Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
9 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
13 1365 Luisehahne
 * @version         $Id$
14 1373 Luisehahne
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16 1365 Luisehahne
 *
17
 */
18 1373 Luisehahne
19 1420 Luisehahne
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
21 1365 Luisehahne
// Include PHPLIB template class
22
require_once(WB_PATH."/include/phplib/template.inc");
23
24
require_once(WB_PATH.'/framework/class.database.php');
25
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28
29 1368 Luisehahne
require_once(WB_PATH."/framework/SecureForm.php");
30 1365 Luisehahne
31
class wb extends SecureForm
32
{
33
34 1412 DarkViper
	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
35 1365 Luisehahne
	// General initialization function
36
	// performed when frontend or backend is loaded.
37
38 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
39
		parent::__construct($mode);
40 1365 Luisehahne
	}
41
42 1373 Luisehahne
/* ****************
43 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
44
 *
45
 * @access public
46
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
47
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
48
 * @param array &$matches: an array-var whitch will return possible matches
49
 * @return bool: true there is a match, otherwise false
50
 */
51
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
52
	{
53
		if( $groups_list1 == '' ) { return false; }
54
		if( $groups_list2 == '' ) { return false; }
55
		if( !is_array($groups_list1) )
56
		{
57
			$groups_list1 = explode(',', $groups_list1);
58
		}
59
		if( !is_array($groups_list2) )
60
		{
61
			$groups_list2 = explode(',', $groups_list2);
62
		}
63
		$matches = array_intersect( $groups_list1, $groups_list2);
64
		return ( sizeof($matches) != 0 );
65
	}
66
/* ****************
67 1373 Luisehahne
 * check if current user is member of at least one of given groups
68
 * ADMIN (uid=1) always is treated like a member of any groups
69
 *
70
 * @access public
71
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
72
 * @return bool: true if current user is member of one of this groups, otherwise false
73
 */
74
	function ami_group_member( $groups_list = '' )
75
	{
76
		if( $this->get_user_id() == 1 ) { return true; }
77
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
78
	}
79
80 1365 Luisehahne
	// Check whether a page is visible or not.
81
	// This will check page-visibility and user- and group-rights.
82
	/* page_is_visible() returns
83
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
84
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
85
	*/
86 1373 Luisehahne
	function page_is_visible($page)
87 1365 Luisehahne
    {
88 1373 Luisehahne
		$show_it = false; // shall we show the page?
89
		$page_id = $page['page_id'];
90
		$visibility = $page['visibility'];
91
		$viewing_groups = $page['viewing_groups'];
92
		$viewing_users = $page['viewing_users'];
93
94 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
95 1373 Luisehahne
		if($visibility == 'none')
96
        {
97
			return(false);
98
		} elseif($visibility == 'deleted')
99
        {
100
			return(false);
101
		}
102
103
		// Now check if visibility is 'hidden', 'private' or 'registered'
104
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
105
			$show_it = true;
106
		} elseif($visibility == 'private' || $visibility == 'registered')
107
        {
108
			// Check if the user is logged in
109
			if($this->is_authenticated() == true)
110
            {
111
				// Now check if the user has perms to view the page
112
				$in_group = false;
113
				foreach($this->get_groups_id() as $cur_gid)
114
                {
115
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
116
                    {
117
				        $in_group = true;
118
				    }
119
				}
120
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
121
					$show_it = true;
122
				} else {
123
					$show_it = false;
124
				}
125
			} else {
126 1372 Luisehahne
				$show_it = false;
127 1373 Luisehahne
			}
128
		} elseif($visibility == 'public') {
129
			$show_it = true;
130
		} else {
131
			$show_it = false;
132 1365 Luisehahne
		}
133
		return($show_it);
134
	}
135
	// Check if there is at least one active section on this page
136
	function page_is_active($page)
137
    {
138
		global $database;
139 1373 Luisehahne
		$has_active_sections = false;
140
		$page_id = $page['page_id'];
141 1365 Luisehahne
		$now = time();
142 1373 Luisehahne
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
143
		if($query_sections->numRows() != 0)
144
        {
145
			while($section = $query_sections->fetchRow())
146
            {
147
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
148
                {
149
					$has_active_sections = true;
150
					break;
151
				}
152
			}
153
		}
154
		return($has_active_sections);
155 1365 Luisehahne
	}
156
157
	// Check whether we should show a page or not (for front-end)
