From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).
---
interface/web/sites/tools.inc.php | 64 +++++++++++++++++--------------
1 files changed, 35 insertions(+), 29 deletions(-)
diff --git a/interface/web/sites/tools.inc.php b/interface/web/sites/tools.inc.php
index 81de9f6..a4314f0 100644
--- a/interface/web/sites/tools.inc.php
+++ b/interface/web/sites/tools.inc.php
@@ -27,33 +27,35 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-function replacePrefix($name, $dataRecord){
- $keywordlist=array('CLIENTNAME','CLIENTID');
+function replacePrefix($name, $dataRecord) {
+ // No input -> no possible output -> go out!
+ if ($name=="") return "";
- if ($name != '') {
- foreach ($keywordlist as $keyword) {
- if (substr_count($name, '['.$keyword.']') > 0) {
- switch ($keyword) {
- case 'CLIENTNAME':
- $res=str_replace('['.$keyword.']', getClientName($dataRecord), $name);
- break;
- case 'CLIENTID':
- $res=str_replace('['.$keyword.']', getClientID($dataRecord), $name);
- break;
- }
- }
- }
- } else {
- $res='';
- }
-
- return $res;
+ // Array containing keys to search
+ $keywordlist=array('CLIENTNAME','CLIENTID','DOMAINID');
+
+ // Try to match the key within the string
+ foreach ($keywordlist as $keyword) {
+ if (substr_count($name, '['.$keyword.']') > 0) {
+ switch ($keyword) {
+ case 'CLIENTNAME':
+ $name=str_replace('['.$keyword.']', getClientName($dataRecord),$name);
+ break;
+ case 'CLIENTID':
+ $name=str_replace('['.$keyword.']', getClientID($dataRecord),$name);
+ break;
+ case 'DOMAINID':
+ $name=str_replace('['.$keyword.']', $dataRecord['parent_domain_id'],$name);
+ break;
+ }
+ }
+ }
+ return $name;
}
function getClientName($dataRecord) {
global $app, $conf;
-
- if($_SESSION["s"]["user"]["typ"] != 'admin') {
+ if($_SESSION["s"]["user"]["typ"] != 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the group-id of the user
$client_group_id = $_SESSION["s"]["user"]["default_group"];
} else {
@@ -63,13 +65,15 @@
} elseif (isset($dataRecord['parent_domain_id'])) {
$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
- } else {
+ } elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
- }
+ } else {
+ $client_group_id = 0;
+ }
}
/* get the name of the client */
- $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
+ $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . intval($client_group_id));
$clientName = $tmp['name'];
if ($clientName == "") $clientName = 'default';
$clientName = convertClientName($clientName);
@@ -79,7 +83,7 @@
function getClientID($dataRecord) {
global $app, $conf;
- if($_SESSION["s"]["user"]["typ"] != 'admin') {
+ if($_SESSION["s"]["user"]["typ"] != 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the group-id of the user
$client_group_id = $_SESSION["s"]["user"]["default_group"];
} else {
@@ -89,12 +93,14 @@
} elseif (isset($dataRecord['parent_domain_id'])) {
$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
$client_group_id = $tmp['sys_groupid'];
- } else {
+ } elseif(isset($dataRecord['sys_groupid'])) {
$client_group_id = $dataRecord['sys_groupid'];
- }
+ } else {
+ $client_group_id = 0;
+ }
}
/* get the name of the client */
- $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $client_group_id);
+ $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . intval($client_group_id));
$clientID = $tmp['client_id'];
if ($clientID == '') $clientID = '0';
return $clientID;
--
Gitblit v1.9.1