commit | author | age
|
e94a9f
|
1 |
<?php |
T |
2 |
/* |
|
3 |
Copyright (c) 2012, Till Brehm, ISPConfig UG |
|
4 |
All rights reserved. |
|
5 |
|
|
6 |
Redistribution and use in source and binary forms, with or without modification, |
|
7 |
are permitted provided that the following conditions are met: |
|
8 |
|
|
9 |
* Redistributions of source code must retain the above copyright notice, |
|
10 |
this list of conditions and the following disclaimer. |
|
11 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
12 |
this list of conditions and the following disclaimer in the documentation |
|
13 |
and/or other materials provided with the distribution. |
|
14 |
* Neither the name of ISPConfig nor the names of its contributors |
|
15 |
may be used to endorse or promote products derived from this software without |
|
16 |
specific prior written permission. |
|
17 |
|
|
18 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
19 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
20 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
21 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
22 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
23 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
24 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
25 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
26 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
27 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
28 |
*/ |
|
29 |
|
7fe908
|
30 |
require_once '../../lib/config.inc.php'; |
MC |
31 |
require_once '../../lib/app.inc.php'; |
e94a9f
|
32 |
|
T |
33 |
//* Check permissions for module |
|
34 |
$app->auth->check_module_permissions('client'); |
|
35 |
|
|
36 |
//* This function is not available in demo mode |
|
37 |
if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); |
|
38 |
|
80bee6
|
39 |
$app->uses('tpl,tform'); |
e94a9f
|
40 |
|
T |
41 |
$app->tpl->newTemplate('form.tpl.htm'); |
|
42 |
$app->tpl->setInclude('content_tpl', 'templates/client_message.htm'); |
|
43 |
|
7fe908
|
44 |
//* load language file |
e94a9f
|
45 |
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_message.lng'; |
7fe908
|
46 |
include $lng_file; |
e94a9f
|
47 |
$app->tpl->setVar($wb); |
T |
48 |
|
|
49 |
$msg = ''; |
|
50 |
$error = ''; |
|
51 |
|
|
52 |
//* Save data |
|
53 |
if(isset($_POST) && count($_POST) > 1) { |
5af0cf
|
54 |
|
TB |
55 |
//* CSRF Check |
|
56 |
$app->auth->csrf_token_check(); |
|
57 |
|
e94a9f
|
58 |
//* Check values |
T |
59 |
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />'; |
|
60 |
if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />'; |
|
61 |
if(empty($_POST['message'])) $error .= $wb['message_invalid_error'].'<br />'; |
7fe908
|
62 |
|
e94a9f
|
63 |
//* Send message |
T |
64 |
if($error == '') { |
65ea2e
|
65 |
if($app->functions->intval($_POST['recipient']) > 0){ |
M |
66 |
$circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r')); |
b17cc6
|
67 |
if(isset($circle['client_ids']) && $circle['client_ids'] != ''){ |
7fe908
|
68 |
$tmp_client_ids = explode(',', $circle['client_ids']); |
b17cc6
|
69 |
$where = array(); |
F |
70 |
foreach($tmp_client_ids as $tmp_client_id){ |
604c0c
|
71 |
$where[] = 'client_id = '.$app->functions->intval($tmp_client_id); |
b17cc6
|
72 |
} |
F |
73 |
if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')'; |
|
74 |
$sql = "SELECT * FROM client WHERE email != ''".$where_clause; |
|
75 |
} else { |
|
76 |
$sql = "SELECT * FROM client WHERE 0"; |
|
77 |
} |
e94a9f
|
78 |
} else { |
b17cc6
|
79 |
//* Select all clients and resellers |
F |
80 |
if($_SESSION["s"]["user"]["typ"] == 'admin'){ |
|
81 |
$sql = "SELECT * FROM client WHERE email != ''"; |
|
82 |
} else { |
65ea2e
|
83 |
$client_id = $app->functions->intval($_SESSION['s']['user']['client_id']); |
b17cc6
|
84 |
if($client_id == 0) die('Invalid Client ID.'); |
F |
85 |
$sql = "SELECT * FROM client WHERE email != '' AND parent_client_id = '$client_id'"; |
|
86 |
} |
e94a9f
|
87 |
} |
7fe908
|
88 |
|
e94a9f
|
89 |
//* Get clients |
T |
90 |
$clients = $app->db->queryAllRecords($sql); |
|
91 |
if(is_array($clients)) { |
|
92 |
$msg = $wb['email_sent_to_txt'].' '; |
|
93 |
foreach($clients as $client) { |
2cb156
|
94 |
//* Parse client details into message |
e94a9f
|
95 |
$message = $_POST['message']; |
T |
96 |
foreach($client as $key => $val) { |
992797
|
97 |
switch ($key) { |
7fe908
|
98 |
