Project

General

Profile

« Previous | Next » 

Revision 1373

Added by Dietmar almost 14 years ago

update headerinfos

View differences:

class.wb.php
5 5
 * @package         framework
6 6
 * @author          WebsiteBaker Project
7 7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2010, Website Baker Org. e.V.
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9 9
 * @link			http://www.websitebaker2.org/
10 10
 * @license         http://www.gnu.org/licenses/gpl.html
11 11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 4.3.4 and higher
12
 *  * @requirements    PHP 5.2.2 and higher
13 13
 * @version         $Id$
14
 * @filesource		$HeadURL: http://svn29.websitebaker2.org/trunk/wb/framework/class.wb.php $
15
 * @lastmodified    $Date: 2010-11-23 00:55:43 +0100 (Di, 23. Nov 2010) $
14
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16 16
 *
17 17
 */
18
/*
19
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
21
*/
18

  
22 19
// Include PHPLIB template class
23 20
require_once(WB_PATH."/include/phplib/template.inc");
24 21

  
......
32 29
class wb extends SecureForm
33 30
{
34 31

  
35
	private $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
32
	var $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
36 33
	// General initialization function
37 34
	// performed when frontend or backend is loaded.
38 35

  
39
	public function wb() {
36
	function wb() {
40 37
		parent::__construct();
41 38
	}
42 39

  
40
/* ****************
41
 * check if current user is member of at least one of given groups
42
 * ADMIN (uid=1) always is treated like a member of any groups
43
 *
44
 * @access public
45
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
46
 * @return bool: true if current user is member of one of this groups, otherwise false
47
 */
48
	function ami_group_member( $groups_list = '' )
49
	{
50
		if( $this->get_user_id() == 1 ) { return true; }
51
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
52
	}
53

  
43 54
	// Check whether a page is visible or not.
44 55
	// This will check page-visibility and user- and group-rights.
45 56
	/* page_is_visible() returns
46 57
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
47 58
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
48 59
	*/
49
	public function page_is_visible($page)
60
	function page_is_visible($page)
50 61
    {
62
		$show_it = false; // shall we show the page?
63
		$page_id = $page['page_id'];
64
		$visibility = $page['visibility'];
65
		$viewing_groups = $page['viewing_groups'];
66
		$viewing_users = $page['viewing_users'];
67

  
51 68
		// First check if visibility is 'none', 'deleted'
52
		$show_it = false; // shall we show the page?
53
		switch( $page['visibility'] )
54
		{
55
			case 'none':
56
			case 'deleted':
69
		if($visibility == 'none')
70
        {
71
			return(false);
72
		} elseif($visibility == 'deleted')
73
        {
74
			return(false);
75
		}
76

  
77
		// Now check if visibility is 'hidden', 'private' or 'registered'
78
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
79
			$show_it = true;
80
		} elseif($visibility == 'private' || $visibility == 'registered')
81
        {
82
			// Check if the user is logged in
83
			if($this->is_authenticated() == true)
84
            {
85
				// Now check if the user has perms to view the page
86
				$in_group = false;
87
				foreach($this->get_groups_id() as $cur_gid)
88
                {
89
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
90
                    {
91
				        $in_group = true;
92
				    }
93
				}
94
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
95
					$show_it = true;
96
				} else {
97
					$show_it = false;
98
				}
99
			} else {
57 100
				$show_it = false;
58
				break;
59
			case 'hidden':
60
			case 'public':
61
				$show_it = true;
62
				break;
63
			case 'private':
64
			case 'registered':
65
				if($this->is_authenticated() == true)
66
				{
67
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
68
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
69
				}
101
			}
102
		} elseif($visibility == 'public') {
103
			$show_it = true;
104
		} else {
105
			$show_it = false;
70 106
		}
71

  
72 107
		return($show_it);
73 108
	}
74

  
75
	function section_is_active($section_id)
76
	{
77
		global $database;
78
		$now = time();
79
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
80
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
81
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
82
		$sql .=       'AND `section_id`='.$section_id;
83
		return ($database->get_one($sql) != false);
84
	}
85 109
	// Check if there is at least one active section on this page
86 110
	function page_is_active($page)
87 111
    {
88 112
		global $database;
113
		$has_active_sections = false;
114
		$page_id = $page['page_id'];
89 115
		$now = time();
90
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
91
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
92
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
93
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
94
		return ($database->get_one($sql) != false);
116
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
117
		if($query_sections->numRows() != 0)
118
        {
119
			while($section = $query_sections->fetchRow())
120
            {
121
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
122
                {
123
					$has_active_sections = true;
124
					break;
125
				}
126
			}
127
		}
128
		return($has_active_sections);
95 129
	}
96 130

