Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: class.wb.php 1368 2010-12-31 15:46:57Z Luisehahne $
14
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18

    
19
// Include PHPLIB template class
20
require_once(WB_PATH."/include/phplib/template.inc");
21

    
22
require_once(WB_PATH.'/framework/class.database.php');
23

    
24
// Include new wbmailer class (subclass of PHPmailer)
25
require_once(WB_PATH."/framework/class.wbmailer.php");
26

    
27
require_once(WB_PATH."/framework/SecureForm.php");
28

    
29
class wb extends SecureForm
30
{
31

    
32
	var $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
33
	// General initialization function
34
	// performed when frontend or backend is loaded.
35

    
36
	function wb() {
37
	}
38

    
39
/* ****************
40
 * check if current user is member of at least one of given groups
41
 * ADMIN (uid=1) always is treated like a member of any groups
42
 *
43
 * @access public
44
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
45
 * @return bool: true if current user is member of one of this groups, otherwise false
46
 */
47
	function ami_group_member( $groups_list = '' )
48
	{
49
		if( $this->get_user_id() == 1 ) { return true; }
50
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
51
	}
52

    
53
	// Check whether a page is visible or not.
54
	// This will check page-visibility and user- and group-rights.
55
	/* page_is_visible() returns
56
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
57
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
58
	*/
59
	function page_is_visible($page)
60
    {
61
		$show_it = false; // shall we show the page?
62
		$page_id = $page['page_id'];
63
		$visibility = $page['visibility'];
64
		$viewing_groups = $page['viewing_groups'];
65
		$viewing_users = $page['viewing_users'];
66

    
67
		// First check if visibility is 'none', 'deleted'
68
		if($visibility == 'none')
69
        {
70
			return(false);
71
		} elseif($visibility == 'deleted')
72
        {
73
			return(false);
74
		}
75

    
76
		// Now check if visibility is 'hidden', 'private' or 'registered'
77
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
78
			$show_it = true;
79
		} elseif($visibility == 'private' || $visibility == 'registered')
80
        {
81
			// Check if the user is logged in
82
			if($this->is_authenticated() == true)
83
            {
84
				// Now check if the user has perms to view the page
85
				$in_group = false;
86
				foreach($this->get_groups_id() as $cur_gid)
87
                {
88
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
89
                    {
90
				        $in_group = true;
91
				    }
92
				}
93
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
94
					$show_it = true;
95
				} else {
96
					$show_it = false;
97
				}
98
			} else {
99
				$show_it = false;
100
			}
101
		} elseif($visibility == 'public') {
102
			$show_it = true;
103
		} else {
104
			$show_it = false;
105
		}
106
		return($show_it);
107
	}
108
	// Check if there is at least one active section on this page
109
	function page_is_active($page)
110
    {
111
		global $database;
112
		$has_active_sections = false;
113
		$page_id = $page['page_id'];
114
		$now = time();
115
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
116
		if($query_sections->numRows() != 0)
117
        {
118
			while($section = $query_sections->fetchRow())
119
            {
120
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
121
                {
122
					$has_active_sections = true;
123
					break;
124
				}
125
			}
126
		}
127
		return($has_active_sections);
128
	}
129

    
130
	// Check whether we should show a page or not (for front-end)
131
	function show_page($page)
132
    {
133
		if($this->page_is_visible($page) && $this->page_is_active($page))
134
        {
135
			return true;
136
		} else {
137
			return false;
138
		}
139
	}
140

    
141
	// Check if the user is already authenticated or not
142
	function is_authenticated() {
143
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
144
        {
145
			return true;
146
		} else {
147
			return false;
148
		}
149
	}
150

    
151
	// Modified addslashes function which takes into account magic_quotes
152
	function add_slashes($input) {
153
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
154
			return $input;
155
		}
156
		$output = addslashes($input);
157
		return $output;
158
	}
159

