Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
9 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
13 1365 Luisehahne
 * @version         $Id$
14 1457 Luisehahne
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16 1365 Luisehahne
 *
17
 */
18 1373 Luisehahne
19 1420 Luisehahne
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
21 1365 Luisehahne
// Include PHPLIB template class
22
require_once(WB_PATH."/include/phplib/template.inc");
23
24
require_once(WB_PATH.'/framework/class.database.php');
25
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28
29 1368 Luisehahne
require_once(WB_PATH."/framework/SecureForm.php");
30 1365 Luisehahne
31
class wb extends SecureForm
32
{
33
34 1457 Luisehahne
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
35 1365 Luisehahne
	// performed when frontend or backend is loaded.
36
37 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
38
		parent::__construct($mode);
39 1365 Luisehahne
	}
40
41 1373 Luisehahne
/* ****************
42 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
43
 *
44
 * @access public
45
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
46
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
47
 * @param array &$matches: an array-var whitch will return possible matches
48
 * @return bool: true there is a match, otherwise false
49
 */
50
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
51
	{
52
		if( $groups_list1 == '' ) { return false; }
53
		if( $groups_list2 == '' ) { return false; }
54
		if( !is_array($groups_list1) )
55
		{
56
			$groups_list1 = explode(',', $groups_list1);
57
		}
58
		if( !is_array($groups_list2) )
59
		{
60
			$groups_list2 = explode(',', $groups_list2);
61
		}
62
		$matches = array_intersect( $groups_list1, $groups_list2);
63
		return ( sizeof($matches) != 0 );
64
	}
65
/* ****************
66 1373 Luisehahne
 * check if current user is member of at least one of given groups
67
 * ADMIN (uid=1) always is treated like a member of any groups
68
 *
69
 * @access public
70
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
71
 * @return bool: true if current user is member of one of this groups, otherwise false
72
 */
73
	function ami_group_member( $groups_list = '' )
74
	{
75
		if( $this->get_user_id() == 1 ) { return true; }
76
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
77
	}
78
79 1365 Luisehahne
	// Check whether a page is visible or not.
80
	// This will check page-visibility and user- and group-rights.
81
	/* page_is_visible() returns
82
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
83
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
84
	*/
85 1373 Luisehahne
	function page_is_visible($page)
86 1365 Luisehahne
    {
87 1373 Luisehahne
		$show_it = false; // shall we show the page?
88
		$page_id = $page['page_id'];
89
		$visibility = $page['visibility'];
90
		$viewing_groups = $page['viewing_groups'];
91
		$viewing_users = $page['viewing_users'];
92
93 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
94 1373 Luisehahne
		if($visibility == 'none')
95
        {
96
			return(false);
97
		} elseif($visibility == 'deleted')
98
        {
99
			return(false);
100
		}
101
102
		// Now check if visibility is 'hidden', 'private' or 'registered'
103
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
104
			$show_it = true;
105
		} elseif($visibility == 'private' || $visibility == 'registered')
106
        {
107
			// Check if the user is logged in
108
			if($this->is_authenticated() == true)
109
            {
110
				// Now check if the user has perms to view the page
111
				$in_group = false;
112
				foreach($this->get_groups_id() as $cur_gid)
113
                {
114
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
115
                    {
116
				        $in_group = true;
117
				    }
118
				}
119
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
120
					$show_it = true;
121
				} else {
122
					$show_it = false;
123
				}
124
			} else {
125 1372 Luisehahne
				$show_it = false;
126 1373 Luisehahne
			}
127
		} elseif($visibility == 'public') {
128
			$show_it = true;
129
		} else {
130
			$show_it = false;
131 1365 Luisehahne
		}
132
		return($show_it);
133
	}
134
	// Check if there is at least one active section on this page
135
	function page_is_active($page)
136
    {
137
		global $database;
138 1373 Luisehahne
		$has_active_sections = false;
139
		$page_id = $page['page_id'];
140 1365 Luisehahne
		$now = time();
141 1373 Luisehahne
		$query_sections = $database->query("SELECT publ_start,publ_end FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id'");
142
		if($query_sections->numRows() != 0)
143
        {
144
			while($section = $query_sections->fetchRow())
145
            {
146
				if($now<$section['publ_end'] && ($now>$section['publ_start'] || $section['publ_start']==0) || $now>$section['publ_start'] && $section['publ_end']==0)
147
                {
148
					$has_active_sections = true;
149
					break;
150
				}
151
			}
152
		}
153
		return($has_active_sections);
154 1365 Luisehahne
	}
155
156
	// Check whether we should show a page or not (for front-end)
157
	function show_page($page)
