Example #1
0
function submitMessage()
{
    global $db, $game;
    if (empty($_POST['text']) || empty($_POST['receiver'])) {
        $game->out('<p><span class="sub_caption">' . constant($game->sprache("TEXT37")) . '</span></p>');
        newMessage();
    } else {
        if (empty($_POST['subject'])) {
            $_POST['subject'] = '...';
        }
        // Send to multiple recipients?
        if (strstr($_POST['receiver'], ';')) {
            $result = $db->query('UPDATE user SET user_message_sig="' . htmlspecialchars($_POST['message_sig']) . '" WHERE user_id=' . $game->player['user_id']);
            $game->player['user_message_sig'] = htmlspecialchars($_POST['message_sig']);
            if ($result == false) {
                message(DATABASE_ERROR, 'message_query: Could not call update user sig');
                exit;
            }
            $recv_list = explode(";", str_replace(' ', '', $_POST['receiver']));
            //echo $_POST['receiver'].'<br><br>';
            //print_r($recv_list);
            $num = 0;
            $unknown_users = '';
            for ($i = 0; $i < count($recv_list); $i++) {
                if (strtolower($recv_list[$i]) == strtolower('STFC-Support')) {
                    $receiver['user_id'] = SUPPORTUSER;
                } else {
                    $receiver = $db->queryrow('SELECT user_id FROM user WHERE user_name="' . $recv_list[$i] . '"');
                }
                if ($receiver) {
                    $result = $db->query('INSERT INTO message (sender, receiver, subject, text, time) VALUES ("' . $game->player['user_id'] . '","' . $receiver['user_id'] . '","' . htmlspecialchars($_POST['subject']) . '","' . htmlspecialchars($_POST['text']) . '\\n\\n' . $game->player['user_message_sig'] . '","' . time() . '")');
                    if ($result == false) {
                        message(DATABASE_ERROR, 'message_query: Could not call INSERT INTO in message');
                        exit;
                    }
                    UpdateUnreadMessages($receiver['user_id']);
                    $num++;
                } else {
                    $unknown_users .= '<br>' . constant($game->sprache("TEXT44")) . ' ' . $recv_list[$i] . ' ' . constant($game->sprache("TEXT45"));
                }
            }
            $game->out('<span class="sub_caption">' . constant($game->sprache("TEXT38")) . ' ' . $num . ' ' . constant($game->sprache("TEXT39")) . ' ' . count($recv_list) . ' ' . constant($game->sprache("TEXT40")) . '</span>');
            if ($unknown_users != '') {
                $game->out('<span class="sub_caption">' . $unknown_users . '</span>');
            }
        } else {
            $result = $db->query('UPDATE user SET user_message_sig="' . htmlspecialchars($_POST['message_sig']) . '" WHERE user_id=' . $game->player['user_id']);
            $game->player['user_message_sig'] = htmlspecialchars($_POST['message_sig']);
            if ($result == false) {
                message(DATABASE_ERROR, 'message_query: Could not call INSERT INTO in message');
                exit;
            }
            if (strtolower($_POST['receiver']) == strtolower('STFC-Support')) {
                $receiver['user_id'] = SUPPORTUSER;
            } else {
                $receiver = $db->queryrow('SELECT user_id FROM user WHERE user_name="' . htmlspecialchars($_POST['receiver']) . '"');
            }
            if ($receiver == false) {
                $game->out('<p><span class="sub_caption">' . constant($game->sprache("TEXT41")) . '</span></p>');
                newMessage();
            } else {
                $result = $db->query('INSERT INTO message (sender, receiver, subject, text, time) VALUES ("' . $game->player['user_id'] . '","' . $receiver['user_id'] . '","' . htmlspecialchars($_POST['subject']) . '","' . htmlspecialchars($_POST['text']) . '\\n\\n' . $game->player['user_message_sig'] . '","' . time() . '")');
                if ($result == false) {
                    message(DATABASE_ERROR, 'message_query: Could not call INSERT INTO in message');
                    exit;
                }
                UpdateUnreadMessages($receiver['user_id']);
                $game->out('<p><span class="sub_caption">' . constant($game->sprache("TEXT42")) . '</span></p>');
            }
        }
        // End single receiver
    }
}
Example #2
0
function submitMessage()
{
    global $db;
    if (empty($_POST['text']) || empty($_POST['receiver'])) {
        output('<center><p><span class="sub_caption">Per favore compila <u>tutti</u> i campi!</span></p></center>');
        newMessage();
    } else {
        if (empty($_POST['subject'])) {
            $_POST['subject'] = '...';
        }
        // An mehrere Empf&auml;nger schicken?
