Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
9 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
13 1365 Luisehahne
 * @version         $Id$
14 1457 Luisehahne
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16 1365 Luisehahne
 *
17
 */
18 1373 Luisehahne
19 1420 Luisehahne
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
21 1365 Luisehahne
// Include PHPLIB template class
22
require_once(WB_PATH."/include/phplib/template.inc");
23
24
require_once(WB_PATH.'/framework/class.database.php');
25
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28
29 1462 DarkViper
//require_once(WB_PATH."/framework/SecureForm.php");
30 1365 Luisehahne
31
class wb extends SecureForm
32
{
33
34 1457 Luisehahne
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
35 1365 Luisehahne
	// performed when frontend or backend is loaded.
36
37 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
38
		parent::__construct($mode);
39 1365 Luisehahne
	}
40
41 1373 Luisehahne
/* ****************
42 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
43
 *
44
 * @access public
45
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
46
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
47
 * @param array &$matches: an array-var whitch will return possible matches
48
 * @return bool: true there is a match, otherwise false
49
 */
50
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
51
	{
52
		if( $groups_list1 == '' ) { return false; }
53
		if( $groups_list2 == '' ) { return false; }
54
		if( !is_array($groups_list1) )
55
		{
56
			$groups_list1 = explode(',', $groups_list1);
57
		}
58
		if( !is_array($groups_list2) )
59
		{
60
			$groups_list2 = explode(',', $groups_list2);
61
		}
62
		$matches = array_intersect( $groups_list1, $groups_list2);
63
		return ( sizeof($matches) != 0 );
64
	}
65
/* ****************
66 1373 Luisehahne
 * check if current user is member of at least one of given groups
67
 * ADMIN (uid=1) always is treated like a member of any groups
68
 *
69
 * @access public
70
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
71
 * @return bool: true if current user is member of one of this groups, otherwise false
72
 */
73
	function ami_group_member( $groups_list = '' )
74
	{
75
		if( $this->get_user_id() == 1 ) { return true; }
76
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
77
	}
78
79 1365 Luisehahne
	// Check whether a page is visible or not.
80
	// This will check page-visibility and user- and group-rights.
81
	/* page_is_visible() returns
82
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
83
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
84
	*/
85 1373 Luisehahne
	function page_is_visible($page)
86 1365 Luisehahne
    {
87 1373 Luisehahne
		$show_it = false; // shall we show the page?
88
		$page_id = $page['page_id'];
89
		$visibility = $page['visibility'];
90
		$viewing_groups = $page['viewing_groups'];
91
		$viewing_users = $page['viewing_users'];
92
93 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
94 1373 Luisehahne
		if($visibility == 'none')
95
        {
96
			return(false);
97
		} elseif($visibility == 'deleted')
98
        {
99
			return(false);
100
		}
101
102
		// Now check if visibility is 'hidden', 'private' or 'registered'
103
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
104
			$show_it = true;
105
		} elseif($visibility == 'private' || $visibility == 'registered')
106
        {
107
			// Check if the user is logged in
108
			if($this->is_authenticated() == true)
109
            {
110
				// Now check if the user has perms to view the page
111
				$in_group = false;
112
				foreach($this->get_groups_id() as $cur_gid)
113
                {
114
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
115
                    {
116
				        $in_group = true;
117
				    }
118
				}
119
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
120
					$show_it = true;
121
				} else {
122
					$show_it = false;
123
				}
124
			} else {
125 1372 Luisehahne
				$show_it = false;
126 1373 Luisehahne
			}
127
		} elseif($visibility == 'public') {
128
			$show_it = true;
129
		} else {
130
			$show_it = false;
131 1365 Luisehahne
		}
132
		return($show_it);
133
	}
134
	// Check if there is at least one active section on this page
135
	function page_is_active($page)
136
    {
137
		global $database;
138 1373 Luisehahne
		$has_active_sections = false;
139
		$page_id = $page['page_id'];
140 1365 Luisehahne
		$now = time();
141 1487 DarkViper
		$sql  = 'SELECT `publ_start`, `publ_end` ';
142
		$sql .= 'FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
143
		$query_sections = $database->query($sql);
144
		if($query_sections->numRows() != 0) {
145
			while($section = $query_sections->fetchRow()) {
146
				if( $now<$section['publ_end'] &&
147
					($now>$section['publ_start'] || $section['publ_start']==0) ||
148
					$now>$section['publ_start'] && $section['publ_end']==0)
149
				{
150 1373 Luisehahne
					$has_active_sections = true;
151
					break;
152
				}
153
			}
154
		}
155
		return($has_active_sections);