158
    {
159 1373 Luisehahne
		if($this->page_is_visible($page) && $this->page_is_active($page))
160
        {
161
			return true;
162
		} else {
163
			return false;
164 1365 Luisehahne
		}
165
	}
166
167
	// Check if the user is already authenticated or not
168
	function is_authenticated() {
169 1373 Luisehahne
		if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID']))
170 1365 Luisehahne
        {
171
			return true;
172
		} else {
173
			return false;
174
		}
175
	}
176
177
	// Modified addslashes function which takes into account magic_quotes
178
	function add_slashes($input) {
179
		if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
180
			return $input;
181
		}
182
		$output = addslashes($input);
183
		return $output;
184
	}
185
186
	// Ditto for stripslashes
187
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
188
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
189
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
190
	function strip_slashes($input) {
191
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
192
			return $input;
193
		}
194
		$output = stripslashes($input);
195
		return $output;
196
	}
197
198
	// Escape backslashes for use with mySQL LIKE strings
199
	function escape_backslashes($input) {
200
		return str_replace("\\","\\\\",$input);
201
	}
202
203
	function page_link($link){
204
		// Check for :// in the link (used in URL's) as well as mailto:
205 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
206 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
207
		} else {
208
			return $link;
209
		}
210
	}
211
212
	// Get POST data
213
	function get_post($field) {
214 1373 Luisehahne
		if(isset($_POST[$field])) {
215
			return $_POST[$field];
216
		} else {
217
			return null;
218
		}
219 1365 Luisehahne
	}
220
221
	// Get POST data and escape it
222
	function get_post_escaped($field) {
223
		$result = $this->get_post($field);
224
		return (is_null($result)) ? null : $this->add_slashes($result);
225
	}
226
227
	// Get GET data
228
	function get_get($field) {
229 1373 Luisehahne
		if(isset($_GET[$field])) {
230
			return $_GET[$field];
231
		} else {
232
			return null;
233
		}
234 1365 Luisehahne
	}
235
236
	// Get SESSION data
237
	function get_session($field) {
238 1373 Luisehahne
		if(isset($_SESSION[$field])) {
239
			return $_SESSION[$field];
240
		} else {
241
			return null;
242
		}
243 1365 Luisehahne
	}
244
245
	// Get SERVER data
246
	function get_server($field) {
247 1373 Luisehahne
		if(isset($_SERVER[$field])) {
248
			return $_SERVER[$field];
249
		} else {
250
			return null;
251
		}
252 1365 Luisehahne
	}
253
254
	// Get the current users id
255
	function get_user_id() {
256
		return $_SESSION['USER_ID'];
257
	}
258
259 1373 Luisehahne
	// Get the current users group id
260 1365 Luisehahne
	function get_group_id() {
261
		return $_SESSION['GROUP_ID'];
262
	}
263
264
	// Get the current users group ids
265
	function get_groups_id() {
266 1373 Luisehahne
		return explode(",", $_SESSION['GROUPS_ID']);
267 1365 Luisehahne
	}
268
269
	// Get the current users group name
270
	function get_group_name() {
271
		return implode(",", $_SESSION['GROUP_NAME']);
272
	}
273
274
	// Get the current users group name
275
	function get_groups_name() {
276
		return $_SESSION['GROUP_NAME'];
277
	}
278
279
	// Get the current users username
280
	function get_username() {
281
		return $_SESSION['USERNAME'];
282
	}
283
284
	// Get the current users display name
285
	function get_display_name() {
286 1373 Luisehahne
		return ($_SESSION['DISPLAY_NAME']);
287 1365 Luisehahne
	}
288
289
	// Get the current users email address
290
	function get_email() {
291
		return $_SESSION['EMAIL'];
292
	}
293
294
	// Get the current users home folder
295
	function get_home_folder() {
296
		return $_SESSION['HOME_FOLDER'];
297
	}
298
299
	// Get the current users timezone
300
	function get_timezone() {
301 1373 Luisehahne
		if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
302
			return $_SESSION['TIMEZONE'];
303
		} else {
304
			return '-72000';
305 1365 Luisehahne
		}
306
	}
307
308 1373 Luisehahne
	// Validate supplied email address
309
	function validate_email($email) {
310
		if(function_exists('idn_to_ascii')){ /* use pear if available */
311
			$email = idn_to_ascii($email);
312
		}else {
313
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
314
			$IDN = new idna_convert();
315
			$email = $IDN->encode($email);
316
			unset($IDN);
317 1372 Luisehahne
		}
318 1378 Luisehahne
		// regex from NorHei 2011-01-11
319
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
320
		return ($retval != false);
321 1372 Luisehahne
	}
322
323
/* ****************
324 1365 Luisehahne
 * set one or more bit in a integer value
325
 *
326
 * @access public
327
 * @param int $value: reference to the integer, containing the value
328
 * @param int $bits2set: the bitmask witch shall be added to value
329
 * @return void
330
 */
331
	function bit_set( &$value, $bits2set )
332
	{
333
		$value |= $bits2set;
334
	}
335
336
/* ****************
337
 * reset one or more bit from a integer value
338
 *
339
 * @access public
340
