inc/eventz/send.inc

   1 <?php
   2 /* This program is free software. It comes without any warranty, to
   3  * the extent permitted by applicable law. You can redistribute it
   4  * and/or modify it under the terms of the Do What The Fuck You Want
   5  * To Public License, Version 2, as published by Sam Hocevar. See
   6  * http://sam.zoy.org/wtfpl/COPYING for more details. */
   7
   8         function send() {
   9                 global $db;
  10                 if (empty($_SESSION['user_id']) || empty($_SESSION['user_name'])) {
  11                         global $error;
  12                         $error="user_id or user_name empty. try again or fck.off if u'r hackin";
  13                         return false;
  14                 }
  15
  16                 $user_id=$_SESSION['user_id'];
  17                 $user_name=$_SESSION['user_name'];
  18                 $mail_name=$_POST['mail_to'];
  19                 // 01:07:37 <@stanojr> pyxel: tak fixni sql inject ktory je pri posielani posty konkretne meno uzivatela //
  20                 $mail_name=mysql_escape_string($mail_name);
  21                 $mail_to=explode(";",$mail_name);
  22                 $mail_text=$_POST['mail_text'];
  23                 $nohtml=$_POST['nohtml'];
  24
  25         if (count($mail_to)==1) {
  26                 $q="select user_id from users where login='$mail_name'";
  27                         $result=$db->query($q);
  28                         $result->next();
  29                         $to=$result->getRecord();
  30                         $mail_to_id[]=$to['user_id'];
  31         }
  32
  33         elseif (count($mail_to)>1) {
  34                 foreach ($mail_to as $mail_to_exploded) {
  35                         $q="select user_id from users where login='$mail_to_exploded'";
  36                                 $result=$db->query($q);
  37                                 $result->next();
  38                                 $to=$result->getRecord();
  39                                 $mail_to_id[]=$to['user_id'];
  40             }
  41         }
  42
  43
  44                 if (empty($mail_text)) {
  45                         global $error;
  46                         $error="Prilis kratka sprava. Syr vesela krava, student prava a ci dobra trava?";
  47                         return false;
  48                 }
  49
  50                 if ($mail_to_id) {
  51
  52                         $mail_text=nodes::processContent($mail_text);
  53                         global $htmlparse;
  54                         if ($htmlparse) {
  55                                 $error=$htmlparse;
  56                                 return false;
  57                         }
  58                         foreach ($mail_to_id as $mail_to_id_send) {
  59                                 $q="insert into mail set mail_user='$user_id',mail_read='no', mail_from='$user_id',mail_text='$mail_text',mail_to='$mail_to_id_send',mail_timestamp=NOW()";
  60                                 $result=$db->query($q);
  61                                 $duplicate_id=$db->getLastInsertId();
  62                                 $q="insert into mail set mail_duplicate_id='$duplicate_id', mail_read='no',mail_user='$mail_to_id_send',mail_from='$user_id',mail_text='$mail_text', mail_to='$mail_to_id_send',mail_timestamp=NOW()";
  63                                 $result=$db->query($q);
  64                                 $db->query("update users set user_mail=user_mail+1, user_mail_name='$user_name' where user_id='$mail_to_id_send'");
  65                         }
  66                         return true;
  67
  68                 }
  69
  70                 else {
  71                         global $error;
  72                         $error="user $mail_to does not exist";
  73                         return false;
  74                 }
  75         }
  76
  77
  78 ?>