Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: class.wb.php 1374 2011-01-10 12:21:47Z Luisehahne $
14
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18

    
19
// Include PHPLIB template class
20
require_once(WB_PATH."/include/phplib/template.inc");
21

    
22
require_once(WB_PATH.'/framework/class.database.php');
23

    
24
// Include new wbmailer class (subclass of PHPmailer)
25
require_once(WB_PATH."/framework/class.wbmailer.php");
26

    
27
require_once(WB_PATH."/framework/SecureForm.php");
28

    
29
class wb extends SecureForm
30
{
31

    
32
	var $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
33
	// General initialization function
34
	// performed when frontend or backend is loaded.
35

    
36
	function wb() {
37
		parent::__construct();
38
	}
39

    
40
/* ****************
41
 * check if current user is member of at least one of given groups
42
 * ADMIN (uid=1) always is treated like a member of any groups
43
 *
44
 * @access public
45
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
46
 * @return bool: true if current user is member of one of this groups, otherwise false
47
 */
48
	function ami_group_member( $groups_list = '' )
49
	{
50
		if( $this->get_user_id() == 1 ) { return true; }
51
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
52
	}
53

    
54
	// Check whether a page is visible or not.
55
	// This will check page-visibility and user- and group-rights.
56
	/* page_is_visible() returns
57
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
58
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
59
	*/
60
	function page_is_visible($page)
61
    {
62
		$show_it = false; // shall we show the page?
63
		$page_id = $page['page_id'];
64
		$visibility = $page['visibility'];
65
		$viewing_groups = $page['viewing_groups'];
66
		$viewing_users = $page['viewing_users'];
67

    
68
		// First check if visibility is 'none', 'deleted'
69
		if($visibility == 'none')
70
        {
71
			return(false);
72
		} elseif($visibility == 'deleted')
73
        {
74
			return(false);
75
		}
76

    
77
		// Now check if visibility is 'hidden', 'private' or 'registered'
78
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
79
			$show_it = true;
80
		} elseif($visibility == 'private' || $visibility == 'registered')
81
        {
82
			// Check if the user is logged in
83
			if($this->is_authenticated() == true)
84
            {
85
				// Now check if the user has perms to view the page
86
				$in_group = false;
87
				foreach($this->get_groups_id() as $cur_gid)
88
                {
89
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
90
                    {
91
				        $in_group = true;
92
				    }
93
				}
94
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
95
					$show_it = true;
96
				} else {
97
					$show_it = false;
98
				}
99
			} else {
100
				$show_it = false;
101
			}
102
		} elseif($visibility == 'public') {
103
			$show_it = true;
104
		} else {
105
			$show_it = false;
106
		}
107
		return($show_it);
108
	}
109
	// Check if there is at least one active section on this page
110
	function page_is_active($page)
111
    {
112
		global $database;
113
		$has_active_sections = false;
114
		$page_id = $page['page_id'];
115
		$now = time();
116
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
117
		if($query_sections->numRows() != 0)
118
        {
119
			while($section = $query_sections->fetchRow())
120
            {
121
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
122
                {
123
					$has_active_sections = true;
124
					break;
125
				}
126
			}
127
		}
128
		return($has_active_sections);
129
	}
130

    
131
	// Check whether we should show a page or not (for front-end)
132
	function show_page($page)
133
    {
134
		if($this->page_is_visible($page) && $this->page_is_active($page))
135
        {
136
			return true;
137
		} else {
138
			return false;
139
		}
140
	}
141

    
142
	// Check if the user is already authenticated or not
143
	function is_authenticated() {
144
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
145
        {
146
			return true;
147
		} else {
148
			return false;
149
		}
150
	}
151

    
152
	// Modified addslashes function which takes into account magic_quotes
153
	function add_slashes($input) {
154
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
155
			return $input;
156
		}
157
		$output = addslashes($input);
158
		return $output;
159
	}
160

