1
|
<?php
|
2
|
/**
|
3
|
*
|
4
|
* @category framework
|
5
|
* @package frontend
|
6
|
* @author Ryan Djurovich, WebsiteBaker Project
|
7
|
* @copyright WebsiteBaker Org. e.V.
|
8
|
* @link http://websitebaker.org/
|
9
|
* @license http://www.gnu.org/licenses/gpl.html
|
10
|
* @platform WebsiteBaker 2.8.3
|
11
|
* @requirements PHP 5.3.6 and higher
|
12
|
* @version $Id: class.wb.php 2 2017-07-02 15:14:29Z Manuela $
|
13
|
* @filesource $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/branches/main/framework/class.wb.php $
|
14
|
* @lastmodified $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
|
15
|
*
|
16
|
*/
|
17
|
/* -------------------------------------------------------- */
|
18
|
// Must include code to stop this file being accessed directly
|
19
|
if (defined('WB_PATH') == false) { die("Cannot access this file directly"); }
|
20
|
/* -------------------------------------------------------- */
|
21
|
// Include depending classes if needed
|
22
|
if (!class_exists('Template', false)) { require(WB_PATH.'/include/phplib/template.inc'); }
|
23
|
if (!class_exists('database', false)) { require(__DIR__.'/class.database.php'); }
|
24
|
if (!class_exists('wbmailer', false)) { require(__DIR__.'/class.wbmailer.php'); }
|
25
|
if (!class_exists('SecureTokens', false)) { require(__DIR__.'/SecureTokens.php'); }
|
26
|
if (!class_exists('SecureTokensInterface', false)) { require(__DIR__.'/SecureTokensInterface.php'); }
|
27
|
if (!class_exists('Sanitize', false )) { include __DIR__.'/Sanitize.php'; }
|
28
|
|
29
|
class wb extends SecureTokensInterface
|
30
|
{
|
31
|
/**
|
32
|
@var object instance of the database object */
|
33
|
protected $_oDb = null;
|
34
|
protected $oDb = null;
|
35
|
/**
|
36
|
@var object instance holds several values from the application global scope */
|
37
|
protected $_oReg = null;
|
38
|
/**
|
39
|
@var object instance holds all of the translations */
|
40
|
protected $_oTrans = null;
|
41
|
protected $oTrans = null;
|
42
|
|
43
|
// public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:'; // General initialization function
|
44
|
public $password_chars = '[\w!#$%&*+\-.:=?@\|]'; // General initialization function
|
45
|
|
46
|
public function __construct($mode = 0) {
|
47
|
parent::__construct();
|
48
|
$this->oDb = $this->_oDb = $GLOBALS['database'];
|
49
|
$this->oTrans = $this->_oTrans = $GLOBALS['oTrans'];
|
50
|
}
|
51
|
|
52
|
/**
|
53
|
*
|
54
|
*
|
55
|
* @return comma separate list of first visible languages
|
56
|
*
|
57
|
*/
|
58
|
public function getLanguagesInUsed()
|
59
|
{
|
60
|
$aRetval = [];
|
61
|
$sql = 'SELECT DISTINCT `language`, `page_id` '
|
62
|
. 'FROM `'.$this->oDb->sTablePrefix.'pages` '
|
63
|
. 'WHERE `level`=0 AND `visibility` NOT IN(\'none\', \'hidden\') '
|
64
|
. 'ORDER BY `language`, `position`';
|
65
|
if (($oResult = $this->oDb->query($sql))) {
|
66
|
while ( $aRow = $oResult->fetchRow( MYSQLI_ASSOC)) {
|
67
|
if( !$this->isPageVisible($aRow['page_id'])) { continue; }
|
68
|
$aRetval[] = $aRow['language'];
|
69
|
}
|
70
|
}
|
71
|
return implode(',', array_unique($aRetval));
|
72
|
}
|
73
|
|
74
|
/**
|
75
|
* Created parse_url utf-8 compatible function
|
76
|
*
|
77
|
* @param string $url The string to decode
|
78
|
* @return array Associative array containing the different components
|
79
|
*
|
80
|
*/
|
81
|
public function mb_parse_url( $url)
|
82
|
{
|
83
|
$encodedUrl = preg_replace_callback( '%[^:/?#&=\.]+%usD', create_function( '$aMatches',
|
84
|
';return urlencode($aMatches[0]);'), /* 'urlencode(\'$0\')', */ $url);
|
85
|
$components = parse_url( $encodedUrl);
|
86
|
foreach ( $components as &$component) $component = urldecode( $component);
|
87
|
return $components;
|
88
|
}
|
89
|
/* ****************
|
90
|
* check if one or more group_ids are in both group_lists
|
91
|
*
|
92
|
* @access public
|
93
|
* @param mixed $groups_list1: an array or a coma seperated list of group-ids
|
94
|
* @param mixed $groups_list2: an array or a coma seperated list of group-ids
|
95
|
* @param array &$matches: an array-var whitch will return possible matches
|
96
|
* @return bool: true there is a match, otherwise false
|
97
|
*/
|
98
|
public function is_group_match($mGroupsList1 = '', $mGroupsList2 = '', &$matches = null)
|
99
|
{
|
100
|
if ($mGroupsList1 == '' || $mGroupsList2 == '') { return false; }
|
101
|
if (!is_array($mGroupsList1)) {
|
102
|
$mGroupsList1 = preg_split('/[\s,=+\-\;\:\.\|]+/', $mGroupsList1, -1, PREG_SPLIT_NO_EMPTY);
|
103
|
}
|
104
|
if (!is_array($mGroupsList2)) {
|
105
|
$mGroupsList2 = preg_split('/[\s,=+\-\;\:\.\|]+/', $mGroupsList2, -1, PREG_SPLIT_NO_EMPTY);
|
106
|
}
|
107
|
$matches = array_intersect($mGroupsList1, $mGroupsList2);
|
108
|
return (sizeof($matches) != 0);
|
109
|
}
|
