return false;
}
- $user_id=mysql_real_escape_string($_SESSION['user_id']);
- $user_name=mysql_real_escape_string($_SESSION['user_name']);
- $mail_name=mysql_real_escape_string($_POST['mail_to']);
+ $user_id=db_escape_string($_SESSION['user_id']);
+ $user_name=db_escape_string($_SESSION['user_name']);
+ $mail_name=db_escape_string($_POST['mail_to']);
if (!$mail_name) {
global $error;
$error="Dana osobka ktorej by si chcel poslat spravicku si bud zmenila nick alebo robis preklepy.";
return false;
}
- // fuck off toth
+ /* // fuck off toth
elseif ($user_id == 1859269 && $to['user_id'] == 2334) {
global $error;
$error = 'fuck you!';
return false;
- }
+ } */
else {
$mail_to_id[]=$to['user_id'];
}
global $error;
$error="Pravdepodobne si osobka $mail_to_exploded zmenila nick alebo mas niekde preklep. Skus to opravit a potom try again:-]";
return false; }
- // fuck off toth
+ /* // fuck off toth
elseif ($user_id == 1859269 && $to['user_id'] == 2334) {
global $error;
$error = 'fuck you!';
return false;
- }
+ } */
else {$mail_to_id[]=$to['user_id'];}
}
}
if ($mail_to_id) {
- $mail_text=nodes::processContent($mail_text);
+ $mail_text=db_escape_string(nodes::processContent($mail_text));
global $htmlparse;
if ($htmlparse) {
$error=$htmlparse;
$q="insert into mail set mail_duplicate_id='$duplicate_id',
mail_read='no',mail_user='$mail_to_id_send',mail_from='$user_id',mail_text='$mail_text',
mail_to='$mail_to_id_send',mail_timestamp=NOW()";
- $result=$db->query($q);
- $db->query("update users set user_mail=user_mail+1,
-user_mail_name='$user_name', user_mail_id = '".mysql_real_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'");
+ $result=$db->query($q);
+ $db->query("update users set user_mail=user_mail+1,".
+ //"user_mail_name='$user_name',". //Not in DB yet!
+ "user_mail_id='".db_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'");
}
return true;
}
-?>
\ No newline at end of file
+?>
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blobdiff