Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         framework
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
9 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
13 1365 Luisehahne
 * @version         $Id$
14 1457 Luisehahne
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16 1365 Luisehahne
 *
17
 */
18 1496 DarkViper
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20 1499 DarkViper
if(!defined('WB_PATH')) {
21
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23
}
24 1496 DarkViper
/* -------------------------------------------------------- */
25 1365 Luisehahne
// Include PHPLIB template class
26
require_once(WB_PATH."/include/phplib/template.inc");
27
28
require_once(WB_PATH.'/framework/class.database.php');
29
30
// Include new wbmailer class (subclass of PHPmailer)
31
require_once(WB_PATH."/framework/class.wbmailer.php");
32
33 1462 DarkViper
//require_once(WB_PATH."/framework/SecureForm.php");
34 1365 Luisehahne
35
class wb extends SecureForm
36
{
37
38 1457 Luisehahne
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
39 1365 Luisehahne
	// performed when frontend or backend is loaded.
40
41 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
42
		parent::__construct($mode);
43 1365 Luisehahne
	}
44
45 1373 Luisehahne
/* ****************
46 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
47
 *
48
 * @access public
49
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
50
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
51
 * @param array &$matches: an array-var whitch will return possible matches
52
 * @return bool: true there is a match, otherwise false
53
 */
54
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
55
	{
56
		if( $groups_list1 == '' ) { return false; }
57
		if( $groups_list2 == '' ) { return false; }
58
		if( !is_array($groups_list1) )
59
		{
60
			$groups_list1 = explode(',', $groups_list1);
61
		}
62
		if( !is_array($groups_list2) )
63
		{
64
			$groups_list2 = explode(',', $groups_list2);
65
		}
66
		$matches = array_intersect( $groups_list1, $groups_list2);
67
		return ( sizeof($matches) != 0 );
68
	}
69
/* ****************
70 1373 Luisehahne
 * check if current user is member of at least one of given groups
71
 * ADMIN (uid=1) always is treated like a member of any groups
72
 *
73
 * @access public
74
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
75
 * @return bool: true if current user is member of one of this groups, otherwise false
76
 */
77
	function ami_group_member( $groups_list = '' )
78
	{
79
		if( $this->get_user_id() == 1 ) { return true; }
80
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
81
	}
82
83 1365 Luisehahne
	// Check whether a page is visible or not.
84
	// This will check page-visibility and user- and group-rights.
85
	/* page_is_visible() returns
86
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
87
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
88
	*/
89 1373 Luisehahne
	function page_is_visible($page)
90 1365 Luisehahne
    {
91 1373 Luisehahne
		$show_it = false; // shall we show the page?
92
		$page_id = $page['page_id'];
93
		$visibility = $page['visibility'];
94
		$viewing_groups = $page['viewing_groups'];
95
		$viewing_users = $page['viewing_users'];
96
97 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
98 1373 Luisehahne
		if($visibility == 'none')
99
        {
100
			return(false);
101
		} elseif($visibility == 'deleted')
102
        {
103
			return(false);
104
		}
105
106
		// Now check if visibility is 'hidden', 'private' or 'registered'
107
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
108
			$show_it = true;
109
		} elseif($visibility == 'private' || $visibility == 'registered')
110
        {
111
			// Check if the user is logged in
112
			if($this->is_authenticated() == true)
113
            {
114
				// Now check if the user has perms to view the page
115
				$in_group = false;
116
				foreach($this->get_groups_id() as $cur_gid)
117
                {
118
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
119
                    {
120
				        $in_group = true;
121
				    }
122
				}
123
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
124
					$show_it = true;
125
				} else {
126
					$show_it = false;
127
				}
128
			} else {
129 1372 Luisehahne
				$show_it = false;
130 1373 Luisehahne
			}
131
		} elseif($visibility == 'public') {
132
			$show_it = true;
133
		} else {
134
			$show_it = false;
135 1365 Luisehahne
		}
136
		return($show_it);
137
	}
138
	// Check if there is at least one active section on this page
139
	function page_is_active($page)
140
    {
141
		global $database;
142 1373 Luisehahne
		$has_active_sections = false;
143
		$page_id = $page['page_id'];
144 1365 Luisehahne
		$now = time();
145 1487 DarkViper
		$sql  = 'SELECT `publ_start`, `publ_end` ';
146
		$sql .= 'FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
147
		$query_sections = $database->query($sql);
148
		if($query_sections->numRows() != 0) {
149
			while($section = $query_sections->fetchRow()) {
150
				if( $now<$section['publ_end'] &&
151
					($now>$section['publ_start'] || $section['publ_start']==0) ||
