Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       WebsiteBaker Org. e.V.
8
 * @link            http://websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.3
11
 * @requirements    PHP 5.3.6 and higher
12
 * @version         $Id: class.wb.php 2 2017-07-02 15:14:29Z Manuela $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/trunk/framework/class.wb.php $
14
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if (defined('WB_PATH') == false) { die("Cannot access this file directly"); }
20
/* -------------------------------------------------------- */
21
// Include depending classes if needed
22
if (!class_exists('Template', false))              { require(WB_PATH.'/include/phplib/template.inc'); }
23
if (!class_exists('database', false))              { require(__DIR__.'/class.database.php'); }
24
if (!class_exists('wbmailer', false))              { require(__DIR__.'/class.wbmailer.php'); }
25
if (!class_exists('SecureTokens', false))          { require(__DIR__.'/SecureTokens.php'); }
26
if (!class_exists('SecureTokensInterface', false)) { require(__DIR__.'/SecureTokensInterface.php'); }
27
if (!class_exists('Sanitize', false )) { include __DIR__.'/Sanitize.php'; }
28

    
29
class wb extends SecureTokensInterface
30
{
31
  /**
32
   @var object instance of the database object */
33
  protected $_oDb = null;
34
  protected $oDb = null;
35
  /**
36
   @var object instance holds several values from the application global scope */
37
  protected $_oReg = null;
38
  /**
39
   @var object instance holds all of the translations */
40
  protected $_oTrans = null;
41
  protected $oTrans = null;
42

    
43
//    public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';    // General initialization function
44
    public $password_chars = '[\w!#$%&*+\-.:=?@\|]';    // General initialization function
45

    
46
    public function  __construct($mode = 0) {
47
        parent::__construct();
48
        $this->oDb = $this->_oDb    = $GLOBALS['database'];
49
        $this->oTrans = $this->_oTrans = $GLOBALS['oTrans'];
50
    }
51

    
52
/**
53
 *
54
 *
55
 * @return comma separate list of first visible languages
56
 *
57
 */
58
    public function getLanguagesInUsed()
59
    {
60
        $aRetval = [];
61
        $sql = 'SELECT DISTINCT `language`, `page_id` '
62
             . 'FROM `'.$this->oDb->sTablePrefix.'pages` '
63
             . 'WHERE `level`=0 AND `visibility` NOT IN(\'none\', \'hidden\') '
64
             . 'ORDER BY `language`, `position`';
65
        if (($oResult = $this->oDb->query($sql))) {
66
            while ( $aRow = $oResult->fetchRow( MYSQLI_ASSOC)) {
67
                if( !$this->isPageVisible($aRow['page_id'])) { continue; }
68
                $aRetval[] = $aRow['language'];
69
            }
70
        }
71
        return implode(',', array_unique($aRetval));
72
    }
73

    
74
  /**
75
   * Created parse_url utf-8 compatible function
76
   *
77
   * @param string $url The string to decode
78
   * @return array Associative array containing the different components
79
   *
80
   */
81
    public function mb_parse_url( $url)
82
    {
83
      $encodedUrl = preg_replace_callback( '%[^:/?#&=\.]+%usD', create_function( '$aMatches',
84
        ';return urlencode($aMatches[0]);'), /*                                   'urlencode(\'$0\')', */ $url);
85
      $components = parse_url( $encodedUrl);
86
      foreach ( $components as &$component) $component = urldecode( $component);
87
      return $components;
88
    }
89
/* ****************
90
 * check if one or more group_ids are in both group_lists
91
 *
92
 * @access public
93
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
94
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
95
 * @param array &$matches: an array-var whitch will return possible matches
96
 * @return bool: true there is a match, otherwise false
97
 */
98
    public function is_group_match($mGroupsList1 = '', $mGroupsList2 = '', &$matches = null)
99
    {
100
        if ($mGroupsList1 == '' || $mGroupsList2 == '') { return false; }
101
        if (!is_array($mGroupsList1)) {
102
            $mGroupsList1 = preg_split('/[\s,=+\-\;\:\.\|]+/', $mGroupsList1, -1, PREG_SPLIT_NO_EMPTY);
103
        }
104
        if (!is_array($mGroupsList2)) {
105
            $mGroupsList2 = preg_split('/[\s,=+\-\;\:\.\|]+/', $mGroupsList2, -1, PREG_SPLIT_NO_EMPTY);
106
        }
107
        $matches = array_intersect($mGroupsList1, $mGroupsList2);
108
        return (sizeof($matches) != 0);
109
    }
110
/**
111
 * @param mixed $groups_list is an array or a coma seperated list of group-ids
112
 * @return bool: true if current user is member of one of this groups or its the superadmin
113
 */
114
    public function ami_group_member( $groups_list = '' )
115
    {
116
        return ($this->get_user_id() == 1) || $this->is_group_match( $groups_list, $this->get_groups_id());
117
    }
118

