Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
9 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
13 1365 Luisehahne
 * @version         $Id$
14 1373 Luisehahne
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16 1365 Luisehahne
 *
17
 */
18 1373 Luisehahne
19 1365 Luisehahne
// Include PHPLIB template class
20
require_once(WB_PATH."/include/phplib/template.inc");
21
22
require_once(WB_PATH.'/framework/class.database.php');
23
24
// Include new wbmailer class (subclass of PHPmailer)
25
require_once(WB_PATH."/framework/class.wbmailer.php");
26
27 1368 Luisehahne
require_once(WB_PATH."/framework/SecureForm.php");
28 1365 Luisehahne
29
class wb extends SecureForm
30
{
31
32 1378 Luisehahne
	private $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
33 1365 Luisehahne
	// General initialization function
34
	// performed when frontend or backend is loaded.
35
36 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
37
		parent::__construct($mode);
38 1365 Luisehahne
	}
39
40 1373 Luisehahne
/* ****************
41
 * check if current user is member of at least one of given groups
42
 * ADMIN (uid=1) always is treated like a member of any groups
43
 *
44
 * @access public
45
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
46
 * @return bool: true if current user is member of one of this groups, otherwise false
47
 */
48
	function ami_group_member( $groups_list = '' )
49
	{
50
		if( $this->get_user_id() == 1 ) { return true; }
51
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
52
	}
53
54 1365 Luisehahne
	// Check whether a page is visible or not.
55
	// This will check page-visibility and user- and group-rights.
56
	/* page_is_visible() returns
57
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
58
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
59
	*/
60 1373 Luisehahne
	function page_is_visible($page)
61 1365 Luisehahne
    {
62 1373 Luisehahne
		$show_it = false; // shall we show the page?
63
		$page_id = $page['page_id'];
64
		$visibility = $page['visibility'];
65
		$viewing_groups = $page['viewing_groups'];
66
		$viewing_users = $page['viewing_users'];
67
68 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
69 1373 Luisehahne
		if($visibility == 'none')
70
        {
71
			return(false);
72
		} elseif($visibility == 'deleted')
73
        {
74
			return(false);
75
		}
76
77
		// Now check if visibility is 'hidden', 'private' or 'registered'
78
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
79
			$show_it = true;
80
		} elseif($visibility == 'private' || $visibility == 'registered')
81
        {
82
			// Check if the user is logged in
83
			if($this->is_authenticated() == true)
84
            {
85
				// Now check if the user has perms to view the page
86
				$in_group = false;
87
				foreach($this->get_groups_id() as $cur_gid)
88
                {
89
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
90
                    {
91
				        $in_group = true;
92
				    }
93
				}
94
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
95
					$show_it = true;
96
				} else {
97
					$show_it = false;
98
				}
99
			} else {
100 1372 Luisehahne
				$show_it = false;
101 1373 Luisehahne
			}
102
		} elseif($visibility == 'public') {
103
			$show_it = true;
104
		} else {
105
			$show_it = false;
106 1365 Luisehahne
		}
107
		return($show_it);
108
	}
109
	// Check if there is at least one active section on this page
110
	function page_is_active($page)
111
    {
112
		global $database;
113 1373 Luisehahne
		$has_active_sections = false;
114
		$page_id = $page['page_id'];
115 1365 Luisehahne
		$now = time();
116 1373 Luisehahne
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
117
		if($query_sections->numRows() != 0)
118
        {
119
			while($section = $query_sections->fetchRow())
120
            {
121
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
122
                {
123
					$has_active_sections = true;
124
					break;
125
				}
126
			}
127
		}
128
		return($has_active_sections);
129 1365 Luisehahne
	}
130
131
	// Check whether we should show a page or not (for front-end)
132
	function show_page($page)
133
    {
134 1373 Luisehahne
		if($this->page_is_visible($page) && $this->page_is_active($page))
135
        {
136
			return true;
137
		} else {
138
			return false;
139 1365 Luisehahne
		}
140
	}
141
142
	// Check if the user is already authenticated or not
143
	function is_authenticated() {
144 1373 Luisehahne
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
145 1365 Luisehahne
        {
146
			return true;
147
		} else {
148
			return false;
149
		}
150
	}
151
152
	// Modified addslashes function which takes into account magic_quotes
153