152
					$now>$section['publ_start'] && $section['publ_end']==0)
153
				{
154 1373 Luisehahne
					$has_active_sections = true;
155
					break;
156
				}
157
			}
158
		}
159
		return($has_active_sections);
160 1365 Luisehahne
	}
161
162
	// Check whether we should show a page or not (for front-end)
163
	function show_page($page)
164
    {
165 1487 DarkViper
		$retval = ($this->page_is_visible($page) && $this->page_is_active($page));
166
		return $retval;
167 1365 Luisehahne
	}
168
169
	// Check if the user is already authenticated or not
170
	function is_authenticated() {
171 1487 DarkViper
		$retval = ( isset($_SESSION['USER_ID']) AND
172
		            $_SESSION['USER_ID'] != "" AND
173
		            is_numeric($_SESSION['USER_ID']));
174
        return $retval;
175 1365 Luisehahne
	}
176
177
	// Modified addslashes function which takes into account magic_quotes
178
	function add_slashes($input) {
179 1487 DarkViper
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
180 1365 Luisehahne
			return $input;
181
		}
182 1487 DarkViper
		return addslashes($input);
183 1365 Luisehahne
	}
184
185
	// Ditto for stripslashes
186
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
187
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
188
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
189
	function strip_slashes($input) {
190
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
191
			return $input;
192
		}
193 1487 DarkViper
		return stripslashes($input);
194 1365 Luisehahne
	}
195
196
	// Escape backslashes for use with mySQL LIKE strings
197
	function escape_backslashes($input) {
198
		return str_replace("\\","\\\\",$input);
199
	}
200
201
	function page_link($link){
202
		// Check for :// in the link (used in URL's) as well as mailto:
203 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
204 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
205
		} else {
206
			return $link;
207
		}
208
	}
209
210
	// Get POST data
211
	function get_post($field) {
212 1487 DarkViper
		return (isset($_POST[$field]) ? $_POST[$field] : null);
213 1365 Luisehahne
	}
214
215
	// Get POST data and escape it
216
	function get_post_escaped($field) {
217
		$result = $this->get_post($field);
218
		return (is_null($result)) ? null : $this->add_slashes($result);
219
	}
220
221
	// Get GET data
222
	function get_get($field) {
223 1487 DarkViper
		return (isset($_GET[$field]) ? $_GET[$field] : null);
224 1365 Luisehahne
	}
225
226
	// Get SESSION data
227
	function get_session($field) {
228 1487 DarkViper
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
229 1365 Luisehahne
	}
230
231
	// Get SERVER data
232
	function get_server($field) {
233 1487 DarkViper
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
234 1365 Luisehahne
	}
235
236
	// Get the current users id
237
	function get_user_id() {
238
		return $_SESSION['USER_ID'];
239
	}
240
241 1373 Luisehahne
	// Get the current users group id
242 1365 Luisehahne
	function get_group_id() {
243
		return $_SESSION['GROUP_ID'];
244
	}
245
246
	// Get the current users group ids
247
	function get_groups_id() {
248 1373 Luisehahne
		return explode(",", $_SESSION['GROUPS_ID']);
249 1365 Luisehahne
	}
250
251
	// Get the current users group name
252
	function get_group_name() {
253
		return implode(",", $_SESSION['GROUP_NAME']);
254
	}
255
256
	// Get the current users group name
257
	function get_groups_name() {
258
		return $_SESSION['GROUP_NAME'];
259
	}
260
261
	// Get the current users username
262
	function get_username() {
263
		return $_SESSION['USERNAME'];
264
	}
265
266
	// Get the current users display name
267
	function get_display_name() {
268 1373 Luisehahne
		return ($_SESSION['DISPLAY_NAME']);
269 1365 Luisehahne
	}
270
271
	// Get the current users email address
272
	function get_email() {
273
		return $_SESSION['EMAIL'];
274
	}
275
276
	// Get the current users home folder
277
	function get_home_folder() {
278
		return $_SESSION['HOME_FOLDER'];
279
	}
280
281
	// Get the current users timezone
282
	function get_timezone() {
283 1487 DarkViper
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
284 1365 Luisehahne
	}
285
286 1373 Luisehahne
	// Validate supplied email address
287
	function validate_email($email) {
288
		if(function_exists('idn_to_ascii')){ /* use pear if available */
289
			$email = idn_to_ascii($email);
290
		}else {
291
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
292
			$IDN = new idna_convert();
293
			$email = $IDN->encode($email);
294
			unset($IDN);
295 1372 Luisehahne
		}
296 1378 Luisehahne
		// regex from NorHei 2011-01-11
297
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
298
		return ($retval != false);
299 1372 Luisehahne
	}
300
301
/* ****************
302 1365 Luisehahne
 * set one or more bit in a integer value
303
 *
304
 * @access public
305
 * @param int $value: reference to the integer, containing the value
306
 * @param int $bits2set: the bitmask witch shall be added to value
307
 * @return void
308
 */
309
	function bit_set( &$value, $bits2set )
310
	{
311
		$value |= $bits2set;
312
	}
313
314
/* ****************
315
 * reset one or more bit from a integer value