    
119
/**
120
 * Alias for isPageVisible()
121
 * @param mixed $mPage  can be a integer (PageId) or an array
122
 * @return bool
123
 * @deprecated since 2.10.0
124
 */
125

    
126
    public function page_is_visible($mPage)
127
    {
128
        // get PageId from array or object
129
        if (is_array($mPage)) {
130
            $iPageId = (int) $mPage['page_id'];
131
        } elseif (is_integer($mPage)) {
132
            $iPageId = $mPage;
133
        } else {
134
            $iPageId = 0;
135
        }
136
        return $this->isPageVisible($iPageId);
137
    }
138

    
139
/**
140
 * isViewingPageAllowed
141
 * @param int $iPageId
142
 * @param int $iOtherUserId  (optional) test for other then current user
143
 * @return bool
144
 * @description if current user has permission to see this page
145
 *   the visibility logic follows this scheme:
146
 *   false : ([none] | [deleted])
147
 *   false : ([private] | [registered]) and [not authenticated]
148
 *   true  : ([private] | [registered]) and [authenticated]
149
 *   true  : [public] | [hidden]
150
 */
151
    public function isPageVisible($iPageId, $iOtherUserId = null)
152
    {
153
        try {
154
            // sanitize optional user_id
155
            if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
156
                $iUserId = (int) ($iOtherUserId ?? $this->get_user_id());
157
            } else {
158
                $iUserId = (int) (isset($iOtherUserId) ? $iOtherUserId : $this->get_user_id());
159
            }
160
            // get this page record
161
            $sql = 'SELECT * FROM `'.$this->oDb->sTablePrefix.'pages` '
162
                 . 'WHERE `page_id`='.$iPageId;
163
            $oRecords = $this->oDb->query($sql);
164
            if (!($oPage = $oRecords->fetchObject())) {
165
                throw new InvalidArgumentException('request not existing PageId ['.$iPageId.']');
166
            }
167
            //
168
            switch ($oPage->visibility) {
169
                case 'hidden':
170
                case 'public':
171
                    $bRetval = true;
172
                    break;
173
                case 'private':
174
                case 'registered':
175
                    if (($bRetval = $this->is_authenticated())) {
176
                        $bRetval = (
177
                            $this->ami_group_member($oPage->viewing_groups) ||
178
                            $this->is_group_match($iUserId, $oPage->viewing_users)
179
                        );
180
                    }
181
                    break;
182
                default:
183
                    $bRetval = false;
184
                    break;
185
            }
186
        } catch(Exception $e) {
187
            $bRetval = false;
188
        }
189
        return $bRetval;
190
    }
191
/**
192
 * Alias for isPageActive()
193
 * @param mixed $mPage  can be a integer (PageId) or an array
194
 * @return bool  true if at least one active section is found
195
 * @deprecated since 2.10.0
196
 */
197
    public function page_is_active($mPage)
198
    {
199
        // get PageId from array
200
        if (is_array($mPage)) {
201
            $iPageId = $mPage['page_id'];
202
        } elseif (is_integer($mPage)) {
203
            $iPageId = $mPage;
204
        } else {
205
            $iPageId = 0;
206
        }
207
        return $this->isPageActive($iPageId);
208
    }
209
/**
210
 * Check if there is at least one active section on this page
211
 * @param int $iPageId
212
 * @return bool  true if at least one active section is found
213
 */
214

