frontier/website/game/msg-send.php

<HTML><HEAD>
<TITLE>Frontier II</TITLE>
</HEAD><BODY BGCOLOR="#000000" TEXT="#f0f0f0">

<?php

session_start();
require($_SERVER['DOCUMENT_ROOT'].'/include.php');

if ($_SESSION['cid'] != '') { // Logged in

    echo "<TABLE ALIGN=\"CENTER\" VALIGN=\"CENTER\" WIDTH=\"90%\" HEIGHT=\"90%\" BORDER=\"0\">
        <TR><TD><H2 ALIGN=\"CENTER\">CommLink</H2></TD></TR>
        <TR><TD><P>Transmitting...<P>";

    $isquick = $_POST['QUICK'];
    $unsafe_body = $_POST['BODY'];
    $from = $_SESSION['cid'];
    $date = date('Y-m-d H:i');
    $i = 0;

    $body = htmlentities(strip_tags(mysqli_real_escape_string($mysqli, $unsafe_body)));

    if ($isquick == 'TRUE') { // QuickNote (all players)

	$sql = "SELECT * FROM `character`";
	$result = mysqli_query($mysqli, $sql) or die($gameerror . "MS-Q01");
	$num = mysqli_num_rows($result);

	while ($i < $num) {

            $row = mysqli_fetch_assoc($result);
	    $cid = $row['id'];

	    $sql = "INSERT INTO message SET
		message.from = '$from',
		message.to = '$cid',
		message.flags = '0',
		message.time = '$date',
		message.body = '$body'";

	    mysqli_query($mysqli, $sql) or die($gameerror . "MS-Q02");

	    $i++;

	}

    // More complicated message types will go here

    }

    if ($i > 0) {
	echo "Transmission complete. $i messages sent.";
    } else {
	echo "Transmission error - no recipients found.";
    }

    echo "</TD></TR></TABLE>";

} else { echo $gameseserr; } // Not logged in

mysqli_close($mysqli);

echo $footer;

?>

</BODY></HTML>