    
161
	// Ditto for stripslashes
162
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
163
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
164
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
165
	function strip_slashes($input) {
166
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
167
			return $input;
168
		}
169
		$output = stripslashes($input);
170
		return $output;
171
	}
172

    
173
	// Escape backslashes for use with mySQL LIKE strings
174
	function escape_backslashes($input) {
175
		return str_replace("\\","\\\\",$input);
176
	}
177

    
178
	function page_link($link){
179
		// Check for :// in the link (used in URL's) as well as mailto:
180
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
181
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
182
		} else {
183
			return $link;
184
		}
185
	}
186
	
187
	// Get POST data
188
	function get_post($field) {
189
		if(isset($_POST[$field])) {
190
			return $_POST[$field];
191
		} else {
192
			return null;
193
		}
194
	}
195

    
196
	// Get POST data and escape it
197
	function get_post_escaped($field) {
198
		$result = $this->get_post($field);
199
		return (is_null($result)) ? null : $this->add_slashes($result);
200
	}
201
	
202
	// Get GET data
203
	function get_get($field) {
204
		if(isset($_GET[$field])) {
205
			return $_GET[$field];
206
		} else {
207
			return null;
208
		}
209
	}
210

    
211
	// Get SESSION data
212
	function get_session($field) {
213
		if(isset($_SESSION[$field])) {
214
			return $_SESSION[$field];
215
		} else {
216
			return null;
217
		}
218
	}
219

    
220
	// Get SERVER data
221
	function get_server($field) {
222
		if(isset($_SERVER[$field])) {
223
			return $_SERVER[$field];
224
		} else {
225
			return null;
226
		}
227
	}
228

    
229
	// Get the current users id
230
	function get_user_id() {
231
		return $_SESSION['USER_ID'];
232
	}
233

    
234
	// Get the current users group id
235
	function get_group_id() {
236
		return $_SESSION['GROUP_ID'];
237
	}
238

    
239
	// Get the current users group ids
240
	function get_groups_id() {
241
		return explode(",", $_SESSION['GROUPS_ID']);
242
	}
243

    
244
	// Get the current users group name
245
	function get_group_name() {
246
		return implode(",", $_SESSION['GROUP_NAME']);
247
	}
248

    
249
	// Get the current users group name
250
	function get_groups_name() {
251
		return $_SESSION['GROUP_NAME'];
252
	}
253

    
254
	// Get the current users username
255
	function get_username() {
256
		return $_SESSION['USERNAME'];
257
	}
258

    
259
	// Get the current users display name
260
	function get_display_name() {
261
		return ($_SESSION['DISPLAY_NAME']);
262
	}
263

    
264
	// Get the current users email address
265
	function get_email() {
266
		return $_SESSION['EMAIL'];
267
	}
268

    
269
	// Get the current users home folder
270
	function get_home_folder() {
271
		return $_SESSION['HOME_FOLDER'];
272
	}
273

    
274
	// Get the current users timezone
275
	function get_timezone() {
276
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
277
			return $_SESSION['TIMEZONE'];
278
		} else {
279
			return '-72000';
280
		}
281
	}
282

    
283
	// Validate supplied email address
284
	function validate_email($email) {
285
		if(function_exists('idn_to_ascii')){ /* use pear if available */
286
			$email = idn_to_ascii($email);
287
		}else {
288
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
289
			$IDN = new idna_convert();
290
			$email = $IDN->encode($email);
291
			unset($IDN);
292
		}
293
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
294
	}
295

    
296
/* ****************
297
 * set one or more bit in a integer value
298
 *
299
 * @access public
300
 * @param int $value: reference to the integer, containing the value
301
 * @param int $bits2set: the bitmask witch shall be added to value
302
 * @return void
303
 */
304
	function bit_set( &$value, $bits2set )
305
	{
306
		$value |= $bits2set;
307
	}
308