    
215
    public function isPageActive($iPageId)
216
    {
217
        try {
218
            // seach for active sections in this page
219
            $iNow = time();
220
            $sql = 'SELECT COUNT(*) FROM `'.$this->oDb->sTablePrefix.'sections` '
221
                 . 'WHERE `page_id`='.(int) $iPageId.' AND '
222
                 .       '('.$iNow.' BETWEEN `publ_start` AND `publ_end`) OR '
223
                 .       '('.$iNow.' > `publ_start` AND `publ_end`=0) ';
224
            $bRetval = (bool) $this->oDb->get_one($sql);
225
        } catch (Exception $e) {
226
            $bRetval = false;
227
        }
228
        return $bRetval;
229
    }
230

    
231
    // Check whether we should show a page or not (for front-end)
232
    public function show_page($mPage)
233
    {
234
        $retval = ($this->page_is_visible($mPage) && $this->page_is_active($mPage));
235
        return $retval;
236
    }
237

    
238
    // Check if the user is already authenticated or not
239
    public function is_authenticated() {
240
        $retval = (
241
            isset($_SESSION['USER_ID']) AND
242
            $_SESSION['USER_ID'] != "" AND
243
            is_numeric($_SESSION['USER_ID'])
244
        );
245
        return (bool) $retval;
246
    }
247

    
248
    // Modified addslashes function which takes into account magic_quotes
249
    public function add_slashes($input) {
250
        if( get_magic_quotes_gpc() || (!is_string($input)) ) {
251
            return $input;
252
        }
253
        return addslashes($input);
254
    }
255

    
256
    // Ditto for stripslashes
257
    // Attn: this is _not_ the counterpart to $this->add_slashes() !
258
    // Use stripslashes() to undo a preliminarily done $this->add_slashes()
259
    // The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
260
    public function strip_slashes($input) {
261
        if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
262
            return $input;
263
        }
264
        return stripslashes($input);
265
    }
266

    
267
    // Escape backslashes for use with mySQL LIKE strings
268
    public function escape_backslashes($input) {
269
        return str_replace("\\","\\\\",$input);
270
    }
271

    
272
    public function page_link($link){
273
        // Check for :// in the link (used in URL's) as well as mailto:
274
        if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
275
            return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
276
        } else {
277
            return $link;
278
        }
279
    }
280

    
281
    // Get POST data
282
    public function get_post($field) {
283
        return (isset($_POST[$field]) ? $_POST[$field] : null);
284
    }
285

    
286
    // Get POST data and escape it
287
    public function get_post_escaped($field) {
288
        $result = $this->get_post($field);
289
        return (is_null($result)) ? null : $this->add_slashes($result);
290
    }
291

    
292
    // Get GET data
293
    public function get_get($field) {
294
        return (isset($_GET[$field]) ? $_GET[$field] : null);
295
    }
296

    
297
    // Get SESSION data
298
    public function get_session($field) {
299
        return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
300
    }
301

    
302
    // Get SERVER data
303
    public function get_server($field) {
304
        return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
305
    }
306

    
307
    // Get the current users id
308
    public function get_user_id() {
309
        return $this->get_session('USER_ID');
310
    }
311

    
312
    // Get the current users group id
313
    public function get_group_id() {
314
        return $this->get_session('GROUP_ID');
315
    }
316

    
317
    // Get the current users group ids
318
    public function get_groups_id() {
319
        return explode(",", $this->get_session('GROUPS_ID'));
320
    }
321

    
322
    // Get the current users group name
323
    public function get_group_name() {
324
        return implode(",", $this->get_session('GROUP_NAME'));
325
    }
326

    
327
    // Get the current users group name
328
    public function get_groups_name() {
329
        return $this->get_session('GROUP_NAME');
330
    }
331

    
332
    // Get the current users username
333
    public function get_username() {
334
        return $this->get_session('USERNAME');
335
    }
336

    
337
    // Get the current users display name
338
    public function get_display_name() {
339
        return $this->get_session('DISPLAY_NAME');
340
    }
341

    
342
    // Get the current users email address
343
    public function get_email() {
344
        return $this->get_session('EMAIL');
345
    }
346

    
347
    // Get the current users home folder
348
    public function get_home_folder() {
349
        return $this->get_session('HOME_FOLDER');
350
    }
351

    
352
    // Get the current users timezone
353
    public function get_timezone() {
354
        return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
355
    }
356