316
 *
317
 * @access public
318
 * @param int $value: reference to the integer, containing the value
319
 * @param int $bits2reset: the bitmask witch shall be removed from value
320
 * @return void
321
 */
322
	function bit_reset( &$value, $bits2reset)
323
	{
324
		$value &= ~$bits2reset;
325
	}
326
327
/* ****************
328
 * check if one or more bit in a integer value are set
329
 *
330
 * @access public
331
 * @param int $value: reference to the integer, containing the value
332
 * @param int $bits2set: the bitmask witch shall be added to value
333
 * @return void
334
 */
335
	function bit_isset( $value, $bits2test )
336
	{
337
		return (($value & $bits2test) == $bits2test);
338
	}
339
340 1373 Luisehahne
/*
341 1365 Luisehahne
	// Validate supplied email address
342
	function validate_email($email) {
343 1373 Luisehahne
		if(function_exists('idn_to_ascii')){ // use pear if available
344
			$email = idn_to_ascii($email);
345
		}else {
346
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
347
			$IDN = new idna_convert();
348
			$email = $IDN->encode($email);
349
			unset($IDN);
350 1365 Luisehahne
		}
351 1373 Luisehahne
		return !(filter_var($email, FILTER_VALIDATE_EMAIL) == false);
352 1365 Luisehahne
	}
353 1373 Luisehahne
*/
354 1365 Luisehahne
	// Print a success message which then automatically redirects the user to another page
355 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
356 1365 Luisehahne
	    global $TEXT;
357 1443 Luisehahne
        if(is_array($message)) {
358
           $message = implode ('<br />',$message);
359
        }
360 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
361 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
362 1365 Luisehahne
	    // add template variables
363
	    $tpl = new Template( THEME_PATH.'/templates' );
364
	    $tpl->set_file( 'page', 'success.htt' );
365
	    $tpl->set_block( 'page', 'main_block', 'main' );
366 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
367
	    $tpl->set_var( 'MESSAGE', $message );
368
	    $tpl->set_var( 'REDIRECT', $redirect );
369
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
370 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
371
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
372 1397 Luisehahne
	    if ($redirect_timer == -1) {
373 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
374 1373 Luisehahne
	    }
375
	    else {
376 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
377
	    }
378
	    $tpl->parse( 'main', 'main_block', false );
379
	    $tpl->pparse( 'output', 'page' );
380
	}
381
382
	// Print an error message
383 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
384 1365 Luisehahne
		global $TEXT;
385 1443 Luisehahne
        if(is_array($message)) {
386
           $message = implode ('<br />',$message);
387
        }
388 1365 Luisehahne
		$success_template = new Template(THEME_PATH.'/templates');
389
		$success_template->set_file('page', 'error.htt');
390
		$success_template->set_block('page', 'main_block', 'main');
391
		$success_template->set_var('MESSAGE', $message);
392
		$success_template->set_var('LINK', $link);
393
		$success_template->set_var('BACK', $TEXT['BACK']);
394
		$success_template->parse('main', 'main_block', false);
395
		$success_template->pparse('output', 'page');
396
		if ( $auto_footer == true ) {
397
			if ( method_exists($this, "print_footer") ) {
398
				$this->print_footer();
399
			}
400
		}
401
		exit();
402
	}
403
404
	// Validate send email
405
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
406 1487 DarkViper
/*
407
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
408
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
409
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
410 1365 Luisehahne
411 1487 DarkViper
	NOTE:
412
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
413
	via the Settings panel in the backend of Website Baker
414
*/
415 1365 Luisehahne
416
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
417
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
418
		$subject = preg_replace('/[\r\n]/', '', $subject);
419 1463 Luisehahne
		// $message_alt = $message;
420
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
421
422 1365 Luisehahne
		// create PHPMailer object and define default settings
423
		$myMail = new wbmailer();
424
		// set user defined from address
425
		if ($fromaddress!='') {
426 1487 DarkViper
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
427
			$myMail->From = $fromaddress;                     // FROM:
428
			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
429 1365 Luisehahne
		}
430
		// define recepient and information to send out
431 1487 DarkViper
		$myMail->AddAddress($toaddress);                      // TO:
432
		$myMail->Subject = $subject;                          // SUBJECT
433
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
434
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
435 1365 Luisehahne
		// check if there are any send mail errors, otherwise say successful
436
		if (!$myMail->Send()) {
437
			return false;
438
		} else {
439
			return true;
440
		}
441
	}
442
443
}