	function add_slashes($input) {
154
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
155
			return $input;
156
		}
157
		$output = addslashes($input);
158
		return $output;
159
	}
160
161
	// Ditto for stripslashes
162
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
163
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
164
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
165
	function strip_slashes($input) {
166
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
167
			return $input;
168
		}
169
		$output = stripslashes($input);
170
		return $output;
171
	}
172
173
	// Escape backslashes for use with mySQL LIKE strings
174
	function escape_backslashes($input) {
175
		return str_replace("\\","\\\\",$input);
176
	}
177
178
	function page_link($link){
179
		// Check for :// in the link (used in URL's) as well as mailto:
180 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
181 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
182
		} else {
183
			return $link;
184
		}
185
	}
186
187
	// Get POST data
188
	function get_post($field) {
189 1373 Luisehahne
		if(isset($_POST[$field])) {
190
			return $_POST[$field];
191
		} else {
192
			return null;
193
		}
194 1365 Luisehahne
	}
195
196
	// Get POST data and escape it
197
	function get_post_escaped($field) {
198
		$result = $this->get_post($field);
199
		return (is_null($result)) ? null : $this->add_slashes($result);
200
	}
201
202
	// Get GET data
203
	function get_get($field) {
204 1373 Luisehahne
		if(isset($_GET[$field])) {
205
			return $_GET[$field];
206
		} else {
207
			return null;
208
		}
209 1365 Luisehahne
	}
210
211
	// Get SESSION data
212
	function get_session($field) {
213 1373 Luisehahne
		if(isset($_SESSION[$field])) {
214
			return $_SESSION[$field];
215
		} else {
216
			return null;
217
		}
218 1365 Luisehahne
	}
219
220
	// Get SERVER data
221
	function get_server($field) {
222 1373 Luisehahne
		if(isset($_SERVER[$field])) {
223
			return $_SERVER[$field];
224
		} else {
225
			return null;
226
		}
227 1365 Luisehahne
	}
228
229
	// Get the current users id
230
	function get_user_id() {
231
		return $_SESSION['USER_ID'];
232
	}
233
234 1373 Luisehahne
	// Get the current users group id
235 1365 Luisehahne
	function get_group_id() {
236
		return $_SESSION['GROUP_ID'];
237
	}
238
239
	// Get the current users group ids
240
	function get_groups_id() {
241 1373 Luisehahne
		return explode(",", $_SESSION['GROUPS_ID']);
242 1365 Luisehahne
	}
243
244
	// Get the current users group name
245
	function get_group_name() {
246
		return implode(",", $_SESSION['GROUP_NAME']);
247
	}
248
249
	// Get the current users group name
250
	function get_groups_name() {
251
		return $_SESSION['GROUP_NAME'];
252
	}
253
254
	// Get the current users username
255
	function get_username() {
256
		return $_SESSION['USERNAME'];
257
	}
258
259
	// Get the current users display name
260
	function get_display_name() {
261 1373 Luisehahne
		return ($_SESSION['DISPLAY_NAME']);
262 1365 Luisehahne
	}
263
264
	// Get the current users email address
265
	function get_email() {
266
		return $_SESSION['EMAIL'];
267
	}
268
269
	// Get the current users home folder
270
	function get_home_folder() {
271
		return $_SESSION['HOME_FOLDER'];
272
	}
273
274
	// Get the current users timezone
275
	function get_timezone() {
276 1373 Luisehahne
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
277
			return $_SESSION['TIMEZONE'];
278
		} else {
279
			return '-72000';
280 1365 Luisehahne
		}
281
	}
282
283 1373 Luisehahne
	// Validate supplied email address
284
	function validate_email($email) {
285
		if(function_exists('idn_to_ascii')){ /* use pear if available */
286
			$email = idn_to_ascii($email);
287
		}else {
288
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
289
			$IDN = new idna_convert();
290
			$email = $IDN->encode($email);
291
			unset($IDN);
292 1372 Luisehahne
		}
293 1378 Luisehahne
		// regex from NorHei 2011-01-11
294
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
295
		return ($retval != false);
296 1372 Luisehahne
	}
297
298
/* ****************
299 1365 Luisehahne
 * set one or more bit in a integer value
300
 *
301
 * @access public
302
 * @param int $value: reference to the integer, containing the value
303
 * @param int $bits2set: the bitmask witch shall be added to value
304
 * @return void
305
 */
306
	function bit_set( &$value, $bits2set )
307
	{
308
		$value |= $bits2set;
309
	}
310
311
/* ****************
312
 * reset one or more bit from a integer value
313
 *
314
 * @access public
315
 * @param int $value: reference to the integer, containing the value
316
 * @param int $bits2reset: the bitmask witch shall be removed from value
317
