Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG (revision 1371)
+++ branches/2.8.x/CHANGELOG (revision 1372)
@@ -11,8 +11,11 @@
! = Update/Change
------------------------------------- 2.8.2 -------------------------------------
+10 Jan-2011 Build 1372 Dietmar Woellbrink (Luisehahne)
+# fixed class.wb.php to add class SecureForm
09 Jan-2011 Build 1371 Dietmar Woellbrink (Luisehahne)
# captcha patch (Tks to FrankH)
+! set status to 2.8.2 RC4
09 Jan-2011 Build 1370 Dietmar Woellbrink (Luisehahne)
! update install, changed some default settings to enabled
06 Jan-2011 Build 1369 Dietmar Woellbrink (Luisehahne)
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php (revision 1371)
+++ branches/2.8.x/wb/admin/interface/version.php (revision 1372)
@@ -52,6 +52,6 @@
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
if(!defined('VERSION')) define('VERSION', '2.8.2.RC4');
-if(!defined('REVISION')) define('REVISION', '1371');
+if(!defined('REVISION')) define('REVISION', '1372');
?>
\ No newline at end of file
Index: branches/2.8.x/wb/framework/class.wb.php
===================================================================
--- branches/2.8.x/wb/framework/class.wb.php (revision 1371)
+++ branches/2.8.x/wb/framework/class.wb.php (revision 1372)
@@ -5,17 +5,20 @@
* @package framework
* @author WebsiteBaker Project
* @copyright 2004-2009, Ryan Djurovich
- * @copyright 2009-2011, Website Baker Org. e.V.
+ * @copyright 2009-2010, Website Baker Org. e.V.
* @link http://www.websitebaker2.org/
* @license http://www.gnu.org/licenses/gpl.html
* @platform WebsiteBaker 2.8.x
- * @requirements PHP 5.2.2 and higher
+ * @requirements PHP 4.3.4 and higher
* @version $Id$
- * @filesource $HeadURL: $
- * @lastmodified $Date: $
+ * @filesource $HeadURL: http://svn29.websitebaker2.org/trunk/wb/framework/class.wb.php $
+ * @lastmodified $Date: 2010-11-23 00:55:43 +0100 (Di, 23. Nov 2010) $
*
*/
-
+/*
+// Must include code to stop this file being access directly
+if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
+*/
// Include PHPLIB template class
require_once(WB_PATH."/include/phplib/template.inc");
@@ -29,27 +32,14 @@
class wb extends SecureForm
{
- var $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
+ private $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
// General initialization function
// performed when frontend or backend is loaded.
- function wb() {
+ public function wb() {
+ parent::__construct();
}
-/* ****************
- * check if current user is member of at least one of given groups
- * ADMIN (uid=1) always is treated like a member of any groups
- *
- * @access public
- * @param mixed $groups_list: an array or a coma seperated list of group-ids
- * @return bool: true if current user is member of one of this groups, otherwise false
- */
- function ami_group_member( $groups_list = '' )
- {
- if( $this->get_user_id() == 1 ) { return true; }
- return $this->is_group_match( $groups_list, $this->get_groups_id() );
- }
-
// Check whether a page is visible or not.
// This will check page-visibility and user- and group-rights.
/* page_is_visible() returns
@@ -56,91 +46,72 @@
false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
*/
- function page_is_visible($page)
+ public function page_is_visible($page)
{
+ // First check if visibility is 'none', 'deleted'
$show_it = false; // shall we show the page?