110
|
/**
|
111
|
* @param mixed $groups_list is an array or a coma seperated list of group-ids
|
112
|
* @return bool: true if current user is member of one of this groups or its the superadmin
|
113
|
*/
|
114
|
public function ami_group_member( $groups_list = '' )
|
115
|
{
|
116
|
return ($this->get_user_id() == 1) || $this->is_group_match( $groups_list, $this->get_groups_id());
|
117
|
}
|
118
|
|
119
|
/**
|
120
|
* Alias for isPageVisible()
|
121
|
* @param mixed $mPage can be a integer (PageId) or an array
|
122
|
* @return bool
|
123
|
* @deprecated since 2.10.0
|
124
|
*/
|
125
|
|
126
|
public function page_is_visible($mPage)
|
127
|
{
|
128
|
// get PageId from array or object
|
129
|
if (is_array($mPage)) {
|
130
|
$iPageId = (int) $mPage['page_id'];
|
131
|
} elseif (is_integer($mPage)) {
|
132
|
$iPageId = $mPage;
|
133
|
} else {
|
134
|
$iPageId = 0;
|
135
|
}
|
136
|
return $this->isPageVisible($iPageId);
|
137
|
}
|
138
|
|
139
|
/**
|
140
|
* isViewingPageAllowed
|
141
|
* @param int $iPageId
|
142
|
* @param int $iOtherUserId (optional) test for other then current user
|
143
|
* @return bool
|
144
|
* @description if current user has permission to see this page
|
145
|
* the visibility logic follows this scheme:
|
146
|
* false : ([none] | [deleted])
|
147
|
* false : ([private] | [registered]) and [not authenticated]
|
148
|
* true : ([private] | [registered]) and [authenticated]
|
149
|
* true : [public] | [hidden]
|
150
|
*/
|
151
|
public function isPageVisible($iPageId, $iOtherUserId = null)
|
152
|
{
|
153
|
try {
|
154
|
// sanitize optional user_id
|
155
|
if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
|
156
|
$iUserId = (int) ($iOtherUserId ?? $this->get_user_id());
|
157
|
} else {
|
158
|
$iUserId = (int) (isset($iOtherUserId) ? $iOtherUserId : $this->get_user_id());
|
159
|
}
|
160
|
// get this page record
|
161
|
$sql = 'SELECT * FROM `'.$this->oDb->sTablePrefix.'pages` '
|
162
|
. 'WHERE `page_id`='.$iPageId;
|
163
|
$oRecords = $this->oDb->query($sql);
|
164
|
if (!($oPage = $oRecords->fetchObject())) {
|
165
|
throw new InvalidArgumentException('request not existing PageId ['.$iPageId.']');
|
166
|
}
|
167
|
//
|
168
|
switch ($oPage->visibility) {
|
169
|
case 'hidden':
|
170
|
case 'public':
|
171
|
$bRetval = true;
|
172
|
break;
|
173
|
case 'private':
|
174
|
case 'registered':
|
175
|
if (($bRetval = $this->is_authenticated())) {
|
176
|
$bRetval = (
|
177
|
$this->ami_group_member($oPage->viewing_groups) ||
|
178
|
$this->is_group_match($iUserId, $oPage->viewing_users)
|
179
|
);
|
180
|
}
|
181
|
break;
|
182
|
default:
|
183
|
$bRetval = false;
|
184
|
break;
|
185
|
}
|
186
|
} catch(Exception $e) {
|
187
|
$bRetval = false;
|
188
|
}
|
189
|
return $bRetval;
|
190
|
}
|
191
|
/**
|
192
|
* Alias for isPageActive()
|
193
|
* @param mixed $mPage can be a integer (PageId) or an array
|
194
|
* @return bool true if at least one active section is found
|
195
|
* @deprecated since 2.10.0
|
196
|
*/
|
197
|
public function page_is_active($mPage)
|
198
|
{
|
199
|
// get PageId from array
|
200
|
if (is_array($mPage)) {
|
201
|
$iPageId = $mPage['page_id'];
|
202
|
} elseif (is_integer($mPage)) {
|
203
|
$iPageId = $mPage;
|
204
|
} else {
|
205
|
$iPageId = 0;
|
206
|
}
|
207
|
return $this->isPageActive($iPageId);
|
208
|
}
|
209
|
/**
|
210
|
* Check if there is at least one active section on this page
|
211
|
* @param int $iPageId
|
212
|
* @return bool true if at least one active section is found
|
213
|
*/
|
214
|
|
215
|
public function isPageActive($iPageId)
|
216
|
{
|
217
|
try {
|
218
|
// seach for active sections in this page
|
219
|
$iNow = time();
|
220
|
$sql = 'SELECT COUNT(*) FROM `'.$this->oDb->sTablePrefix.'sections` '
|
221
|
. 'WHERE `page_id`='.(int) $iPageId.' AND '
|
222
|
. '('.$iNow.' BETWEEN `publ_start` AND `publ_end`) OR '
|
223
|
. '('.$iNow.' > `publ_start` AND `publ_end`=0) ';
|
224
|
$bRetval = (bool) $this->oDb->get_one($sql);
|
225
|
} catch (Exception $e) {
|
226
|
$bRetval = false;
|
227
|
}
|
228
|
return $bRetval;
|
229
|
}
|
230
|
|
231
|
// Check whether we should show a page or not (for front-end)
|
232
|
public function show_page($mPage)
|
233
|
{
|
234
|
$retval = ($this->page_is_visible($mPage) && $this->page_is_active($mPage));
|
235
|
return $retval;
|
236
|
}
|
237
|
|
238
|
// Check if the user is already authenticated or not
|
239
|
public function is_authenticated() {
|
240
|
$retval = (
|
241
|
isset($_SESSION['USER_ID']) AND
|
242
|
$_SESSION['USER_ID'] != "" AND
|
243
|
is_numeric($_SESSION['USER_ID'])
|
244
|
);
|
245
|
return (bool) $retval;
|
246
|
}
|
247
|
|
248
|
// Modified addslashes function which takes into account magic_quotes
|
249
|
public function add_slashes($input) {
|
