has_access(100)) { access_denied(); exit(); } $action = scrub_in($_POST['action']); $to = scrub_in($_REQUEST['to']); $subject = stripslashes(scrub_in($_POST['subject'])); $message = stripslashes(scrub_in($_POST['message'])); /* Always show the header */ show_template('header'); switch ($action) { case 'send_mail': if (conf('demo_mode')) { break; } // do the mail mojo here if ( $to == 'all' ) { $sql = "SELECT * FROM user WHERE email IS NOT NULL"; } elseif ( $to == 'users' ) { $sql = "SELECT * FROM user WHERE access='users' OR access='25' AND email IS NOT NULL"; } elseif ( $to == 'admins' ) { $sql = "SELECT * FROM user WHERE access='admin' OR access='100' AND email IS NOT NULL"; } $db_result = mysql_query($sql, dbh()); $recipient = ''; while ( $u = mysql_fetch_object($db_result) ) { $recipient .= "$u->fullname <$u->email>, "; } // Remove the last , from the recipient $recipient = rtrim($recipient,","); $from = $user->fullname."<".$user->email.">"; // woohoo!! mail ($from, $subject, $message, "From: $from\r\n". "Bcc: $recipient\r\n"); /* Confirmation Send */ $url = conf('web_path') . '/admin/mail.php'; $title = _('E-mail Sent'); $body = _('Your E-mail was successfully sent.'); show_confirmation($title,$body,$url); break; default: if ( empty($to) ) { $to = 'all'; } if ( empty($subject) ) { $subject = "[" . conf('site_title') . "] "; } require (conf('prefix') . '/templates/show_mail_users.inc.php'); break; } // end switch show_footer(); ?>