", "
", nl2br(trim(strip_tags($_POST["body"])))); if(!$body) bark($lang_takeinvite['std_must_enter_personal_message']); // check if email addy is already in use $a = (@mysql_fetch_row(@sql_query("select count(*) from users where email=".sqlesc($email)))) or die(mysql_error()); if ($a[0] != 0) bark($lang_takeinvite['std_email_address'].htmlspecialchars($email).$lang_takeinvite['std_is_in_use']); $b = (@mysql_fetch_row(@sql_query("select count(*) from invites where invitee=".sqlesc($email)))) or die(mysql_error()); if ($b[0] != 0) bark($lang_takeinvite['std_invitation_already_sent_to'].htmlspecialchars($email).$lang_takeinvite['std_await_user_registeration']); $ret = sql_query("SELECT username FROM users WHERE id = ".sqlesc($id)) or sqlerr(); $arr = mysql_fetch_assoc($ret); $hash = md5(mt_rand(1,10000).$CURUSER['username'].TIMENOW.$CURUSER['passhash']); $title = $SITENAME.$lang_takeinvite['mail_tilte']; sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('".mysql_real_escape_string($id)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($hash)."', " . sqlesc(date("Y-m-d H:i:s")) . ")"); sql_query("UPDATE users SET invites = invites - 1 WHERE id = ".mysql_real_escape_string($id)."") or sqlerr(__FILE__, __LINE__); $message = <<{$lang_takeinvite['mail_here']}
http://$BASEURL/signup.php?type=invite&invitenumber=$hash
{$lang_takeinvite['mail_three']}$invite_timeout{$lang_takeinvite['mail_four']}{$arr[username]}{$lang_takeinvite['mail_five']}
$body

{$lang_takeinvite['mail_six']} EOD; sent_mail($email,$SITENAME,$SITEEMAIL,$title,$message,"invitesignup",false,false,''); //this email is sent only when someone give out an invitation header("Refresh: 0; url=invite.php?id=".htmlspecialchars($id)."&sent=1"); ?>