Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2010, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 4.3.4 and higher
13
 * @version         $Id: class.wb.php 1372 2011-01-10 01:45:40Z Luisehahne $
14
 * @filesource		$HeadURL: http://svn29.websitebaker2.org/trunk/wb/framework/class.wb.php $
15
 * @lastmodified    $Date: 2010-11-23 00:55:43 +0100 (Di, 23. Nov 2010) $
16
 *
17
 */
18
/*
19
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
21
*/
22
// Include PHPLIB template class
23
require_once(WB_PATH."/include/phplib/template.inc");
24

    
25
require_once(WB_PATH.'/framework/class.database.php');
26

    
27
// Include new wbmailer class (subclass of PHPmailer)
28
require_once(WB_PATH."/framework/class.wbmailer.php");
29

    
30
require_once(WB_PATH."/framework/SecureForm.php");
31

    
32
class wb extends SecureForm
33
{
34

    
35
	private $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
36
	// General initialization function
37
	// performed when frontend or backend is loaded.
38

    
39
	public function wb() {
40
		parent::__construct();
41
	}
42

    
43
	// Check whether a page is visible or not.
44
	// This will check page-visibility and user- and group-rights.
45
	/* page_is_visible() returns
46
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
47
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
48
	*/
49
	public function page_is_visible($page)
50
    {
51
		// First check if visibility is 'none', 'deleted'
52
		$show_it = false; // shall we show the page?
53
		switch( $page['visibility'] )
54
		{
55
			case 'none':
56
			case 'deleted':
57
				$show_it = false;
58
				break;
59
			case 'hidden':
60
			case 'public':
61
				$show_it = true;
62
				break;
63
			case 'private':
64
			case 'registered':
65
				if($this->is_authenticated() == true)
66
				{
67
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
68
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
69
				}
70
		}
71

    
72
		return($show_it);
73
	}
74

    
75
	function section_is_active($section_id)
76
	{
77
		global $database;
78
		$now = time();
79
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
80
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
81
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
82
		$sql .=       'AND `section_id`='.$section_id;
83
		return ($database->get_one($sql) != false);
84
	}
85
	// Check if there is at least one active section on this page
86
	function page_is_active($page)
87
    {
88
		global $database;
89
		$now = time();
90
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
91
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
92
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
93
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
94
		return ($database->get_one($sql) != false);
95
	}
96

    
97
	// Check whether we should show a page or not (for front-end)
98
	function show_page($page)
99
    {
100
		if( !is_array($page) )
101
		{
102
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
103
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
104
			if( ($res_pages = $database->query($sql))!= null )
105
			{
106
				if( !($page = $res_pages->fetchRow()) ) { return false; }
107
			}
108
		}
109
		return ($this->page_is_visible($page) && $this->page_is_active($page));
110
	}
111

    
112
	// Check if the user is already authenticated or not
113
	function is_authenticated() {
114
		if(isset($_SESSION['USER_ID']) && $_SESSION['USER_ID'] != "" && is_numeric($_SESSION['USER_ID']))
115
        {
116
			return true;
117
		} else {
118
			return false;
119
		}
120
	}
121

    
122
	// Modified addslashes function which takes into account magic_quotes
123
	function add_slashes($input) {
124
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
125
			return $input;
126
		}
127
		$output = addslashes($input);
128
		return $output;
129
	}
130

    
131
	// Ditto for stripslashes
132
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
133
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
134
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
135
	function strip_slashes($input) {
136
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
137
			return $input;
138
		}
139
		$output = stripslashes($input);
140
		return $output;
141
	}
142

    
143
	// Escape backslashes for use with mySQL LIKE strings
144
	function escape_backslashes($input) {
145
		return str_replace("\\","\\\\",$input);
146
	}
147

    
148
	function page_link($link){
149
		// Check for :// in the link (used in URL's) as well as mailto:
150
		if(strstr($link, '://') == '' && substr($link, 0, 7) != 'mailto:') {
151
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
152
		} else {
153
			return $link;
154
		}
155
	}
156
	
157
	// Get POST data
158
	function get_post($field) {
159
        return isset($_POST[$field]) ? $_POST[$field] : null;
160
	}
161

