0)) exit; mysql_query("UPDATE `[users]` SET `online`=NOW() WHERE `login`='".$data['login']."'"); ?> Mafiaplace - Mihran \n"; if(isset($_POST['message'])) { $dbres = mysql_query("SELECT * FROM `[temp]` WHERE `id`='{$_POST['id']}' AND `code`='{$_POST['code']}' AND `area`='message'"); if(($check = mysql_fetch_object($dbres)) && $check->IP == $clientIP) { $dbres = mysql_query("SELECT `login` FROM `[users]` WHERE `Mobieltje`=1"); while($member = mysql_fetch_object($dbres)) { $_POST['subject'] = htmlspecialchars($_POST['subject'], ENT_QUOTES); $_POST['message'] = htmlspecialchars($_POST['message'], ENT_QUOTES); mysql_query("INSERT INTO `[messages]`(`time`,`IP`,`from`,`to`,`subject`,`message`) values(NOW(),'{$_SERVER['REMOTE_ADDR']}','Democrazia Staff','{$member->login}','{$_POST['subject']}','{$_POST['message']}')"); mysql_query("DELETE FROM `[temp]` WHERE `id`='{$_POST['id']}' AND `code`='{$_POST['code']}' AND `area`='message'"); } } print " \n"; } $code = rand(100000,999999); mysql_query("INSERT INTO `[temp]`(login,IP,code,area,time) values('{$data['login']}','$clientIP','$code','message',NOW())"); $id = mysql_insert_id(); print <<
Admin - Mass Message
Bericht verzonden
ENDHTML; } else if($_GET['p'] == "adminmsg") { print " \n"; if(isset($_POST['to'],$_POST['message'])) { $dbres = mysql_query("SELECT * FROM `[temp]` WHERE `id`='{$_POST['id']}' AND `code`='{$_POST['code']}' AND `area`='message'"); if(($check = mysql_fetch_object($dbres)) && $check->IP == $clientIP) { $dbres = mysql_query("SELECT `login`,`Mobieltje` FROM `[users]` WHERE `login`='{$_POST['to']}'"); $info = mysql_fetch_object($dbres); if($info == false) print " \n"; else if($info->Mobieltje == 0) print " \n"; else { $_POST['subject'] = htmlspecialchars($_POST['subject'], ENT_QUOTES); $_POST['message'] = htmlspecialchars($_POST['message'], ENT_QUOTES); mysql_query("INSERT INTO `[messages]`(`time`,`IP`,`from`,`to`,`subject`,`message`) values(NOW(),'{$_SERVER['REMOTE_ADDR']}','Administratie','{$info->login}','{$_POST['subject']}','{$_POST['message']}')"); mysql_query("DELETE FROM `[temp]` WHERE `id`='{$_POST['id']}' AND `code`='{$_POST['code']}' AND `area`='message'"); print " \n"; } } } $code = rand(100000,999999); mysql_query("INSERT INTO `[temp]`(login,IP,code,area,time) values('{$data['login']}','$clientIP','$code','message',NOW())"); $id = mysql_insert_id(); print <<
Van: mafiaplace
Onderwerp:
Bericht:
Admin - Message
'{$_POST['to']}' bestaat niet
{$info->login} heeft geen mobiel
Bericht verzonden
ENDHTML; } else if($_GET['p'] == "massemail") { print " \n"; if(isset($_POST['message'])) { $dbres = mysql_query("SELECT * FROM `[temp]` WHERE `id`='{$_POST['id']}' AND `code`='{$_POST['code']}' AND `area`='message'"); if(($check = mysql_fetch_object($dbres)) && $check->IP == $clientIP) { $dbres = mysql_query("SELECT `email` FROM `[users]` WHERE `activated`=1"); while($member = mysql_fetch_object($dbres)) { $bericht = $_POST['message']; $bericht = "".$bericht.""; $headers = "From: mihran.doebie.com \r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; mail($member->email, $_POST['subject'], $bericht, $headers); mysql_query("DELETE FROM `[temp]` WHERE `id`='{$_POST['id']}' AND `code`='{$_POST['code']}' AND `area`='message'"); } } print " \n"; } $code = rand(100000,999999); mysql_query("INSERT INTO `[temp]`(login,IP,code,area,time) values('{$data['login']}','$clientIP','$code','message',NOW())"); $id = mysql_insert_id(); print <<
Van: Mafiaplace
Naar:
Onderwerp:
Bericht:
Admin - Mass Email
Bericht verzonden
ENDHTML; } ?>
Van: Mafiaplace
Onderwerp:
Bericht: