Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: class.wb.php 1420 2011-01-26 17:43:56Z Luisehahne $
14
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18

    
19
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
21
// Include PHPLIB template class
22
require_once(WB_PATH."/include/phplib/template.inc");
23

    
24
require_once(WB_PATH.'/framework/class.database.php');
25

    
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28

    
29
require_once(WB_PATH."/framework/SecureForm.php");
30

    
31
class wb extends SecureForm
32
{
33

    
34
	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
35
	// General initialization function
36
	// performed when frontend or backend is loaded.
37

    
38
	public function  __construct($mode = SecureForm::FRONTEND) {
39
		parent::__construct($mode);
40
	}
41

    
42
/* ****************
43
 * check if current user is member of at least one of given groups
44
 * ADMIN (uid=1) always is treated like a member of any groups
45
 *
46
 * @access public
47
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
48
 * @return bool: true if current user is member of one of this groups, otherwise false
49
 */
50
	function ami_group_member( $groups_list = '' )
51
	{
52
		if( $this->get_user_id() == 1 ) { return true; }
53
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
54
	}
55

    
56
	// Check whether a page is visible or not.
57
	// This will check page-visibility and user- and group-rights.
58
	/* page_is_visible() returns
59
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
60
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
61
	*/
62
	function page_is_visible($page)
63
    {
64
		$show_it = false; // shall we show the page?
65
		$page_id = $page['page_id'];
66
		$visibility = $page['visibility'];
67
		$viewing_groups = $page['viewing_groups'];
68
		$viewing_users = $page['viewing_users'];
69

    
70
		// First check if visibility is 'none', 'deleted'
71
		if($visibility == 'none')
72
        {
73
			return(false);
74
		} elseif($visibility == 'deleted')
75
        {
76
			return(false);
77
		}
78

    
79
		// Now check if visibility is 'hidden', 'private' or 'registered'
80
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
81
			$show_it = true;
82
		} elseif($visibility == 'private' || $visibility == 'registered')
83
        {
84
			// Check if the user is logged in
85
			if($this->is_authenticated() == true)
86
            {
87
				// Now check if the user has perms to view the page
88
				$in_group = false;
89
				foreach($this->get_groups_id() as $cur_gid)
90
                {
91
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
92
                    {
93
				        $in_group = true;
94
				    }
95
				}
96
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
97
					$show_it = true;
98
				} else {
99
					$show_it = false;
100
				}
101
			} else {
102
				$show_it = false;
103
			}
104
		} elseif($visibility == 'public') {
105
			$show_it = true;
106
		} else {
107
			$show_it = false;
108
		}
109
		return($show_it);
110
	}
111
	// Check if there is at least one active section on this page
112
	function page_is_active($page)
113
    {
114
		global $database;
115
		$has_active_sections = false;
116
		$page_id = $page['page_id'];
117
		$now = time();
118
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
119
		if($query_sections->numRows() != 0)
120
        {
121
			while($section = $query_sections->fetchRow())
122
            {
123
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
124
                {
125
					$has_active_sections = true;
126
					break;
127
				}
128
			}
129
		}
130
		return($has_active_sections);
131
	}
132

    
133
	// Check whether we should show a page or not (for front-end)
134
	function show_page($page)
135
    {
136
		if($this->page_is_visible($page) && $this->page_is_active($page))
137
        {
138
			return true;
139
		} else {
140
			return false;
141
		}
142
	}
143

    
144
	// Check if the user is already authenticated or not
145
	function is_authenticated() {
146
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
147
        {
148
			return true;
149
		} else {
150
			return false;
151
		}
152
	}
153

    
154
	// Modified addslashes function which takes into account magic_quotes
155
	function add_slashes($input) {
156
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
157
			return $input;
158
		}
159
		$output = addslashes($input);
160
		return $output;
161
	}
162

