- Added (clickable) placeholders to client messaging function.

- Added check so that the client password isn't inserted into the message (for security reasons).

interface/web/client/client_message.php

@@ -88,10 +88,14 @@ if(isset($_POST) && count($_POST) > 1) {
 		if(is_array($clients)) {
 			$msg = $wb['email_sent_to_txt'].' ';
 			foreach($clients as $client) {
-				//* Parse cleint details into message
+				//* Parse client details into message
 				$message = $_POST['message'];
 				foreach($client as $key => $val) {
-					$message = str_replace('{'.$key.'}', $val, $message);
+					if($key != 'password'){
+						$message = str_replace('{'.$key.'}', $val, $message);
+					} else {
+						$message = str_replace('{'.$key.'}', '---', $message);
+					}
 				}
 				
 				//* Send the email
@@ -135,6 +139,17 @@ if($_SESSION["s"]["user"]["typ"] == 'admin'){
 	$app->tpl->setVar('form_legend_txt',$wb['form_legend_client_txt']);
 }
 
+//message variables
+$message_variables = '';
+$sql = "SHOW COLUMNS FROM client WHERE Field NOT IN ('client_id', 'sys_userid', 'sys_groupid', 'sys_perm_user', 'sys_perm_group', 'sys_perm_other', 'password', 'parent_client_id', 'id_rsa', 'ssh_rsa', 'created_at', 'default_mailserver', 'default_webserver', 'web_php_options', 'ssh_chroot', 'default_dnsserver', 'default_dbserver', 'template_master', 'template_additional') AND Field NOT LIKE 'limit_%'";
+$field_names = $app->db->queryAllRecords($sql);
+if(!empty($field_names) && is_array($field_names)){
+	foreach($field_names as $field_name){
+		if($field_name['Field'] != '') $message_variables .= '<a href="javascript:void(0);" class="addPlaceholder">{'.$field_name['Field'].'}</a> ';
+	}
+}
+$app->tpl->setVar('message_variables',trim($message_variables));
+
 $app->tpl->setVar('okmsg',$msg);
 $app->tpl->setVar('error',$error);
 

interface/web/client/lib/lang/de_client_message.lng

@@ -13,4 +13,5 @@ $wb["email_sent_to_txt"] = 'E-Mail verschickt an:';
 $wb["recipient_txt"] = 'Empfänger';
 $wb["all_clients_resellers_txt"] = 'Alle Kunden und Reseller';
 $wb["all_clients_txt"] = 'Alle Kunden';
+$wb["variables_txt"] = 'Variablen:';
 ?>

interface/web/client/lib/lang/en_client_message.lng

@@ -13,4 +13,5 @@ $wb["email_sent_to_txt"] = 'Email sent to:';
 $wb["recipient_txt"] = 'Recipient';
 $wb["all_clients_resellers_txt"] = 'All clients and resellers';
 $wb["all_clients_txt"] = 'All clients';
+$wb["variables_txt"] = 'Variables:';
 ?>

interface/web/client/templates/client_message.htm

@@ -26,7 +26,7 @@
 	  </div>
       <div class="ctrlHolder">
       	<label for="message">{tmpl_var name='message_txt'}</label>
-        <textarea name="message" id="message" rows='' cols='' style="width:500px">{tmpl_var name='message'}</textarea>
+        <textarea name="message" id="message" rows='' cols='' style="width:500px">{tmpl_var name='message'}</textarea>&nbsp;{tmpl_var name="variables_txt"}&nbsp;{tmpl_var name="message_variables"}
       </div>
     </fieldset>
     <div class="buttonHolder buttons">