X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=inc%2Feventz%2Fsend.inc;h=9e6959d73dc878f9ae86462fe0674ad79526c7ea;hb=673e23209e2e3b9782c037e70156a1a20154a5b9;hp=4782b45b52eb5b65a54d0531d7554c5cdf934e4e;hpb=e586807dafc64c3fe152ab518599e6cf3f0f84e1;p=mirrors%2FKyberia-bloodline.git diff --git a/inc/eventz/send.inc b/inc/eventz/send.inc index 4782b45..9e6959d 100644 --- a/inc/eventz/send.inc +++ b/inc/eventz/send.inc @@ -1,33 +1,44 @@ pyxel: tak fixni sql inject ktory je pri posielani posty konkretne meno uzivatela // - $mail_name=mysql_escape_string($mail_name); + if (!$mail_name) { + global $error; + $error="Posta sa len tak nikomu neposiela.Co takto zadat aspon adresata??hm??"; + return false;} $mail_to=explode(";",$mail_name); $mail_text=$_POST['mail_text']; $nohtml=$_POST['nohtml']; if (count($mail_to)==1) { - $q="select user_id from users where login='$mail_name'"; + $q="select user_id from users where login='".$mail_name."'"; $result=$db->query($q); $result->next(); $to=$result->getRecord(); - $mail_to_id[]=$to['user_id']; + if (!$to['user_id']) { + global $error; + $error="Dana osobka ktorej by si chcel poslat spravicku si bud zmenila nick alebo robis preklepy."; + return false; + } + // fuck off toth + elseif ($user_id == 1859269 && $to['user_id'] == 2334) { + global $error; + $error = 'fuck you!'; + return false; + } + else { + $mail_to_id[]=$to['user_id']; + } } elseif (count($mail_to)>1) { @@ -36,34 +47,49 @@ $result=$db->query($q); $result->next(); $to=$result->getRecord(); - $mail_to_id[]=$to['user_id']; + if (!$to['user_id']) { + global $error; + $error="Pravdepodobne si osobka $mail_to_exploded zmenila nick alebo mas niekde preklep. Skus to opravit a potom try again:-]"; + return false; } + // fuck off toth + elseif ($user_id == 1859269 && $to['user_id'] == 2334) { + global $error; + $error = 'fuck you!'; + return false; + } + else {$mail_to_id[]=$to['user_id'];} } } - if (empty($mail_text)) { global $error; - $error="Prilis kratka sprava. Syr vesela krava, student prava a ci dobra trava?"; - return false; + $error="Prilis kratka sprava. Syr vesela krava, student prava a ci +dobra trava?"; +return false; } if ($mail_to_id) { $mail_text=nodes::processContent($mail_text); - global $htmlparse; - if ($htmlparse) { - $error=$htmlparse; - return false; - } - foreach ($mail_to_id as $mail_to_id_send) { - $q="insert into mail set mail_user='$user_id',mail_read='no', mail_from='$user_id',mail_text='$mail_text',mail_to='$mail_to_id_send',mail_timestamp=NOW()"; - $result=$db->query($q); - $duplicate_id=$db->getLastInsertId(); - $q="insert into mail set mail_duplicate_id='$duplicate_id', mail_read='no',mail_user='$mail_to_id_send',mail_from='$user_id',mail_text='$mail_text', mail_to='$mail_to_id_send',mail_timestamp=NOW()"; - $result=$db->query($q); - $db->query("update users set user_mail=user_mail+1, user_mail_name='$user_name' where user_id='$mail_to_id_send'"); - } - return true; +global $htmlparse; +if ($htmlparse) { +$error=$htmlparse; +return false; +} +foreach ($mail_to_id as $mail_to_id_send) { + $q="insert into mail set +mail_user='$user_id',mail_read='no', +mail_from='$user_id',mail_text='$mail_text',mail_to='$mail_to_id_send',mail_timestamp=NOW()"; + $result=$db->query($q); + $duplicate_id=$db->getLastInsertId(); + $q="insert into mail set mail_duplicate_id='$duplicate_id', +mail_read='no',mail_user='$mail_to_id_send',mail_from='$user_id',mail_text='$mail_text', +mail_to='$mail_to_id_send',mail_timestamp=NOW()"; + $result=$db->query($q); + $db->query("update users set user_mail=user_mail+1, +user_mail_name='$user_name', user_mail_id = '".mysql_real_escape_string($_SESSION['user_id'])."' where user_id='$mail_to_id_send'"); + } + return true; } @@ -75,4 +101,4 @@ } -?> +?> \ No newline at end of file