case 'password': |
MC |
99 |
$message = str_replace('{'.$key.'}', '---', $message); |
|
100 |
break; |
|
101 |
case 'gender': |
|
102 |
$message = str_replace('{salutation}', $wb['gender_'.$val.'_txt'], $message); |
|
103 |
break; |
|
104 |
default: |
|
105 |
$message = str_replace('{'.$key.'}', $val, $message); |
2cb156
|
106 |
} |
e94a9f
|
107 |
} |
7fe908
|
108 |
|
e94a9f
|
109 |
//* Send the email |
T |
110 |
$app->functions->mail($client['email'], $_POST['subject'], $message, $_POST['sender']); |
|
111 |
$msg .= $client['email'].', '; |
|
112 |
} |
7fe908
|
113 |
$msg = substr($msg, 0, -2); |
e94a9f
|
114 |
} |
7fe908
|
115 |
|
e94a9f
|
116 |
} else { |
7fe908
|
117 |
$app->tpl->setVar('sender', $_POST['sender']); |
MC |
118 |
$app->tpl->setVar('subject', $_POST['subject']); |
|
119 |
$app->tpl->setVar('message', $_POST['message']); |
e94a9f
|
120 |
} |
80bee6
|
121 |
} else { |
F |
122 |
// pre-fill Sender field with reseller's email address |
|
123 |
if($_SESSION["s"]["user"]["typ"] != 'admin'){ |
65ea2e
|
124 |
$client_id = $app->functions->intval($_SESSION['s']['user']['client_id']); |
80bee6
|
125 |
if($client_id > 0){ |
F |
126 |
$sql = "SELECT email FROM client WHERE client_id = ".$client_id; |
|
127 |
$client = $app->db->queryOneRecord($sql); |
7fe908
|
128 |
if($client['email'] != '') $app->tpl->setVar('sender', $client['email']); |
80bee6
|
129 |
} |
F |
130 |
} |
e94a9f
|
131 |
} |
T |
132 |
|
b17cc6
|
133 |
// Recipient Drop-Down |
65ea2e
|
134 |
$recipient = '<option value="0"'.($app->functions->intval($_POST['recipient']) == 0 ? ' selected="selected"' : '').'>'.($_SESSION["s"]["user"]["typ"] == 'admin'? $wb['all_clients_resellers_txt'] : $wb['all_clients_txt']).'</option>'; |
80bee6
|
135 |
$sql = "SELECT * FROM client_circle WHERE active = 'y' AND ".$app->tform->getAuthSQL('r'); |
b17cc6
|
136 |
$circles = $app->db->queryAllRecords($sql); |
F |
137 |
if(is_array($circles) && !empty($circles)){ |
|
138 |
foreach($circles as $circle){ |
65ea2e
|
139 |
$recipient .= '<option value="'.$circle['circle_id'].'"'.($app->functions->intval($_POST['recipient']) == $circle['circle_id'] ? ' selected="selected"' : '').'>'.$circle['circle_name'].'</option>'; |
b17cc6
|
140 |
} |
F |
141 |
} |
7fe908
|
142 |
$app->tpl->setVar('recipient', $recipient); |
b17cc6
|
143 |
|
e94a9f
|
144 |
if($_SESSION["s"]["user"]["typ"] == 'admin'){ |
7fe908
|
145 |
$app->tpl->setVar('form_legend_txt', $wb['form_legend_admin_txt']); |
e94a9f
|
146 |
} else { |
7fe908
|
147 |
$app->tpl->setVar('form_legend_txt', $wb['form_legend_client_txt']); |
e94a9f
|
148 |
} |
T |
149 |
|
2cb156
|
150 |
//message variables |
F |
151 |
$message_variables = ''; |
fedbca
|
152 |
$sql = "SHOW COLUMNS FROM client WHERE Field NOT IN ('client_id', 'sys_userid', 'sys_groupid', 'sys_perm_user', 'sys_perm_group', 'sys_perm_other', 'password', 'parent_client_id', 'id_rsa', 'ssh_rsa', 'created_at', 'default_mailserver', 'default_webserver', 'web_php_options', 'ssh_chroot', 'default_dnsserver', 'default_dbserver', 'template_master', 'template_additional', 'force_suexec', 'default_slave_dnsserver', 'usertheme', 'locked', 'canceled', 'can_use_api', 'tmp_data', 'customer_no_template', 'customer_no_start', 'customer_no_counter', 'added_date', 'added_by') AND Field NOT LIKE 'limit_%'"; |
2cb156
|
153 |
$field_names = $app->db->queryAllRecords($sql); |
F |
154 |
if(!empty($field_names) && is_array($field_names)){ |
|
155 |
foreach($field_names as $field_name){ |
992797
|
156 |
if($field_name['Field'] != ''){ |
MC |
157 |
if($field_name['Field'] == 'gender'){ |
|
158 |
$message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{salutation}</a> '; |
|
159 |
} else { |
|
160 |
$message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{'.$field_name['Field'].'}</a> '; |
|
161 |
} |
|
162 |
} |
2cb156
|
163 |
} |
F |
164 |
} |
7fe908
|
165 |
$app->tpl->setVar('message_variables', trim($message_variables)); |
2cb156
|
166 |
|
5af0cf
|
167 |
//* SET csrf token |
TB |
168 |
$csrf_token = $app->auth->csrf_token_get('client_message'); |
|
169 |
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); |
|
170 |
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); |
|
171 |
|
7fe908
|
172 |
$app->tpl->setVar('okmsg', $msg); |
MC |
173 |
$app->tpl->setVar('error', $error); |
e94a9f
|
174 |
|
T |
175 |
$app->tpl_defaults(); |
|
176 |
$app->tpl->pparse(); |
|
177 |
|
|
178 |
|
|
179 |
?> |