Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
9 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
13 1365 Luisehahne
 * @version         $Id$
14 1373 Luisehahne
 * @filesource		$HeadURL: $
15
 * @lastmodified    $Date:  $
16 1365 Luisehahne
 *
17
 */
18 1373 Luisehahne
19 1420 Luisehahne
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
21 1365 Luisehahne
// Include PHPLIB template class
22
require_once(WB_PATH."/include/phplib/template.inc");
23
24
require_once(WB_PATH.'/framework/class.database.php');
25
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28
29 1368 Luisehahne
require_once(WB_PATH."/framework/SecureForm.php");
30 1365 Luisehahne
31
class wb extends SecureForm
32
{
33
34 1412 DarkViper
	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+';
35 1365 Luisehahne
	// General initialization function
36
	// performed when frontend or backend is loaded.
37
38 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
39
		parent::__construct($mode);
40 1365 Luisehahne
	}
41
42 1373 Luisehahne
/* ****************
43 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
44
 *
45
 * @access public
46
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
47
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
48
 * @param array &$matches: an array-var whitch will return possible matches
49
 * @return bool: true there is a match, otherwise false
50
 */
51
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
52
	{
53
		if( $groups_list1 == '' ) { return false; }
54
		if( $groups_list2 == '' ) { return false; }
55
		if( !is_array($groups_list1) )
56
		{
57
			$groups_list1 = explode(',', $groups_list1);
58
		}
59
		if( !is_array($groups_list2) )
60
		{
61
			$groups_list2 = explode(',', $groups_list2);
62
		}
63
		$matches = array_intersect( $groups_list1, $groups_list2);
64
		return ( sizeof($matches) != 0 );
65
	}
66
/* ****************
67 1373 Luisehahne
 * check if current user is member of at least one of given groups
68
 * ADMIN (uid=1) always is treated like a member of any groups
69
 *
70
 * @access public
71
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
72
 * @return bool: true if current user is member of one of this groups, otherwise false
73
 */
74
	function ami_group_member( $groups_list = '' )
75
	{
76
		if( $this->get_user_id() == 1 ) { return true; }
77
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
78
	}
79
80 1365 Luisehahne
	// Check whether a page is visible or not.
81
	// This will check page-visibility and user- and group-rights.
82
	/* page_is_visible() returns
83
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
84
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
85
	*/
86 1373 Luisehahne
	function page_is_visible($page)
87 1365 Luisehahne
    {
88 1373 Luisehahne
		$show_it = false; // shall we show the page?
89
		$page_id = $page['page_id'];
90
		$visibility = $page['visibility'];
91
		$viewing_groups = $page['viewing_groups'];
92
		$viewing_users = $page['viewing_users'];
93
94 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
95 1373 Luisehahne
		if($visibility == 'none')
96
        {
97
			return(false);
98
		} elseif($visibility == 'deleted')
99
        {
100
			return(false);
101
		}
102
103
		// Now check if visibility is 'hidden', 'private' or 'registered'
104
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
105
			$show_it = true;
106
		} elseif($visibility == 'private' || $visibility == 'registered')
107
        {
108
			// Check if the user is logged in
109
			if($this->is_authenticated() == true)
110
            {
111
				// Now check if the user has perms to view the page
112
				$in_group = false;
113
				foreach($this->get_groups_id() as $cur_gid)
114
                {
115
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
116
                    {
117
				        $in_group = true;
118
				    }
119
				}
120
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
121
					$show_it = true;
122
				} else {
123
					$show_it = false;
124
				}
125
			} else {
126 1372 Luisehahne
				$show_it = false;
127 1373 Luisehahne
			}
128
		} elseif($visibility == 'public') {
129
			$show_it = true;
130
		} else {
131
			$show_it = false;
132 1365 Luisehahne
		}
133
		return($show_it);
134
	}
135
	// Check if there is at least one active section on this page
136
	function page_is_active($page)
137
    {
138
		global $database;
139 1373 Luisehahne
		$has_active_sections = false;
140
		$page_id = $page['page_id'];
141 1365 Luisehahne
		$now = time();
142 1373 Luisehahne
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
143
		if($query_sections->numRows() != 0)
144
        {
145
			while($section = $query_sections->fetchRow())
146
            {
147
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
148
                {
149
					$has_active_sections = true;
150
					break;
151
				}
152
			}
153
		}
154
		return($has_active_sections);
155 1365 Luisehahne
	}
156
157
	// Check whether we should show a page or not (for front-end)
158
	function show_page($page)
159
    {
160 1373 Luisehahne