  
97 131
	// Check whether we should show a page or not (for front-end)
98 132
	function show_page($page)
99 133
    {
100
		if( !is_array($page) )
101
		{
102
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
103
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
104
			if( ($res_pages = $database->query($sql))!= null )
105
			{
106
				if( !($page = $res_pages->fetchRow()) ) { return false; }
107
			}
134
		if($this->page_is_visible($page) && $this->page_is_active($page))
135
        {
136
			return true;
137
		} else {
138
			return false;
108 139
		}
109
		return ($this->page_is_visible($page) && $this->page_is_active($page));
110 140
	}
111 141

  
112 142
	// Check if the user is already authenticated or not
113 143
	function is_authenticated() {
114
		if(isset($_SESSION['USER_ID']) && $_SESSION['USER_ID'] != "" && is_numeric($_SESSION['USER_ID']))
144
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
115 145
        {
116 146
			return true;
117 147
		} else {
......
147 177

  
148 178
	function page_link($link){
149 179
		// Check for :// in the link (used in URL's) as well as mailto:
150
		if(strstr($link, '://') == '' && substr($link, 0, 7) != 'mailto:') {
180
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
151 181
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
152 182
		} else {
153 183
			return $link;
......
156 186
	
157 187
	// Get POST data
158 188
	function get_post($field) {
159
        return isset($_POST[$field]) ? $_POST[$field] : null;
189
		if(isset($_POST[$field])) {
190
			return $_POST[$field];
191
		} else {
192
			return null;
193
		}
160 194
	}
161 195

  
162 196
	// Get POST data and escape it
......
167 201
	
168 202
	// Get GET data
169 203
	function get_get($field) {
170
        return isset($_GET[$field]) ? $_GET[$field] : null;
204
		if(isset($_GET[$field])) {
205
			return $_GET[$field];
206
		} else {
207
			return null;
208
		}
171 209
	}
172 210

  
173 211
	// Get SESSION data
174 212
	function get_session($field) {
175
        return isset($_SESSION[$field]) ? $_SESSION[$field] : null;
213
		if(isset($_SESSION[$field])) {
214
			return $_SESSION[$field];
215
		} else {
216
			return null;
217
		}
176 218
	}
177 219

  
178 220
	// Get SERVER data
179 221
	function get_server($field) {
180
        return isset($_SERVER[$field]) ? $_SERVER[$field] : null;
222
		if(isset($_SERVER[$field])) {
223
			return $_SERVER[$field];
224
		} else {
225
			return null;
226
		}
181 227
	}
182 228

  
183 229
	// Get the current users id
......
185 231
		return $_SESSION['USER_ID'];
186 232
	}
187 233

  
188
	// Get the current users group id (deprecated)
234
	// Get the current users group id
189 235
	function get_group_id() {
190 236
		return $_SESSION['GROUP_ID'];
191 237
	}
192 238

  
193 239
	// Get the current users group ids
194 240
	function get_groups_id() {
195
	    return explode(",", isset($_SESSION['GROUPS_ID']) ? $_SESSION['GROUPS_ID'] : '');
241
		return explode(",", $_SESSION['GROUPS_ID']);
196 242
	}
197 243

  
198 244
	// Get the current users group name
......
212 258

  
213 259
	// Get the current users display name
214 260
	function get_display_name() {
215
		return $_SESSION['DISPLAY_NAME'];
261
		return ($_SESSION['DISPLAY_NAME']);
216 262
	}
217 263

  
218 264
	// Get the current users email address
......
227 273

  
228 274
	// Get the current users timezone
229 275
	function get_timezone() {
230
        return  !isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? $_SESSION['TIMEZONE'] : '-72000';
231
	}
232

  
233
/* ****************
234
 * check if one or more group_ids are in both group_lists
235
 *
236
 * @access public
237
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
238
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
239
 * @param array &$matches: an array-var whitch will return possible matches
240
 * @return bool: true there is a match, otherwise false
241
 */
242
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
243
	{
244
		if( $groups_list1 == '' ) { return false; }
245
		if( $groups_list2 == '' ) { return false; }
246
		if( !is_array($groups_list1) )
247
		{
248
			$groups_list1 = explode(',', $groups_list1);
276
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
277
			return $_SESSION['TIMEZONE'];
278
		} else {
279
			return '-72000';
249 280
		}
250
		if( !is_array($groups_list2) )
251
		{
252
			$groups_list2 = explode(',', $groups_list2);
253
		}
254
		$matches = array_intersect( $groups_list1, $groups_list2);
255
		return ( sizeof($matches) != 0 );
256 281
	}
257 282

