Project

General

Profile

1 1166 Luisehahne
<?php
2 1277 Luisehahne
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2010, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 4.3.4 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18 1166 Luisehahne
19
// Include PHPLIB template class
20
require_once(WB_PATH."/include/phplib/template.inc");
21
22
require_once(WB_PATH.'/framework/class.database.php');
23
24
// Include new wbmailer class (subclass of PHPmailer)
25
require_once(WB_PATH."/framework/class.wbmailer.php");
26
27
class wb
28
{
29 1313 Luisehahne
30
	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
31 1166 Luisehahne
	// General initialization function
32
	// performed when frontend or backend is loaded.
33
	function wb() {
34
	}
35 1277 Luisehahne
36 1313 Luisehahne
37 1166 Luisehahne
	// Check whether a page is visible or not.
38
	// This will check page-visibility and user- and group-rights.
39
	/* page_is_visible() returns
40
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
41
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
42
	*/
43 1277 Luisehahne
	function page_is_visible($page)
44
    {
45 1166 Luisehahne
		$show_it = false; // shall we show the page?
46
		$page_id = $page['page_id'];
47
		$visibility = $page['visibility'];
48
		$viewing_groups = $page['viewing_groups'];
49
		$viewing_users = $page['viewing_users'];
50 1277 Luisehahne
51 1166 Luisehahne
		// First check if visibility is 'none', 'deleted'
52 1277 Luisehahne
		if($visibility == 'none')
53
        {
54 1166 Luisehahne
			return(false);
55 1277 Luisehahne
		} elseif($visibility == 'deleted')
56
        {
57 1166 Luisehahne
			return(false);
58
		}
59 1277 Luisehahne
60 1166 Luisehahne
		// Now check if visibility is 'hidden', 'private' or 'registered'
61
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
62
			$show_it = true;
63 1277 Luisehahne
		} elseif($visibility == 'private' || $visibility == 'registered')
64
        {
65 1166 Luisehahne
			// Check if the user is logged in
66 1277 Luisehahne
			if($this->is_authenticated() == true)
67
            {
68 1166 Luisehahne
				// Now check if the user has perms to view the page
69
				$in_group = false;
70 1277 Luisehahne
				foreach($this->get_groups_id() as $cur_gid)
71
                {
72
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
73
                    {
74 1166 Luisehahne
				        $in_group = true;
75
				    }
76
				}
77
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
78
					$show_it = true;
79
				} else {
80
					$show_it = false;
81
				}
82
			} else {
83
				$show_it = false;
84
			}
85
		} elseif($visibility == 'public') {
86
			$show_it = true;
87
		} else {
88
			$show_it = false;
89
		}
90
		return($show_it);
91
	}
92
	// Check if there is at least one active section on this page
93 1277 Luisehahne
	function page_is_active($page)
94
    {
95 1166 Luisehahne
		global $database;
96
		$has_active_sections = false;
97
		$page_id = $page['page_id'];
98
		$now = time();
99
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
100 1277 Luisehahne
		if($query_sections->numRows() != 0)
101
        {
102
			while($section = $query_sections->fetchRow())
103
            {
104
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
105
                {
106 1166 Luisehahne
					$has_active_sections = true;
107
					break;
108
				}
109
			}
110
		}
111
		return($has_active_sections);
112
	}
113
114
	// Check whether we should show a page or not (for front-end)
115 1277 Luisehahne
	function show_page($page)
116
    {
117
		if($this->page_is_visible($page) && $this->page_is_active($page))
118
        {
119 1166 Luisehahne
			return true;
120
		} else {
121
			return false;
122
		}
123
	}
124
125
	// Check if the user is already authenticated or not
126
	function is_authenticated() {
127 1277 Luisehahne
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
128
        {
129 1166 Luisehahne
			return true;
130
		} else {
131
			return false;
132
		}
133
	}
134 1277 Luisehahne
135 1166 Luisehahne
	// Modified addslashes function which takes into account magic_quotes
136
	function add_slashes($input) {
137
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
138
			return $input;
139
		}
140
		$output = addslashes($input);
141
		return $output;
142
	}
143
144
	// Ditto for stripslashes
145
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
146
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
147
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
148
	function strip_slashes($input) {
149
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
150
			return $input;
151
		}
152