		if($this->page_is_visible($page) && $this->page_is_active($page))
161
        {
162
			return true;
163
		} else {
164
			return false;
165 1365 Luisehahne
		}
166
	}
167
168
	// Check if the user is already authenticated or not
169
	function is_authenticated() {
170 1373 Luisehahne
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
171 1365 Luisehahne
        {
172
			return true;
173
		} else {
174
			return false;
175
		}
176
	}
177
178
	// Modified addslashes function which takes into account magic_quotes
179
	function add_slashes($input) {
180
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
181
			return $input;
182
		}
183
		$output = addslashes($input);
184
		return $output;
185
	}
186
187
	// Ditto for stripslashes
188
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
189
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
190
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
191
	function strip_slashes($input) {
192
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
193
			return $input;
194
		}
195
		$output = stripslashes($input);
196
		return $output;
197
	}
198
199
	// Escape backslashes for use with mySQL LIKE strings
200
	function escape_backslashes($input) {
201
		return str_replace("\\","\\\\",$input);
202
	}
203
204
	function page_link($link){
205
		// Check for :// in the link (used in URL's) as well as mailto:
206 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
207 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
208
		} else {
209
			return $link;
210
		}
211
	}
212
213
	// Get POST data
214
	function get_post($field) {
215 1373 Luisehahne
		if(isset($_POST[$field])) {
216
			return $_POST[$field];
217
		} else {
218
			return null;
219
		}
220 1365 Luisehahne
	}
221
222
	// Get POST data and escape it
223
	function get_post_escaped($field) {
224
		$result = $this->get_post($field);
225
		return (is_null($result)) ? null : $this->add_slashes($result);
226
	}
227
228
	// Get GET data
229
	function get_get($field) {
230 1373 Luisehahne
		if(isset($_GET[$field])) {
231
			return $_GET[$field];
232
		} else {
233
			return null;
234
		}
235 1365 Luisehahne
	}
236
237
	// Get SESSION data
238
	function get_session($field) {
239 1373 Luisehahne
		if(isset($_SESSION[$field])) {
240
			return $_SESSION[$field];
241
		} else {
242
			return null;
243
		}
244 1365 Luisehahne
	}
245
246
	// Get SERVER data
247
	function get_server($field) {
248 1373 Luisehahne
		if(isset($_SERVER[$field])) {
249
			return $_SERVER[$field];
250
		} else {
251
			return null;
252
		}
253 1365 Luisehahne
	}
254
255
	// Get the current users id
256
	function get_user_id() {
257
		return $_SESSION['USER_ID'];
258
	}
259
260 1373 Luisehahne
	// Get the current users group id
261 1365 Luisehahne
	function get_group_id() {
262
		return $_SESSION['GROUP_ID'];
263
	}
264
265
	// Get the current users group ids
266
	function get_groups_id() {
267 1373 Luisehahne
		return explode(",", $_SESSION['GROUPS_ID']);
268 1365 Luisehahne
	}
269
270
	// Get the current users group name
271
	function get_group_name() {
272
		return implode(",", $_SESSION['GROUP_NAME']);
273
	}
274
275
	// Get the current users group name
276
	function get_groups_name() {
277
		return $_SESSION['GROUP_NAME'];
278
	}
279
280
	// Get the current users username
281
	function get_username() {
282
		return $_SESSION['USERNAME'];
283
	}
284
285
	// Get the current users display name
286
	function get_display_name() {
287 1373 Luisehahne
		return ($_SESSION['DISPLAY_NAME']);
288 1365 Luisehahne
	}
289
290
	// Get the current users email address
291
	function get_email() {
292
		return $_SESSION['EMAIL'];
293
	}
294
295
	// Get the current users home folder
296
	function get_home_folder() {
297
		return $_SESSION['HOME_FOLDER'];
298
	}
299
300
	// Get the current users timezone
301
	function get_timezone() {
302 1373 Luisehahne
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
303
			return $_SESSION['TIMEZONE'];
304
		} else {
305
			return '-72000';
306 1365 Luisehahne
		}
307
	}
308
309 1373 Luisehahne
	// Validate supplied email address
310
	function validate_email($email) {
311
		if(function_exists('idn_to_ascii')){ /* use pear if available */
312
			$email = idn_to_ascii($email);
313
		}else {
314
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
315
			$IDN = new idna_convert();
316
			$email = $IDN->encode($email);
317
			unset($IDN);
318 1372 Luisehahne
		}
319 1378 Luisehahne
		// regex from NorHei 2011-01-11
320
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
321
		return ($retval != false);
322 1372 Luisehahne
	}
323
324
/* ****************
325 1365 Luisehahne
 * set one or more bit in a integer value
326
 *
327
 * @access public
328
 * @param int $value: reference to the integer, containing the value
329
 * @param int $bits2set: the bitmask witch shall be added to value
330
 * @return void
331
 */
332
	function bit_set( &$value, $bits2set )
333
	{
334
		$value |= $bits2set;
335
	}
336
337
/* ****************
338
 * reset one or more bit from a integer value
339
 *
340
 * @access public