- $page_id = $page['page_id'];
- $visibility = $page['visibility'];
- $viewing_groups = $page['viewing_groups'];
- $viewing_users = $page['viewing_users'];
-
- // First check if visibility is 'none', 'deleted'
- if($visibility == 'none')
- {
- return(false);
- } elseif($visibility == 'deleted')
- {
- return(false);
+ switch( $page['visibility'] )
+ {
+ case 'none':
+ case 'deleted':
+ $show_it = false;
+ break;
+ case 'hidden':
+ case 'public':
+ $show_it = true;
+ break;
+ case 'private':
+ case 'registered':
+ if($this->is_authenticated() == true)
+ {
+ $show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
+ $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
+ }
}
- // Now check if visibility is 'hidden', 'private' or 'registered'
- if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
- $show_it = true;
- } elseif($visibility == 'private' || $visibility == 'registered')
- {
- // Check if the user is logged in
- if($this->is_authenticated() == true)
- {
- // Now check if the user has perms to view the page
- $in_group = false;
- foreach($this->get_groups_id() as $cur_gid)
- {
- if(in_array($cur_gid, explode(',', $viewing_groups)))
- {
- $in_group = true;
- }
- }
- if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
- $show_it = true;
- } else {
- $show_it = false;
- }
- } else {
- $show_it = false;
- }
- } elseif($visibility == 'public') {
- $show_it = true;
- } else {
- $show_it = false;
- }
return($show_it);
}
+
+ function section_is_active($section_id)
+ {
+ global $database;
+ $now = time();
+ $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
+ $sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
+ $sql .= '('.$now.' > `publ_start` AND `publ_end`=0) ';
+ $sql .= 'AND `section_id`='.$section_id;
+ return ($database->get_one($sql) != false);
+ }
// Check if there is at least one active section on this page
function page_is_active($page)
{
global $database;
- $has_active_sections = false;
- $page_id = $page['page_id'];
$now = time();
- $query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
- if($query_sections->numRows() != 0)
- {
- while($section = $query_sections->fetchRow())
- {
- if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
- {
- $has_active_sections = true;
- break;
- }
- }
- }
- return($has_active_sections);
+ $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
+ $sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
+ $sql .= '('.$now.' > `publ_start` AND `publ_end`=0) ';
+ $sql .= 'AND `page_id`='.(int)$page['page_id'];
+ return ($database->get_one($sql) != false);
}
// Check whether we should show a page or not (for front-end)
function show_page($page)
{
- if($this->page_is_visible($page) && $this->page_is_active($page))
- {
- return true;
- } else {
- return false;
+ if( !is_array($page) )
+ {
+ $sql = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
+ $sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
+ if( ($res_pages = $database->query($sql))!= null )
+ {
+ if( !($page = $res_pages->fetchRow()) ) { return false; }
+ }
}
+ return ($this->page_is_visible($page) && $this->page_is_active($page));
}
// Check if the user is already authenticated or not
function is_authenticated() {
- if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
+ if(isset($_SESSION['USER_ID']) && $_SESSION['USER_ID'] != "" && is_numeric($_SESSION['USER_ID']))
{
return true;
} else {
@@ -176,7 +147,7 @@
function page_link($link){
// Check for :// in the link (used in URL's) as well as mailto:
- if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
+ if(strstr($link, '://') == '' && substr($link, 0, 7) != 'mailto:') {
return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
} else {
return $link;
@@ -185,11 +156,7 @@
// Get POST data
function get_post($field) {
- if(isset($_POST[$field])) {
- return $_POST[$field];
- } else {
- return null;
- }
+ return isset($_POST[$field]) ? $_POST[$field] : null;
}
// Get POST data and escape it
@@ -200,29 +167,17 @@
// Get GET data
function get_get($field) {
- if(isset($_GET[$field])) {
- return $_GET[$field];
- } else {
- return null;
- }
+ return isset($_GET[$field]) ? $_GET[$field] : null;
}
// Get SESSION data
function get_session($field) {
- if(isset($_SESSION[$field])) {
- return $_SESSION[$field];
- } else {
- return null;
- }
+ return isset($_SESSION[$field]) ? $_SESSION[$field] : null;
}
// Get SERVER data
function get_server($field) {
- if(isset($_SERVER[$field])) {
- return $_SERVER[$field];
- } else {
- return null;
- }
+ return isset($_SERVER[$field]) ? $_SERVER[$field] : null;
}
// Get the current users id
@@ -230,7 +185,7 @@
return $_SESSION['USER_ID'];
}
- // Get the current users group id
+ // Get the current users group id (deprecated)
function get_group_id() {
return $_SESSION['GROUP_ID'];
}
@@ -237,7 +192,7 @@
// Get the current users group ids
function get_groups_id() {
- return explode(",", $_SESSION['GROUPS_ID']);
+ return explode(",", isset($_SESSION['GROUPS_ID']) ? $_SESSION['GROUPS_ID'] : '');
}