		$output = stripslashes($input);
153
		return $output;
154
	}
155
156
	// Escape backslashes for use with mySQL LIKE strings
157
	function escape_backslashes($input) {
158
		return str_replace("\\","\\\\",$input);
159
	}
160
161
	function page_link($link){
162
		// Check for :// in the link (used in URL's) as well as mailto:
163
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
164
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
165
		} else {
166
			return $link;
167
		}
168
	}
169
170
	// Get POST data
171
	function get_post($field) {
172
		if(isset($_POST[$field])) {
173
			return $_POST[$field];
174
		} else {
175
			return null;
176
		}
177
	}
178
179
	// Get POST data and escape it
180
	function get_post_escaped($field) {
181
		$result = $this->get_post($field);
182
		return (is_null($result)) ? null : $this->add_slashes($result);
183
	}
184
185
	// Get GET data
186
	function get_get($field) {
187
		if(isset($_GET[$field])) {
188
			return $_GET[$field];
189
		} else {
190
			return null;
191
		}
192
	}
193
194
	// Get SESSION data
195
	function get_session($field) {
196
		if(isset($_SESSION[$field])) {
197
			return $_SESSION[$field];
198
		} else {
199
			return null;
200
		}
201
	}
202
203
	// Get SERVER data
204
	function get_server($field) {
205
		if(isset($_SERVER[$field])) {
206
			return $_SERVER[$field];
207
		} else {
208
			return null;
209
		}
210
	}
211
212
	// Get the current users id
213
	function get_user_id() {
214
		return $_SESSION['USER_ID'];
215
	}
216
217
	// Get the current users group id
218
	function get_group_id() {
219
		return $_SESSION['GROUP_ID'];
220
	}
221
222
	// Get the current users group ids
223
	function get_groups_id() {
224
		return explode(",", $_SESSION['GROUPS_ID']);
225
	}
226
227
	// Get the current users group name
228
	function get_group_name() {
229
		return implode(",", $_SESSION['GROUP_NAME']);
230
	}
231
232
	// Get the current users group name
233
	function get_groups_name() {
234
		return $_SESSION['GROUP_NAME'];
235
	}
236
237
	// Get the current users username
238
	function get_username() {
239
		return $_SESSION['USERNAME'];
240
	}
241
242
	// Get the current users display name
243
	function get_display_name() {
244
		return ($_SESSION['DISPLAY_NAME']);
245
	}
246
247
	// Get the current users email address
248
	function get_email() {
249
		return $_SESSION['EMAIL'];
250
	}
251
252
	// Get the current users home folder
253
	function get_home_folder() {
254
		return $_SESSION['HOME_FOLDER'];
255
	}
256
257
	// Get the current users timezone
258
	function get_timezone() {
259
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
260
			return $_SESSION['TIMEZONE'];
261
		} else {
262
			return '-72000';
263
		}
264
	}
265
266
	// Validate supplied email address
267
	function validate_email($email) {
268 1216 LordDarkma
		if(preg_match('/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$/', $email)) {
269
		return true;
270 1166 Luisehahne
		} else {
271
			return false;
272
		}
273
	}
274
275 1312 Luisehahne
/*
276
 * creates Formular transactionnumbers for unique use
277
 * @access public
278
 * @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default)
279
 *                    false returns an array including FTAN0 and FTAN1
280
 * @return mixed:      array or string
281
 *
282
 * requirements: an active session must be available
283
 */
284 1313 Luisehahne
	public function getFTAN( $as_tag = true)
285 1312 Luisehahne
	{
286
		if(function_exists('microtime'))
287
		{
288
			list($usec, $sec) = explode(" ", microtime());
289 1313 Luisehahne
			$time = (string)((float)$usec + (float)$sec);
290 1312 Luisehahne
		}else{
291 1313 Luisehahne
			$time = (string)time();
292 1312 Luisehahne
		}
293 1313 Luisehahne
		$salt  = ( isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : '');
294
		$salt .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '');
295
		$salt .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '');
296
		$salt .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '');
297
		$salt .= ( isset($_SERVER['HTTP_CONNECTION']) ? $_SERVER['HTTP_CONNECTION'] : '');
298
		$salt .= ( isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
299
		$salt .= ( isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : '');
300
		$salt  = ( $salt !== '' ) ? $salt : 'eXtremelyHotTomatoJuice';
301
		$ftan = md5($time.$salt);
302 1312 Luisehahne
		$_SESSION['FTAN'] = $ftan;
303
		$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10);
304
		$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10);
305 1313 Luisehahne
		if($as_tag == true)
306 1312 Luisehahne
		{
307