  
258
/* ****************
259
 * check if current user is member of at least one of given groups
260
 * ADMIN (uid=1) always is treated like a member of any groups
261
 *
262
 * @access public
263
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
264
 * @return bool: true if current user is member of one of this groups, otherwise false
265
 */
266
	function ami_group_member( $groups_list = '' )
267
	{
268
		if( $this->get_user_id() == 1 ) { return true; }
269
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
270
	}
271

  
272
/* ****************
273
 * check if current user has permissions of at least one of given permissions
274
 * ADMIN (uid=1) always is treated like a member of any groups
275
 *
276
 * @access public
277
 * @param string $name: a string with the name
278
 * @param string $type: a string to define system, module or template, default is module
279
 * @return bool: true if current user has permission of one of this permission, otherwise false
280
 */
281
	function has_permission( $name, $type = 'system' )
282
	{
283
		if(is_array($name) && is_array($type))
284
		{
285
			return sizeof(array_intersect($name, $type));
286

  
287
		} elseif(is_string($name) && is_string($type))
288
		{
289
			$type_permissions = $this->get_session(strtoupper($type).'_PERMISSIONS');
290
			if( ($type == 'system') )
291
			{
292
				return is_numeric(array_search($name, $type_permissions));
293
			} else {
294
			// Set permissions var
295
				return !is_numeric(array_search($name, $type_permissions));
296
			}
283
	// Validate supplied email address
284
	function validate_email($email) {
285
		if(function_exists('idn_to_ascii')){ /* use pear if available */
286
			$email = idn_to_ascii($email);
287
		}else {
288
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
289
			$IDN = new idna_convert();
290
			$email = $IDN->encode($email);
291
			unset($IDN);
297 292
		}
298
		return false;
293
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
299 294
	}
300 295

  
301 296
/* ****************
......
337 332
		return (($value & $bits2test) == $bits2test);
338 333
	}
339 334

  
340

  
335
/*
341 336
	// Validate supplied email address
342 337
	function validate_email($email) {
343
		if(preg_match('/^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$/', $email)) {
344
		return true;
345
		} else {
346
			return false;
338
		if(function_exists('idn_to_ascii')){ // use pear if available
339
			$email = idn_to_ascii($email);
340
		}else {
341
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
342
			$IDN = new idna_convert();
343
			$email = $IDN->encode($email);
344
			unset($IDN);
347 345
		}
346
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
348 347
	}
349

  
348
*/
350 349
	// Print a success message which then automatically redirects the user to another page
351
	function print_success( $message, $redirect = 'index.php', $auto_footer = true ) {
350
	function print_success( $message, $redirect = 'index.php' ) {
352 351
	    global $TEXT;
352
	    // fetch redirect timer for sucess messages from settings table
353
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER >= 1500)) ? REDIRECT_TIMER : 0;
353 354
	    // add template variables
354 355
	    $tpl = new Template( THEME_PATH.'/templates' );
355 356
	    $tpl->set_file( 'page', 'success.htt' );
356 357
	    $tpl->set_block( 'page', 'main_block', 'main' );
358
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
359
	    $tpl->set_var( 'MESSAGE', $message );
360
	    $tpl->set_var( 'REDIRECT', $redirect );
361
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
357 362
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
358 363
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
359
 	    $tpl->set_var( 'MESSAGE', $message );
360
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
361

  
362
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
363
	    $tpl->set_var( 'REDIRECT', $redirect );
364

  
365
	    if (REDIRECT_TIMER == -1)
366
		{
364
	    if ($redirect_timer == 0) {
367 365
	        $tpl->set_block( 'show_redirect', '' );
368
	    } else {
369
		    $tpl->set_var( 'REDIRECT_TIMER', REDIRECT_TIMER );
366
	    }
367
	    else {
370 368
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
371 369
	    }
372 370
	    $tpl->parse( 'main', 'main_block', false );
373 371
	    $tpl->pparse( 'output', 'page' );
374
		if ( $auto_footer == true )
375
		{
376
			if ( method_exists($this, "print_footer") )
377
			{
378
				$this->print_footer();
379
			}
380
		}
381
		exit();
382 372
	}
383 373

