Revision 1337
Added by Dietmar over 14 years ago
| class.wb.php | ||
|---|---|---|
| 24 | 24 |
// Include new wbmailer class (subclass of PHPmailer) |
| 25 | 25 |
require_once(WB_PATH."/framework/class.wbmailer.php"); |
| 26 | 26 |
|
| 27 |
class wb |
|
| 27 |
require_once(WB_PATH."/framework/class.secureform.php"); |
|
| 28 |
|
|
| 29 |
class wb extends SecureForm |
|
| 28 | 30 |
{
|
| 29 | 31 |
|
| 30 | 32 |
var $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+'; |
| 31 | 33 |
// General initialization function |
| 32 | 34 |
// performed when frontend or backend is loaded. |
| 35 |
|
|
| 33 | 36 |
function wb() {
|
| 34 | 37 |
} |
| 35 | 38 |
|
| ... | ... | |
| 272 | 275 |
} |
| 273 | 276 |
} |
| 274 | 277 |
|
| 275 |
/* |
|
| 276 |
* creates Formular transactionnumbers for unique use |
|
| 277 |
* @access public |
|
| 278 |
* @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default) |
|
| 279 |
* false returns an array including FTAN0 and FTAN1 |
|
| 280 |
* @return mixed: array or string |
|
| 281 |
* |
|
| 282 |
* requirements: an active session must be available |
|
| 283 |
*/ |
|
| 284 |
function getFTAN( $as_tag = true) |
|
| 285 |
{
|
|
| 286 |
if(function_exists('microtime'))
|
|
| 287 |
{
|
|
| 288 |
list($usec, $sec) = explode(" ", microtime());
|
|
| 289 |
$time = (string)((float)$usec + (float)$sec); |
|
| 290 |
}else{
|
|
| 291 |
$time = (string)time(); |
|
| 292 |
} |
|
| 293 |
$salt = ( isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : ''); |
|
| 294 |
$salt .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : ''); |
|
| 295 |
$salt .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : ''); |
|
| 296 |
$salt .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''); |
|
| 297 |
$salt .= ( isset($_SERVER['HTTP_CONNECTION']) ? $_SERVER['HTTP_CONNECTION'] : ''); |
|
| 298 |
$salt .= ( isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''); |
|
| 299 |
$salt .= ( isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : ''); |
|
| 300 |
$salt = ( $salt !== '' ) ? $salt : 'eXtremelyHotTomatoJuice'; |
|
| 301 |
$ftan = md5($time.$salt); |
|
| 302 |
$_SESSION['FTAN'] = $ftan; |
|
| 303 |
$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10); |
|
| 304 |
$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10); |
|
| 305 |
if($as_tag == true) |
|
| 306 |
{
|
|
| 307 |
return '<input type="hidden" name="'.$ftan0.'" value="'.$ftan1.'" title="" />'; |
|
| 308 |
}else{
|
|
| 309 |
return array('FTAN0' => $ftan0, 'FTAN1' => $ftan1);
|
|
| 310 |
} |
|
| 278 |
// Print a success message which then automatically redirects the user to another page |
|
| 279 |
function print_success( $message, $redirect = 'index.php' ) {
|
|
| 280 |
global $TEXT; |
|
| 281 |
// fetch redirect timer for sucess messages from settings table |
|
| 282 |
$redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER >= 1500)) ? REDIRECT_TIMER : 0; |
|
| 283 |
// add template variables |
|
| 284 |
$tpl = new Template( THEME_PATH.'/templates' ); |
|
| 285 |
$tpl->set_file( 'page', 'success.htt' ); |
|
| 286 |
$tpl->set_block( 'page', 'main_block', 'main' ); |
|
| 287 |
$tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' ); |
|
| 288 |
$tpl->set_var( 'MESSAGE', $message ); |
|
| 289 |