    
162
	// Get POST data and escape it
163
	function get_post_escaped($field) {
164
		$result = $this->get_post($field);
165
		return (is_null($result)) ? null : $this->add_slashes($result);
166
	}
167
	
168
	// Get GET data
169
	function get_get($field) {
170
        return isset($_GET[$field]) ? $_GET[$field] : null;
171
	}
172

    
173
	// Get SESSION data
174
	function get_session($field) {
175
        return isset($_SESSION[$field]) ? $_SESSION[$field] : null;
176
	}
177

    
178
	// Get SERVER data
179
	function get_server($field) {
180
        return isset($_SERVER[$field]) ? $_SERVER[$field] : null;
181
	}
182

    
183
	// Get the current users id
184
	function get_user_id() {
185
		return $_SESSION['USER_ID'];
186
	}
187

    
188
	// Get the current users group id (deprecated)
189
	function get_group_id() {
190
		return $_SESSION['GROUP_ID'];
191
	}
192

    
193
	// Get the current users group ids
194
	function get_groups_id() {
195
	    return explode(",", isset($_SESSION['GROUPS_ID']) ? $_SESSION['GROUPS_ID'] : '');
196
	}
197

    
198
	// Get the current users group name
199
	function get_group_name() {
200
		return implode(",", $_SESSION['GROUP_NAME']);
201
	}
202

    
203
	// Get the current users group name
204
	function get_groups_name() {
205
		return $_SESSION['GROUP_NAME'];
206
	}
207

    
208
	// Get the current users username
209
	function get_username() {
210
		return $_SESSION['USERNAME'];
211
	}
212

    
213
	// Get the current users display name
214
	function get_display_name() {
215
		return $_SESSION['DISPLAY_NAME'];
216
	}
217

    
218
	// Get the current users email address
219
	function get_email() {
220
		return $_SESSION['EMAIL'];
221
	}
222

    
223
	// Get the current users home folder
224
	function get_home_folder() {
225
		return $_SESSION['HOME_FOLDER'];
226
	}
227

    
228
	// Get the current users timezone
229
	function get_timezone() {
230
        return  !isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? $_SESSION['TIMEZONE'] : '-72000';
231
	}
232

    
233
/* ****************
234
 * check if one or more group_ids are in both group_lists
235
 *
236
 * @access public
237
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
238
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
239
 * @param array &$matches: an array-var whitch will return possible matches
240
 * @return bool: true there is a match, otherwise false
241
 */
242
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
243
	{
244
		if( $groups_list1 == '' ) { return false; }
245
		if( $groups_list2 == '' ) { return false; }
246
		if( !is_array($groups_list1) )
247
		{
248
			$groups_list1 = explode(',', $groups_list1);
249
		}
250
		if( !is_array($groups_list2) )
251
		{
252
			$groups_list2 = explode(',', $groups_list2);
253
		}
254
		$matches = array_intersect( $groups_list1, $groups_list2);
255
		return ( sizeof($matches) != 0 );
256
	}
257

    
258
/* ****************
259
 * check if current user is member of at least one of given groups
260
 * ADMIN (uid=1) always is treated like a member of any groups
261
 *
262
 * @access public
263
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
264
 * @return bool: true if current user is member of one of this groups, otherwise false
265
 */
266
	function ami_group_member( $groups_list = '' )
267
	{
268
		if( $this->get_user_id() == 1 ) { return true; }
269
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
270
	}
271

    
272
/* ****************
273
 * check if current user has permissions of at least one of given permissions
274
 * ADMIN (uid=1) always is treated like a member of any groups
275
 *
276
 * @access public
277
 * @param string $name: a string with the name
278
 * @param string $type: a string to define system, module or template, default is module
279
 * @return bool: true if current user has permission of one of this permission, otherwise false
280
 */
281
	function has_permission( $name, $type = 'system' )
282
	{
283
		if(is_array($name) && is_array($type))
284
		{
285
			return sizeof(array_intersect($name, $type));
286

