require_once ("../common/includes/settings.php");
/*
updated 13 Oct 2016 to block injection e.g.
http://www.togoparts.com/shopping/fmnmail.php?cb=999999.9%27+%2f**%2fuNiOn%2f**%2faLl+%2f**%2fsElEcT+null,null,null,null+and+%270%27=%270&page_id=1%26sid%3D1279&nid=2224
*/
$pageid=1;
if(isset($_GET['pageid']) && is_numeric($_GET['pageid']) && $_GET['pageid']>0) {
$pageid = $_GET['pageid'];
}
$nid=0;
if(isset($_GET['nid']) && is_numeric($_GET['nid']) && $_GET['nid']>0) {
$nid=$_GET['nid'];
}
else {
exit;
}
$sid=0;
if(isset($_GET['sid']) && is_numeric($_GET['sid']) && $_GET['sid']>0) {
$sid=$_GET['sid'];
}
else {
exit;
}
$cb = $GLOBAL_HOSTHTTP_URL . "/shopping/fmnlist.php";
//takes in marked item id.
if (!$nid) {
header ("Location: $cb");
exit;
}
$status = "";
$sql = "SELECT * FROM merchants as M, merchant_news as N, bikeshops_sg AS BS WHERE M.shopid = BS.sid AND N.nid=$nid";
$r = mysql_query($sql, $link);
if (mysql_num_rows($r) > 0) {
$row_ads = mysql_fetch_array($r);
} else {
header ("Location: $cb");
exit;
}
if ($Cancel) {
header ("Location: $cb");
exit;
}
if ($Submit) {
if (trim($email) && trim($name)) {
/* To send HTML mail, you can set the Content-type header. */
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
/* additional headers */
$headers .= "From: feedback@togoparts.com\nReply-To: feedback@togoparts.com\n";
$mailmsg = "Hi!
Your friend, $name, wants to tell you about the following merchant news!
";
$mailmsg = $mailmsg . "Merchant News: " . "" . $row_ads["title"] ."
";
$mailmsg = $mailmsg . "Togoparts.com Admin
This mail was generated automatically. Please do not reply.";
mail($email, "Togoparts.com - Merchant News", $mailmsg, $headers);
header ("Location: $cb");
} else {
$status = "Please fill in the required fields (*)";
}
}
## Fill in the following for SEO
$WEBPAGE_TITLE = $GLOBAL_PORTAL_NAME.' | Email Promotion to Friend';
$meta_description = "";
$meta_keywords = "";
?>