面的文件 define('IN_TG',true); //定义个常量,用来指定本页的内容 define('SCRIPT','message'); //引入公共文件 require dirname(__FILE__).'/includes/common.inc.php'; //判断是否登录了 if (!isset($_COOKIE['username'])) { _alert_close('请先登录!'); } //写短信 if($_GET['action']=='write'){ //为了防止恶意注册,跨站攻击 _check_code($_POST['code'],$_SESSION['code']); if(!!$_rows = _fetch_array("SELECT tg_uniqid FROM tg_user WHERE tg_username='{$_COOKIE['username']}' LIMIT 1")){ //唯一标示符 _uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']); include ROOT_PATH.'includes/register.func.php'; //接收 $_clean=array(); $_clean['touser']=$_POST['touser']; $_clean['fromuser']=$_COOKIE['username']; $_clean['content']=_check_content($_POST['content']); //print_r($_clean); $_clean=_mysql_string($_clean); //写入数据库 _query("INSERT INTO tg_message( tg_touser, tg_fromuser, tg_content, tg_date ) VALUES ( '{$_clean['touser']}', '{$_clean['fromuser']}', '{$_clean['content']}', NOW() ) )"); //新增成功 if(_affected_rows()==1){ _close(); _session_destroy(); _alert_back("短信发送成功"); }else{ _close(); _session_destroy(); _alert_back("短信发送失败"); } }else{ _alert_close("非法登录"); } } //获取数据 if (isset($_GET['id'])) { if (!!$_rows = _fetch_array("SELECT tg_username FROM tg_user WHERE tg_id='{$_GET['id']}' LIMIT 1")) { $_html = array(); $_html['touser'] = $_rows['tg_username']; $_html = _html($_html); } else { _alert_close('不存在此用户!'); } } else { _alert_close('非法操作!'); } ?>
显示的相关操作(数据库自己去创建)
相关修改的参数,在全局环境变量中(globals)和register.fnc.php
function _mysql_string($_string) { if(!GPC){ //return mysql_real_escape_string($_string); if(is_array($_string)){ foreach ($_string as $_key=>$_value){ $_string[$_key]=_mysql_string($_value); } }else{ return mysql_real_escape_string($_string); } } return $_string; } function _check_content($_string){ if(mb_strlen($_string,'Utf-8')<10||mb_strlen($_string,'Utf-8')>200){ _alert_back("短信内容不得小于10位,或大于200个数"); } return $_string; }
相关的JS
window.onload=function(){ code(); var fm=document.getElementsByTagName('form')[0]; fm.onsubmit=function(){ //验证码验证 if(fm.code.value.length!=4){ alert("验证码必须是4位"); fm.code.focus(); return false; } if(fm.content.value.length<10||fm.content.value.length>200){ alert("短信内容不得小于10,大于200!"); fm.content.focus(); return false; } }; };