    
309
/* ****************
310
 * reset one or more bit from a integer value
311
 *
312
 * @access public
313
 * @param int $value: reference to the integer, containing the value
314
 * @param int $bits2reset: the bitmask witch shall be removed from value
315
 * @return void
316
 */
317
	function bit_reset( &$value, $bits2reset)
318
	{
319
		$value &= ~$bits2reset;
320
	}
321

    
322
/* ****************
323
 * check if one or more bit in a integer value are set
324
 *
325
 * @access public
326
 * @param int $value: reference to the integer, containing the value
327
 * @param int $bits2set: the bitmask witch shall be added to value
328
 * @return void
329
 */
330
	function bit_isset( $value, $bits2test )
331
	{
332
		return (($value & $bits2test) == $bits2test);
333
	}
334

    
335
/*
336
	// Validate supplied email address
337
	function validate_email($email) {
338
		if(function_exists('idn_to_ascii')){ // use pear if available
339
			$email = idn_to_ascii($email);
340
		}else {
341
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
342
			$IDN = new idna_convert();
343
			$email = $IDN->encode($email);
344
			unset($IDN);
345
		}
346
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
347
	}
348
*/
349
	// Print a success message which then automatically redirects the user to another page
350
	function print_success( $message, $redirect = 'index.php' ) {
351
	    global $TEXT;
352
	    // fetch redirect timer for sucess messages from settings table
353
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER >= 1500)) ? REDIRECT_TIMER : 0;
354
	    // add template variables
355
	    $tpl = new Template( THEME_PATH.'/templates' );
356
	    $tpl->set_file( 'page', 'success.htt' );
357
	    $tpl->set_block( 'page', 'main_block', 'main' );
358
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
359
	    $tpl->set_var( 'MESSAGE', $message );
360
	    $tpl->set_var( 'REDIRECT', $redirect );
361
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
362
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
363
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
364
	    if ($redirect_timer == 0) {
365
	        $tpl->set_block( 'show_redirect', '' );
366
	    }
367
	    else {
368
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
369
	    }
370
	    $tpl->parse( 'main', 'main_block', false );
371
	    $tpl->pparse( 'output', 'page' );
372
	}
373

    
374
	// Print an error message
375
	function print_error($message, $link = 'index.php', $auto_footer = true) {
376
		global $TEXT;
377
		$success_template = new Template(THEME_PATH.'/templates');
378
		$success_template->set_file('page', 'error.htt');
379
		$success_template->set_block('page', 'main_block', 'main');
380
		$success_template->set_var('MESSAGE', $message);
381
		$success_template->set_var('LINK', $link);
382
		$success_template->set_var('BACK', $TEXT['BACK']);
383
		$success_template->parse('main', 'main_block', false);
384
		$success_template->pparse('output', 'page');
385
		if ( $auto_footer == true ) {
386
			if ( method_exists($this, "print_footer") ) {
387
				$this->print_footer();
388
			}
389
		}
390
		exit();
391
	}
392

    
393
	// Validate send email
394
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
395
		/* 
396
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
397
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
398
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
399

    
400
			NOTE:
401
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
402
			via the Settings panel in the backend of Website Baker
403
		*/ 
404

    
405
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
406
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
407
		$subject = preg_replace('/[\r\n]/', '', $subject);
408
		$message_alt = $message;
409
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
410
		
411
		// create PHPMailer object and define default settings
412
		$myMail = new wbmailer();
413

    
414
		// set user defined from address
415
		if ($fromaddress!='') {
416
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
417
			$myMail->From = $fromaddress;                            // FROM:
418
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
419
		}
420
		
421
		// define recepient and information to send out
422
		$myMail->AddAddress($toaddress);                            // TO:
423
		$myMail->Subject = $subject;                                // SUBJECT
424
		$myMail->Body = $message;                                   // CONTENT (HTML)
425
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
426
		
427
		// check if there are any send mail errors, otherwise say successful
428
		if (!$myMail->Send()) {
429
			return false;
430
		} else {
431
			return true;
432
		}
433
	}
434

    
435
}
436
?>
(9-9/16)