| | |
| | | |
| | | //* Save data |
| | | if(isset($_POST) && count($_POST) > 1) { |
| | | |
| | | |
| | | //* CSRF Check |
| | | $app->auth->csrf_token_check(); |
| | | |
| | | //* Check values |
| | | if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />'; |
| | | if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />'; |
| | |
| | | //* Send message |
| | | if($error == '') { |
| | | if($app->functions->intval($_POST['recipient']) > 0){ |
| | | $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r')); |
| | | $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ? AND ".$app->tform->getAuthSQL('r'), $_POST['recipient']); |
| | | if(isset($circle['client_ids']) && $circle['client_ids'] != ''){ |
| | | $tmp_client_ids = explode(',', $circle['client_ids']); |
| | | $where = array(); |
| | |
| | | if($_SESSION["s"]["user"]["typ"] != 'admin'){ |
| | | $client_id = $app->functions->intval($_SESSION['s']['user']['client_id']); |
| | | if($client_id > 0){ |
| | | $sql = "SELECT email FROM client WHERE client_id = ".$client_id; |
| | | $client = $app->db->queryOneRecord($sql); |
| | | $sql = "SELECT email FROM client WHERE client_id = ?"; |
| | | $client = $app->db->queryOneRecord($sql, $client_id); |
| | | if($client['email'] != '') $app->tpl->setVar('sender', $client['email']); |
| | | } |
| | | } |
| | |
| | | } |
| | | $app->tpl->setVar('message_variables', trim($message_variables)); |
| | | |
| | | //* SET csrf token |
| | | $csrf_token = $app->auth->csrf_token_get('client_message'); |
| | | $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); |
| | | $app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); |
| | | |
| | | $app->tpl->setVar('okmsg', $msg); |
| | | $app->tpl->setVar('error', $error); |
| | | |