-
Notifications
You must be signed in to change notification settings - Fork 0
/
sendtofriend.php
80 lines (61 loc) · 2.42 KB
/
sendtofriend.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?php
error_reporting(7);
$templatesused = "sendtofriend,email_sendtofriend,redirect_sentemail";
require("./global.php");
if (!isset($action) or $action=="") {
$action="showsend";
}
if (!$enableemail) {
eval("standarderror(\"".gettemplate("error_emaildisabled")."\");");
exit;
}
$threadid = verifyid("thread",$threadid);
$threadinfo=getthreadinfo($threadid);
$permissions=getpermissions($threadinfo[forumid]);
if (!$permissions[canview] or !$permissions[canemail]) {
show_nopermission();
}
updateuserforum($threadinfo['forumid']);
if ($action=="showsend") {
if ($wordwrap!=0) {
$threadinfo[title]=dowordwrap($threadinfo[title]);
}
eval("dooutput(\"".gettemplate("sendtofriend")."\");");
}
if ($HTTP_POST_VARS['action']=="sendfriend") {
if ($sendtoname=="" or $sendtoemail=="" or $emailsubject=="" or $emailmessage=="") {
eval("standarderror(\"".gettemplate("error_requiredfields")."\");");
exit;
}
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];
$emailsubject = preg_replace('#[\n\t\r,]#s', ' ', $emailsubject);
if (isset($username)) {
if (!trim($username)) {
eval("standarderror(\"".gettemplate("error_nousername")."\");");
}
if ($userinfo=$DB_site->query_first("SELECT user.*,userfield.* FROM user,userfield WHERE username='".addslashes(htmlspecialchars($username))."' AND user.userid=userfield.userid")) {
if (!$password) {
eval("standarderror(\"".gettemplate("error_usernametaken")."\");");
} elseif (md5($password)!=$userinfo['password']) {
eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
} else {
$bbuserinfo = $userinfo;
$postusername = $bbuserinfo['username'];
if ($user['cookieuser']==1) {
vbsetcookie("bbuserid",$user['userid'], true, true);
vbsetcookie("bbpassword",$user['password'], true, true);
}
$DB_site->query("UPDATE session SET userid='$bbuserinfo[userid]' WHERE sessionhash='".addslashes($session['dbsessionhash'])."'");
}
} else {
$postusername = htmlspecialchars($username);
}
} else {
$postusername = $bbuserinfo['username'];
}
eval("\$message = \"".gettemplate("email_sendtofriend",1,0)."\";");
vbmail($sendtoemail, $emailsubject, $message);
eval("standardredirect(\"".gettemplate("redirect_sentemail")."\",\"showthread.php?s=$session[sessionhash]&threadid=".intval($threadid)."\");");
}
?>