From 80bee61fcda7e0f8e09e2f286514537c8555beef Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Thu, 24 May 2012 06:26:55 -0400
Subject: [PATCH] - Added circle access control so that 1) a reseller can create circles that contain only his clients, not all clients, and 2) a reseller can send messages only to his own circles instead of all circles.
---
interface/web/client/client_message.php | 51 +++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 43 insertions(+), 8 deletions(-)
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index f555c99..f64814e 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -36,7 +36,7 @@
//* This function is not available in demo mode
if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
-$app->uses('tpl');
+$app->uses('tpl,tform');
$app->tpl->newTemplate('form.tpl.htm');
$app->tpl->setInclude('content_tpl', 'templates/client_message.htm');
@@ -59,13 +59,28 @@
//* Send message
if($error == '') {
- //* Select all clients and resellers
- if($_SESSION["s"]["user"]["typ"] == 'admin'){
- $sql = "SELECT * FROM client WHERE email != ''";
+ if(intval($_POST['recipient']) > 0){
+ $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r'));
+ if(isset($circle['client_ids']) && $circle['client_ids'] != ''){
+ $tmp_client_ids = explode(',',$circle['client_ids']);
+ $where = array();
+ foreach($tmp_client_ids as $tmp_client_id){
+ $where[] = 'client_id = '.$tmp_client_id;
+ }
+ if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')';
+ $sql = "SELECT * FROM client WHERE email != ''".$where_clause;
+ } else {
+ $sql = "SELECT * FROM client WHERE 0";
+ }
} else {
- $client_id = intval($_SESSION['s']['user']['client_id']);
- if($client_id == 0) die('Invalid Client ID.');
- $sql = "SELECT * FROM client WHERE email != '' AND parent_client_id = '$client_id'";
+ //* Select all clients and resellers
+ if($_SESSION["s"]["user"]["typ"] == 'admin'){
+ $sql = "SELECT * FROM client WHERE email != ''";
+ } else {
+ $client_id = intval($_SESSION['s']['user']['client_id']);
+ if($client_id == 0) die('Invalid Client ID.');
+ $sql = "SELECT * FROM client WHERE email != '' AND parent_client_id = '$client_id'";
+ }
}
//* Get clients
@@ -73,7 +88,6 @@
if(is_array($clients)) {
$msg = $wb['email_sent_to_txt'].' ';
foreach($clients as $client) {
-
//* Parse cleint details into message
$message = $_POST['message'];
foreach($client as $key => $val) {
@@ -92,8 +106,29 @@
$app->tpl->setVar('subject',$_POST['subject']);
$app->tpl->setVar('message',$_POST['message']);
}
+} else {
+ // pre-fill Sender field with reseller's email address
+ if($_SESSION["s"]["user"]["typ"] != 'admin'){
+ $client_id = intval($_SESSION['s']['user']['client_id']);
+ if($client_id > 0){
+ $sql = "SELECT email FROM client WHERE client_id = ".$client_id;
+ $client = $app->db->queryOneRecord($sql);
+ if($client['email'] != '') $app->tpl->setVar('sender',$client['email']);
+ }
+ }
}
+// Recipient Drop-Down
+$recipient = '<option value="0"'.(intval($_POST['recipient']) == 0 ? ' selected="selected"' : '').'>'.($_SESSION["s"]["user"]["typ"] == 'admin'? $wb['all_clients_resellers_txt'] : $wb['all_clients_txt']).'</option>';
+$sql = "SELECT * FROM client_circle WHERE active = 'y' AND ".$app->tform->getAuthSQL('r');
+$circles = $app->db->queryAllRecords($sql);
+if(is_array($circles) && !empty($circles)){
+ foreach($circles as $circle){
+ $recipient .= '<option value="'.$circle['circle_id'].'"'.(intval($_POST['recipient']) == $circle['circle_id'] ? ' selected="selected"' : '').'>'.$circle['circle_name'].'</option>';
+ }
+}
+$app->tpl->setVar('recipient',$recipient);
+
if($_SESSION["s"]["user"]["typ"] == 'admin'){
$app->tpl->setVar('form_legend_txt',$wb['form_legend_admin_txt']);
} else {
--
Gitblit v1.9.1