    
160
	// Ditto for stripslashes
161
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
162
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
163
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
164
	function strip_slashes($input) {
165
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
166
			return $input;
167
		}
168
		$output = stripslashes($input);
169
		return $output;
170
	}
171

    
172
	// Escape backslashes for use with mySQL LIKE strings
173
	function escape_backslashes($input) {
174
		return str_replace("\\","\\\\",$input);
175
	}
176

    
177
	function page_link($link){
178
		// Check for :// in the link (used in URL's) as well as mailto:
179
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
180
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
181
		} else {
182
			return $link;
183
		}
184
	}
185
	
186
	// Get POST data
187
	function get_post($field) {
188
		if(isset($_POST[$field])) {
189
			return $_POST[$field];
190
		} else {
191
			return null;
192
		}
193
	}
194

    
195
	// Get POST data and escape it
196
	function get_post_escaped($field) {
197
		$result = $this->get_post($field);
198
		return (is_null($result)) ? null : $this->add_slashes($result);
199
	}
200
	
201
	// Get GET data
202
	function get_get($field) {
203
		if(isset($_GET[$field])) {
204
			return $_GET[$field];
205
		} else {
206
			return null;
207
		}
208
	}
209

    
210
	// Get SESSION data
211
	function get_session($field) {
212
		if(isset($_SESSION[$field])) {
213
			return $_SESSION[$field];
214
		} else {
215
			return null;
216
		}
217
	}
218

    
219
	// Get SERVER data
220
	function get_server($field) {
221
		if(isset($_SERVER[$field])) {
222
			return $_SERVER[$field];
223
		} else {
224
			return null;
225
		}
226
	}
227

    
228
	// Get the current users id
229
	function get_user_id() {
230
		return $_SESSION['USER_ID'];
231
	}
232

    
233
	// Get the current users group id
234
	function get_group_id() {
235
		return $_SESSION['GROUP_ID'];
236
	}
237

    
238
	// Get the current users group ids
239
	function get_groups_id() {
240
		return explode(",", $_SESSION['GROUPS_ID']);
241
	}
242

    
243
	// Get the current users group name
244
	function get_group_name() {
245
		return implode(",", $_SESSION['GROUP_NAME']);
246
	}
247

    
248
	// Get the current users group name
249
	function get_groups_name() {
250
		return $_SESSION['GROUP_NAME'];
251
	}
252

    
253
	// Get the current users username
254
	function get_username() {
255
		return $_SESSION['USERNAME'];
256
	}
257

    
258
	// Get the current users display name
259
	function get_display_name() {
260
		return ($_SESSION['DISPLAY_NAME']);
261
	}
262

    
263
	// Get the current users email address
264
	function get_email() {
265
		return $_SESSION['EMAIL'];
266
	}
267

    
268
	// Get the current users home folder
269
	function get_home_folder() {
270
		return $_SESSION['HOME_FOLDER'];
271
	}
272

    
273
	// Get the current users timezone
274
	function get_timezone() {
275
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
276
			return $_SESSION['TIMEZONE'];
277
		} else {
278
			return '-72000';
279
		}
280
	}
281
/*  */
282
	// Validate supplied email address
283
	function validate_email($email) {
284
		if(preg_match('/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$/', $email)) {
285
		return true;
286
		} else {
287
			return false;
288
		}
289
	}
290

    
291

    
292
/* ****************
293
 * set one or more bit in a integer value
294
 *
295
 * @access public
296
 * @param int $value: reference to the integer, containing the value
297
 * @param int $bits2set: the bitmask witch shall be added to value
298
 * @return void
299
 */
300
	function bit_set( &$value, $bits2set )
301
	{
302
		$value |= $bits2set;
303
	}
304

    
305
/* ****************
306
 * reset one or more bit from a integer value
307
 *
308
 * @access public
309
 * @param int $value: reference to the integer, containing the value
310
 * @param int $bits2reset: the bitmask witch shall be removed from value
311
 * @return void
312
 */
313
	function bit_reset( &$value, $bits2reset)
314
	{
315
		$value &= ~$bits2reset;
316
	}
317

