<?php
session_start();

$id=$_SESSION['id'];
$galaxy=$_SESSION['galaxy'];
$ss=$_SESSION['ss'];
$pos=$_SESSION['pos'];
require_once '../securite.php';

require('../connectBDD.php');

$x = mysql_query("SELECT * FROM user WHERE id='$id'");
$donnees = mysql_fetch_array($x);

$race = $donnees['race'];
$pseudodes = $donnees['pseudo'];
$temps = time();

	if (isset($_POST['message_destinataire']) && $_POST['message_destinataire'] != '') {
		$resultat = mysql_query("SELECT pseudo FROM user WHERE pseudo='".mysql_real_escape_string($_POST['message_destinataire'])."'"); // on vérifie l'existance
		if(mysql_num_rows($resultat)>=1) { // si c'est bon on passe a la suite
			if (isset($_POST['sujet_message']) && $_POST['sujet_message'] !='' ) {
				$message_destinataire = mysql_real_escape_string(htmlspecialchars($_POST['message_destinataire']));
				$sujet_message = mysql_real_escape_string(htmlspecialchars($_POST['sujet_message']));
				$message = mysql_real_escape_string(htmlspecialchars($_POST['message']));
				mysql_query("INSERT INTO mail VALUES('', '1', '$message_destinataire', '$pseudodes', '$sujet_message', '$message', '$temps')") or die ("erreur sql ".mysql_error());
			}
			else {
				header("Location: envoyer_message.php?err=3");
				exit;
			}
		}
		else {
			header("Location: envoyer_message.php?err=2");
			exit;
		}
	}
	else {
		header("Location: envoyer_message.php?err=4");
		exit;
	}
mysql_close();
@header("Location: envoyer_message.php?ok=1");
?>