safesql( strip_tags( $_POST['name'] ) );
$not_allow_symbol = array ("\x22", "\x60", "\t", '\n', '\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'" );
$email = $db->safesql(trim( str_replace( $not_allow_symbol, '', strip_tags( stripslashes( $_POST['email'] ) ) ) ) );
$db->query( "SELECT name from " . USERPREFIX . "_users where LOWER(name) = '" . strtolower( $name ) . "' OR LOWER(email) = '" . strtolower( $email ) . "'" );
if( $db->num_rows() > 0 ) {$stop = $lang['news_err_7'];}
$name = strip_tags( stripslashes( $_POST['name'] ) );
}
$subject = strip_tags( stripslashes( $_POST['subject'] ) );
$message = stripslashes( $_POST['message'] );
$recip = intval( $_POST['recip'] );
if( !$user_group[$member_id['user_group']]['allow_feed'] ) {$recipient = $db->super_query( "SELECT name, email, fullname FROM " . USERPREFIX . "_users WHERE user_id='" . $recip . "' AND user_group = '1'" );
} else {$recipient = $db->super_query( "SELECT name, email, fullname FROM " . USERPREFIX . "_users WHERE user_id='" . $recip . "' AND allow_mail = '1'" );}
if( empty( $recipient['fullname'] ) ) $recipient['fullname'] = $recipient['name'];
if (!$recipient['name']) $stop .= $lang['feed_err_8'];
if( empty( $name ) OR strlen( $name ) > 100 ) {$stop .= $lang['feed_err_1'];}
if( empty( $email ) OR strlen($email) > 50 OR @count(explode("@", $email)) != 2) {$stop .= $lang['feed_err_2'];}
if( empty( $subject ) OR strlen($subject) > 200 ) {$stop .= $lang['feed_err_4'];}
if( empty( $message ) OR strlen($message) > 20000 ) {$stop .= $lang['feed_err_5'];}
if( $_POST['sec_code'] != $_SESSION['sec_code_session'] OR ! $_SESSION['sec_code_session'] ) {$stop .= $lang['reg_err_19'];}
$_SESSION['sec_code_session'] = false;
if( $stop ) {msgbox( $lang['all_err_1'], "$stop
$lang[all_prev]" );
} else {
include_once SYSTEM_DIR . '/classes/mail.class.php';
$mail = new dle_mail( $config );
$row = $db->super_query( "SELECT template FROM " . PREFIX . "_email where name='feed_mail' LIMIT 0,1" );
$row['template'] = stripslashes( $row['template'] );
$row['template'] = str_replace( "{%username_to%}", $recipient['fullname'], $row['template'] );
$row['template'] = str_replace( "{%username_from%}", $name, $row['template'] );
$row['template'] = str_replace( "{%text%}", $message, $row['template'] );
$row['template'] = str_replace( "{%ip%}", $_SERVER['REMOTE_ADDR'], $row['template'] );
$mail->from = $email;
$mail->send( $recipient['email'], $subject, $row['template'] );
if( $mail->send_error ) msgbox( $lang['all_info'], $mail->smtp_msg );
else msgbox( $lang['feed_ok_1'], "$lang[feed_ok_2] " . $recipient['name'] . " $lang[feed_ok_3] $lang[feed_ok_4]" );
}} else {
if( ! $user_group[$member_id['user_group']]['allow_feed'] ) {
$group = 2;
$user = false;
if ($_GET['user']) {
$lang['feed_error'] = str_replace( '{group}', $user_group[$member_id['user_group']]['group_name'], $lang['feed_error'] );
msgbox( $lang['all_info'], $lang['feed_error'] );
}} else {
$user = intval( $_GET['user'] );
$group = 3;
}
if( ! $user ) $db->query( "SELECT name, user_group, user_id FROM " . USERPREFIX . "_users WHERE user_group < '$group' AND allow_mail = '1' ORDER BY user_group" );
else $db->query( "SELECT name, user_group, user_id FROM " . USERPREFIX . "_users WHERE user_id = '$user' AND allow_mail = '1'" );
if( $db->num_rows() ) {
$empf = "";
$db->free();
$tpl->load_template( 'feedback.tpl' );
$path = parse_url( $config['http_home_url'] );
$tpl->set( '{recipient}', $empf );
$tpl->set( '{code}', "![\"{$lang['sec_image']}\"](\"")
" );
if( ! $is_logged ) {
$tpl->set( '[not-logged]', "" );
$tpl->set( '[/not-logged]', "" );
} else
$tpl->set_block( "'\\[not-logged\\](.*?)\\[/not-logged\\]'si", "" );
$tpl->copy_template = "";
$tpl->copy_template .= <<
HTML;
$tpl->compile( 'content' );
$tpl->clear();
} else {
msgbox( $lang['all_err_1'], $lang['feed_err_7'] );
}
}
?>