From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/sites/ajax_get_ip.php |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/interface/web/sites/ajax_get_ip.php b/interface/web/sites/ajax_get_ip.php
index 57e5b77..faf7753 100644
--- a/interface/web/sites/ajax_get_ip.php
+++ b/interface/web/sites/ajax_get_ip.php
@@ -31,24 +31,27 @@
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],'sites')) {
-	header("Location: ../index.php");
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('sites');
 
 $server_id = intval($_GET["server_id"]);
+$client_group_id = intval($_GET["client_group_id"]);
+$ip_type = $app->db->quote($_GET['ip_type']);
 
-if($_SESSION["s"]["user"]["typ"] == 'admin') {
+if($_SESSION["s"]["user"]["typ"] == 'admin' or $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
 
-	$sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
+	$sql = "SELECT ip_address FROM server_ip WHERE ip_type = '$ip_type' AND server_id = $server_id";
 	$ips = $app->db->queryAllRecords($sql);
 	// $ip_select = "<option value=''></option>";
-	$ip_select = "";
+	if($ip_type == 'IPv4'){
+		$ip_select = "*";
+	} else {
+		$ip_select = "";
+	}
 	if(is_array($ips)) {
 		foreach( $ips as $ip) {
 			//$selected = ($ip["ip_address"] == $this->dataRecord["ip_address"])?'SELECTED':'';
-			$ip_select .= "<option value='$ip[ip_address]'>$ip[ip_address]</option>\r\n";
+			$ip_select .= "#$ip[ip_address]";
 		}
 	}
 	unset($tmp);

--
Gitblit v1.9.1