$tpl->set_var( 'REDIRECT', $redirect ); |
|
| 290 |
$tpl->set_var( 'REDIRECT_TIMER', $redirect_timer ); |
|
| 291 |
$tpl->set_var( 'NEXT', $TEXT['NEXT'] ); |
|
| 292 |
if ($redirect_timer == 0) {
|
|
| 293 |
$tpl->set_block( 'show_redirect', '' ); |
|
| 294 |
} |
|
| 295 |
else {
|
|
| 296 |
$tpl->parse( 'show_redirect', 'show_redirect_block', true ); |
|
| 297 |
} |
|
| 298 |
$tpl->parse( 'main', 'main_block', false ); |
|
| 299 |
$tpl->pparse( 'output', 'page' ); |
|
| 311 | 300 |
} |
| 312 | 301 |
|
| 313 |
/* |
|
| 314 |
* checks received form-transactionnumbers against session-stored one |
|
| 315 |
* @access public |
|
| 316 |
* @param string $mode: requestmethode POST(default) or GET |
|
| 317 |
* @return bool: true if numbers matches against stored ones |
|
| 318 |
* |
|
| 319 |
* requirements: an active session must be available |
|
| 320 |
* this check will prevent from multiple sending a form. history.back() also will never work |
|
| 321 |
*/ |
|
| 322 |
function checkFTAN( $mode = 'POST') |
|
| 323 |
{
|
|
| 324 |
$retval = false; |
|
| 325 |
if(isset($_SESSION['FTAN']) && strlen($_SESSION['FTAN']) == strlen(md5('dummy')))
|
|
| 326 |
{
|
|
| 327 |
$ftan = $_SESSION['FTAN']; |
|
| 328 |
$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10); |
|
| 329 |
$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10); |
|
| 330 |
unset($_SESSION['FTAN']); |
|
| 331 |
if(strtoupper($mode) == 'POST') |
|
| 332 |
{
|
|
| 333 |
$retval = (isset($_POST[$ftan0]) && $_POST[$ftan0] == ($ftan1)); |
|
| 334 |
$_POST[$ftan0] = ''; |
|
| 335 |
}else{
|
|
| 336 |
$retval = (isset($_GET[$ftan0]) && $_GET[$ftan0] == ($ftan1)); |
|
| 337 |
$_GET[$ftan0] = ''; |
|
| 338 |
} |
|
| 339 |
} |
|
| 340 |
return $retval; |
|
| 341 |
} |
|
| 342 |
|
|
| 343 |
// Print a success message which then automatically redirects the user to another page |
|
| 344 |
function print_success($message, $redirect = 'index.php') {
|
|
| 345 |
global $TEXT, $database; |
|
| 346 |
|
|
| 347 |
// fetch redirect timer for sucess messages from settings table |
|
| 348 |
$table = TABLE_PREFIX . 'settings'; |
|
| 349 |
$results = @$database->get_one("SELECT `value` FROM `$table` WHERE `name` = 'redirect_timer'");
|
|
| 350 |
$redirect_timer = ($results) ? $results : '1500'; |
|
| 351 |
|
|
| 352 |
// add template variables |
|
| 353 |
$success_template = new Template(THEME_PATH.'/templates'); |
|
| 354 |
$success_template->set_file('page', 'success.htt');
|
|
| 355 |
$success_template->set_block('page', 'main_block', 'main');
|
|
| 356 |
$success_template->set_var('MESSAGE', $message);
|
|
| 357 |
$success_template->set_var('REDIRECT', $redirect);
|
|
| 358 |
$success_template->set_var('REDIRECT_TIMER', $redirect_timer);
|
|
| 359 |
$success_template->set_var('NEXT', $TEXT['NEXT']);
|
|
| 360 |
$success_template->parse('main', 'main_block', false);
|
|
| 361 |
$success_template->pparse('output', 'page');
|
|
| 362 |
} |
|
| 363 |
|
|
| 364 | 302 |
// Print an error message |
| 365 | 303 |
function print_error($message, $link = 'index.php', $auto_footer = true) {
|
| 366 | 304 |
global $TEXT; |
Also available in: Unified diff
add an extra class class.secureform.php and extends it to class.wb.php
check for installed modules before loading in content