250
|
if( get_magic_quotes_gpc() || (!is_string($input)) ) {
|
251
|
return $input;
|
252
|
}
|
253
|
return addslashes($input);
|
254
|
}
|
255
|
|
256
|
// Ditto for stripslashes
|
257
|
// Attn: this is _not_ the counterpart to $this->add_slashes() !
|
258
|
// Use stripslashes() to undo a preliminarily done $this->add_slashes()
|
259
|
// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
|
260
|
public function strip_slashes($input) {
|
261
|
if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
|
262
|
return $input;
|
263
|
}
|
264
|
return stripslashes($input);
|
265
|
}
|
266
|
|
267
|
// Escape backslashes for use with mySQL LIKE strings
|
268
|
public function escape_backslashes($input) {
|
269
|
return str_replace("\\","\\\\",$input);
|
270
|
}
|
271
|
|
272
|
public function page_link($link){
|
273
|
// Check for :// in the link (used in URL's) as well as mailto:
|
274
|
if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
|
275
|
return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
|
276
|
} else {
|
277
|
return $link;
|
278
|
}
|
279
|
}
|
280
|
|
281
|
// Get POST data
|
282
|
public function get_post($field) {
|
283
|
return (isset($_POST[$field]) ? $_POST[$field] : null);
|
284
|
}
|
285
|
|
286
|
// Get POST data and escape it
|
287
|
public function get_post_escaped($field) {
|
288
|
$result = $this->get_post($field);
|
289
|
return (is_null($result)) ? null : $this->add_slashes($result);
|
290
|
}
|
291
|
|
292
|
// Get GET data
|
293
|
public function get_get($field) {
|
294
|
return (isset($_GET[$field]) ? $_GET[$field] : null);
|
295
|
}
|
296
|
|
297
|
// Get SESSION data
|
298
|
public function get_session($field) {
|
299
|
return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
|
300
|
}
|
301
|
|
302
|
// Get SERVER data
|
303
|
public function get_server($field) {
|
304
|
return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
|
305
|
}
|
306
|
|
307
|
// Get the current users id
|
308
|
public function get_user_id() {
|
309
|
return $this->get_session('USER_ID');
|
310
|
}
|
311
|
|
312
|
// Get the current users group id
|
313
|
public function get_group_id() {
|
314
|
return $this->get_session('GROUP_ID');
|
315
|
}
|
316
|
|
317
|
// Get the current users group ids
|
318
|
public function get_groups_id() {
|
319
|
return explode(",", $this->get_session('GROUPS_ID'));
|
320
|
}
|
321
|
|
322
|
// Get the current users group name
|
323
|
public function get_group_name() {
|
324
|
return implode(",", $this->get_session('GROUP_NAME'));
|
325
|
}
|
326
|
|
327
|
// Get the current users group name
|
328
|
public function get_groups_name() {
|
329
|
return $this->get_session('GROUP_NAME');
|
330
|
}
|
331
|
|
332
|
// Get the current users username
|
333
|
public function get_username() {
|
334
|
return $this->get_session('USERNAME');
|
335
|
}
|
336
|
|
337
|
// Get the current users display name
|
338
|
public function get_display_name() {
|
339
|
return $this->get_session('DISPLAY_NAME');
|
340
|
}
|
341
|
|
342
|
// Get the current users email address
|
343
|
public function get_email() {
|
344
|
return $this->get_session('EMAIL');
|
345
|
}
|
346
|
|
347
|
// Get the current users home folder
|
348
|
public function get_home_folder() {
|
349
|
return $this->get_session('HOME_FOLDER');
|
350
|
}
|
351
|
|
352
|
// Get the current users timezone
|
353
|
public function get_timezone() {
|
354
|
return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
|
355
|
}
|
356
|
|
357
|
// Validate supplied email address
|
358
|
public function validate_email($email) {
|
359
|
if(function_exists('idn_to_ascii')){ /* use pear if available */
|
360
|
$email = idn_to_ascii($email);
|
361
|
}else {
|
362
|
require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
|
363
|
$IDN = new idna_convert();
|
364
|
$email = $IDN->encode($email);
|
365
|
unset($IDN);
|
366
|
}
|
367
|
// regex from NorHei 2011-01-11
|
368
|
$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
|
369
|
return ($retval != false);
|
370
|
}
|
371
|
/**
|
372
|
* replace header('Location:... with new method
|
373
|
* if header send failed you get a manuell redirected link, so script don't break
|
374
|
*
|
375
|
* @param string $location, redirected url
|
376
|
* @return void
|
377
|
*/
|
378
|
public function send_header( $location)
|
379
|
{
|
380
|
if( !headers_sent()) {
|
381
|
header( 'Location: '.$location);
|
382
|
exit( 0);
|
383
|
} else {
|
384
|
|
385
|
// $aDebugBacktrace = debug_backtrace();
|
386
|
// array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> <font color=\"red\">{$a[\'line\']}</font> <font color=\"green\">{$a[\'function\']} ()</font> -- ". dirname( $a[\'file\'] ). "/";' ) );
|
387
|
$msg = "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n".