    
287
		} elseif(is_string($name) && is_string($type))
288
		{
289
			$type_permissions = $this->get_session(strtoupper($type).'_PERMISSIONS');
290
			if( ($type == 'system') )
291
			{
292
				return is_numeric(array_search($name, $type_permissions));
293
			} else {
294
			// Set permissions var
295
				return !is_numeric(array_search($name, $type_permissions));
296
			}
297
		}
298
		return false;
299
	}
300

    
301
/* ****************
302
 * set one or more bit in a integer value
303
 *
304
 * @access public
305
 * @param int $value: reference to the integer, containing the value
306
 * @param int $bits2set: the bitmask witch shall be added to value
307
 * @return void
308
 */
309
	function bit_set( &$value, $bits2set )
310
	{
311
		$value |= $bits2set;
312
	}
313

    
314
/* ****************
315
 * reset one or more bit from a integer value
316
 *
317
 * @access public
318
 * @param int $value: reference to the integer, containing the value
319
 * @param int $bits2reset: the bitmask witch shall be removed from value
320
 * @return void
321
 */
322
	function bit_reset( &$value, $bits2reset)
323
	{
324
		$value &= ~$bits2reset;
325
	}
326

    
327
/* ****************
328
 * check if one or more bit in a integer value are set
329
 *
330
 * @access public
331
 * @param int $value: reference to the integer, containing the value
332
 * @param int $bits2set: the bitmask witch shall be added to value
333
 * @return void
334
 */
335
	function bit_isset( $value, $bits2test )
336
	{
337
		return (($value & $bits2test) == $bits2test);
338
	}
339

    
340

    
341
	// Validate supplied email address
342
	function validate_email($email) {
343
		if(preg_match('/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$/', $email)) {
344
		return true;
345
		} else {
346
			return false;
347
		}
348
	}
349

    
350
	// Print a success message which then automatically redirects the user to another page
351
	function print_success( $message, $redirect = 'index.php', $auto_footer = true ) {
352
	    global $TEXT;
353
	    // add template variables
354
	    $tpl = new Template( THEME_PATH.'/templates' );
355
	    $tpl->set_file( 'page', 'success.htt' );
356
	    $tpl->set_block( 'page', 'main_block', 'main' );
357
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
358
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
359
 	    $tpl->set_var( 'MESSAGE', $message );
360
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
361

    
362
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
363
	    $tpl->set_var( 'REDIRECT', $redirect );
364

    
365
	    if (REDIRECT_TIMER == -1)
366
		{
367
	        $tpl->set_block( 'show_redirect', '' );
368
	    } else {
369
		    $tpl->set_var( 'REDIRECT_TIMER', REDIRECT_TIMER );
370
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
371
	    }
372
	    $tpl->parse( 'main', 'main_block', false );
373
	    $tpl->pparse( 'output', 'page' );
374
		if ( $auto_footer == true )
375
		{
376
			if ( method_exists($this, "print_footer") )
377
			{
378
				$this->print_footer();
379
			}
380
		}
381
		exit();
382
	}
383

