From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/sites/tools.inc.php |   20 +++++++++++---------
 1 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/interface/web/sites/tools.inc.php b/interface/web/sites/tools.inc.php
index 11285e6..a4314f0 100644
--- a/interface/web/sites/tools.inc.php
+++ b/interface/web/sites/tools.inc.php
@@ -55,9 +55,7 @@
 
 function getClientName($dataRecord) {
     global $app, $conf;
-    /* FS#1234 - CLIENTNAME value when in reseller account - need check this workarround impact */
-    //if($_SESSION["s"]["user"]["typ"] != 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
-    if($_SESSION["s"]["user"]["typ"] != 'admin' && ! $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+    if($_SESSION["s"]["user"]["typ"] != 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
     	// Get the group-id of the user
     	$client_group_id = $_SESSION["s"]["user"]["default_group"];
     } else {
@@ -67,13 +65,15 @@
 		} elseif (isset($dataRecord['parent_domain_id'])) {
 			$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
 			$client_group_id = $tmp['sys_groupid'];
-      	} else {
+      	} elseif(isset($dataRecord['sys_groupid'])) {
 			$client_group_id = $dataRecord['sys_groupid'];
-      	}
+      	} else {
+			$client_group_id = 0;
+		}
     }
 	
     /* get the name of the client */
-    $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $client_group_id);
+    $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . intval($client_group_id));
     $clientName = $tmp['name'];
     if ($clientName == "") $clientName = 'default';
     $clientName = convertClientName($clientName);
@@ -93,12 +93,14 @@
       	} elseif (isset($dataRecord['parent_domain_id'])) {
 			$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
 			$client_group_id = $tmp['sys_groupid'];
-		} else {
+		} elseif(isset($dataRecord['sys_groupid'])) {
 			$client_group_id = $dataRecord['sys_groupid'];
-      	}
+      	} else {
+			$client_group_id = 0;
+		}
     }
     /* get the name of the client */
-    $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $client_group_id);
+    $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . intval($client_group_id));
     $clientID = $tmp['client_id'];
     if ($clientID == '') $clientID = '0';
     return $clientID;

--
Gitblit v1.9.1