156 1365 Luisehahne
	}
157
158
	// Check whether we should show a page or not (for front-end)
159
	function show_page($page)
160
    {
161 1487 DarkViper
		$retval = ($this->page_is_visible($page) && $this->page_is_active($page));
162
		return $retval;
163 1365 Luisehahne
	}
164
165
	// Check if the user is already authenticated or not
166
	function is_authenticated() {
167 1487 DarkViper
		$retval = ( isset($_SESSION['USER_ID']) AND
168
		            $_SESSION['USER_ID'] != "" AND
169
		            is_numeric($_SESSION['USER_ID']));
170
        return $retval;
171 1365 Luisehahne
	}
172
173
	// Modified addslashes function which takes into account magic_quotes
174
	function add_slashes($input) {
175 1487 DarkViper
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
176 1365 Luisehahne
			return $input;
177
		}
178 1487 DarkViper
		return addslashes($input);
179 1365 Luisehahne
	}
180
181
	// Ditto for stripslashes
182
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
183
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
184
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
185
	function strip_slashes($input) {
186
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
187
			return $input;
188
		}
189 1487 DarkViper
		return stripslashes($input);
190 1365 Luisehahne
	}
191
192
	// Escape backslashes for use with mySQL LIKE strings
193
	function escape_backslashes($input) {
194
		return str_replace("\\","\\\\",$input);
195
	}
196
197
	function page_link($link){
198
		// Check for :// in the link (used in URL's) as well as mailto:
199 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
200 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
201
		} else {
202
			return $link;
203
		}
204
	}
205
206
	// Get POST data
207
	function get_post($field) {
208 1487 DarkViper
		return (isset($_POST[$field]) ? $_POST[$field] : null);
209 1365 Luisehahne
	}
210
211
	// Get POST data and escape it
212
	function get_post_escaped($field) {
213
		$result = $this->get_post($field);
214
		return (is_null($result)) ? null : $this->add_slashes($result);
215
	}
216
217
	// Get GET data
218
	function get_get($field) {
219 1487 DarkViper
		return (isset($_GET[$field]) ? $_GET[$field] : null);
220 1365 Luisehahne
	}
221
222
	// Get SESSION data
223
	function get_session($field) {
224 1487 DarkViper
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
225 1365 Luisehahne
	}
226
227
	// Get SERVER data
228
	function get_server($field) {
229 1487 DarkViper
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
230 1365 Luisehahne
	}
231
232
	// Get the current users id
233
	function get_user_id() {
234
		return $_SESSION['USER_ID'];
235
	}
236
237 1373 Luisehahne
	// Get the current users group id
238 1365 Luisehahne
	function get_group_id() {
239
		return $_SESSION['GROUP_ID'];
240
	}
241
242
	// Get the current users group ids
243
	function get_groups_id() {
244 1373 Luisehahne
		return explode(",", $_SESSION['GROUPS_ID']);
245 1365 Luisehahne
	}
246
247
	// Get the current users group name
248
	function get_group_name() {
249
		return implode(",", $_SESSION['GROUP_NAME']);
250
	}
251
252
	// Get the current users group name
253
	function get_groups_name() {
254
		return $_SESSION['GROUP_NAME'];
255
	}
256
257
	// Get the current users username
258
	function get_username() {
259
		return $_SESSION['USERNAME'];
260
	}
261
262
	// Get the current users display name
263
	function get_display_name() {
264 1373 Luisehahne
		return ($_SESSION['DISPLAY_NAME']);
265 1365 Luisehahne
	}
266
267
	// Get the current users email address
268
	function get_email() {
269
		return $_SESSION['EMAIL'];
270
	}
271
272
	// Get the current users home folder
273
	function get_home_folder() {
274
		return $_SESSION['HOME_FOLDER'];
275
	}
276
277
	// Get the current users timezone
278
	function get_timezone() {
279 1487 DarkViper
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
280 1365 Luisehahne
	}
281
282 1373 Luisehahne
	// Validate supplied email address
283
	function validate_email($email) {
284
		if(function_exists('idn_to_ascii')){ /* use pear if available */
285
			$email = idn_to_ascii($email);
286
		}else {
287
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
288
			$IDN = new idna_convert();
289
			$email = $IDN->encode($email);
290
			unset($IDN);
291 1372 Luisehahne
		}
292 1378 Luisehahne
		// regex from NorHei 2011-01-11
293
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
294
		return ($retval != false);
295 1372 Luisehahne
	}
296
297
/* ****************
298 1365 Luisehahne
 * set one or more bit in a integer value
299
 *
300
 * @access public
301
 * @param int $value: reference to the integer, containing the value
302
 * @param int $bits2set: the bitmask witch shall be added to value
303
 * @return void
304
 */
305
	function bit_set( &$value, $bits2set )
306
	{
307
		$value |= $bits2set;
308
	}
309
310
/* ****************
311
 * reset one or more bit from a integer value
312
 *
313
 * @access public
314
 * @param int $value: reference to the integer, containing the value
