get ( "usergroup" );
if (! $user_group) {
$user_group = array ();
$db->query ( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
while ( $row = $db->get_row () ) {
$user_group[$row['id']] = array ();
foreach ( $row as $key => $value ) {
$user_group[$row['id']][$key] = $value;
}}
$cache->set ( "usergroup", $user_group );
$db->free ();
}
require_once SYSTEM_DIR.'/modules/sitelogin.php';
if (!$is_logged OR $member_id['user_group'] != 1) die ("error");
$startfrom = intval($_POST['startfrom']);
if ($_POST['empfanger'] != "all") $empfanger = intval($_POST['empfanger']);
$type = $_POST['type'];
$a_mail = intval($_POST['a_mail']);
$limit = intval($_POST['limit']);
$step = 0;
$title = convert_unicode($_POST['title'], $config['charset']);
$message = convert_unicode($_POST['message'], $config['charset']);
$find = array ('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/javascript/i' );
$replace = array ("data:", "about:", "vbscript:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript" );
$message = preg_replace( $find, $replace, $message );
$message = preg_replace( "#", "?>", $message );
if (!$title OR !$message OR !$limit) die ("error");
if ($type == "pm") {
$time = time()+($config['date_adjust']*60);
$title = $db->safesql($title);
$message = $db->safesql($message);
if ($empfanger != "all")
$result = $db->query("SELECT user_id, name, fullname FROM " . USERPREFIX . "_users where user_group = '$empfanger' LIMIT ".$startfrom.",".$limit);
else
$result = $db->query("SELECT user_id, name, fullname FROM " . USERPREFIX . "_users LIMIT ".$startfrom.",".$limit);
while($row = $db->get_row($result))
{
if ( $row['fullname'] )
$message_send = str_replace("{%user%}", $row['fullname'], $message);
else
$message_send = str_replace("{%user%}", $row['name'], $message);
$db->query("INSERT INTO " . USERPREFIX . "_pm (subj, text, user, user_from, date, pm_read, folder) values ('$title', '$message_send', '$row[user_id]', '$member_id[name]', '$time', 'no', 'inbox')");
$db->query("UPDATE " . USERPREFIX . "_users set pm_all=pm_all+1, pm_unread=pm_unread+1 where user_id='$row[user_id]'");
$step++;
}
$db->free($result);
}
elseif ($type == "email") {
$message = stripslashes( $message );
$title = stripslashes( $title );
$message = <<{$title}
{$message}
HTML;
include_once SYSTEM_DIR.'/classes/mail.class.php';
$mail = new dle_mail ($config, true);
$where = array();
if ($empfanger != "all") $where[] = "user_group = '{$empfanger}'";
if ($a_mail) $where[] = "allow_mail = '1'";
if (count($where)) $where = " WHERE ".implode (" AND ", $where);
else $where = "";
if ($config['mail_bcc']) {
$limit = $limit * 6;
$i = 0;
$h_mail = array();
$bcc = array();
$db->query("SELECT email FROM " . USERPREFIX . "_users".$where." LIMIT ".$startfrom.",".$limit);
$db->close();
while($row = $db->get_row())
{
if ($i == 0) { $h_mail[$t] = $row['email'];}
else {$bcc[$t][] = $row['email'];}
$i++;
if ($i == 6) {
$i=0;
$t++;
}
$step++;
}
$db->free();
foreach ($h_mail as $key => $email) {
$mail->bcc = $bcc[$key];
$message_send = str_replace("{%user%}", $lang['nl_info_2'], $message);
$mail->send ($email, $title, $message_send);
}
}
else
{
$db->query("SELECT email, name, fullname FROM " . USERPREFIX . "_users".$where." LIMIT ".$startfrom.",".$limit);
$db->close();
while($row = $db->get_row())
{
if ( $row['fullname'] )
$message_send = str_replace("{%user%}", $row['fullname'], $message);
else
$message_send = str_replace("{%user%}", $row['name'], $message);
$mail->send ($row['email'], $title, $message_send);
$step++;
}
$db->free();
}
}
else
{
die ("error");
}
$count = $startfrom + $step;
$buffer = "{\"status\": \"ok\",\"count\": {$count}}";
@header( "Content-type: text/html; charset=" . $config['charset'] );
echo $buffer;
?>