        if (strstr($_POST['receiver'], ';')) {
            $recv_list = explode(";", str_replace(' ', '', $_POST['receiver']));
            $num = 0;
            for ($i = 0; $i < count($recv_list); $i++) {
                $receiver = $db->queryrow('SELECT user_id FROM user WHERE user_name="' . $recv_list[$i] . '"');
                if ($receiver) {
                    $result = $db->query('INSERT INTO message (sender, receiver, subject, text, time) VALUES ("' . SUPPORTUSER . '","' . $receiver['user_id'] . '","' . htmlspecialchars($_POST['subject']) . '","' . htmlspecialchars($_POST['text']) . '","' . time() . '")');
                    if ($result == false) {
                        message(DATABASE_ERROR, 'message_query: Could not call INSERT INTO in message');
                        exit;
                    }
                    log_action('Messaggio con il titolo "' . $_POST['subject'] . '" inviato a ' . $recv_list[$i]);
                    UpdateUnreadMessages($receiver['user_id']);
                }
                $num++;
            }
            output('<center><p><span class="sub_caption">Il tuo messaggio &egrave; stato inviato a ' . $num . ' di ' . count($recv_list) . ' giocatori</span></p></center>');
        } else {
            if ($_POST['receiver'] == '*') {
                $mes_qry = $db->query('SELECT user_id FROM user WHERE user_auth_level < 2');
                while ($receiver = $db->fetchrow($mes_qry)) {
                    $result = $db->query('INSERT INTO message (sender, receiver, subject, text, time) VALUES ("' . SUPPORTUSER . '","' . $receiver['user_id'] . '","' . htmlspecialchars($_POST['subject']) . '","' . htmlspecialchars($_POST['text']) . '","' . time() . '")');
                    if ($result == false) {
                        message(DATABASE_ERROR, 'message_query: Could not call INSERT INTO in message');
                        exit;
                    }
                    UpdateUnreadMessages($receiver['user_id']);
                }
                log_action('Messaggio con il titolo "' . $_POST['subject'] . '" inviato a tutta la utenza');
            } else {
                $receiver = $db->queryrow('SELECT user_id FROM user WHERE user_name="' . $_POST['receiver'] . '"');
                if ($receiver == false) {
                    output('<center><p><span class="sub_caption">Il destinatario non esiste!</span></p></center>');
                    newMessage();
                } else {
                    $result = $db->query('INSERT INTO message (sender, receiver, subject, text, time) VALUES ("' . SUPPORTUSER . '","' . $receiver['user_id'] . '","' . htmlspecialchars($_POST['subject']) . '","' . htmlspecialchars($_POST['text']) . '","' . time() . '")');
                    if ($result == false) {
                        message(DATABASE_ERROR, 'message_query: Could not call INSERT INTO in message');
                        exit;
                    }
                    log_action('Messaggio con il titolo "' . $_POST['subject'] . '" inviato a ' . $_POST['receiver']);
                    UpdateUnreadMessages($receiver['user_id']);
                    output('<center><p><span class="sub_caption">Messaggio inviato</span></p></center>');
                }
            }
        }
        // End single receiver
    }
}