315
 * @param int $bits2reset: the bitmask witch shall be removed from value
316
 * @return void
317
 */
318
	function bit_reset( &$value, $bits2reset)
319
	{
320
		$value &= ~$bits2reset;
321
	}
322
323
/* ****************
324
 * check if one or more bit in a integer value are set
325
 *
326
 * @access public
327
 * @param int $value: reference to the integer, containing the value
328
 * @param int $bits2set: the bitmask witch shall be added to value
329
 * @return void
330
 */
331
	function bit_isset( $value, $bits2test )
332
	{
333
		return (($value & $bits2test) == $bits2test);
334
	}
335
336 1373 Luisehahne
/*
337 1365 Luisehahne
	// Validate supplied email address
338
	function validate_email($email) {
339 1373 Luisehahne
		if(function_exists('idn_to_ascii')){ // use pear if available
340
			$email = idn_to_ascii($email);
341
		}else {
342
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
343
			$IDN = new idna_convert();
344
			$email = $IDN->encode($email);
345
			unset($IDN);
346 1365 Luisehahne
		}
347 1373 Luisehahne
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
348 1365 Luisehahne
	}
349 1373 Luisehahne
*/
350 1365 Luisehahne
	// Print a success message which then automatically redirects the user to another page
351 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
352 1365 Luisehahne
	    global $TEXT;
353 1443 Luisehahne
        if(is_array($message)) {
354
           $message = implode ('<br />',$message);
355
        }
356 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
357 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
358 1365 Luisehahne
	    // add template variables
359
	    $tpl = new Template( THEME_PATH.'/templates' );
360
	    $tpl->set_file( 'page', 'success.htt' );
361
	    $tpl->set_block( 'page', 'main_block', 'main' );
362 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
363
	    $tpl->set_var( 'MESSAGE', $message );
364
	    $tpl->set_var( 'REDIRECT', $redirect );
365
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
366 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
367
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
368 1397 Luisehahne
	    if ($redirect_timer == -1) {
369 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
370 1373 Luisehahne
	    }
371
	    else {
372 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
373
	    }
374
	    $tpl->parse( 'main', 'main_block', false );
375
	    $tpl->pparse( 'output', 'page' );
376
	}
377
378
	// Print an error message
379 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
380 1365 Luisehahne
		global $TEXT;
381 1443 Luisehahne
        if(is_array($message)) {
382
           $message = implode ('<br />',$message);
383
        }
384 1365 Luisehahne
		$success_template = new Template(THEME_PATH.'/templates');
385
		$success_template->set_file('page', 'error.htt');
386
		$success_template->set_block('page', 'main_block', 'main');
387
		$success_template->set_var('MESSAGE', $message);
388
		$success_template->set_var('LINK', $link);
389
		$success_template->set_var('BACK', $TEXT['BACK']);
390
		$success_template->parse('main', 'main_block', false);
391
		$success_template->pparse('output', 'page');
392
		if ( $auto_footer == true ) {
393
			if ( method_exists($this, "print_footer") ) {
394
				$this->print_footer();
395
			}
396
		}
397
		exit();
398
	}
399
400
	// Validate send email
401
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
402 1487 DarkViper
/*
403
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
404
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
405
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
406 1365 Luisehahne
407 1487 DarkViper
	NOTE:
408
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
409
	via the Settings panel in the backend of Website Baker
410
*/
411 1365 Luisehahne
412
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
413
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
414
		$subject = preg_replace('/[\r\n]/', '', $subject);
415 1463 Luisehahne
		// $message_alt = $message;
416
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
417
418 1365 Luisehahne
		// create PHPMailer object and define default settings
419
		$myMail = new wbmailer();
420
		// set user defined from address
421
		if ($fromaddress!='') {
422 1487 DarkViper
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
423
			$myMail->From = $fromaddress;                     // FROM:
424
			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
425 1365 Luisehahne
		}
426
		// define recepient and information to send out
427 1487 DarkViper
		$myMail->AddAddress($toaddress);                      // TO:
428
		$myMail->Subject = $subject;                          // SUBJECT
429
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
430
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
431 1365 Luisehahne
		// check if there are any send mail errors, otherwise say successful
432
		if (!$myMail->Send()) {
433
			return false;
434
		} else {
435
			return true;
436
		}
437
	}
438
439
}