<?php
session_start ();
?>
<?php
include ('./config.php');
include ('./banner.php');
?>
<?php
if(!isset ($_SESSION ["name"]))
echo "Sie müssen angemeldet sein";
else {
$content = $_GET ["content"];
$datetime = date('Y-m-d H:i:s');
$public = true;
$pblc = $_GET ["choosepublic"];
$nickname = $_SESSION ["name"];
$friendname = $_GET ["sendfriend"][0];
$handle = mysql_connect ($server, $MYSQL_NAME, $MYSQL_PASSWORD);
$content = htmlentities(mysql_real_escape_string ($content, $handle));
$pblc = htmlentities(mysql_real_escape_string ($pblc, $handle));
$nickname = htmlentities(mysql_real_escape_string ($nickname, $handle));
$friendname = htmlentities(mysql_real_escape_string ($friendname, $handle));
if (strcmp ($pblc, "privat") == 0)
$public = 0;
else
$public = 1;
if (strlen ($content) > 0) {
mysql_query ("USE " . $databasename, $handle);
$result = mysql_query ("SELECT * FROM freunde WHERE freund1=\"".$nickname."\" AND freund2=\"".$friendname."\" OR freund1=\"".$friendname."\" AND freund2 =\"".$nickname."\"", $handle);
if (mysql_fetch_row ($result)) {
mysql_query ("INSERT INTO postings VALUES (\"" . $nickname . "." . $friendname . "\",\"" . $content . "\",\"" . $datetime ."\",\"" . $public . "\")", $handle);
}
else
echo "Sie sind keine Freunde<br>\n";
mysql_close ($handle);
}
}
?>
<script>
window.location = "./threadfriends.php";
</script>
