has_access(100)) { access_denied(); } $action = scrub_in($_POST['action']); $to = scrub_in($_REQUEST['to']); $subject = stripslashes(scrub_in($_POST['subject'])); $message = stripslashes(scrub_in($_POST['message'])); if ( $action == 'send_mail' && !conf('demo_mode')) { $user = $GLOBALS['user']; // do the mail mojo here if ( $to == 'all' ) { $sql = "SELECT * FROM user WHERE email IS NOT NULL"; } elseif ( $to == 'users' ) { $sql = "SELECT * FROM user WHERE access='users' OR access='25' AND email IS NOT NULL"; } elseif ( $to == 'admins' ) { $sql = "SELECT * FROM user WHERE access='admin' OR access='100' AND email IS NOT NULL"; } $db_result = mysql_query($sql, dbh()); $recipient = ''; while ( $u = mysql_fetch_object($db_result) ) { $recipient .= "$u->fullname <$u->email>, "; } // Remove the last , from the recipient $recipient = rtrim($recipient,","); $from = $user->fullname."<".$user->email.">"; // woohoo!! mail ($from, $subject, $message, "From: $from\r\n". "Bcc: $recipient\r\n"); // tell them that it was sent $complete_text = "Your message was successfully sent."; } if ( empty($to) ) { $to = 'all'; } if ( empty($subject) ) { $site_title = conf('site_title'); $subject = "[$site_title] "; } show_template('header'); ?>

:
:
:
  " />