341
 * @param int $value: reference to the integer, containing the value
342
 * @param int $bits2reset: the bitmask witch shall be removed from value
343
 * @return void
344
 */
345
	function bit_reset( &$value, $bits2reset)
346
	{
347
		$value &= ~$bits2reset;
348
	}
349
350
/* ****************
351
 * check if one or more bit in a integer value are set
352
 *
353
 * @access public
354
 * @param int $value: reference to the integer, containing the value
355
 * @param int $bits2set: the bitmask witch shall be added to value
356
 * @return void
357
 */
358
	function bit_isset( $value, $bits2test )
359
	{
360
		return (($value & $bits2test) == $bits2test);
361
	}
362
363 1373 Luisehahne
/*
364 1365 Luisehahne
	// Validate supplied email address
365
	function validate_email($email) {
366 1373 Luisehahne
		if(function_exists('idn_to_ascii')){ // use pear if available
367
			$email = idn_to_ascii($email);
368
		}else {
369
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
370
			$IDN = new idna_convert();
371
			$email = $IDN->encode($email);
372
			unset($IDN);
373 1365 Luisehahne
		}
374 1373 Luisehahne
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
375 1365 Luisehahne
	}
376 1373 Luisehahne
*/
377 1365 Luisehahne
	// Print a success message which then automatically redirects the user to another page
378 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
379 1365 Luisehahne
	    global $TEXT;
380 1443 Luisehahne
        if(is_array($message)) {
381
           $message = implode ('<br />',$message);
382
        }
383 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
384 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
385 1365 Luisehahne
	    // add template variables
386
	    $tpl = new Template( THEME_PATH.'/templates' );
387
	    $tpl->set_file( 'page', 'success.htt' );
388
	    $tpl->set_block( 'page', 'main_block', 'main' );
389 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
390
	    $tpl->set_var( 'MESSAGE', $message );
391
	    $tpl->set_var( 'REDIRECT', $redirect );
392
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
393 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
394
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
395 1397 Luisehahne
	    if ($redirect_timer == -1) {
396 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
397 1373 Luisehahne
	    }
398
	    else {
399 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
400
	    }
401
	    $tpl->parse( 'main', 'main_block', false );
402
	    $tpl->pparse( 'output', 'page' );
403
	}
404
405
	// Print an error message
406 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
407 1365 Luisehahne
		global $TEXT;
408 1443 Luisehahne
        if(is_array($message)) {
409
           $message = implode ('<br />',$message);
410
        }
411 1365 Luisehahne
		$success_template = new Template(THEME_PATH.'/templates');
412
		$success_template->set_file('page', 'error.htt');
413
		$success_template->set_block('page', 'main_block', 'main');
414
		$success_template->set_var('MESSAGE', $message);
415
		$success_template->set_var('LINK', $link);
416
		$success_template->set_var('BACK', $TEXT['BACK']);
417
		$success_template->parse('main', 'main_block', false);
418
		$success_template->pparse('output', 'page');
419
		if ( $auto_footer == true ) {
420
			if ( method_exists($this, "print_footer") ) {
421
				$this->print_footer();
422
			}
423
		}
424
		exit();
425
	}
426
427
	// Validate send email
428
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
429 1373 Luisehahne
		/*
430 1365 Luisehahne
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
431
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
432
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
433
434
			NOTE:
435
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
436
			via the Settings panel in the backend of Website Baker
437
		*/
438
439
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
440
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
441
		$subject = preg_replace('/[\r\n]/', '', $subject);
442
		$message_alt = $message;
443 1373 Luisehahne
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
444
445 1365 Luisehahne
		// create PHPMailer object and define default settings
446
		$myMail = new wbmailer();
447
448
		// set user defined from address
449
		if ($fromaddress!='') {
450
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
451
			$myMail->From = $fromaddress;                            // FROM:
452
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
453
		}
454
455
		// define recepient and information to send out
456
		$myMail->AddAddress($toaddress);                            // TO:
457
		$myMail->Subject = $subject;                                // SUBJECT
458
		$myMail->Body = $message;                                   // CONTENT (HTML)
459
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
460
461
		// check if there are any send mail errors, otherwise say successful
462
		if (!$myMail->Send()) {
463
			return false;
464
		} else {
465
			return true;
466
		}
467
	}
468
469
}