// Get the current users group name
@@ -257,7 +212,7 @@
// Get the current users display name
function get_display_name() {
- return ($_SESSION['DISPLAY_NAME']);
+ return $_SESSION['DISPLAY_NAME'];
}
// Get the current users email address
@@ -272,24 +227,78 @@
// Get the current users timezone
function get_timezone() {
- if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
- return $_SESSION['TIMEZONE'];
- } else {
- return '-72000';
- }
+ return !isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? $_SESSION['TIMEZONE'] : '-72000';
}
-/* */
- // Validate supplied email address
- function validate_email($email) {
- if(preg_match('/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$/', $email)) {
- return true;
- } else {
- return false;
+
+/* ****************
+ * check if one or more group_ids are in both group_lists
+ *
+ * @access public
+ * @param mixed $groups_list1: an array or a coma seperated list of group-ids
+ * @param mixed $groups_list2: an array or a coma seperated list of group-ids
+ * @param array &$matches: an array-var whitch will return possible matches
+ * @return bool: true there is a match, otherwise false
+ */
+ function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
+ {
+ if( $groups_list1 == '' ) { return false; }
+ if( $groups_list2 == '' ) { return false; }
+ if( !is_array($groups_list1) )
+ {
+ $groups_list1 = explode(',', $groups_list1);
}
+ if( !is_array($groups_list2) )
+ {
+ $groups_list2 = explode(',', $groups_list2);
+ }
+ $matches = array_intersect( $groups_list1, $groups_list2);
+ return ( sizeof($matches) != 0 );
}
+/* ****************
+ * check if current user is member of at least one of given groups
+ * ADMIN (uid=1) always is treated like a member of any groups
+ *
+ * @access public
+ * @param mixed $groups_list: an array or a coma seperated list of group-ids
+ * @return bool: true if current user is member of one of this groups, otherwise false
+ */
+ function ami_group_member( $groups_list = '' )
+ {
+ if( $this->get_user_id() == 1 ) { return true; }
+ return $this->is_group_match( $groups_list, $this->get_groups_id() );
+ }
/* ****************
+ * check if current user has permissions of at least one of given permissions
+ * ADMIN (uid=1) always is treated like a member of any groups
+ *
+ * @access public
+ * @param string $name: a string with the name
+ * @param string $type: a string to define system, module or template, default is module
+ * @return bool: true if current user has permission of one of this permission, otherwise false
+ */
+ function has_permission( $name, $type = 'system' )
+ {
+ if(is_array($name) && is_array($type))
+ {
+ return sizeof(array_intersect($name, $type));
+
+ } elseif(is_string($name) && is_string($type))
+ {
+ $type_permissions = $this->get_session(strtoupper($type).'_PERMISSIONS');
+ if( ($type == 'system') )
+ {
+ return is_numeric(array_search($name, $type_permissions));
+ } else {
+ // Set permissions var
+ return !is_numeric(array_search($name, $type_permissions));
+ }
+ }
+ return false;
+ }
+
+/* ****************
* set one or more bit in a integer value
*
* @access public
@@ -328,47 +337,53 @@
return (($value & $bits2test) == $bits2test);
}
-/*
+
// Validate supplied email address
function validate_email($email) {
- if(function_exists('idn_to_ascii')){ // use pear if available
- $email = idn_to_ascii($email);
- }else {
- require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
- $IDN = new idna_convert();
- $email = $IDN->encode($email);
- unset($IDN);
+ if(preg_match('/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$/', $email)) {
+ return true;
+ } else {
+ return false;
}
- return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
}
-*/
+
// Print a success message which then automatically redirects the user to another page
- function print_success( $message, $redirect = 'index.php' ) {
+ function print_success( $message, $redirect = 'index.php', $auto_footer = true ) {
global $TEXT;
- // fetch redirect timer for sucess messages from settings table
- $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER >= 1500)) ? REDIRECT_TIMER : 0;
// add template variables
$tpl = new Template( THEME_PATH.'/templates' );
$tpl->set_file( 'page', 'success.htt' );
$tpl->set_block( 'page', 'main_block', 'main' );
+ $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
+ $tpl->set_var( 'BACK', $TEXT['BACK'] );
+ $tpl->set_var( 'MESSAGE', $message );
+ $tpl->set_var( 'THEME_URL', THEME_URL );
+
$tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
- $tpl->set_var( 'MESSAGE', $message );
$tpl->set_var( 'REDIRECT', $redirect );
- $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
- $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
- $tpl->set_var( 'BACK', $TEXT['BACK'] );
- if ($redirect_timer == 0) {
+
+ if (REDIRECT_TIMER == -1)
+ {
$tpl->set_block( 'show_redirect', '' );
- }
- else {
+ } else {
+ $tpl->set_var( 'REDIRECT_TIMER', REDIRECT_TIMER );
$tpl->parse( 'show_redirect', 'show_redirect_block', true );