    
357
    // Validate supplied email address
358
    public function validate_email($email) {
359
        if(function_exists('idn_to_ascii')){ /* use pear if available */
360
            $email = idn_to_ascii($email);
361
        }else {
362
            require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
363
            $IDN = new idna_convert();
364
            $email = $IDN->encode($email);
365
            unset($IDN);
366
        }
367
        // regex from NorHei 2011-01-11
368
        $retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
369
        return ($retval != false);
370
    }
371
  /**
372
   * replace header('Location:...  with new method
373
   * if header send failed you get a manuell redirected link, so script don't break
374
   *
375
   * @param string $location, redirected url
376
   * @return void
377
   */
378
    public function send_header( $location)
379
    {
380
      if( !headers_sent()) {
381
        header( 'Location: '.$location);
382
        exit( 0);
383
      } else {
384

    
385
        //            $aDebugBacktrace = debug_backtrace();
386
        //            array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
387
        $msg = "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n".
388
          "Please click <a style=\"font-weight:bold;\" "."href=\"".$location."\">on this link</a> to continue!</p></div>\n";
389
        throw new Exception( $msg);
390
      }
391
    }
392

    
393
/* ****************
394
 * set one or more bit in a integer value
395
 *
396
 * @access public
397
 * @param int $value: reference to the integer, containing the value
398
 * @param int $bits2set: the bitmask witch shall be added to value
399
 * @return void
400
 */
401
    public function bit_set( &$value, $bits2set )
402
    {
403
        $value |= $bits2set;
404
    }
405

    
406
/* ****************
407
 * reset one or more bit from a integer value
408
 *
409
 * @access public
410
 * @param int $value: reference to the integer, containing the value
411
 * @param int $bits2reset: the bitmask witch shall be removed from value
412
 * @return void
413
 */
414
    public function bit_reset( &$value, $bits2reset)
415
    {
416
        $value &= ~$bits2reset;
417
    }
418

    
419
/* ****************
420
 * check if one or more bit in a integer value are set
421
 *
422
 * @access public
423
 * @param int $value: reference to the integer, containing the value
424
 * @param int $bits2set: the bitmask witch shall be added to value
425
 * @return void
426
 */
427
    public function bit_isset( $value, $bits2test )
428
    {
429
        return (($value & $bits2test) == $bits2test);
430
    }
431

    
432
    // Print a success message which then automatically redirects the user to another page
433
    public function print_success( $message, $redirect = 'index.php' ) {
434
        global $TEXT;
435
        if(is_array($message)) {
436
           $message = implode ('<br />',$message);
437
        }
438
        // fetch redirect timer for sucess messages from settings table
439
        $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
440
        // add template variables
441
        // Setup template object, parse vars to it, then parse it
442
        $tpl = new Template(dirname($this->correct_theme_source('success.htt')));
443
        $tpl->set_file( 'page', 'success.htt' );
444
        $tpl->set_block( 'page', 'main_block', 'main' );
445
        $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
446
        $tpl->set_var( 'MESSAGE', $message );
447
        $tpl->set_var( 'REDIRECT', $redirect );
448
        $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
449
        $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
450
        $tpl->set_var( 'BACK', $TEXT['BACK'] );
451
        if ($redirect_timer == -1) {
452
            $tpl->set_block( 'show_redirect', '' );
453
        }
454
        else {
455
            $tpl->parse( 'show_redirect', 'show_redirect_block', true );
456
        }
457
        $tpl->parse( 'main', 'main_block', false );
458
        $tpl->pparse( 'output', 'page' );
459
    }
460

    
461
    // Print an error message
462
    public function print_error($message, $link = 'index.php', $auto_footer = true) {
463
        global $TEXT;
464
        if(is_array($message)) {
465
           $message = implode ('<br />',$message);
466
        }
467
        // Setup template object, parse vars to it, then parse it
468
        $success_template = new Template(dirname($this->correct_theme_source('error.htt')));
469
        $success_template->set_file('page', 'error.htt');
470
        $success_template->set_block('page', 'main_block', 'main');
471
        $success_template->set_var('MESSAGE', $message);
472
        $success_template->set_var('LINK', $link);
473
        $success_template->set_var('BACK', $TEXT['BACK']);
474
        $success_template->parse('main', 'main_block', false);
475
        $success_template->pparse('output', 'page');
476
        if ( $auto_footer == true ) {
477
            if ( method_exists($this, "print_footer") ) {
478
                $this->print_footer();
479
            }
480
        }
481
        exit();
482
    }
483