|
388
|
"Please click <a style=\"font-weight:bold;\" "."href=\"".$location."\">on this link</a> to continue!</p></div>\n";
|
389
|
throw new Exception( $msg);
|
390
|
}
|
391
|
}
|
392
|
|
393
|
/* ****************
|
394
|
* set one or more bit in a integer value
|
395
|
*
|
396
|
* @access public
|
397
|
* @param int $value: reference to the integer, containing the value
|
398
|
* @param int $bits2set: the bitmask witch shall be added to value
|
399
|
* @return void
|
400
|
*/
|
401
|
public function bit_set( &$value, $bits2set )
|
402
|
{
|
403
|
$value |= $bits2set;
|
404
|
}
|
405
|
|
406
|
/* ****************
|
407
|
* reset one or more bit from a integer value
|
408
|
*
|
409
|
* @access public
|
410
|
* @param int $value: reference to the integer, containing the value
|
411
|
* @param int $bits2reset: the bitmask witch shall be removed from value
|
412
|
* @return void
|
413
|
*/
|
414
|
public function bit_reset( &$value, $bits2reset)
|
415
|
{
|
416
|
$value &= ~$bits2reset;
|
417
|
}
|
418
|
|
419
|
/* ****************
|
420
|
* check if one or more bit in a integer value are set
|
421
|
*
|
422
|
* @access public
|
423
|
* @param int $value: reference to the integer, containing the value
|
424
|
* @param int $bits2set: the bitmask witch shall be added to value
|
425
|
* @return void
|
426
|
*/
|
427
|
public function bit_isset( $value, $bits2test )
|
428
|
{
|
429
|
return (($value & $bits2test) == $bits2test);
|
430
|
}
|
431
|
|
432
|
// Print a success message which then automatically redirects the user to another page
|
433
|
public function print_success( $message, $redirect = 'index.php' ) {
|
434
|
global $TEXT;
|
435
|
if(is_array($message)) {
|
436
|
$message = implode ('<br />',$message);
|
437
|
}
|
438
|
// fetch redirect timer for sucess messages from settings table
|
439
|
$redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
|
440
|
// add template variables
|
441
|
// Setup template object, parse vars to it, then parse it
|
442
|
$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
|
443
|
$tpl->set_file( 'page', 'success.htt' );
|
444
|
$tpl->set_block( 'page', 'main_block', 'main' );
|
445
|
$tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
|
446
|
$tpl->set_var( 'MESSAGE', $message );
|
447
|
$tpl->set_var( 'REDIRECT', $redirect );
|
448
|
$tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
|
449
|
$tpl->set_var( 'NEXT', $TEXT['NEXT'] );
|
450
|
$tpl->set_var( 'BACK', $TEXT['BACK'] );
|
451
|
if ($redirect_timer == -1) {
|
452
|
$tpl->set_block( 'show_redirect', '' );
|
453
|
}
|
454
|
else {
|
455
|
$tpl->parse( 'show_redirect', 'show_redirect_block', true );
|
456
|
}
|
457
|
$tpl->parse( 'main', 'main_block', false );
|
458
|
$tpl->pparse( 'output', 'page' );
|
459
|
}
|
460
|
|
461
|
// Print an error message
|
462
|
public function print_error($message, $link = 'index.php', $auto_footer = true) {
|
463
|
global $TEXT;
|
464
|
if(is_array($message)) {
|
465
|
$message = implode ('<br />',$message);
|
466
|
}
|
467
|
// Setup template object, parse vars to it, then parse it
|
468
|
$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
|
469
|
$success_template->set_file('page', 'error.htt');
|
470
|
$success_template->set_block('page', 'main_block', 'main');
|
471
|
$success_template->set_var('MESSAGE', $message);
|
472
|
$success_template->set_var('LINK', $link);
|
473
|
$success_template->set_var('BACK', $TEXT['BACK']);
|
474
|
$success_template->parse('main', 'main_block', false);
|
475
|
$success_template->pparse('output', 'page');
|
476
|
if ( $auto_footer == true ) {
|
477
|
if ( method_exists($this, "print_footer") ) {
|
478
|
$this->print_footer();
|
479
|
}
|
480
|
}
|
481
|
exit();
|
482
|
}
|
483
|
|
484
|
/*
|
485
|
* @param string $message: the message to format
|
486
|
* @param string $status: ('ok' / 'error' / '') status defines the apereance of the box
|
487
|
* @return string: the html-formatted message (using template 'message.htt')
|
488
|
*/
|
489
|
public function format_message( $message, $status = 'ok')
|
490
|
{
|
491
|
$retval = '';
|
492
|
// if ( ($message == '') ) { return $retval; }
|
493
|
$id = uniqid( 'x');
|
494
|
$tpl = new Template( dirname( $this->correct_theme_source( 'message.htt')));
|
495
|
$tpl->set_file( 'page', 'message.htt');
|
496
|
$tpl->set_block( 'page', 'main_block', 'main');
|
497
|
$tpl->set_var( 'MESSAGE', $message);
