Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: class.wb.php 1443 2011-04-19 19:38:37Z Luisehahne $
14
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18

    
19
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
21
// Include PHPLIB template class
22
require_once(WB_PATH."/include/phplib/template.inc");
23

    
24
require_once(WB_PATH.'/framework/class.database.php');
25

    
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28

    
29
require_once(WB_PATH."/framework/SecureForm.php");
30

    
31
class wb extends SecureForm
32
{
33

    
34
	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
35
	// General initialization function
36
	// performed when frontend or backend is loaded.
37

    
38
	public function  __construct($mode = SecureForm::FRONTEND) {
39
		parent::__construct($mode);
40
	}
41

    
42
/* ****************
43
 * check if one or more group_ids are in both group_lists
44
 *
45
 * @access public
46
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
47
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
48
 * @param array &$matches: an array-var whitch will return possible matches
49
 * @return bool: true there is a match, otherwise false
50
 */
51
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
52
	{
53
		if( $groups_list1 == '' ) { return false; }
54
		if( $groups_list2 == '' ) { return false; }
55
		if( !is_array($groups_list1) )
56
		{
57
			$groups_list1 = explode(',', $groups_list1);
58
		}
59
		if( !is_array($groups_list2) )
60
		{
61
			$groups_list2 = explode(',', $groups_list2);
62
		}
63
		$matches = array_intersect( $groups_list1, $groups_list2);
64
		return ( sizeof($matches) != 0 );
65
	}
66
/* ****************
67
 * check if current user is member of at least one of given groups
68
 * ADMIN (uid=1) always is treated like a member of any groups
69
 *
70
 * @access public
71
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
72
 * @return bool: true if current user is member of one of this groups, otherwise false
73
 */
74
	function ami_group_member( $groups_list = '' )
75
	{
76
		if( $this->get_user_id() == 1 ) { return true; }
77
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
78
	}
79

    
80
	// Check whether a page is visible or not.
81
	// This will check page-visibility and user- and group-rights.
82
	/* page_is_visible() returns
83
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
84
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
85
	*/
86
	function page_is_visible($page)
87
    {
88
		$show_it = false; // shall we show the page?
89
		$page_id = $page['page_id'];
90
		$visibility = $page['visibility'];
91
		$viewing_groups = $page['viewing_groups'];
92
		$viewing_users = $page['viewing_users'];
93

    
94
		// First check if visibility is 'none', 'deleted'
95
		if($visibility == 'none')
96
        {
97
			return(false);
98
		} elseif($visibility == 'deleted')
99
        {
100
			return(false);
101
		}
102

    
103
		// Now check if visibility is 'hidden', 'private' or 'registered'
104
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
105
			$show_it = true;
106
		} elseif($visibility == 'private' || $visibility == 'registered')
107
        {
108
			// Check if the user is logged in
109
			if($this->is_authenticated() == true)
110
            {
111
				// Now check if the user has perms to view the page
112
				$in_group = false;
113
				foreach($this->get_groups_id() as $cur_gid)
114
                {
115
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
116
                    {
117
				        $in_group = true;
118
				    }
119
				}
120
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
121
					$show_it = true;
122
				} else {
123
					$show_it = false;
124
				}
125
			} else {
126
				$show_it = false;
127
			}
128
		} elseif($visibility == 'public') {
129
			$show_it = true;
130
		} else {
131
			$show_it = false;
132
		}
133
		return($show_it);
134
	}
135
	// Check if there is at least one active section on this page
136
	function page_is_active($page)
137
    {
138
		global $database;
139
		$has_active_sections = false;
140
		$page_id = $page['page_id'];
141
		$now = time();
142
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
143
		if($query_sections->numRows() != 0)
144
        {
145
			while($section = $query_sections->fetchRow())
146
            {
147
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
148
                {
149
					$has_active_sections = true;
150
					break;
151
				}
152
			}
153
		}
154
		return($has_active_sections);
155
	}
156

    
157
	// Check whether we should show a page or not (for front-end)
158
	function show_page($page)
159
    {
160
		if($this->page_is_visible($page) && $this->page_is_active($page))
161
        {
162
			return true;
163
		} else {
164
			return false;
165
		}
166
	}
167