    
484
  /*
485
  * @param string $message: the message to format
486
  * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
487
  * @return string: the html-formatted message (using template 'message.htt')
488
  */
489
  public function format_message( $message, $status = 'ok')
490
  {
491
    $retval = '';
492
//    if ( ($message == '') ) { return $retval; }
493
    $id = uniqid( 'x');
494
    $tpl = new Template( dirname( $this->correct_theme_source( 'message.htt')));
495
    $tpl->set_file( 'page', 'message.htt');
496
    $tpl->set_block( 'page', 'main_block', 'main');
497
    $tpl->set_var( 'MESSAGE', $message);
498
    $tpl->set_var( 'THEME_URL', THEME_URL);
499
    $tpl->set_var( 'ID', $id);
500
    if( $status == 'ok' || $status == 'error' || $status = 'warning') {
501
      $tpl->set_var( 'BOX_STATUS', ' box-'.$status);
502
    } else {
503
      $tpl->set_var( 'BOX_STATUS', '');
504
    }
505
    $tpl->set_var( 'STATUS', $status);
506
    if( !defined( 'REDIRECT_TIMER')) {
507
      define( 'REDIRECT_TIMER', -1);
508
    }
509
    if( $status != 'error') {
510
      switch ( REDIRECT_TIMER):
511
        case 0: // do not show message
512
          unset( $tpl);
513
          break;
514
        case - 1: // show message permanently
515
          $tpl->parse( 'main', 'main_block', false);
516
          $retval = $tpl->finish( $tpl->parse( 'output', 'page', false));
517
          unset( $tpl);
518
          break;
519
        default: // hide message after REDIRECTOR_TIMER milliseconds
520
          $retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
521
            'document.getElementById(\''.$id.'\').style.display = \'none\';}'.'window.setTimeout(\''.$id.
522
            '_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
523
          $tpl->parse( 'main', 'main_block', false);
524
          $retval = $tpl->finish( $tpl->parse( 'output', 'page', false)).$retval;
525
          unset( $tpl);
526
      endswitch;
527
    } else {
528
      $tpl->parse( 'main', 'main_block', false);
529
      $retval = $tpl->finish( $tpl->parse( 'output', 'page', false)).$retval;
530
      unset( $tpl);
531
    }
532
    return $retval;
533
  }
534

    
535
  /*
536
  * @param string $type: 'locked'(default)  or 'new'
537
  * @return void: terminates application
538
  * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
539
  *               'new' >> Show 'new site under construction'(former print_under_construction)
540
  */
541
  public function ShowMaintainScreen( $type = 'locked')
542
  {
543
    global $database, $MESSAGE;
544
    $LANGUAGE = strtolower( ( isset( $_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE));
545
    $PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
546
    $PAGE_ICON = 'negative';
547
    $show_screen = false;
548
    if( $type == 'locked') {
549
      $curr_user = ( intval( isset( $_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0));
550
      if( ( defined( 'SYSTEM_LOCKED') && ( int)SYSTEM_LOCKED == 1) && ( $curr_user != 1)) {
551
        header( $_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
552
        // first kick logged users out of the system
553
        // delete all remember keys from table 'user' except user_id=1
554
        $sql = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
555
        $sql .= 'WHERE `user_id`<>1';
556
        $database->query( $sql);
557
        // delete remember key-cookie if set
558
        if( isset( $_COOKIE['REMEMBER_KEY'])) {
559
          setcookie( 'REMEMBER_KEY', '', time() - 3600, '/');
560
        }
561
        // overwrite session array
562
        $_SESSION = array();
563
        // delete session cookie if set
564
        if( ini_get( "session.use_cookies")) {
565
          $params = session_get_cookie_params();
566
          setcookie( session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"],
567
            $params["httponly"]);
568
        }
569
        // delete the session itself
570
        session_destroy();
571
        $PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
572
        $PAGE_ICON = 'system';
573
        $show_screen = true;
574
      }
575
    } else {
576
      header( $_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
577
      $show_screen = true;
578
    }
579
    if( $show_screen) {
580
      $sMaintanceFile = $this->correct_theme_source( 'maintenance.htt');
581
      if( file_exists( $sMaintanceFile)) {
582
        $tpl = new Template( dirname( $sMaintanceFile));
583
        $tpl->set_file( 'page', 'maintenance.htt');
584
        $tpl->set_block( 'page', 'main_block', 'main');
585
        if( defined( 'DEFAULT_CHARSET')) {
586
          $charset = DEFAULT_CHARSET;
587
        } else {
588
          $charset = 'utf-8';
589
        }
590
        $tpl->set_var( 'PAGE_TITLE', $PAGE_TITLE);
591
        $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON']);
592
        $tpl->set_var( 'CHARSET', $charset);
593
        $tpl->set_var( 'WB_URL', WB_URL);
594
        $tpl->set_var( 'BE_PATIENT', $MESSAGE['GENERIC_BE_PATIENT']);
595
        $tpl->set_var( 'THEME_URL', THEME_URL);
596
        $tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
597
        $tpl->set_var( 'LANGUAGE', $LANGUAGE);
598
        $tpl->parse( 'main', 'main_block', false);
599
        $tpl->pparse( 'output', 'page');
600
        exit();
601
      } else {
602
        require_once ( WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
603
        echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
604
            <head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
605
            <style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.
606
          WB_URL.'/templates/'.DEFAULT_THEME.
607
          '/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
608
            h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
609
            <br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
610
            '.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
611
      }
612
      flush();
613
      exit();
614
    }
615
  }
616