|
498
|
$tpl->set_var( 'THEME_URL', THEME_URL);
|
499
|
$tpl->set_var( 'ID', $id);
|
500
|
if( $status == 'ok' || $status == 'error' || $status = 'warning') {
|
501
|
$tpl->set_var( 'BOX_STATUS', ' box-'.$status);
|
502
|
} else {
|
503
|
$tpl->set_var( 'BOX_STATUS', '');
|
504
|
}
|
505
|
$tpl->set_var( 'STATUS', $status);
|
506
|
if( !defined( 'REDIRECT_TIMER')) {
|
507
|
define( 'REDIRECT_TIMER', -1);
|
508
|
}
|
509
|
if( $status != 'error') {
|
510
|
switch ( REDIRECT_TIMER):
|
511
|
case 0: // do not show message
|
512
|
unset( $tpl);
|
513
|
break;
|
514
|
case - 1: // show message permanently
|
515
|
$tpl->parse( 'main', 'main_block', false);
|
516
|
$retval = $tpl->finish( $tpl->parse( 'output', 'page', false));
|
517
|
unset( $tpl);
|
518
|
break;
|
519
|
default: // hide message after REDIRECTOR_TIMER milliseconds
|
520
|
$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
|
521
|
'document.getElementById(\''.$id.'\').style.display = \'none\';}'.'window.setTimeout(\''.$id.
|
522
|
'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
|
523
|
$tpl->parse( 'main', 'main_block', false);
|
524
|
$retval = $tpl->finish( $tpl->parse( 'output', 'page', false)).$retval;
|
525
|
unset( $tpl);
|
526
|
endswitch;
|
527
|
} else {
|
528
|
$tpl->parse( 'main', 'main_block', false);
|
529
|
$retval = $tpl->finish( $tpl->parse( 'output', 'page', false)).$retval;
|
530
|
unset( $tpl);
|
531
|
}
|
532
|
return $retval;
|
533
|
}
|
534
|
|
535
|
/*
|
536
|
* @param string $type: 'locked'(default) or 'new'
|
537
|
* @return void: terminates application
|
538
|
* @description: 'locked' >> Show maintenance screen and terminate, if system is locked
|
539
|
* 'new' >> Show 'new site under construction'(former print_under_construction)
|
540
|
*/
|
541
|
public function ShowMaintainScreen( $type = 'locked')
|
542
|
{
|
543
|
global $database, $MESSAGE;
|
544
|
$LANGUAGE = strtolower( ( isset( $_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE));
|
545
|
$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
|
546
|
$PAGE_ICON = 'negative';
|
547
|
$show_screen = false;
|
548
|
if( $type == 'locked') {
|
549
|
$curr_user = ( intval( isset( $_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0));
|
550
|
if( ( defined( 'SYSTEM_LOCKED') && ( int)SYSTEM_LOCKED == 1) && ( $curr_user != 1)) {
|
551
|
header( $_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
|
552
|
// first kick logged users out of the system
|
553
|
// delete all remember keys from table 'user' except user_id=1
|
554
|
$sql = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
|
555
|
$sql .= 'WHERE `user_id`<>1';
|
556
|
$database->query( $sql);
|
557
|
// delete remember key-cookie if set
|
558
|
if( isset( $_COOKIE['REMEMBER_KEY'])) {
|
559
|
setcookie( 'REMEMBER_KEY', '', time() - 3600, '/');
|
560
|
}
|
561
|
// overwrite session array
|
562
|
$_SESSION = array();
|
563
|
// delete session cookie if set
|
564
|
if( ini_get( "session.use_cookies")) {
|
565
|
$params = session_get_cookie_params();
|
566
|
setcookie( session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"],
|
567
|
$params["httponly"]);
|
568
|
}
|
569
|
// delete the session itself
|
570
|
session_destroy();
|
571
|
$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
|
572
|
$PAGE_ICON = 'system';
|
573
|
$show_screen = true;
|
574
|
}
|
575
|
} else {
|
576
|
header( $_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
|
577
|
$show_screen = true;
|
578
|
}
|
579
|
if( $show_screen) {
|
580
|
$sMaintanceFile = $this->correct_theme_source( 'maintenance.htt');
|
581
|
if( file_exists( $sMaintanceFile)) {
|
582
|
$tpl = new Template( dirname( $sMaintanceFile));
|
583
|
$tpl->set_file( 'page', 'maintenance.htt');
|
584
|
$tpl->set_block( 'page', 'main_block', 'main');
|
585
|
if( defined( 'DEFAULT_CHARSET')) {
|
586
|
$charset = DEFAULT_CHARSET;
|
587
|
} else {
|
588
|
$charset = 'utf-8';
|
589
|
}
|
590
|
$tpl->set_var( 'PAGE_TITLE', $PAGE_TITLE);
|
591
|
$tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON']);
|
592
|
$tpl->set_var( 'CHARSET', $charset);
|
593
|
$tpl->set_var( 'WB_URL', WB_URL);
|
594
|
$tpl->set_var( 'BE_PATIENT', $MESSAGE['GENERIC_BE_PATIENT']);
|
595
|
$tpl->set_var( 'THEME_URL', THEME_URL);
|
596
|
$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
|
597
|
$tpl->set_var( 'LANGUAGE', $LANGUAGE);
|
598
|
$tpl->parse( 'main', 'main_block', false);