    
318
/* ****************
319
 * check if one or more bit in a integer value are set
320
 *
321
 * @access public
322
 * @param int $value: reference to the integer, containing the value
323
 * @param int $bits2set: the bitmask witch shall be added to value
324
 * @return void
325
 */
326
	function bit_isset( $value, $bits2test )
327
	{
328
		return (($value & $bits2test) == $bits2test);
329
	}
330

    
331
/*
332
	// Validate supplied email address
333
	function validate_email($email) {
334
		if(function_exists('idn_to_ascii')){ // use pear if available
335
			$email = idn_to_ascii($email);
336
		}else {
337
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
338
			$IDN = new idna_convert();
339
			$email = $IDN->encode($email);
340
			unset($IDN);
341
		}
342
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
343
	}
344
*/
345
	// Print a success message which then automatically redirects the user to another page
346
	function print_success( $message, $redirect = 'index.php' ) {
347
	    global $TEXT;
348
	    // fetch redirect timer for sucess messages from settings table
349
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER >= 1500)) ? REDIRECT_TIMER : 0;
350
	    // add template variables
351
	    $tpl = new Template( THEME_PATH.'/templates' );
352
	    $tpl->set_file( 'page', 'success.htt' );
353
	    $tpl->set_block( 'page', 'main_block', 'main' );
354
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
355
	    $tpl->set_var( 'MESSAGE', $message );
356
	    $tpl->set_var( 'REDIRECT', $redirect );
357
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
358
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
359
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
360
	    if ($redirect_timer == 0) {
361
	        $tpl->set_block( 'show_redirect', '' );
362
	    }
363
	    else {
364
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
365
	    }
366
	    $tpl->parse( 'main', 'main_block', false );
367
	    $tpl->pparse( 'output', 'page' );
368
	}
369

    
370
	// Print an error message
371
	function print_error($message, $link = 'index.php', $auto_footer = true) {
372
		global $TEXT;
373
		$success_template = new Template(THEME_PATH.'/templates');
374
		$success_template->set_file('page', 'error.htt');
375
		$success_template->set_block('page', 'main_block', 'main');
376
		$success_template->set_var('MESSAGE', $message);
377
		$success_template->set_var('LINK', $link);
378
		$success_template->set_var('BACK', $TEXT['BACK']);
379
		$success_template->parse('main', 'main_block', false);
380
		$success_template->pparse('output', 'page');
381
		if ( $auto_footer == true ) {
382
			if ( method_exists($this, "print_footer") ) {
383
				$this->print_footer();
384
			}
385
		}
386
		exit();
387
	}
388

    
389
	// Validate send email
390
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
391
		/* 
392
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
393
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
394
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
395

    
396
			NOTE:
397
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
398
			via the Settings panel in the backend of Website Baker
399
		*/ 
400

    
401
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
402
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
403
		$subject = preg_replace('/[\r\n]/', '', $subject);
404
		$message_alt = $message;
405
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
406
		
407
		// create PHPMailer object and define default settings
408
		$myMail = new wbmailer();
409

    
410
		// set user defined from address
411
		if ($fromaddress!='') {
412
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
413
			$myMail->From = $fromaddress;                            // FROM:
414
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
415
		}
416
		
417
		// define recepient and information to send out
418
		$myMail->AddAddress($toaddress);                            // TO:
419
		$myMail->Subject = $subject;                                // SUBJECT
420
		$myMail->Body = $message;                                   // CONTENT (HTML)
421
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
422
		
423
		// check if there are any send mail errors, otherwise say successful
424
		if (!$myMail->Send()) {
425
			return false;
426
		} else {
427
			return true;
428
		}
429
	}
430

    
431
}
432
?>
(9-9/16)