			return '<input type="hidden" name="'.$ftan0.'" value="'.$ftan1.'" title="" />';
308
		}else{
309
			return array('FTAN0' => $ftan0, 'FTAN1' => $ftan1);
310
		}
311
	}
312
313
/*
314
 * checks received form-transactionnumbers against session-stored one
315
 * @access public
316
 * @param string $mode: requestmethode POST(default) or GET
317
 * @return bool:    true if numbers matches against stored ones
318
 *
319
 * requirements: an active session must be available
320
 * this check will prevent from multiple sending a form. history.back() also will never work
321
 */
322
	public function checkFTAN( $mode = 'POST')
323
	{
324
		$retval = false;
325
		if(isset($_SESSION['FTAN']) && strlen($_SESSION['FTAN']) == strlen(md5('dummy')))
326
		{
327
			$ftan = $_SESSION['FTAN'];
328
			$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10);
329
			$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10);
330
			unset($_SESSION['FTAN']);
331
			if(strtoupper($mode) == 'POST')
332
			{
333
				$retval = (isset($_POST[$ftan0]) && $_POST[$ftan0] == ($ftan1));
334
				$_POST[$ftan0] = '';
335
			}else{
336
				$retval = (isset($_GET[$ftan0]) && $_GET[$ftan0] == ($ftan1));
337
				$_GET[$ftan0] = '';
338
			}
339
		}
340
		return $retval;
341
	}
342
343 1166 Luisehahne
	// Print a success message which then automatically redirects the user to another page
344
	function print_success($message, $redirect = 'index.php') {
345
		global $TEXT, $database;
346
347
		// fetch redirect timer for sucess messages from settings table
348
		$table = TABLE_PREFIX . 'settings';
349
		$results = @$database->get_one("SELECT `value` FROM `$table` WHERE `name` = 'redirect_timer'");
350
		$redirect_timer = ($results) ? $results : '1500';
351
352
		// add template variables
353
		$success_template = new Template(THEME_PATH.'/templates');
354
		$success_template->set_file('page', 'success.htt');
355
		$success_template->set_block('page', 'main_block', 'main');
356
		$success_template->set_var('MESSAGE', $message);
357
		$success_template->set_var('REDIRECT', $redirect);
358
		$success_template->set_var('REDIRECT_TIMER', $redirect_timer);
359
		$success_template->set_var('NEXT', $TEXT['NEXT']);
360
		$success_template->parse('main', 'main_block', false);
361
		$success_template->pparse('output', 'page');
362
	}
363
364
	// Print an error message
365
	function print_error($message, $link = 'index.php', $auto_footer = true) {
366
		global $TEXT;
367
		$success_template = new Template(THEME_PATH.'/templates');
368
		$success_template->set_file('page', 'error.htt');
369
		$success_template->set_block('page', 'main_block', 'main');
370
		$success_template->set_var('MESSAGE', $message);
371
		$success_template->set_var('LINK', $link);
372
		$success_template->set_var('BACK', $TEXT['BACK']);
373
		$success_template->parse('main', 'main_block', false);
374
		$success_template->pparse('output', 'page');
375
		if ( $auto_footer == true ) {
376
			if ( method_exists($this, "print_footer") ) {
377
				$this->print_footer();
378
			}
379
		}
380
		exit();
381
	}
382
383
	// Validate send email
384
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
385
		/*
386
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
387
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
388
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
389
390
			NOTE:
391
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
392
			via the Settings panel in the backend of Website Baker
393
		*/
394
395
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
396
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
397
		$subject = preg_replace('/[\r\n]/', '', $subject);
398
		$message_alt = $message;
399
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
400
401
		// create PHPMailer object and define default settings
402
		$myMail = new wbmailer();
403
404
		// set user defined from address
405
		if ($fromaddress!='') {
406
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
407
			$myMail->From = $fromaddress;                            // FROM:
408
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
409
		}
410
411
		// define recepient and information to send out
412
		$myMail->AddAddress($toaddress);                            // TO:
413
		$myMail->Subject = $subject;                                // SUBJECT
414
		$myMail->Body = $message;                                   // CONTENT (HTML)
415
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
416
417
		// check if there are any send mail errors, otherwise say successful
418
		if (!$myMail->Send()) {
419
			return false;
420
		} else {
421
			return true;
422
		}
423
	}
424
425
}
426
?>