 * @param int $value: reference to the integer, containing the value
341
 * @param int $bits2reset: the bitmask witch shall be removed from value
342
 * @return void
343
 */
344
	function bit_reset( &$value, $bits2reset)
345
	{
346
		$value &= ~$bits2reset;
347
	}
348
349
/* ****************
350
 * check if one or more bit in a integer value are set
351
 *
352
 * @access public
353
 * @param int $value: reference to the integer, containing the value
354
 * @param int $bits2set: the bitmask witch shall be added to value
355
 * @return void
356
 */
357
	function bit_isset( $value, $bits2test )
358
	{
359
		return (($value & $bits2test) == $bits2test);
360
	}
361
362 1373 Luisehahne
/*
363 1365 Luisehahne
	// Validate supplied email address
364
	function validate_email($email) {
365 1373 Luisehahne
		if(function_exists('idn_to_ascii')){ // use pear if available
366
			$email = idn_to_ascii($email);
367
		}else {
368
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
369
			$IDN = new idna_convert();
370
			$email = $IDN->encode($email);
371
			unset($IDN);
372 1365 Luisehahne
		}
373 1373 Luisehahne
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
374 1365 Luisehahne
	}
375 1373 Luisehahne
*/
376 1365 Luisehahne
	// Print a success message which then automatically redirects the user to another page
377 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
378 1365 Luisehahne
	    global $TEXT;
379 1443 Luisehahne
        if(is_array($message)) {
380
           $message = implode ('<br />',$message);
381
        }
382 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
383 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
384 1365 Luisehahne
	    // add template variables
385
	    $tpl = new Template( THEME_PATH.'/templates' );
386
	    $tpl->set_file( 'page', 'success.htt' );
387
	    $tpl->set_block( 'page', 'main_block', 'main' );
388 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
389
	    $tpl->set_var( 'MESSAGE', $message );
390
	    $tpl->set_var( 'REDIRECT', $redirect );
391
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
392 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
393
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
394 1397 Luisehahne
	    if ($redirect_timer == -1) {
395 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
396 1373 Luisehahne
	    }
397
	    else {
398 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
399
	    }
400
	    $tpl->parse( 'main', 'main_block', false );
401
	    $tpl->pparse( 'output', 'page' );
402
	}
403
404
	// Print an error message
405 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
406 1365 Luisehahne
		global $TEXT;
407 1443 Luisehahne
        if(is_array($message)) {
408
           $message = implode ('<br />',$message);
409
        }
410 1365 Luisehahne
		$success_template = new Template(THEME_PATH.'/templates');
411
		$success_template->set_file('page', 'error.htt');
412
		$success_template->set_block('page', 'main_block', 'main');
413
		$success_template->set_var('MESSAGE', $message);
414
		$success_template->set_var('LINK', $link);
415
		$success_template->set_var('BACK', $TEXT['BACK']);
416
		$success_template->parse('main', 'main_block', false);
417
		$success_template->pparse('output', 'page');
418
		if ( $auto_footer == true ) {
419
			if ( method_exists($this, "print_footer") ) {
420
				$this->print_footer();
421
			}
422
		}
423
		exit();
424
	}
425
426
	// Validate send email
427
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
428 1373 Luisehahne
		/*
429 1365 Luisehahne
			INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
430
			SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
431
			NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
432
433
			NOTE:
434
			To use SMTP for sending out mails, you have to specify the SMTP host of your domain
435
			via the Settings panel in the backend of Website Baker
436
		*/
437
438
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
439
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
440
		$subject = preg_replace('/[\r\n]/', '', $subject);
441
		$message_alt = $message;
442 1373 Luisehahne
		$message = preg_replace('/[\r\n]/', '<br \>', $message);
443
444 1365 Luisehahne
		// create PHPMailer object and define default settings
445
		$myMail = new wbmailer();
446
447
		// set user defined from address
448
		if ($fromaddress!='') {
449
			if($fromname!='') $myMail->FromName = $fromname;         // FROM-NAME
450
			$myMail->From = $fromaddress;                            // FROM:
451
			$myMail->AddReplyTo($fromaddress);                       // REPLY TO:
452
		}
453
454
		// define recepient and information to send out
455
		$myMail->AddAddress($toaddress);                            // TO:
456
		$myMail->Subject = $subject;                                // SUBJECT
457
		$myMail->Body = $message;                                   // CONTENT (HTML)
458
		$myMail->AltBody = strip_tags($message_alt);				// CONTENT (TEXT)
459
460
		// check if there are any send mail errors, otherwise say successful
461
		if (!$myMail->Send()) {
462
			return false;
463
		} else {
464
			return true;
465
		}
466
	}
467
468
}