    
617
    /**
618
     * wb::mail()
619
     *
620
     * @param string $sFromAddress
621
     * @param string $toAddress, comma sepated list of adresses
622
     * @param string $sSubject
623
     * @param string $sMessage
624
     * @param string $sFromname
625
     * @param string $toName
626
     * @param string $sReplyTo
627
     * @param string $sReplyToName
628
     * @param string $sMessagePath
629
     * @param array  $aAttachment=array (
630
     *                            'File to the attachment',
631
     *                             )
632
     * @return
633
     */
634
    public function mail(
635
                    $sFromAddress,
636
                    $toAddress,
637
                    $sSubject,
638
                    $sMessage,
639
                    $sFromname='',
640
                    $toName='',
641
                    $sReplyToAddress='',
642
                    $sReplyToName='',
643
                    $sMessagePath='',
644
                    $aAttachment=null
645
                    ) {
646

    
647
        $aParameters      = array();
648
        $aFromAddress     = array();
649
        $aToAddress       = array();
650
        $aReplyToAddress  = array();
651

    
652
        // Strip breaks and trim
653
        if ($sFromname!='') {
654
            $sFromname    = preg_replace( "/[^a-z0-9 !?:;,.\/_\-=+@#$&\*\(\)]/im", "", $sFromname );
655
            $sFromname    = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $sFromname );
656
        }
657
        $sFromAddress     = trim(preg_replace('/[\r\n]/', '', $sFromAddress));
658

    
659
        if ($toName!='') {
660
            $toName       = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $toName );
661
        }
662
        $toAddress        = trim(preg_replace('/[\r\n]/', '', $toAddress));
663

    
664
        if ($sReplyToName!='') {
665
            $sReplyToName = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $sReplyToName );
666
        }
667
        //Set who the message is to be sent from
668
        $sReplyToAddress  = trim(preg_replace('/[\r\n]/', '', $sReplyToAddress));
669
        $sReplyToAddress  = ( ($sReplyToAddress=='')?$toAddress:$sReplyToAddress );
670

    
671
        $sSubject         = trim(preg_replace('/[\r\n]/', '', $sSubject));
672
        // sanitize parameter to prevent injection
673
        $sMessage         = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $sMessage );
674

    
675
        // create PHPMailer object and define default settings
676
        $myMail = new wbmailer(true);
677

    
678
        try {
679
            $html   =  preg_replace('/[\n\r]/', '',nl2br($this->StripCodeFromText($sMessage)));
680
            $plain  = $myMail->html2text($html);
681

    
682
            // convert commaseperated toAdresses List to an array
683
            $aToAddress = $myMail->parseAddresses( $toAddress, false );
684

    
685
            if ($sFromAddress!='') {
686
            // set user defined from address
687
                $myMail->setFrom($sFromAddress, $sFromname);
688
            // set user defined to address
689
                $myMail->AddAddress($toAddress, $toName);
690
            // set user defined to ReplyTo
691
                if ($sReplyToAddress!='') {$myMail->addReplyTo($sReplyToAddress, $sReplyToName);}
692
            }
693