  
384 374
	// Print an error message
385
	function print_error($message, $link = 'index.php', $auto_footer = true )
386
	{
375
	function print_error($message, $link = 'index.php', $auto_footer = true) {
387 376
		global $TEXT;
388 377
		$success_template = new Template(THEME_PATH.'/templates');
389 378
		$success_template->set_file('page', 'error.htt');
......
391 380
		$success_template->set_var('MESSAGE', $message);
392 381
		$success_template->set_var('LINK', $link);
393 382
		$success_template->set_var('BACK', $TEXT['BACK']);
394
 	    $success_template->set_var( 'THEME_URL', THEME_URL );
395 383
		$success_template->parse('main', 'main_block', false);
396 384
		$success_template->pparse('output', 'page');
397 385
		if ( $auto_footer == true ) {
......
401 389
		}
402 390
		exit();
403 391
	}
404
/*
405
 * @param string $message: the message to format
406
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
407
 * @return string: the html-formatted message (using template 'message.htt')
408
 */
409
	public function format_message($message, $status = 'ok')
410
	{
411
		$id = uniqid('x');
412
		$tpl = new Template(THEME_PATH.'/templates');
413
		$tpl->set_file('page', 'message.htt');
414
		$tpl->set_block('page', 'main_block', 'main');
415
		$tpl->set_var('MESSAGE', $message);
416
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
417
		$tpl->set_var( 'ID', $id );
418
		if($status == 'ok' || $status == 'error' || $status = 'warning')
419
		{
420
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
421
		}else
422
		{
423
			$tpl->set_var('BOX_STATUS', '');
424
		}
425
		$tpl->set_var('STATUS', $status);
426
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
427
		$retval = '';
428
		if( $status != 'error' )
429
		{
430
			switch(REDIRECT_TIMER):
431
				case 0: // do not show message
432
					unset($tpl);
433
					break;
434
				case -1: // show message permanently
435
					$tpl->parse('main', 'main_block', false);
436
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
437
					unset($tpl);
438
					break;
439
				default: // hide message after REDIRECTOR_TIMER milliseconds
440
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
441
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
442
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
443
					$tpl->parse('main', 'main_block', false);
444
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
445
					unset($tpl);
446
			endswitch;
447
		}else
448
		{
449
			$tpl->parse('main', 'main_block', false);
450
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
451
			unset($tpl);
452
		}
453
		return $retval;
454
	}
455
/*
456
 * @param string $type: 'locked'(default)  or 'new'
457
 * @return void: terminates application
458
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
459
 *               'new' >> Show 'new site under construction'(former print_under_construction)
460
 */
461
	public function ShowMaintainScreen($type = 'locked')
462
	{
463
		global $database, $MESSAGE;
464
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
465
		$BE_PATIENT = '';
466
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
467 392

  
468
		$show_screen = false;
469
		if($type == 'locked')
470
		{
471
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
472
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
473
			{
474
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
475
	// first kick logged users out of the system
476
		// delete all remember keys from table 'user' except user_id=1
477
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
478
				$sql .= 'WHERE `user_id`<>1';
479
				$database->query($sql);
480
		// delete remember key-cookie if set
481
				if (isset($_COOKIE['REMEMBER_KEY'])) {
482
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
483
				}
484
		// overwrite session array
485
				$_SESSION = array();
486
		// delete session cookie if set
487
				if (ini_get("session.use_cookies")) {
488
					$params = session_get_cookie_params();
489
					setcookie(session_name(), '', time() - 42000, $params["path"],
490
						$params["domain"], $params["secure"], $params["httponly"]
491
					);
492
				}
493
		// delete the session itself
494
				session_destroy();
495
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
496
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
497
				$PAGE_ICON  = WB_REL.'/negative';
498
				$show_screen = true;
499
			}
500
		}else
501
		{
502
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
503
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
504
			$PAGE_ICON  = WB_REL.'/positive';
505
			$show_screen = true;
506
		}
507
		if($show_screen)
508
		{
509
			if(file_exists(WB_PATH.'/maintenance.php'))
510
			{
511
				include(WB_PATH.'/maintenance.php');
512
			}else
513
			{
514
				echo $PAGE_TITLE.'<br />'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
515
			}
516
			flush();
517
			exit;
518
		}
519
	}
520 393
	// Validate send email
521 394
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
522
		/*
395
		/* 
523 396
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
524 397
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
525 398
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
......
533 406
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
534 407
		$subject = preg_replace('/[\r\n]/', '', $subject);
535 408
		$message_alt = $message;
536
		$message = nl2br( str_replace('\r', '', $message) );
409
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
410
		
537 411
		// create PHPMailer object and define default settings
538 412
		$myMail = new wbmailer();
539 413

  
......
559 433
	}
560 434

  
561 435
}
436
?>

Also available in: Unified diff