 * @return void
318
 */
319
	function bit_reset( &$value, $bits2reset)
320
	{
321
		$value &= ~$bits2reset;
322
	}
323
324
/* ****************
325
 * check if one or more bit in a integer value are set
326
 *
327
 * @access public
328
 * @param int $value: reference to the integer, containing the value
329
 * @param int $bits2set: the bitmask witch shall be added to value
330
 * @return void
331
 */
332
	function bit_isset( $value, $bits2test )
333
	{
334
		return (($value & $bits2test) == $bits2test);
335
	}
336
337 1373 Luisehahne
/*
338 1365 Luisehahne
	// Validate supplied email address
339
	function validate_email($email) {
340 1373 Luisehahne
		if(function_exists('idn_to_ascii')){ // use pear if available
341
			$email = idn_to_ascii($email);
342
		}else {
343
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
344
			$IDN = new idna_convert();
345
			$email = $IDN->encode($email);
346
			unset($IDN);
347 1365 Luisehahne
		}
348 1373 Luisehahne
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
349 1365 Luisehahne
	}
350 1373 Luisehahne
*/
351 1365 Luisehahne
	// Print a success message which then automatically redirects the user to another page
352 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
353 1365 Luisehahne
	    global $TEXT;
354 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
355
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER >= 1500)) ? REDIRECT_TIMER : 0;
356 1365 Luisehahne
	    // add template variables
357
	    $tpl = new Template( THEME_PATH.'/templates' );
358
	    $tpl->set_file( 'page', 'success.htt' );
359
	    $tpl->set_block( 'page', 'main_block', 'main' );
360 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
361
	    $tpl->set_var( 'MESSAGE', $message );
362
	    $tpl->set_var( 'REDIRECT', $redirect );
363
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
364 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
365
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
366 1373 Luisehahne
	    if ($redirect_timer == 0) {
367 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
368 1373 Luisehahne
	    }
369
	    else {
370 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
371
	    }
372
	    $tpl->parse( 'main', 'main_block', false );
373
	    $tpl->pparse( 'output', 'page' );
374
	}
375
376
	// Print an error message
377 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
378 1365 Luisehahne
		global $TEXT;
379
		$success_template = new Template(THEME_PATH.'/templates');
380
		$success_template->set_file('page', 'error.htt');
381
		$success_template->set_block('page', 'main_block', 'main');
382
		$success_template->set_var('MESSAGE', $message);
383
		$success_template->set_var('LINK', $link);
384
		$success_template->set_var('BACK', $TEXT['BACK']);
385
		$success_template->parse('main', 'main_block', false);
386
		$success_template->pparse('output', 'page');
387
		if ( $auto_footer == true ) {
388
			if ( method_exists($this, "print_footer") ) {
389
				$this->print_footer();
390
			}
391
		}
392
		exit();
393
	}
394
395
	// Validate send email
396
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
397 1373 Luisehahne
		/*
398 1365 Luisehahne
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
399
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
400
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
401
402
			NOTE:
403
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
404
			via the Settings panel in the backend of Website Baker
405
		*/
406
407
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
408
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
409
		$subject = preg_replace('/[\r\n]/', '', $subject);
410
		$message_alt = $message;
411 1373 Luisehahne
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
412
413 1365 Luisehahne
		// create PHPMailer object and define default settings
414
		$myMail = new wbmailer();
415
416
		// set user defined from address
417
		if ($fromaddress!='') {
418
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
419
			$myMail->From = $fromaddress;                            // FROM:
420
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
421
		}
422
423
		// define recepient and information to send out
424
		$myMail->AddAddress($toaddress);                            // TO:
425
		$myMail->Subject = $subject;                                // SUBJECT
426
		$myMail->Body = $message;                                   // CONTENT (HTML)
427
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
428
429
		// check if there are any send mail errors, otherwise say successful
430
		if (!$myMail->Send()) {
431
			return false;
432
		} else {
433
			return true;
434
		}
435
	}
436
437
}
438 1373 Luisehahne
?>