| commit | author | age | ||
| e94a9f | 1 | <?php |
| T | 2 | /* |
| 3 | Copyright (c) 2012, Till Brehm, ISPConfig UG | |
| 4 | All rights reserved. | |
| 5 | ||
| 6 | Redistribution and use in source and binary forms, with or without modification, | |
| 7 | are permitted provided that the following conditions are met: | |
| 8 | ||
| 9 | * Redistributions of source code must retain the above copyright notice, | |
| 10 | this list of conditions and the following disclaimer. | |
| 11 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 12 | this list of conditions and the following disclaimer in the documentation | |
| 13 | and/or other materials provided with the distribution. | |
| 14 | * Neither the name of ISPConfig nor the names of its contributors | |
| 15 | may be used to endorse or promote products derived from this software without | |
| 16 | specific prior written permission. | |
| 17 | ||
| 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 21 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 22 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 23 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 25 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 26 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 27 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 28 | */ | |
| 29 | ||
| 7fe908 | 30 | require_once '../../lib/config.inc.php'; |
| MC | 31 | require_once '../../lib/app.inc.php'; |
| e94a9f | 32 | |
| T | 33 | //* Check permissions for module |
| 34 | $app->auth->check_module_permissions('client'); | |
| 35 | ||
| 36 | //* This function is not available in demo mode | |
| 37 | if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.'); | |
| 38 | ||
| 80bee6 | 39 | $app->uses('tpl,tform'); |
| e94a9f | 40 | |
| T | 41 | $app->tpl->newTemplate('form.tpl.htm'); |
| 42 | $app->tpl->setInclude('content_tpl', 'templates/client_message.htm'); | |
| 43 | ||
| 7fe908 | 44 | //* load language file |
| e94a9f | 45 | $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_message.lng'; |
| 7fe908 | 46 | include $lng_file; |
| e94a9f | 47 | $app->tpl->setVar($wb); |
| T | 48 | |
| 49 | $msg = ''; | |
| 50 | $error = ''; | |
| 51 | ||
| 52 | //* Save data | |
| 53 | if(isset($_POST) && count($_POST) > 1) { | |
| 5af0cf | 54 | |
| TB | 55 | //* CSRF Check |
| 56 | $app->auth->csrf_token_check(); | |
| 57 | ||
| e94a9f | 58 | //* Check values |
| T | 59 | if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />'; |
| 60 | if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />'; | |
| 61 | if(empty($_POST['message'])) $error .= $wb['message_invalid_error'].'<br />'; | |
| 7fe908 | 62 | |
| e94a9f | 63 | //* Send message |
| T | 64 | if($error == '') { |
| 65ea2e | 65 | if($app->functions->intval($_POST['recipient']) > 0){ |
| M | 66 | $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r')); |
| b17cc6 | 67 | if(isset($circle['client_ids']) && $circle['client_ids'] != ''){ |
| 7fe908 | 68 | $tmp_client_ids = explode(',', $circle['client_ids']); |
| b17cc6 | 69 | $where = array(); |
| F | 70 | foreach($tmp_client_ids as $tmp_client_id){ |
| 604c0c | 71 | $where[] = 'client_id = '.$app->functions->intval($tmp_client_id); |
| b17cc6 | 72 | } |
| F | 73 | if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')'; |
| 74 | $sql = "SELECT * FROM client WHERE email != ''".$where_clause; | |
| 75 | } else { | |
| 76 | $sql = "SELECT * FROM client WHERE 0"; | |
| 77 | } | |
| e94a9f | 78 | } else { |
| b17cc6 | 79 | //* Select all clients and resellers |
| F | 80 | if($_SESSION["s"]["user"]["typ"] == 'admin'){ |
| 81 | $sql = "SELECT * FROM client WHERE email != ''"; | |
| 82 | } else { | |
| 65ea2e | 83 | $client_id = $app->functions->intval($_SESSION['s']['user']['client_id']); |
| b17cc6 | 84 | if($client_id == 0) die('Invalid Client ID.'); |
| F | 85 | $sql = "SELECT * FROM client WHERE email != '' AND parent_client_id = '$client_id'"; |
| 86 | } | |
| e94a9f | 87 | } |
| 7fe908 | 88 | |
| e94a9f | 89 | //* Get clients |
| T | 90 | $clients = $app->db->queryAllRecords($sql); |
| 91 | if(is_array($clients)) { | |
| 92 | $msg = $wb['email_sent_to_txt'].' '; | |
| 93 | foreach($clients as $client) { | |
| 2cb156 | 94 | //* Parse client details into message |
| e94a9f | 95 | $message = $_POST['message']; |
| T | 96 | foreach($client as $key => $val) { |
| 992797 | 97 | switch ($key) { |
| 7fe908 | 98 | case 'password': |
| MC | 99 | $message = str_replace('{'.$key.'}', '---', $message); |
