Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
9 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
13 1365 Luisehahne
 * @version         $Id$
14 1373 Luisehahne
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16 1365 Luisehahne
 *
17
 */
18 1373 Luisehahne
19 1420 Luisehahne
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
21 1365 Luisehahne
// Include PHPLIB template class
22
require_once(WB_PATH."/include/phplib/template.inc");
23
24
require_once(WB_PATH.'/framework/class.database.php');
25
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28
29 1368 Luisehahne
require_once(WB_PATH."/framework/SecureForm.php");
30 1365 Luisehahne
31
class wb extends SecureForm
32
{
33
34 1412 DarkViper
	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
35 1365 Luisehahne
	// General initialization function
36
	// performed when frontend or backend is loaded.
37
38 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
39
		parent::__construct($mode);
40 1365 Luisehahne
	}
41
42 1373 Luisehahne
/* ****************
43
 * check if current user is member of at least one of given groups
44
 * ADMIN (uid=1) always is treated like a member of any groups
45
 *
46
 * @access public
47
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
48
 * @return bool: true if current user is member of one of this groups, otherwise false
49
 */
50
	function ami_group_member( $groups_list = '' )
51
	{
52
		if( $this->get_user_id() == 1 ) { return true; }
53
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
54
	}
55
56 1365 Luisehahne
	// Check whether a page is visible or not.
57
	// This will check page-visibility and user- and group-rights.
58
	/* page_is_visible() returns
59
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
60
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
61
	*/
62 1373 Luisehahne
	function page_is_visible($page)
63 1365 Luisehahne
    {
64 1373 Luisehahne
		$show_it = false; // shall we show the page?
65
		$page_id = $page['page_id'];
66
		$visibility = $page['visibility'];
67
		$viewing_groups = $page['viewing_groups'];
68
		$viewing_users = $page['viewing_users'];
69
70 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
71 1373 Luisehahne
		if($visibility == 'none')
72
        {
73
			return(false);
74
		} elseif($visibility == 'deleted')
75
        {
76
			return(false);
77
		}
78
79
		// Now check if visibility is 'hidden', 'private' or 'registered'
80
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
81
			$show_it = true;
82
		} elseif($visibility == 'private' || $visibility == 'registered')
83
        {
84
			// Check if the user is logged in
85
			if($this->is_authenticated() == true)
86
            {
87
				// Now check if the user has perms to view the page
88
				$in_group = false;
89
				foreach($this->get_groups_id() as $cur_gid)
90
                {
91
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
92
                    {
93
				        $in_group = true;
94
				    }
95
				}
96
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
97
					$show_it = true;
98
				} else {
99
					$show_it = false;
100
				}
101
			} else {
102 1372 Luisehahne
				$show_it = false;
103 1373 Luisehahne
			}
104
		} elseif($visibility == 'public') {
105
			$show_it = true;
106
		} else {
107
			$show_it = false;
108 1365 Luisehahne
		}
109
		return($show_it);
110
	}
111
	// Check if there is at least one active section on this page
112
	function page_is_active($page)
113
    {
114
		global $database;
115 1373 Luisehahne
		$has_active_sections = false;
116
		$page_id = $page['page_id'];
117 1365 Luisehahne
		$now = time();
118 1373 Luisehahne
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
119
		if($query_sections->numRows() != 0)
120
        {
121
			while($section = $query_sections->fetchRow())
122
            {
123
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
124
                {
125
					$has_active_sections = true;
126
					break;
127
				}
128
			}
129
		}
130
		return($has_active_sections);
131 1365 Luisehahne
	}
132
133
	// Check whether we should show a page or not (for front-end)
134
	function show_page($page)
135
    {
136 1373 Luisehahne
		if($this->page_is_visible($page) && $this->page_is_active($page))
137
        {
138
			return true;
139
		} else {
140
			return false;
141 1365 Luisehahne
		}
142
	}
143
144
	// Check if the user is already authenticated or not
145
	function is_authenticated() {
146 1373 Luisehahne
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
147 1365 Luisehahne
        {
148
			return true;
149
		} else {
150
			return false;
151
		}
152
	}
153
154
	// Modified addslashes function which takes into account magic_quotes
155