    
168
	// Check if the user is already authenticated or not
169
	function is_authenticated() {
170
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
171
        {
172
			return true;
173
		} else {
174
			return false;
175
		}
176
	}
177

    
178
	// Modified addslashes function which takes into account magic_quotes
179
	function add_slashes($input) {
180
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
181
			return $input;
182
		}
183
		$output = addslashes($input);
184
		return $output;
185
	}
186

    
187
	// Ditto for stripslashes
188
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
189
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
190
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
191
	function strip_slashes($input) {
192
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
193
			return $input;
194
		}
195
		$output = stripslashes($input);
196
		return $output;
197
	}
198

    
199
	// Escape backslashes for use with mySQL LIKE strings
200
	function escape_backslashes($input) {
201
		return str_replace("\\","\\\\",$input);
202
	}
203

    
204
	function page_link($link){
205
		// Check for :// in the link (used in URL's) as well as mailto:
206
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
207
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
208
		} else {
209
			return $link;
210
		}
211
	}
212
	
213
	// Get POST data
214
	function get_post($field) {
215
		if(isset($_POST[$field])) {
216
			return $_POST[$field];
217
		} else {
218
			return null;
219
		}
220
	}
221

    
222
	// Get POST data and escape it
223
	function get_post_escaped($field) {
224
		$result = $this->get_post($field);
225
		return (is_null($result)) ? null : $this->add_slashes($result);
226
	}
227
	
228
	// Get GET data
229
	function get_get($field) {
230
		if(isset($_GET[$field])) {
231
			return $_GET[$field];
232
		} else {
233
			return null;
234
		}
235
	}
236

    
237
	// Get SESSION data
238
	function get_session($field) {
239
		if(isset($_SESSION[$field])) {
240
			return $_SESSION[$field];
241
		} else {
242
			return null;
243
		}
244
	}
245

    
246
	// Get SERVER data
247
	function get_server($field) {
248
		if(isset($_SERVER[$field])) {
249
			return $_SERVER[$field];
250
		} else {
251
			return null;
252
		}
253
	}
254

    
255
	// Get the current users id
256
	function get_user_id() {
257
		return $_SESSION['USER_ID'];
258
	}
259

    
260
	// Get the current users group id
261
	function get_group_id() {
262
		return $_SESSION['GROUP_ID'];
263
	}
264

    
265
	// Get the current users group ids
266
	function get_groups_id() {
267
		return explode(",", $_SESSION['GROUPS_ID']);
268
	}
269

    
270
	// Get the current users group name
271
	function get_group_name() {
272
		return implode(",", $_SESSION['GROUP_NAME']);
273
	}
274

    
275
	// Get the current users group name
276
	function get_groups_name() {
277
		return $_SESSION['GROUP_NAME'];
278
	}
279

    
280
	// Get the current users username
281
	function get_username() {
282
		return $_SESSION['USERNAME'];
283
	}
284

    
285
	// Get the current users display name
286
	function get_display_name() {
287
		return ($_SESSION['DISPLAY_NAME']);
288
	}
289

    
290
	// Get the current users email address
291
	function get_email() {
292
		return $_SESSION['EMAIL'];
293
	}
294

    
295
	// Get the current users home folder
296
	function get_home_folder() {
297
		return $_SESSION['HOME_FOLDER'];
298
	}
299

    
300
	// Get the current users timezone
301
	function get_timezone() {
302
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
303
			return $_SESSION['TIMEZONE'];
304
		} else {
305
			return '-72000';
306
		}
307
	}
308

    
309
	// Validate supplied email address
310
	function validate_email($email) {
311
		if(function_exists('idn_to_ascii')){ /* use pear if available */
312
			$email = idn_to_ascii($email);
313
		}else {
314
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
315
			$IDN = new idna_convert();
316
			$email = $IDN->encode($email);
317
			unset($IDN);
318
		}
319
		// regex from NorHei 2011-01-11
320
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
321
		return ($retval != false);
322
	}
323

    
324
/* ****************
325
 * set one or more bit in a integer value
326
 *
327
 * @access public
328
 * @param int $value: reference to the integer, containing the value
329
 * @param int $bits2set: the bitmask witch shall be added to value
330
 * @return void
331
 */
332
	function bit_set( &$value, $bits2set )
333
	{
334
		$value |= $bits2set;
335
	}
336