| 100 | break; | |
| 101 | case 'gender': | |
| 102 | $message = str_replace('{salutation}', $wb['gender_'.$val.'_txt'], $message); | |
| 103 | break; | |
| 104 | default: | |
| 105 | $message = str_replace('{'.$key.'}', $val, $message); | |
| 2cb156 | 106 | } |
| e94a9f | 107 | } |
| 7fe908 | 108 | |
| e94a9f | 109 | //* Send the email |
| T | 110 | $app->functions->mail($client['email'], $_POST['subject'], $message, $_POST['sender']); |
| 111 | $msg .= $client['email'].', '; | |
| 112 | } | |
| 7fe908 | 113 | $msg = substr($msg, 0, -2); |
| e94a9f | 114 | } |
| 7fe908 | 115 | |
| e94a9f | 116 | } else { |
| 7fe908 | 117 | $app->tpl->setVar('sender', $_POST['sender']); |
| MC | 118 | $app->tpl->setVar('subject', $_POST['subject']); |
| 119 | $app->tpl->setVar('message', $_POST['message']); | |
| e94a9f | 120 | } |
| 80bee6 | 121 | } else { |
| F | 122 | // pre-fill Sender field with reseller's email address |
| 123 | if($_SESSION["s"]["user"]["typ"] != 'admin'){ | |
| 65ea2e | 124 | $client_id = $app->functions->intval($_SESSION['s']['user']['client_id']); |
| 80bee6 | 125 | if($client_id > 0){ |
| F | 126 | $sql = "SELECT email FROM client WHERE client_id = ".$client_id; |
| 127 | $client = $app->db->queryOneRecord($sql); | |
| 7fe908 | 128 | if($client['email'] != '') $app->tpl->setVar('sender', $client['email']); |
| 80bee6 | 129 | } |
| F | 130 | } |
| e94a9f | 131 | } |
| T | 132 | |
| b17cc6 | 133 | // Recipient Drop-Down |
| 65ea2e | 134 | $recipient = '<option value="0"'.($app->functions->intval($_POST['recipient']) == 0 ? ' selected="selected"' : '').'>'.($_SESSION["s"]["user"]["typ"] == 'admin'? $wb['all_clients_resellers_txt'] : $wb['all_clients_txt']).'</option>'; |
| 80bee6 | 135 | $sql = "SELECT * FROM client_circle WHERE active = 'y' AND ".$app->tform->getAuthSQL('r'); |
| b17cc6 | 136 | $circles = $app->db->queryAllRecords($sql); |
| F | 137 | if(is_array($circles) && !empty($circles)){ |
| 138 | foreach($circles as $circle){ | |
| 65ea2e | 139 | $recipient .= '<option value="'.$circle['circle_id'].'"'.($app->functions->intval($_POST['recipient']) == $circle['circle_id'] ? ' selected="selected"' : '').'>'.$circle['circle_name'].'</option>'; |
| b17cc6 | 140 | } |
| F | 141 | } |
| 7fe908 | 142 | $app->tpl->setVar('recipient', $recipient); |
| b17cc6 | 143 | |
| e94a9f | 144 | if($_SESSION["s"]["user"]["typ"] == 'admin'){ |
| 7fe908 | 145 | $app->tpl->setVar('form_legend_txt', $wb['form_legend_admin_txt']); |
| e94a9f | 146 | } else { |
| 7fe908 | 147 | $app->tpl->setVar('form_legend_txt', $wb['form_legend_client_txt']); |
| e94a9f | 148 | } |
| T | 149 | |
| 2cb156 | 150 | //message variables |
| F | 151 | $message_variables = ''; |
| fedbca | 152 | $sql = "SHOW COLUMNS FROM client WHERE Field NOT IN ('client_id', 'sys_userid', 'sys_groupid', 'sys_perm_user', 'sys_perm_group', 'sys_perm_other', 'password', 'parent_client_id', 'id_rsa', 'ssh_rsa', 'created_at', 'default_mailserver', 'default_webserver', 'web_php_options', 'ssh_chroot', 'default_dnsserver', 'default_dbserver', 'template_master', 'template_additional', 'force_suexec', 'default_slave_dnsserver', 'usertheme', 'locked', 'canceled', 'can_use_api', 'tmp_data', 'customer_no_template', 'customer_no_start', 'customer_no_counter', 'added_date', 'added_by') AND Field NOT LIKE 'limit_%'"; |
| 2cb156 | 153 | $field_names = $app->db->queryAllRecords($sql); |
| F | 154 | if(!empty($field_names) && is_array($field_names)){ |
| 155 | foreach($field_names as $field_name){ | |
| 992797 | 156 | if($field_name['Field'] != ''){ |
| MC | 157 | if($field_name['Field'] == 'gender'){ |
| 158 | $message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{salutation}</a> '; | |
| 159 | } else { | |
| 160 | $message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{'.$field_name['Field'].'}</a> '; | |
| 161 | } | |
| 162 | } | |
| 2cb156 | 163 | } |
| F | 164 | } |
| 7fe908 | 165 | $app->tpl->setVar('message_variables', trim($message_variables)); |
| 2cb156 | 166 | |
| 5af0cf | 167 | //* SET csrf token |
| TB | 168 | $csrf_token = $app->auth->csrf_token_get('client_message'); |
| 169 | $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); | |
| 170 | $app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); | |
| 171 | ||
| 7fe908 | 172 | $app->tpl->setVar('okmsg', $msg); |
| MC | 173 | $app->tpl->setVar('error', $error); |
| e94a9f | 174 | |
| T | 175 | $app->tpl_defaults(); |
| 176 | $app->tpl->pparse(); | |
| 177 | ||
| 178 | ||
| 179 | ?> | |