    
163
	// Ditto for stripslashes
164
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
165
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
166
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
167
	function strip_slashes($input) {
168
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
169
			return $input;
170
		}
171
		$output = stripslashes($input);
172
		return $output;
173
	}
174

    
175
	// Escape backslashes for use with mySQL LIKE strings
176
	function escape_backslashes($input) {
177
		return str_replace("\\","\\\\",$input);
178
	}
179

    
180
	function page_link($link){
181
		// Check for :// in the link (used in URL's) as well as mailto:
182
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
183
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
184
		} else {
185
			return $link;
186
		}
187
	}
188
	
189
	// Get POST data
190
	function get_post($field) {
191
		if(isset($_POST[$field])) {
192
			return $_POST[$field];
193
		} else {
194
			return null;
195
		}
196
	}
197

    
198
	// Get POST data and escape it
199
	function get_post_escaped($field) {
200
		$result = $this->get_post($field);
201
		return (is_null($result)) ? null : $this->add_slashes($result);
202
	}
203
	
204
	// Get GET data
205
	function get_get($field) {
206
		if(isset($_GET[$field])) {
207
			return $_GET[$field];
208
		} else {
209
			return null;
210
		}
211
	}
212

    
213
	// Get SESSION data
214
	function get_session($field) {
215
		if(isset($_SESSION[$field])) {
216
			return $_SESSION[$field];
217
		} else {
218
			return null;
219
		}
220
	}
221

    
222
	// Get SERVER data
223
	function get_server($field) {
224
		if(isset($_SERVER[$field])) {
225
			return $_SERVER[$field];
226
		} else {
227
			return null;
228
		}
229
	}
230

    
231
	// Get the current users id
232
	function get_user_id() {
233
		return $_SESSION['USER_ID'];
234
	}
235

    
236
	// Get the current users group id
237
	function get_group_id() {
238
		return $_SESSION['GROUP_ID'];
239
	}
240

    
241
	// Get the current users group ids
242
	function get_groups_id() {
243
		return explode(",", $_SESSION['GROUPS_ID']);
244
	}
245

    
246
	// Get the current users group name
247
	function get_group_name() {
248
		return implode(",", $_SESSION['GROUP_NAME']);
249
	}
250

    
251
	// Get the current users group name
252
	function get_groups_name() {
253
		return $_SESSION['GROUP_NAME'];
254
	}
255

    
256
	// Get the current users username
257
	function get_username() {
258
		return $_SESSION['USERNAME'];
259
	}
260

    
261
	// Get the current users display name
262
	function get_display_name() {
263
		return ($_SESSION['DISPLAY_NAME']);
264
	}
265

    
266
	// Get the current users email address
267
	function get_email() {
268
		return $_SESSION['EMAIL'];
269
	}
270

    
271
	// Get the current users home folder
272
	function get_home_folder() {
273
		return $_SESSION['HOME_FOLDER'];
274
	}
275

    
276
	// Get the current users timezone
277
	function get_timezone() {
278
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
279
			return $_SESSION['TIMEZONE'];
280
		} else {
281
			return '-72000';
282
		}
283
	}
284

    
285
	// Validate supplied email address
286
	function validate_email($email) {
287
		if(function_exists('idn_to_ascii')){ /* use pear if available */
288
			$email = idn_to_ascii($email);
289
		}else {
290
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
291
			$IDN = new idna_convert();
292
			$email = $IDN->encode($email);
293
			unset($IDN);
294
		}
295
		// regex from NorHei 2011-01-11
296
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
297
		return ($retval != false);
298
	}
299

    
300
/* ****************
301
 * set one or more bit in a integer value
302
 *
303
 * @access public
304
 * @param int $value: reference to the integer, containing the value
305
 * @param int $bits2set: the bitmask witch shall be added to value
306
 * @return void
307
 */
308
	function bit_set( &$value, $bits2set )
309
	{
310
		$value |= $bits2set;
311
	}
312