    
694
    //Set the subject line
695
            $myMail->Subject = $sSubject;
696

    
697
            $myMail->wrapText($html, 80);
698

    
699
    //Read an HTML message body from an external file, convert referenced images to embedded,
700
    //convert HTML into a basic plain-text alternative body
701
            $myMail->msgHTML( $html, $sMessagePath, true);
702

    
703
            if( is_array( $aAttachment )) {
704
                foreach($aAttachment as $sFile) {
705
                    $myMail->AddAttachment( $sFile );
706
                }
707
            }
708

    
709
            if( $myMail->getReplyToAddresses() ) { }
710
    //send the message, check for errors
711
            $myMail->Send();
712
            return true;
713
        } catch (phpmailerException $e) {
714
            echo $e->errorMessage(); //Pretty error messages from PHPMailer
715
        } catch (Exception $e) {
716
            echo $e->getMessage(); //Boring error messages from anything else!
717
        }
718

    
719
    }
720

    
721
/*--------------------------------------------------------------------------------------------*/
722
    // Validate send email
723
    public function _mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
724
/*
725
    INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
726
    SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
727
    NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
728

    
729
    NOTE:
730
    To use SMTP for sending out mails, you have to specify the SMTP host of your domain
731
    via the Settings panel in the backend of Website Baker
732
*/
733

    
734
        $fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
735
        $toaddress = preg_replace('/[\r\n]/', '', $toaddress);
736
        $subject = preg_replace('/[\r\n]/', '', $subject);
737
        // $message_alt = $message;
738
        // $message = preg_replace('/[\r\n]/', '<br \>', $message);
739

    
740
        // create PHPMailer object and define default settings
741
        $myMail = new wbmailer();
742
        // set user defined from address
743
        if ($fromaddress!='') {
744
            if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
745
            $myMail->From = $fromaddress;                     // FROM:
746
            $myMail->AddReplyTo($fromaddress);                // REPLY TO:
747
        }
748
        // define recepient and information to send out
749
        $myMail->AddAddress($toaddress);                      // TO:
750
        $myMail->Subject = $subject;                          // SUBJECT
751
        $myMail->Body = nl2br($message);                      // CONTENT (HTML)
752
        $myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
753
        // check if there are any send mail errors, otherwise say successful
754
        if (!$myMail->Send()) {
755
            return false;
756
        } else {
757
            return true;
758
        }
759
    }
760

    
761
 /**
762
  * checks if there is an alternative Theme template
763
  *
764
  * @param string $sThemeFile set the template.htt
765
  * @return string the relative theme path
766
  *
767
  */
768
    public function correct_theme_source($sThemeFile = 'start.htt') {
769
    $sRetval = $sThemeFile;
770
    if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
771
        $sRetval = THEME_PATH.'/templates/'.$sThemeFile;
772
    } else {
773
        if (is_readable(ADMIN_PATH.'/themes/templates/'.$sThemeFile )) {
774
        $sRetval = ADMIN_PATH.'/themes/templates/'.$sThemeFile;
775
        } else {
776
            throw new InvalidArgumentException('missing template file '.$sThemeFile);
777
        }
778
    }
779
    return $sRetval;
780
    }
781

    
782
    /**
783
     * Check if a foldername doesn't have invalid characters
784
     *
785
     * @param String $str to check
786
     * @return Bool
787
     */
788
    public function checkFolderName($str){
789
        return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
790
    }
791

    
792
    /**
793
     * Check the given path to make sure current path is within given basedir
794
     * normally document root
795
     *
796
     * @param String $sCurrentPath
797
     * @param String $sBaseDir
798
     * @return $sCurrentPath or FALSE
799
     */
800
    public function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
801
        // Clean the cuurent path
802
        $sCurrentPath = rawurldecode($sCurrentPath);
803
        $sCurrentPath = realpath($sCurrentPath);
804
        $sBaseDir = realpath($sBaseDir);
805
        // $sBaseDir needs to exist in the $sCurrentPath
806
        $pos = stripos ($sCurrentPath, $sBaseDir );
807

    
808
        if ( $pos === FALSE ){
809
            return false;
810
        } elseif( $pos == 0 ) {
811
            return $sCurrentPath;
812
        } else {
813
            return false;
814
        }
815
    }
816