158
	function show_page($page)
159
    {
160 1373 Luisehahne
		if($this->page_is_visible($page) && $this->page_is_active($page))
161
        {
162
			return true;
163
		} else {
164
			return false;
165 1365 Luisehahne
		}
166
	}
167
168
	// Check if the user is already authenticated or not
169
	function is_authenticated() {
170 1373 Luisehahne
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
171 1365 Luisehahne
        {
172
			return true;
173
		} else {
174
			return false;
175
		}
176
	}
177
178
	// Modified addslashes function which takes into account magic_quotes
179
	function add_slashes($input) {
180
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
181
			return $input;
182
		}
183
		$output = addslashes($input);
184
		return $output;
185
	}
186
187
	// Ditto for stripslashes
188
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
189
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
190
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
191
	function strip_slashes($input) {
192
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
193
			return $input;
194
		}
195
		$output = stripslashes($input);
196
		return $output;
197
	}
198
199
	// Escape backslashes for use with mySQL LIKE strings
200
	function escape_backslashes($input) {
201
		return str_replace("\\","\\\\",$input);
202
	}
203
204
	function page_link($link){
205
		// Check for :// in the link (used in URL's) as well as mailto:
206 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
207 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
208
		} else {
209
			return $link;
210
		}
211
	}
212
213
	// Get POST data
214
	function get_post($field) {
215 1373 Luisehahne
		if(isset($_POST[$field])) {
216
			return $_POST[$field];
217
		} else {
218
			return null;
219
		}
220 1365 Luisehahne
	}
221
222
	// Get POST data and escape it
223
	function get_post_escaped($field) {
224
		$result = $this->get_post($field);
225
		return (is_null($result)) ? null : $this->add_slashes($result);
226
	}
227
228
	// Get GET data
229
	function get_get($field) {
230 1373 Luisehahne
		if(isset($_GET[$field])) {
231
			return $_GET[$field];
232
		} else {
233
			return null;
234
		}
235 1365 Luisehahne
	}
236
237
	// Get SESSION data
238
	function get_session($field) {
239 1373 Luisehahne
		if(isset($_SESSION[$field])) {
240
			return $_SESSION[$field];
241
		} else {
242
			return null;
243
		}
244 1365 Luisehahne
	}
245
246
	// Get SERVER data
247
	function get_server($field) {
248 1373 Luisehahne
		if(isset($_SERVER[$field])) {
249
			return $_SERVER[$field];
250
		} else {
251
			return null;
252
		}
253 1365 Luisehahne
	}
254
255
	// Get the current users id
256
	function get_user_id() {
257
		return $_SESSION['USER_ID'];
258
	}
259
260 1373 Luisehahne
	// Get the current users group id
261 1365 Luisehahne
	function get_group_id() {
262
		return $_SESSION['GROUP_ID'];
263
	}
264
265
	// Get the current users group ids
266
	function get_groups_id() {
267 1373 Luisehahne
		return explode(",", $_SESSION['GROUPS_ID']);
268 1365 Luisehahne
	}
269
270
	// Get the current users group name
271
	function get_group_name() {
272
		return implode(",", $_SESSION['GROUP_NAME']);
273
	}
274
275
	// Get the current users group name
276
	function get_groups_name() {
277
		return $_SESSION['GROUP_NAME'];
278
	}
279
280
	// Get the current users username
281
	function get_username() {
282
		return $_SESSION['USERNAME'];
283
	}
284
285
	// Get the current users display name
286
	function get_display_name() {
287 1373 Luisehahne
		return ($_SESSION['DISPLAY_NAME']);
288 1365 Luisehahne
	}
289
290
	// Get the current users email address
291
	function get_email() {
292
		return $_SESSION['EMAIL'];
293
	}
294
295
	// Get the current users home folder
296
	function get_home_folder() {
297
		return $_SESSION['HOME_FOLDER'];
298
	}
299
300
	// Get the current users timezone
301
	function get_timezone() {
302 1373 Luisehahne
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
303
			return $_SESSION['TIMEZONE'];
304
		} else {
305
			return '-72000';
306 1365 Luisehahne
		}
307
	}
308
309 1373 Luisehahne
	// Validate supplied email address
310
	function validate_email($email) {
311
		if(function_exists('idn_to_ascii')){ /* use pear if available */
312
			$email = idn_to_ascii($email);
313
		}else {
314
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
315
			$IDN = new idna_convert();
316
			$email = $IDN->encode($email);
317
			unset($IDN);
318 1372 Luisehahne
		}
319 1378 Luisehahne
		// regex from NorHei 2011-01-11
320
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
321
		return ($retval != false);
322 1372 Luisehahne
	}
323
324
/* ****************
325 1365 Luisehahne
 * set one or more bit in a integer value
326
 *
327
 * @access public
328
 * @param int $value: reference to the integer, containing the value
329
 * @param int $bits2set: the bitmask witch shall be added to value
330
 * @return void
331
 */
332
	function bit_set( &$value, $bits2set )