	function add_slashes($input) {
156
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
157
			return $input;
158
		}
159
		$output = addslashes($input);
160
		return $output;
161
	}
162
163
	// Ditto for stripslashes
164
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
165
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
166
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
167
	function strip_slashes($input) {
168
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
169
			return $input;
170
		}
171
		$output = stripslashes($input);
172
		return $output;
173
	}
174
175
	// Escape backslashes for use with mySQL LIKE strings
176
	function escape_backslashes($input) {
177
		return str_replace("\\","\\\\",$input);
178
	}
179
180
	function page_link($link){
181
		// Check for :// in the link (used in URL's) as well as mailto:
182 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
183 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
184
		} else {
185
			return $link;
186
		}
187
	}
188
189
	// Get POST data
190
	function get_post($field) {
191 1373 Luisehahne
		if(isset($_POST[$field])) {
192
			return $_POST[$field];
193
		} else {
194
			return null;
195
		}
196 1365 Luisehahne
	}
197
198
	// Get POST data and escape it
199
	function get_post_escaped($field) {
200
		$result = $this->get_post($field);
201
		return (is_null($result)) ? null : $this->add_slashes($result);
202
	}
203
204
	// Get GET data
205
	function get_get($field) {
206 1373 Luisehahne
		if(isset($_GET[$field])) {
207
			return $_GET[$field];
208
		} else {
209
			return null;
210
		}
211 1365 Luisehahne
	}
212
213
	// Get SESSION data
214
	function get_session($field) {
215 1373 Luisehahne
		if(isset($_SESSION[$field])) {
216
			return $_SESSION[$field];
217
		} else {
218
			return null;
219
		}
220 1365 Luisehahne
	}
221
222
	// Get SERVER data
223
	function get_server($field) {
224 1373 Luisehahne
		if(isset($_SERVER[$field])) {
225
			return $_SERVER[$field];
226
		} else {
227
			return null;
228
		}
229 1365 Luisehahne
	}
230
231
	// Get the current users id
232
	function get_user_id() {
233
		return $_SESSION['USER_ID'];
234
	}
235
236 1373 Luisehahne
	// Get the current users group id
237 1365 Luisehahne
	function get_group_id() {
238
		return $_SESSION['GROUP_ID'];
239
	}
240
241
	// Get the current users group ids
242
	function get_groups_id() {
243 1373 Luisehahne
		return explode(",", $_SESSION['GROUPS_ID']);
244 1365 Luisehahne
	}
245
246
	// Get the current users group name
247
	function get_group_name() {
248
		return implode(",", $_SESSION['GROUP_NAME']);
249
	}
250
251
	// Get the current users group name
252
	function get_groups_name() {
253
		return $_SESSION['GROUP_NAME'];
254
	}
255
256
	// Get the current users username
257
	function get_username() {
258
		return $_SESSION['USERNAME'];
259
	}
260
261
	// Get the current users display name
262
	function get_display_name() {
263 1373 Luisehahne
		return ($_SESSION['DISPLAY_NAME']);
264 1365 Luisehahne
	}
265
266
	// Get the current users email address
267
	function get_email() {
268
		return $_SESSION['EMAIL'];
269
	}
270
271
	// Get the current users home folder
272
	function get_home_folder() {
273
		return $_SESSION['HOME_FOLDER'];
274
	}
275
276
	// Get the current users timezone
277
	function get_timezone() {
278 1373 Luisehahne
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
279
			return $_SESSION['TIMEZONE'];
280
		} else {
281
			return '-72000';
282 1365 Luisehahne
		}
283
	}
284
285 1373 Luisehahne
	// Validate supplied email address
286
	function validate_email($email) {
287
		if(function_exists('idn_to_ascii')){ /* use pear if available */
288
			$email = idn_to_ascii($email);
289
		}else {
290
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
291
			$IDN = new idna_convert();
292
			$email = $IDN->encode($email);
293
			unset($IDN);
294 1372 Luisehahne
		}
295 1378 Luisehahne
		// regex from NorHei 2011-01-11
296
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
297
		return ($retval != false);
298 1372 Luisehahne
	}
299
300
/* ****************
301 1365 Luisehahne
 * set one or more bit in a integer value
302
 *
303
 * @access public
304
 * @param int $value: reference to the integer, containing the value
305
 * @param int $bits2set: the bitmask witch shall be added to value
306
 * @return void
307
 */
308
	function bit_set( &$value, $bits2set )
309
	{
310
		$value |= $bits2set;
311
	}
312
313
/* ****************
314
 * reset one or more bit from a integer value
315
 *
316
 * @access public
317
 * @param int $value: reference to the integer, containing the value
318
 * @param int $bits2reset: the bitmask witch shall be removed from value