}
$tpl->parse( 'main', 'main_block', false );
$tpl->pparse( 'output', 'page' );
+ if ( $auto_footer == true )
+ {
+ if ( method_exists($this, "print_footer") )
+ {
+ $this->print_footer();
+ }
+ }
+ exit();
}
// Print an error message
- function print_error($message, $link = 'index.php', $auto_footer = true) {
+ function print_error($message, $link = 'index.php', $auto_footer = true )
+ {
global $TEXT;
$success_template = new Template(THEME_PATH.'/templates');
$success_template->set_file('page', 'error.htt');
@@ -376,6 +391,7 @@
$success_template->set_var('MESSAGE', $message);
$success_template->set_var('LINK', $link);
$success_template->set_var('BACK', $TEXT['BACK']);
+ $success_template->set_var( 'THEME_URL', THEME_URL );
$success_template->parse('main', 'main_block', false);
$success_template->pparse('output', 'page');
if ( $auto_footer == true ) {
@@ -385,10 +401,125 @@
}
exit();
}
+/*
+ * @param string $message: the message to format
+ * @param string $status: ('ok' / 'error' / '') status defines the apereance of the box
+ * @return string: the html-formatted message (using template 'message.htt')
+ */
+ public function format_message($message, $status = 'ok')
+ {
+ $id = uniqid('x');
+ $tpl = new Template(THEME_PATH.'/templates');
+ $tpl->set_file('page', 'message.htt');
+ $tpl->set_block('page', 'main_block', 'main');
+ $tpl->set_var('MESSAGE', $message);
+ $tpl->set_var( 'THEME_URL', THEME_URL );
+ $tpl->set_var( 'ID', $id );
+ if($status == 'ok' || $status == 'error' || $status = 'warning')
+ {
+ $tpl->set_var('BOX_STATUS', ' box-'.$status);
+ }else
+ {
+ $tpl->set_var('BOX_STATUS', '');
+ }
+ $tpl->set_var('STATUS', $status);
+ if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
+ $retval = '';
+ if( $status != 'error' )
+ {
+ switch(REDIRECT_TIMER):
+ case 0: // do not show message
+ unset($tpl);
+ break;
+ case -1: // show message permanently
+ $tpl->parse('main', 'main_block', false);
+ $retval = $tpl->finish($tpl->parse('output', 'page', false));
+ unset($tpl);
+ break;
+ default: // hide message after REDIRECTOR_TIMER milliseconds
+ $retval = '';
+ $tpl->parse('main', 'main_block', false);
+ $retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
+ unset($tpl);
+ endswitch;
+ }else
+ {
+ $tpl->parse('main', 'main_block', false);
+ $retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
+ unset($tpl);
+ }
+ return $retval;
+ }
+/*
+ * @param string $type: 'locked'(default) or 'new'
+ * @return void: terminates application
+ * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
+ * 'new' >> Show 'new site under construction'(former print_under_construction)
+ */
+ public function ShowMaintainScreen($type = 'locked')
+ {
+ global $database, $MESSAGE;
+ $CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
+ $BE_PATIENT = '';
+ $LANGUAGE = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
+ $show_screen = false;
+ if($type == 'locked')
+ {
+ $curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
+ if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
+ {
+ header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
+ // first kick logged users out of the system
+ // delete all remember keys from table 'user' except user_id=1
+ $sql = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
+ $sql .= 'WHERE `user_id`<>1';
+ $database->query($sql);
+ // delete remember key-cookie if set
+ if (isset($_COOKIE['REMEMBER_KEY'])) {
+ setcookie('REMEMBER_KEY', '', time() - 3600, '/');
+ }
+ // overwrite session array
+ $_SESSION = array();
+ // delete session cookie if set
+ if (ini_get("session.use_cookies")) {
+ $params = session_get_cookie_params();
+ setcookie(session_name(), '', time() - 42000, $params["path"],
+ $params["domain"], $params["secure"], $params["httponly"]
+ );
+ }
+ // delete the session itself
+ session_destroy();
+ $PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
+ $BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
+ $PAGE_ICON = WB_REL.'/negative';
+ $show_screen = true;
+ }
+ }else
+ {
+ header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
+ $PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
+ $PAGE_ICON = WB_REL.'/positive';
+ $show_screen = true;
+ }
+ if($show_screen)
+ {
+ if(file_exists(WB_PATH.'/maintenance.php'))
+ {
+ include(WB_PATH.'/maintenance.php');
+ }else
+ {
+ echo $PAGE_TITLE.'
'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
+ }
+ flush();
+ exit;
+ }
+ }
// Validate send email
function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
- /*
+ /*
INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
@@ -402,8 +533,7 @@
$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
$subject = preg_replace('/[\r\n]/', '', $subject);
$message_alt = $message;
- $message = preg_replace('/[\r\n]/', '
', $message);
-
+ $message = nl2br( str_replace('\r', '', $message) );
// create PHPMailer object and define default settings
$myMail = new wbmailer();
@@ -429,4 +559,3 @@
}
}
-?>
\ No newline at end of file