Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2010, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 4.3.4 and higher
13
 * @version         $Id: class.wb.php 1277 2010-01-28 05:18:18Z Luisehahne $
14
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18

    
19
// Include PHPLIB template class
20
require_once(WB_PATH."/include/phplib/template.inc");
21

    
22
require_once(WB_PATH.'/framework/class.database.php');
23

    
24
// Include new wbmailer class (subclass of PHPmailer)
25
require_once(WB_PATH."/framework/class.wbmailer.php");
26

    
27
class wb
28
{
29
	// General initialization function 
30
	// performed when frontend or backend is loaded.
31
	function wb() {
32
	}
33

    
34
	// Check whether a page is visible or not.
35
	// This will check page-visibility and user- and group-rights.
36
	/* page_is_visible() returns
37
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
38
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
39
	*/
40
	function page_is_visible($page)
41
    {
42
		$show_it = false; // shall we show the page?
43
		$page_id = $page['page_id'];
44
		$visibility = $page['visibility'];
45
		$viewing_groups = $page['viewing_groups'];
46
		$viewing_users = $page['viewing_users'];
47

    
48
		// First check if visibility is 'none', 'deleted'
49
		if($visibility == 'none')
50
        {
51
			return(false);
52
		} elseif($visibility == 'deleted')
53
        {
54
			return(false);
55
		}
56

    
57
		// Now check if visibility is 'hidden', 'private' or 'registered'
58
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
59
			$show_it = true;
60
		} elseif($visibility == 'private' || $visibility == 'registered')
61
        {
62
			// Check if the user is logged in
63
			if($this->is_authenticated() == true)
64
            {
65
				// Now check if the user has perms to view the page
66
				$in_group = false;
67
				foreach($this->get_groups_id() as $cur_gid)
68
                {
69
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
70
                    {
71
				        $in_group = true;
72
				    }
73
				}
74
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
75
					$show_it = true;
76
				} else {
77
					$show_it = false;
78
				}
79
			} else {
80
				$show_it = false;
81
			}
82
		} elseif($visibility == 'public') {
83
			$show_it = true;
84
		} else {
85
			$show_it = false;
86
		}
87
		return($show_it);
88
	}
89
	// Check if there is at least one active section on this page
90
	function page_is_active($page)
91
    {
92
		global $database;
93
		$has_active_sections = false;
94
		$page_id = $page['page_id'];
95
		$now = time();
96
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
97
		if($query_sections->numRows() != 0)
98
        {
99
			while($section = $query_sections->fetchRow())
100
            {
101
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
102
                {
103
					$has_active_sections = true;
104
					break;
105
				}
106
			}
107
		}
108
		return($has_active_sections);
109
	}
110

    
111
	// Check whether we should show a page or not (for front-end)
112
	function show_page($page)
113
    {
114
		if($this->page_is_visible($page) && $this->page_is_active($page))
115
        {
116
			return true;
117
		} else {
118
			return false;
119
		}
120
	}
121

    
122
	// Check if the user is already authenticated or not
123
	function is_authenticated() {
124
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
125
        {
126
			return true;
127
		} else {
128
			return false;
129
		}
130
	}
131

    
132
	// Modified addslashes function which takes into account magic_quotes
133
	function add_slashes($input) {
134
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
135
			return $input;
136
		}
137
		$output = addslashes($input);
138
		return $output;
139
	}
140

    
141
	// Ditto for stripslashes
142
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
143
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
144
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
145
	function strip_slashes($input) {
146
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
147
			return $input;
148
		}
149
		$output = stripslashes($input);
150
		return $output;
151
	}
152

    
153
	// Escape backslashes for use with mySQL LIKE strings
154
	function escape_backslashes($input) {
155
		return str_replace("\\","\\\\",$input);
156
	}
157

    
158
	function page_link($link){
159
		// Check for :// in the link (used in URL's) as well as mailto:
160
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
161
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
162
		} else {
163
			return $link;
164
		}
165
	}
166
	
167
	// Get POST data
168
	function get_post($field) {
169
		if(isset($_POST[$field])) {
170
			return $_POST[$field];
171
		} else {
172
			return null;
173
		}
174
	}
175

    
176
	// Get POST data and escape it
177
	function get_post_escaped($field) {
178
		$result = $this->get_post($field);
179
		return (is_null($result)) ? null : $this->add_slashes($result);
180
	}
181
	
182
	// Get GET data
183
	function get_get($field) {
184
		if(isset($_GET[$field])) {
185
			return $_GET[$field];
186
		} else {
187
			return null;
188
		}
189
	}
190

    
191
	// Get SESSION data
192
	function get_session($field) {
193
		if(isset($_SESSION[$field])) {
194
			return $_SESSION[$field];
195
		} else {
196
			return null;
197
		}
198
	}
199