|
599
|
$tpl->pparse( 'output', 'page');
|
600
|
exit();
|
601
|
} else {
|
602
|
require_once ( WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
|
603
|
echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
604
|
<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
|
605
|
<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.
|
606
|
WB_URL.'/templates/'.DEFAULT_THEME.
|
607
|
'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
|
608
|
h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
|
609
|
<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
|
610
|
'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
|
611
|
}
|
612
|
flush();
|
613
|
exit();
|
614
|
}
|
615
|
}
|
616
|
|
617
|
/**
|
618
|
* wb::mail()
|
619
|
*
|
620
|
* @param string $sFromAddress
|
621
|
* @param string $toAddress, comma sepated list of adresses
|
622
|
* @param string $sSubject
|
623
|
* @param string $sMessage
|
624
|
* @param string $sFromname
|
625
|
* @param string $toName
|
626
|
* @param string $sReplyTo
|
627
|
* @param string $sReplyToName
|
628
|
* @param string $sMessagePath
|
629
|
* @param array $aAttachment=array (
|
630
|
* 'File to the attachment',
|
631
|
* )
|
632
|
* @return
|
633
|
*/
|
634
|
public function mail(
|
635
|
$sFromAddress,
|
636
|
$toAddress,
|
637
|
$sSubject,
|
638
|
$sMessage,
|
639
|
$sFromname='',
|
640
|
$toName='',
|
641
|
$sReplyToAddress='',
|
642
|
$sReplyToName='',
|
643
|
$sMessagePath='',
|
644
|
$aAttachment=null
|
645
|
) {
|
646
|
|
647
|
$aParameters = array();
|
648
|
$aFromAddress = array();
|
649
|
$aToAddress = array();
|
650
|
$aReplyToAddress = array();
|
651
|
|
652
|
// Strip breaks and trim
|
653
|
if ($sFromname!='') {
|
654
|
$sFromname = preg_replace( "/[^a-z0-9 !?:;,.\/_\-=+@#$&\*\(\)]/im", "", $sFromname );
|
655
|
$sFromname = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $sFromname );
|
656
|
}
|
657
|
$sFromAddress = trim(preg_replace('/[\r\n]/', '', $sFromAddress));
|
658
|
|
659
|
if ($toName!='') {
|
660
|
$toName = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $toName );
|
661
|
}
|
662
|
$toAddress = trim(preg_replace('/[\r\n]/', '', $toAddress));
|
663
|
|
664
|
if ($sReplyToName!='') {
|
665
|
$sReplyToName = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $sReplyToName );
|
666
|
}
|
667
|
//Set who the message is to be sent from
|
668
|
$sReplyToAddress = trim(preg_replace('/[\r\n]/', '', $sReplyToAddress));
|
669
|
$sReplyToAddress = ( ($sReplyToAddress=='')?$toAddress:$sReplyToAddress );
|
670
|
|
671
|
$sSubject = trim(preg_replace('/[\r\n]/', '', $sSubject));
|
672
|
// sanitize parameter to prevent injection
|
673
|
$sMessage = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $sMessage );
|
674
|
|
675
|
// create PHPMailer object and define default settings
|
676
|
$myMail = new wbmailer(true);
|
677
|
|
678
|
try {
|
679
|
$html = preg_replace('/[\n\r]/', '',nl2br($this->StripCodeFromText($sMessage)));
|
680
|
$plain = $myMail->html2text($html);
|
681
|
|
682
|
// convert commaseperated toAdresses List to an array
|
683
|
$aToAddress = $myMail->parseAddresses( $toAddress, false );
|
684
|
|
685
|
if ($sFromAddress!='') {
|
686
|
// set user defined from address
|
687
|
$myMail->setFrom($sFromAddress, $sFromname);
|
688
|
// set user defined to address
|
689
|
$myMail->AddAddress($toAddress, $toName);
|
690
|
// set user defined to ReplyTo
|
691
|
if ($sReplyToAddress!='') {$myMail->addReplyTo($sReplyToAddress, $sReplyToName);}
|
692
|
}
|
693
|
|
694
|
//Set the subject line
|
695
|
$myMail->Subject = $sSubject;
|
696
|
|
697
|
$myMail->wrapText($html, 80);
|
698
|
|
699
|
//Read an HTML message body from an external file, convert referenced images to embedded,
|
700
|
//convert HTML into a basic plain-text alternative body
|
701
|
$myMail->msgHTML( $html, $sMessagePath, true);
|
702
|
|
703
|
if( is_array( $aAttachment )) {
|
704
|
foreach($aAttachment as $sFile) {
|
705
|
$myMail->AddAttachment( $sFile );
|
706
|
}
|
707
|
}
|
708
|
|
709
|
if( $myMail->getReplyToAddresses() ) { }
|
710
|
//send the message, check for errors
|
711
|
$myMail->Send();
|
712
|
return true;
|
713
|
} catch (phpmailerException $e) {
|
714
|
echo $e->errorMessage(); //Pretty error messages from PHPMailer
|
715
|
} catch (Exception $e) {
|
716
|
echo $e->getMessage(); //Boring error messages from anything else!