    
817
/**
818
 * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
819
 * and return the cleaned string
820
 *
821
 * @param string $sValue
822
 * @returns
823
 *    false: if @param is not a string
824
 *    string: cleaned string
825
 */
826
    public function StripCodeFromText($mText, $iFlags = Sanitize::REMOVE_DEFAULT )
827
    {
828
        if (!class_exists('Sanitize')) { include __DIR__.'/Sanitize.php'; }
829
        return Sanitize::StripFromText($mText, $iFlags);
830
    }
831

    
832
  /**
833
   * ReplaceAbsoluteMediaUrl
834
   * @param string $sContent
835
   * @return string
836
   * @description Replace URLs witch are pointing into MEDIA_DIRECTORY with an URL
837
   *              independend placeholder
838
   */
839
/*
840
  public function ReplaceAbsoluteMediaUrl( $sContent)
841
  {
842
//    $oReg = WbAdaptor::getInstance();
843
    if( ini_get( 'magic_quotes_gpc') == true) {
844
      $sContent = $this->strip_slashes( $sContent);
845
    }
846
    if( is_string( $sContent)) {
847
      $sRelUrl = preg_replace('/^https?:\/\/[^\/]+(.*)/is', '\1', WB_URL);
848
      $sDocumentRootUrl = str_replace($sRelUrl, '', WB_URL);
849
      $sMediaUrl = WB_URL.MEDIA_DIRECTORY.'/';
850
      $aSearchfor = array(
851
          '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).
852
          ')([^">]*".*>)@siU', '@(<[^>]*=\s*")('.preg_quote( WB_URL.'/').')([^">]*".*>)@siU',
853
          '/(<[^>]*?=\s*\")(\/+)([^\"]*?\"[^>]*?)/is',
854
          '/(<[^>]*=\s*")('.preg_quote($sMediaUrl, '/').')([^">]*".*>)/siU'
855
          );
856
      $aReplacements = array( '$1{SYSVAR:AppUrl.MediaDir}$3', '$1{SYSVAR:AppUrl}$3','\1'.$sDocumentRootUrl.'/\3','$1{SYSVAR:MEDIA_REL}$3' );
857
      $sContent = preg_replace( $aSearchfor, $aReplacements, $sContent);
858
    }
859
    return $sContent;
860
  }
861
  public function OldReplaceAbsoluteMediaUrl( $sContent)
862
  {
863
    $sRelUrl = preg_replace('/^https?:\/\/[^\/]+(.*)/is', '\1', WB_URL);
864
    $sDocumentRootUrl = str_replace($sRelUrl, '', WB_URL);
865
    $sMediaUrl = WB_URL.MEDIA_DIRECTORY;
866
    $aPatterns = array(
867
        '/(<[^>]*?=\s*\")(\/+)([^\"]*?\"[^>]*?)/is',
868
        '/(<[^>]*=\s*")('.preg_quote($sMediaUrl, '/').')([^">]*".*>)/siU'
869
    );
870
    $aReplacements = array(
871
        '\1'.$sDocumentRootUrl.'/\3',
872
        '$1{SYSVAR:MEDIA_REL}$3'
873
    );
874
    $content = preg_replace($aPatterns, $aReplacements, $content);
875
    return $sContent;
876
  }
877
*/
878

    
879
/**
880
 * get all defined variables from an info.php file
881
 * @param string $sFilePath  full path and filename
882
 * @return array containing all settings (empty array on error)
883
 */
884
    public function getContentFromInfoPhp($sFilePath)
885
    {
886
        $aInfo = array();
887
        if (is_readable($sFilePath)) {
888
            $aOldVars = array();
889
            $aOldVars = get_defined_vars();
890
            include $sFilePath;
891
            $aNewVars = get_defined_vars();
892
            $aInfo = array_diff_key($aNewVars, $aOldVars);
893
            $aCommon = array();
894
            foreach ($aInfo as $key => $val) {
895
                if (is_array($val)) { continue; }
896
                $sShortKey = str_replace(array('template_', 'module_'), '', $key);
897
                $aCommon[$sShortKey] = $val;
898
                unset($aInfo[$key]);
899
            }
900
            $aInfo['common'] = $aCommon;
901
        }
902
        return $aInfo;
903
    } // end of getContentFromInfoPhp()
904
}
(19-19/27)