    
200
	// Get SERVER data
201
	function get_server($field) {
202
		if(isset($_SERVER[$field])) {
203
			return $_SERVER[$field];
204
		} else {
205
			return null;
206
		}
207
	}
208

    
209
	// Get the current users id
210
	function get_user_id() {
211
		return $_SESSION['USER_ID'];
212
	}
213

    
214
	// Get the current users group id
215
	function get_group_id() {
216
		return $_SESSION['GROUP_ID'];
217
	}
218

    
219
	// Get the current users group ids
220
	function get_groups_id() {
221
		return explode(",", $_SESSION['GROUPS_ID']);
222
	}
223

    
224
	// Get the current users group name
225
	function get_group_name() {
226
		return implode(",", $_SESSION['GROUP_NAME']);
227
	}
228

    
229
	// Get the current users group name
230
	function get_groups_name() {
231
		return $_SESSION['GROUP_NAME'];
232
	}
233

    
234
	// Get the current users username
235
	function get_username() {
236
		return $_SESSION['USERNAME'];
237
	}
238

    
239
	// Get the current users display name
240
	function get_display_name() {
241
		return ($_SESSION['DISPLAY_NAME']);
242
	}
243

    
244
	// Get the current users email address
245
	function get_email() {
246
		return $_SESSION['EMAIL'];
247
	}
248

    
249
	// Get the current users home folder
250
	function get_home_folder() {
251
		return $_SESSION['HOME_FOLDER'];
252
	}
253

    
254
	// Get the current users timezone
255
	function get_timezone() {
256
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
257
			return $_SESSION['TIMEZONE'];
258
		} else {
259
			return '-72000';
260
		}
261
	}
262

    
263
	// Validate supplied email address
264
	function validate_email($email) {
265
		if(preg_match('/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$/', $email)) {
266
		return true;
267
		} else {
268
			return false;
269
		}
270
	}
271

    
272
	// Print a success message which then automatically redirects the user to another page
273
	function print_success($message, $redirect = 'index.php') {
274
		global $TEXT, $database;
275
		
276
		// fetch redirect timer for sucess messages from settings table
277
		$table = TABLE_PREFIX . 'settings';
278
		$results = @$database->get_one("SELECT `value` FROM `$table` WHERE `name` = 'redirect_timer'");
279
		$redirect_timer = ($results) ? $results : '1500';
280

    
281
		// add template variables
282
		$success_template = new Template(THEME_PATH.'/templates');
283
		$success_template->set_file('page', 'success.htt');
284
		$success_template->set_block('page', 'main_block', 'main');
285
		$success_template->set_var('MESSAGE', $message);
286
		$success_template->set_var('REDIRECT', $redirect);
287
		$success_template->set_var('REDIRECT_TIMER', $redirect_timer);
288
		$success_template->set_var('NEXT', $TEXT['NEXT']);
289
		$success_template->parse('main', 'main_block', false);
290
		$success_template->pparse('output', 'page');
291
	}
292
	
293
	// Print an error message
294
	function print_error($message, $link = 'index.php', $auto_footer = true) {
295
		global $TEXT;
296
		$success_template = new Template(THEME_PATH.'/templates');
297
		$success_template->set_file('page', 'error.htt');
298
		$success_template->set_block('page', 'main_block', 'main');
299
		$success_template->set_var('MESSAGE', $message);
300
		$success_template->set_var('LINK', $link);
301
		$success_template->set_var('BACK', $TEXT['BACK']);
302
		$success_template->parse('main', 'main_block', false);
303
		$success_template->pparse('output', 'page');
304
		if ( $auto_footer == true ) {
305
			if ( method_exists($this, "print_footer") ) {
306
				$this->print_footer();
307
			}
308
		}
309
		exit();
310
	}
311

    
312
	// Validate send email
313
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
314
		/* 
315
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
316
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
317
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
318

    
319
			NOTE:
320
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
321
			via the Settings panel in the backend of Website Baker
322
		*/ 
323

    
324
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
325
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
326
		$subject = preg_replace('/[\r\n]/', '', $subject);
327
		$message_alt = $message;
328
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
329
		
330
		// create PHPMailer object and define default settings
331
		$myMail = new wbmailer();
332

    
333
		// set user defined from address
334
		if ($fromaddress!='') {
335
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
336
			$myMail->From = $fromaddress;                            // FROM:
337
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
338
		}
339
		
340
		// define recepient and information to send out
341
		$myMail->AddAddress($toaddress);                            // TO:
342
		$myMail->Subject = $subject;                                // SUBJECT
343
		$myMail->Body = $message;                                   // CONTENT (HTML)
344
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
345
		
346
		// check if there are any send mail errors, otherwise say successful
347
		if (!$myMail->Send()) {
348
			return false;
349
		} else {
350
			return true;
351
		}
352
	}
353

    
354
}
355
?>
(8-8/15)