|
717
|
}
|
718
|
|
719
|
}
|
720
|
|
721
|
/*--------------------------------------------------------------------------------------------*/
|
722
|
// Validate send email
|
723
|
public function _mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
|
724
|
/*
|
725
|
INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
|
726
|
SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
|
727
|
NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
|
728
|
|
729
|
NOTE:
|
730
|
To use SMTP for sending out mails, you have to specify the SMTP host of your domain
|
731
|
via the Settings panel in the backend of Website Baker
|
732
|
*/
|
733
|
|
734
|
$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
|
735
|
$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
|
736
|
$subject = preg_replace('/[\r\n]/', '', $subject);
|
737
|
// $message_alt = $message;
|
738
|
// $message = preg_replace('/[\r\n]/', '<br \>', $message);
|
739
|
|
740
|
// create PHPMailer object and define default settings
|
741
|
$myMail = new wbmailer();
|
742
|
// set user defined from address
|
743
|
if ($fromaddress!='') {
|
744
|
if($fromname!='') $myMail->FromName = $fromname; // FROM-NAME
|
745
|
$myMail->From = $fromaddress; // FROM:
|
746
|
$myMail->AddReplyTo($fromaddress); // REPLY TO:
|
747
|
}
|
748
|
// define recepient and information to send out
|
749
|
$myMail->AddAddress($toaddress); // TO:
|
750
|
$myMail->Subject = $subject; // SUBJECT
|
751
|
$myMail->Body = nl2br($message); // CONTENT (HTML)
|
752
|
$myMail->AltBody = strip_tags($message); // CONTENT (TEXT)
|
753
|
// check if there are any send mail errors, otherwise say successful
|
754
|
if (!$myMail->Send()) {
|
755
|
return false;
|
756
|
} else {
|
757
|
return true;
|
758
|
}
|
759
|
}
|
760
|
|
761
|
/**
|
762
|
* checks if there is an alternative Theme template
|
763
|
*
|
764
|
* @param string $sThemeFile set the template.htt
|
765
|
* @return string the relative theme path
|
766
|
*
|
767
|
*/
|
768
|
public function correct_theme_source($sThemeFile = 'start.htt') {
|
769
|
$sRetval = $sThemeFile;
|
770
|
if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
|
771
|
$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
|
772
|
} else {
|
773
|
if (is_readable(ADMIN_PATH.'/themes/templates/'.$sThemeFile )) {
|
774
|
$sRetval = ADMIN_PATH.'/themes/templates/'.$sThemeFile;
|
775
|
} else {
|
776
|
throw new InvalidArgumentException('missing template file '.$sThemeFile);
|
777
|
}
|
778
|
}
|
779
|
return $sRetval;
|
780
|
}
|
781
|
|
782
|
/**
|
783
|
* Check if a foldername doesn't have invalid characters
|
784
|
*
|
785
|
* @param String $str to check
|
786
|
* @return Bool
|
787
|
*/
|
788
|
public function checkFolderName($str){
|
789
|
return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
|
790
|
}
|
791
|
|
792
|
/**
|
793
|
* Check the given path to make sure current path is within given basedir
|
794
|
* normally document root
|
795
|
*
|
796
|
* @param String $sCurrentPath
|
797
|
* @param String $sBaseDir
|
798
|
* @return $sCurrentPath or FALSE
|
799
|
*/
|
800
|
public function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
|
801
|
// Clean the cuurent path
|
802
|
$sCurrentPath = rawurldecode($sCurrentPath);
|
803
|
$sCurrentPath = realpath($sCurrentPath);
|
804
|
$sBaseDir = realpath($sBaseDir);
|
805
|
// $sBaseDir needs to exist in the $sCurrentPath
|
806
|
$pos = stripos ($sCurrentPath, $sBaseDir );
|
807
|
|
808
|
if ( $pos === FALSE ){
|
809
|
return false;
|