    
337
/* ****************
338
 * reset one or more bit from a integer value
339
 *
340
 * @access public
341
 * @param int $value: reference to the integer, containing the value
342
 * @param int $bits2reset: the bitmask witch shall be removed from value
343
 * @return void
344
 */
345
	function bit_reset( &$value, $bits2reset)
346
	{
347
		$value &= ~$bits2reset;
348
	}
349

    
350
/* ****************
351
 * check if one or more bit in a integer value are set
352
 *
353
 * @access public
354
 * @param int $value: reference to the integer, containing the value
355
 * @param int $bits2set: the bitmask witch shall be added to value
356
 * @return void
357
 */
358
	function bit_isset( $value, $bits2test )
359
	{
360
		return (($value & $bits2test) == $bits2test);
361
	}
362

    
363
/*
364
	// Validate supplied email address
365
	function validate_email($email) {
366
		if(function_exists('idn_to_ascii')){ // use pear if available
367
			$email = idn_to_ascii($email);
368
		}else {
369
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
370
			$IDN = new idna_convert();
371
			$email = $IDN->encode($email);
372
			unset($IDN);
373
		}
374
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
375
	}
376
*/
377
	// Print a success message which then automatically redirects the user to another page
378
	function print_success( $message, $redirect = 'index.php' ) {
379
	    global $TEXT;
380
        if(is_array($message)) {
381
           $message = implode ('<br />',$message);
382
        }
383
	    // fetch redirect timer for sucess messages from settings table
384
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
385
	    // add template variables
386
	    $tpl = new Template( THEME_PATH.'/templates' );
387
	    $tpl->set_file( 'page', 'success.htt' );
388
	    $tpl->set_block( 'page', 'main_block', 'main' );
389
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
390
	    $tpl->set_var( 'MESSAGE', $message );
391
	    $tpl->set_var( 'REDIRECT', $redirect );
392
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
393
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
394
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
395
	    if ($redirect_timer == -1) {
396
	        $tpl->set_block( 'show_redirect', '' );
397
	    }
398
	    else {
399
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
400
	    }
401
	    $tpl->parse( 'main', 'main_block', false );
402
	    $tpl->pparse( 'output', 'page' );
403
	}
404

    
405
	// Print an error message
406
	function print_error($message, $link = 'index.php', $auto_footer = true) {
407
		global $TEXT;
408
        if(is_array($message)) {
409
           $message = implode ('<br />',$message);
410
        }
411
		$success_template = new Template(THEME_PATH.'/templates');
412
		$success_template->set_file('page', 'error.htt');
413
		$success_template->set_block('page', 'main_block', 'main');
414
		$success_template->set_var('MESSAGE', $message);
415
		$success_template->set_var('LINK', $link);
416
		$success_template->set_var('BACK', $TEXT['BACK']);
417
		$success_template->parse('main', 'main_block', false);
418
		$success_template->pparse('output', 'page');
419
		if ( $auto_footer == true ) {
420
			if ( method_exists($this, "print_footer") ) {
421
				$this->print_footer();
422
			}
423
		}
424
		exit();
425
	}
426

    
427
	// Validate send email
428
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
429
		/* 
430
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
431
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
432
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
433

    
434
			NOTE:
435
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
436
			via the Settings panel in the backend of Website Baker
437
		*/ 
438

    
439
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
440
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
441
		$subject = preg_replace('/[\r\n]/', '', $subject);
442
		$message_alt = $message;
443
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
444
		
445
		// create PHPMailer object and define default settings
446
		$myMail = new wbmailer();
447

    
448
		// set user defined from address
449
		if ($fromaddress!='') {
450
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
451
			$myMail->From = $fromaddress;                            // FROM:
452
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
453
		}
454
		
455
		// define recepient and information to send out
456
		$myMail->AddAddress($toaddress);                            // TO:
457
		$myMail->Subject = $subject;                                // SUBJECT
458
		$myMail->Body = $message;                                   // CONTENT (HTML)
459
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
460
		
461
		// check if there are any send mail errors, otherwise say successful
462
		if (!$myMail->Send()) {
463
			return false;
464
		} else {
465
			return true;
466
		}
467
	}
468

    
469
}
(9-9/16)