    
313
/* ****************
314
 * reset one or more bit from a integer value
315
 *
316
 * @access public
317
 * @param int $value: reference to the integer, containing the value
318
 * @param int $bits2reset: the bitmask witch shall be removed from value
319
 * @return void
320
 */
321
	function bit_reset( &$value, $bits2reset)
322
	{
323
		$value &= ~$bits2reset;
324
	}
325

    
326
/* ****************
327
 * check if one or more bit in a integer value are set
328
 *
329
 * @access public
330
 * @param int $value: reference to the integer, containing the value
331
 * @param int $bits2set: the bitmask witch shall be added to value
332
 * @return void
333
 */
334
	function bit_isset( $value, $bits2test )
335
	{
336
		return (($value & $bits2test) == $bits2test);
337
	}
338

    
339
/*
340
	// Validate supplied email address
341
	function validate_email($email) {
342
		if(function_exists('idn_to_ascii')){ // use pear if available
343
			$email = idn_to_ascii($email);
344
		}else {
345
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
346
			$IDN = new idna_convert();
347
			$email = $IDN->encode($email);
348
			unset($IDN);
349
		}
350
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
351
	}
352
*/
353
	// Print a success message which then automatically redirects the user to another page
354
	function print_success( $message, $redirect = 'index.php' ) {
355
	    global $TEXT;
356
	    // fetch redirect timer for sucess messages from settings table
357
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
358
	    // add template variables
359
	    $tpl = new Template( THEME_PATH.'/templates' );
360
	    $tpl->set_file( 'page', 'success.htt' );
361
	    $tpl->set_block( 'page', 'main_block', 'main' );
362
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
363
	    $tpl->set_var( 'MESSAGE', $message );
364
	    $tpl->set_var( 'REDIRECT', $redirect );
365
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
366
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
367
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
368
	    if ($redirect_timer == -1) {
369
	        $tpl->set_block( 'show_redirect', '' );
370
	    }
371
	    else {
372
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
373
	    }
374
	    $tpl->parse( 'main', 'main_block', false );
375
	    $tpl->pparse( 'output', 'page' );
376
	}
377

    
378
	// Print an error message
379
	function print_error($message, $link = 'index.php', $auto_footer = true) {
380
		global $TEXT;
381
		$success_template = new Template(THEME_PATH.'/templates');
382
		$success_template->set_file('page', 'error.htt');
383
		$success_template->set_block('page', 'main_block', 'main');
384
		$success_template->set_var('MESSAGE', $message);
385
		$success_template->set_var('LINK', $link);
386
		$success_template->set_var('BACK', $TEXT['BACK']);
387
		$success_template->parse('main', 'main_block', false);
388
		$success_template->pparse('output', 'page');
389
		if ( $auto_footer == true ) {
390
			if ( method_exists($this, "print_footer") ) {
391
				$this->print_footer();
392
			}
393
		}
394
		exit();
395
	}
396

    
397
	// Validate send email
398
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
399
		/* 
400
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
401
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
402
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
403

    
404
			NOTE:
405
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
406
			via the Settings panel in the backend of Website Baker
407
		*/ 
408

    
409
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
410
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
411
		$subject = preg_replace('/[\r\n]/', '', $subject);
412
		$message_alt = $message;
413
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
414
		
415
		// create PHPMailer object and define default settings
416
		$myMail = new wbmailer();
417

    
418
		// set user defined from address
419
		if ($fromaddress!='') {
420
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
421
			$myMail->From = $fromaddress;                            // FROM:
422
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
423
		}
424
		
425
		// define recepient and information to send out
426
		$myMail->AddAddress($toaddress);                            // TO:
427
		$myMail->Subject = $subject;                                // SUBJECT
428
		$myMail->Body = $message;                                   // CONTENT (HTML)
429
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
430
		
431
		// check if there are any send mail errors, otherwise say successful
432
		if (!$myMail->Send()) {
433
			return false;
434
		} else {
435
			return true;
436
		}
437
	}
438

    
439
}
440
?>
(9-9/16)