319
 * @return void
320
 */
321
	function bit_reset( &$value, $bits2reset)
322
	{
323
		$value &= ~$bits2reset;
324
	}
325
326
/* ****************
327
 * check if one or more bit in a integer value are set
328
 *
329
 * @access public
330
 * @param int $value: reference to the integer, containing the value
331
 * @param int $bits2set: the bitmask witch shall be added to value
332
 * @return void
333
 */
334
	function bit_isset( $value, $bits2test )
335
	{
336
		return (($value & $bits2test) == $bits2test);
337
	}
338
339 1373 Luisehahne
/*
340 1365 Luisehahne
	// Validate supplied email address
341
	function validate_email($email) {
342 1373 Luisehahne
		if(function_exists('idn_to_ascii')){ // use pear if available
343
			$email = idn_to_ascii($email);
344
		}else {
345
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
346
			$IDN = new idna_convert();
347
			$email = $IDN->encode($email);
348
			unset($IDN);
349 1365 Luisehahne
		}
350 1373 Luisehahne
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
351 1365 Luisehahne
	}
352 1373 Luisehahne
*/
353 1365 Luisehahne
	// Print a success message which then automatically redirects the user to another page
354 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
355 1365 Luisehahne
	    global $TEXT;
356 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
357 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
358 1365 Luisehahne
	    // add template variables
359
	    $tpl = new Template( THEME_PATH.'/templates' );
360
	    $tpl->set_file( 'page', 'success.htt' );
361
	    $tpl->set_block( 'page', 'main_block', 'main' );
362 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
363
	    $tpl->set_var( 'MESSAGE', $message );
364
	    $tpl->set_var( 'REDIRECT', $redirect );
365
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
366 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
367
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
368 1397 Luisehahne
	    if ($redirect_timer == -1) {
369 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
370 1373 Luisehahne
	    }
371
	    else {
372 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
373
	    }
374
	    $tpl->parse( 'main', 'main_block', false );
375
	    $tpl->pparse( 'output', 'page' );
376
	}
377
378
	// Print an error message
379 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
380 1365 Luisehahne
		global $TEXT;
381
		$success_template = new Template(THEME_PATH.'/templates');
382
		$success_template->set_file('page', 'error.htt');
383
		$success_template->set_block('page', 'main_block', 'main');
384
		$success_template->set_var('MESSAGE', $message);
385
		$success_template->set_var('LINK', $link);
386
		$success_template->set_var('BACK', $TEXT['BACK']);
387
		$success_template->parse('main', 'main_block', false);
388
		$success_template->pparse('output', 'page');
389
		if ( $auto_footer == true ) {
390
			if ( method_exists($this, "print_footer") ) {
391
				$this->print_footer();
392
			}
393
		}
394
		exit();
395
	}
396
397
	// Validate send email
398
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
399 1373 Luisehahne
		/*
400 1365 Luisehahne
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
401
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
402
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
403
404
			NOTE:
405
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
406
			via the Settings panel in the backend of Website Baker
407
		*/
408
409
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
410
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
411
		$subject = preg_replace('/[\r\n]/', '', $subject);
412
		$message_alt = $message;
413 1373 Luisehahne
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
414
415 1365 Luisehahne
		// create PHPMailer object and define default settings
416
		$myMail = new wbmailer();
417
418
		// set user defined from address
419
		if ($fromaddress!='') {
420
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
421
			$myMail->From = $fromaddress;                            // FROM:
422
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
423
		}
424
425
		// define recepient and information to send out
426
		$myMail->AddAddress($toaddress);                            // TO:
427
		$myMail->Subject = $subject;                                // SUBJECT
428
		$myMail->Body = $message;                                   // CONTENT (HTML)
429
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
430
431
		// check if there are any send mail errors, otherwise say successful
432
		if (!$myMail->Send()) {
433
			return false;
434
		} else {
435
			return true;
436
		}
437
	}
438
439
}
440 1412 DarkViper
?>