2007-10-27 10:00:00 +00:00
< ? php
session_start ();
$id = $_SESSION [ 'id' ];
$galaxy = $_SESSION [ 'galaxy' ];
$ss = $_SESSION [ 'ss' ];
$pos = $_SESSION [ 'pos' ];
2007-11-20 11:00:00 +00:00
require_once '../securite.php' ;
2007-10-27 10:00:00 +00:00
2007-11-20 11:00:00 +00:00
require ( '../connectBDD.php' );
2007-10-27 10:00:00 +00:00
$x = mysql_query ( " SELECT * FROM user WHERE id=' $id ' " );
$donnees = mysql_fetch_array ( $x );
$race = $donnees [ 'race' ];
$pseudodes = $donnees [ 'pseudo' ];
$temps = time ();
2007-11-20 11:00:00 +00:00
if ( isset ( $_POST [ 'message_destinataire' ]) && $_POST [ 'message_destinataire' ] != '' ) {
$resultat = mysql_query ( " SELECT pseudo FROM user WHERE pseudo=' " . mysql_real_escape_string ( $_POST [ 'message_destinataire' ]) . " ' " ); // on v<> rifie l'existance
2007-10-27 10:00:00 +00:00
if ( mysql_num_rows ( $resultat ) >= 1 ) { // si c'est bon on passe a la suite
if ( isset ( $_POST [ 'sujet_message' ]) && $_POST [ 'sujet_message' ] != '' ) {
2007-11-20 11:00:00 +00:00
$message_destinataire = mysql_real_escape_string ( htmlspecialchars ( $_POST [ 'message_destinataire' ]));
$sujet_message = mysql_real_escape_string ( htmlspecialchars ( $_POST [ 'sujet_message' ]));
$message = mysql_real_escape_string ( htmlspecialchars ( $_POST [ 'message' ]));
2007-10-27 10:00:00 +00:00
mysql_query ( " INSERT INTO mail VALUES('', '1', ' $message_destinataire ', ' $pseudodes ', ' $sujet_message ', ' $message ', ' $temps ') " ) or die ( " erreur sql " . mysql_error ());
}
2007-11-20 11:00:00 +00:00
else {
header ( " Location: envoyer_message.php?err=3 " );
exit ;
}
}
else {
header ( " Location: envoyer_message.php?err=2 " );
exit ;
2007-10-27 10:00:00 +00:00
}
}
2007-11-20 11:00:00 +00:00
else {
header ( " Location: envoyer_message.php?err=4 " );
exit ;
}
2007-10-27 10:00:00 +00:00
mysql_close ();
@ header ( " Location: envoyer_message.php?ok=1 " );
?>