810
|
} elseif( $pos == 0 ) {
|
811
|
return $sCurrentPath;
|
812
|
} else {
|
813
|
return false;
|
814
|
}
|
815
|
}
|
816
|
|
817
|
/**
|
818
|
* remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
|
819
|
* and return the cleaned string
|
820
|
*
|
821
|
* @param string $sValue
|
822
|
* @returns
|
823
|
* false: if @param is not a string
|
824
|
* string: cleaned string
|
825
|
*/
|
826
|
public function StripCodeFromText($mText, $iFlags = Sanitize::REMOVE_DEFAULT )
|
827
|
{
|
828
|
if (!class_exists('Sanitize')) { include __DIR__.'/Sanitize.php'; }
|
829
|
return Sanitize::StripFromText($mText, $iFlags);
|
830
|
}
|
831
|
|
832
|
/**
|
833
|
* ReplaceAbsoluteMediaUrl
|
834
|
* @param string $sContent
|
835
|
* @return string
|
836
|
* @description Replace URLs witch are pointing into MEDIA_DIRECTORY with an URL
|
837
|
* independend placeholder
|
838
|
*/
|
839
|
/*
|
840
|
public function ReplaceAbsoluteMediaUrl( $sContent)
|
841
|
{
|
842
|
// $oReg = WbAdaptor::getInstance();
|
843
|
if( ini_get( 'magic_quotes_gpc') == true) {
|
844
|
$sContent = $this->strip_slashes( $sContent);
|
845
|
}
|
846
|
if( is_string( $sContent)) {
|
847
|
$sRelUrl = preg_replace('/^https?:\/\/[^\/]+(.*)/is', '\1', WB_URL);
|
848
|
$sDocumentRootUrl = str_replace($sRelUrl, '', WB_URL);
|
849
|
$sMediaUrl = WB_URL.MEDIA_DIRECTORY.'/';
|
850
|
$aSearchfor = array(
|
851
|
'@(<[^>]*=\s*")('.preg_quote($sMediaUrl).
|
852
|
')([^">]*".*>)@siU', '@(<[^>]*=\s*")('.preg_quote( WB_URL.'/').')([^">]*".*>)@siU',
|
853
|
'/(<[^>]*?=\s*\")(\/+)([^\"]*?\"[^>]*?)/is',
|
854
|
'/(<[^>]*=\s*")('.preg_quote($sMediaUrl, '/').')([^">]*".*>)/siU'
|
855
|
);
|
856
|
$aReplacements = array( '$1{SYSVAR:AppUrl.MediaDir}$3', '$1{SYSVAR:AppUrl}$3','\1'.$sDocumentRootUrl.'/\3','$1{SYSVAR:MEDIA_REL}$3' );
|
857
|
$sContent = preg_replace( $aSearchfor, $aReplacements, $sContent);
|
858
|
}
|
859
|
return $sContent;
|
860
|
}
|
861
|
public function OldReplaceAbsoluteMediaUrl( $sContent)
|
862
|
{
|
863
|
$sRelUrl = preg_replace('/^https?:\/\/[^\/]+(.*)/is', '\1', WB_URL);
|
864
|
$sDocumentRootUrl = str_replace($sRelUrl, '', WB_URL);
|
865
|
$sMediaUrl = WB_URL.MEDIA_DIRECTORY;
|
866
|
$aPatterns = array(
|
867
|
'/(<[^>]*?=\s*\")(\/+)([^\"]*?\"[^>]*?)/is',
|
868
|
'/(<[^>]*=\s*")('.preg_quote($sMediaUrl, '/').')([^">]*".*>)/siU'
|
869
|
);
|
870
|
$aReplacements = array(
|
871
|
'\1'.$sDocumentRootUrl.'/\3',
|
872
|
'$1{SYSVAR:MEDIA_REL}$3'
|
873
|
);
|
874
|
$content = preg_replace($aPatterns, $aReplacements, $content);
|
875
|
return $sContent;
|
876
|
}
|
877
|
*/
|
878
|
|
879
|
/**
|
880
|
* get all defined variables from an info.php file
|
881
|
* @param string $sFilePath full path and filename
|
882
|
* @return array containing all settings (empty array on error)
|
883
|
*/
|
884
|
public function getContentFromInfoPhp($sFilePath)
|
885
|
{
|
886
|
$aInfo = array();
|
887
|
if (is_readable($sFilePath)) {
|
888
|
$aOldVars = array();
|
889
|
$aOldVars = get_defined_vars();
|
890
|
include $sFilePath;
|
891
|
$aNewVars = get_defined_vars();
|
892
|
$aInfo = array_diff_key($aNewVars, $aOldVars);
|
893
|
$aCommon = array();
|
894
|
foreach ($aInfo as $key => $val) {
|
895
|
if (is_array($val)) { continue; }
|
896
|
$sShortKey = str_replace(array('template_', 'module_'), '', $key);
|
897
|
$aCommon[$sShortKey] = $val;
|
898
|
unset($aInfo[$key]);
|
899
|
}
|
900
|
$aInfo['common'] = $aCommon;
|
901
|
}
|
902
|
return $aInfo;
|
903
|
} // end of getContentFromInfoPhp()
|
904
|
}
|