    
384
	// Print an error message
385
	function print_error($message, $link = 'index.php', $auto_footer = true )
386
	{
387
		global $TEXT;
388
		$success_template = new Template(THEME_PATH.'/templates');
389
		$success_template->set_file('page', 'error.htt');
390
		$success_template->set_block('page', 'main_block', 'main');
391
		$success_template->set_var('MESSAGE', $message);
392
		$success_template->set_var('LINK', $link);
393
		$success_template->set_var('BACK', $TEXT['BACK']);
394
 	    $success_template->set_var( 'THEME_URL', THEME_URL );
395
		$success_template->parse('main', 'main_block', false);
396
		$success_template->pparse('output', 'page');
397
		if ( $auto_footer == true ) {
398
			if ( method_exists($this, "print_footer") ) {
399
				$this->print_footer();
400
			}
401
		}
402
		exit();
403
	}
404
/*
405
 * @param string $message: the message to format
406
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
407
 * @return string: the html-formatted message (using template 'message.htt')
408
 */
409
	public function format_message($message, $status = 'ok')
410
	{
411
		$id = uniqid('x');
412
		$tpl = new Template(THEME_PATH.'/templates');
413
		$tpl->set_file('page', 'message.htt');
414
		$tpl->set_block('page', 'main_block', 'main');
415
		$tpl->set_var('MESSAGE', $message);
416
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
417
		$tpl->set_var( 'ID', $id );
418
		if($status == 'ok' || $status == 'error' || $status = 'warning')
419
		{
420
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
421
		}else
422
		{
423
			$tpl->set_var('BOX_STATUS', '');
424
		}
425
		$tpl->set_var('STATUS', $status);
426
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
427
		$retval = '';
428
		if( $status != 'error' )
429
		{
430
			switch(REDIRECT_TIMER):
431
				case 0: // do not show message
432
					unset($tpl);
433
					break;
434
				case -1: // show message permanently
435
					$tpl->parse('main', 'main_block', false);
436
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
437
					unset($tpl);
438
					break;
439
				default: // hide message after REDIRECTOR_TIMER milliseconds
440
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
441
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
442
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
443
					$tpl->parse('main', 'main_block', false);
444
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
445
					unset($tpl);
446
			endswitch;
447
		}else
448
		{
449
			$tpl->parse('main', 'main_block', false);
450
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
451
			unset($tpl);
452
		}
453
		return $retval;
454
	}
455
/*
456
 * @param string $type: 'locked'(default)  or 'new'
457
 * @return void: terminates application
458
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
459
 *               'new' >> Show 'new site under construction'(former print_under_construction)
460
 */
461
	public function ShowMaintainScreen($type = 'locked')
462
	{
463
		global $database, $MESSAGE;
464
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
465
		$BE_PATIENT = '';
466
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
467

    
468
		$show_screen = false;
469
		if($type == 'locked')
470
		{
471
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
472
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
473
			{
474
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
475
	// first kick logged users out of the system
476
		// delete all remember keys from table 'user' except user_id=1
477
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
478
				$sql .= 'WHERE `user_id`<>1';
479
				$database->query($sql);
480
		// delete remember key-cookie if set
481
				if (isset($_COOKIE['REMEMBER_KEY'])) {
482
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
483
				}
484
		// overwrite session array
485
				$_SESSION = array();
486
		// delete session cookie if set
487
				if (ini_get("session.use_cookies")) {
488
					$params = session_get_cookie_params();
489
					setcookie(session_name(), '', time() - 42000, $params["path"],
490
						$params["domain"], $params["secure"], $params["httponly"]
491
					);
492
				}
493
		// delete the session itself
494
				session_destroy();
495
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
496
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
497
				$PAGE_ICON  = WB_REL.'/negative';
498
				$show_screen = true;
499
			}
500
		}else
501
		{
502
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
503
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
504
			$PAGE_ICON  = WB_REL.'/positive';
505
			$show_screen = true;
506
		}
507
		if($show_screen)
508
		{
509
			if(file_exists(WB_PATH.'/maintenance.php'))
510
			{
511
				include(WB_PATH.'/maintenance.php');
512
			}else
513
			{
514
				echo $PAGE_TITLE.'<br />'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
515
			}
516
			flush();
517
			exit;
518
		}
519
	}
520
	// Validate send email
521
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
522
		/*
523
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
524
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
525
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
526

    
527
			NOTE:
528
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
529
			via the Settings panel in the backend of Website Baker
530
		*/ 
531

    
532
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
533
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
534
		$subject = preg_replace('/[\r\n]/', '', $subject);
535
		$message_alt = $message;
536
		$message = nl2br( str_replace('\r', '', $message) );
537
		// create PHPMailer object and define default settings
538
		$myMail = new wbmailer();
539

    
540
		// set user defined from address
541
		if ($fromaddress!='') {
542
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
543
			$myMail->From = $fromaddress;                            // FROM:
544
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
545
		}
546
		
547
		// define recepient and information to send out
548
		$myMail->AddAddress($toaddress);                            // TO:
549
		$myMail->Subject = $subject;                                // SUBJECT
550
		$myMail->Body = $message;                                   // CONTENT (HTML)
551
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
552
		
553
		// check if there are any send mail errors, otherwise say successful
554
		if (!$myMail->Send()) {
555
			return false;
556
		} else {
557
			return true;
558
		}
559
	}
560

    
561
}
(9-9/16)