From a33f3308d458cd0513de61f59f6ce084d8544b6b Mon Sep 17 00:00:00 2001
From: xiaomlove <i353856593@163.com>
Date: Mon, 14 Feb 2022 18:36:22 +0800
Subject: [PATCH] fix massmail

---
 public/massmail.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/public/massmail.php b/public/massmail.php
index 25b3c863..f4543247 100644
--- a/public/massmail.php
+++ b/public/massmail.php
@@ -7,13 +7,13 @@ stderr("Error", "Permission denied.");
 $class = intval($_POST["class"] ?? 0);
 	if ($class)
 		int_check($class,true);
-$or = $_POST["or"] ?? '';
-if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
-    stderr("Error", "Invalid symbol!");
-}
 
 if ($_SERVER["REQUEST_METHOD"] == "POST")
 {
+    $or = $_POST["or"] ?? '';
+    if (!in_array($or, ["<", ">", "=", "<=", ">="], true)) {
+        stderr("Error", "Invalid symbol!");
+    }
 $res = sql_query("SELECT id, username, email FROM users WHERE class $or ".mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__);
 
 $subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80);
@@ -33,7 +33,7 @@ $message = "Message received from ".$SITENAME." on " . date("Y-m-d H:i:s") . ".\
 $message1 . "\n\n" .
 "---------------------------------------------------------------------\n$SITENAME\n";
 
-$success = sent_mail($to,$SITENAME,$SITEEMAIL,$subject,$message,"Mass Mail",false);	
+$success = sent_mail($to,$SITENAME,$SITEEMAIL,$subject,$message,"Mass Mail",false);
 }