2 /* This program is free software. It comes without any warranty, to
3 * the extent permitted by applicable law. You can redistribute it
4 * and/or modify it under the terms of the Do What The Fuck You Want
5 * To Public License, Version 2, as published by Sam Hocevar. See
6 * http://sam.zoy.org/wtfpl/COPYING for more details. */
10 if (empty($_SESSION['user_id']) || empty($_SESSION['user_name'])) {
12 $error="user_id or user_name empty. try again or fck.off if u'r hackin";
16 $user_id=$_SESSION['user_id'];
17 $user_name=$_SESSION['user_name'];
18 $mail_name=$_POST['mail_to'];
19 // 01:07:37 <@stanojr> pyxel: tak fixni sql inject ktory je pri posielani posty konkretne meno uzivatela //
20 $mail_name=mysql_escape_string($mail_name);
21 $mail_to=explode(";",$mail_name);
22 $mail_text=$_POST['mail_text'];
23 $nohtml=$_POST['nohtml'];
25 if (count($mail_to)==1) {
26 $q="select user_id from users where login='$mail_name'";
27 $result=$db->query($q);
29 $to=$result->getRecord();
30 $mail_to_id[]=$to['user_id'];
33 elseif (count($mail_to)>1) {
34 foreach ($mail_to as $mail_to_exploded) {
35 $q="select user_id from users where login='$mail_to_exploded'";
36 $result=$db->query($q);
38 $to=$result->getRecord();
39 $mail_to_id[]=$to['user_id'];
44 if (empty($mail_text)) {
46 $error="Prilis kratka sprava. Syr vesela krava, student prava a ci dobra trava?";
52 $mail_text=nodes::processContent($mail_text);
58 foreach ($mail_to_id as $mail_to_id_send) {
59 $q="insert into mail set mail_user='$user_id',mail_read='no', mail_from='$user_id',mail_text='$mail_text',mail_to='$mail_to_id_send',mail_timestamp=NOW()";
60 $result=$db->query($q);
61 $duplicate_id=$db->getLastInsertId();
62 $q="insert into mail set mail_duplicate_id='$duplicate_id', mail_read='no',mail_user='$mail_to_id_send',mail_from='$user_id',mail_text='$mail_text', mail_to='$mail_to_id_send',mail_timestamp=NOW()";
63 $result=$db->query($q);
64 $db->query("update users set user_mail=user_mail+1, user_mail_name='$user_name' where user_id='$mail_to_id_send'");
72 $error="user $mail_to does not exist";