333
	{
334
		$value |= $bits2set;
335
	}
336
337
/* ****************
338
 * reset one or more bit from a integer value
339
 *
340
 * @access public
341
 * @param int $value: reference to the integer, containing the value
342
 * @param int $bits2reset: the bitmask witch shall be removed from value
343
 * @return void
344
 */
345
	function bit_reset( &$value, $bits2reset)
346
	{
347
		$value &= ~$bits2reset;
348
	}
349
350
/* ****************
351
 * check if one or more bit in a integer value are set
352
 *
353
 * @access public
354
 * @param int $value: reference to the integer, containing the value
355
 * @param int $bits2set: the bitmask witch shall be added to value
356
 * @return void
357
 */
358
	function bit_isset( $value, $bits2test )
359
	{
360
		return (($value & $bits2test) == $bits2test);
361
	}
362
363 1373 Luisehahne
/*
364 1365 Luisehahne
	// Validate supplied email address
365
	function validate_email($email) {
366 1373 Luisehahne
		if(function_exists('idn_to_ascii')){ // use pear if available
367
			$email = idn_to_ascii($email);
368
		}else {
369
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
370
			$IDN = new idna_convert();
371
			$email = $IDN->encode($email);
372
			unset($IDN);
373 1365 Luisehahne
		}
374 1373 Luisehahne
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
375 1365 Luisehahne
	}
376 1373 Luisehahne
*/
377 1365 Luisehahne
	// Print a success message which then automatically redirects the user to another page
378 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
379 1365 Luisehahne
	    global $TEXT;
380 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
381 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
382 1365 Luisehahne
	    // add template variables
383
	    $tpl = new Template( THEME_PATH.'/templates' );
384
	    $tpl->set_file( 'page', 'success.htt' );
385
	    $tpl->set_block( 'page', 'main_block', 'main' );
386 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
387
	    $tpl->set_var( 'MESSAGE', $message );
388
	    $tpl->set_var( 'REDIRECT', $redirect );
389
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
390 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
391
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
392 1397 Luisehahne
	    if ($redirect_timer == -1) {
393 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
394 1373 Luisehahne
	    }
395
	    else {
396 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
397
	    }
398
	    $tpl->parse( 'main', 'main_block', false );
399
	    $tpl->pparse( 'output', 'page' );
400
	}
401
402
	// Print an error message
403 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
404 1365 Luisehahne
		global $TEXT;
405
		$success_template = new Template(THEME_PATH.'/templates');
406
		$success_template->set_file('page', 'error.htt');
407
		$success_template->set_block('page', 'main_block', 'main');
408
		$success_template->set_var('MESSAGE', $message);
409
		$success_template->set_var('LINK', $link);
410
		$success_template->set_var('BACK', $TEXT['BACK']);
411
		$success_template->parse('main', 'main_block', false);
412
		$success_template->pparse('output', 'page');
413
		if ( $auto_footer == true ) {
414
			if ( method_exists($this, "print_footer") ) {
415
				$this->print_footer();
416
			}
417
		}
418
		exit();
419
	}
420
421
	// Validate send email
422
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
423 1373 Luisehahne
		/*
424 1365 Luisehahne
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
425
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
426
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
427
428
			NOTE:
429
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
430
			via the Settings panel in the backend of Website Baker
431
		*/
432
433
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
434
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
435
		$subject = preg_replace('/[\r\n]/', '', $subject);
436
		$message_alt = $message;
437 1373 Luisehahne
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
438
439 1365 Luisehahne
		// create PHPMailer object and define default settings
440
		$myMail = new wbmailer();
441
442
		// set user defined from address
443
		if ($fromaddress!='') {
444
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
445
			$myMail->From = $fromaddress;                            // FROM:
446
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
447
		}
448
449
		// define recepient and information to send out
450
		$myMail->AddAddress($toaddress);                            // TO:
451
		$myMail->Subject = $subject;                                // SUBJECT
452
		$myMail->Body = $message;                                   // CONTENT (HTML)
453
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
454
455
		// check if there are any send mail errors, otherwise say successful
456
		if (!$myMail->Send()) {
457
			return false;
458
		} else {
459
			return true;
460
		}
461
	}
462
463
}
464 1412 DarkViper
?>