Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend 
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2011, Website Baker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: class.wb.php 1529 2011-11-25 05:03:32Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
14
 * @lastmodified    $Date: 2011-11-25 06:03:32 +0100 (Fri, 25 Nov 2011) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23
/* -------------------------------------------------------- */
24
// Include PHPLIB template class
25
require_once(WB_PATH."/include/phplib/template.inc");
26

    
27
require_once(WB_PATH.'/framework/class.database.php');
28

    
29
// Include new wbmailer class (subclass of PHPmailer)
30
require_once(WB_PATH."/framework/class.wbmailer.php");
31

    
32
//require_once(WB_PATH."/framework/SecureForm.php");
33

    
34
class wb extends SecureForm
35
{
36

    
37
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
38
	// performed when frontend or backend is loaded.
39

    
40
	public function  __construct($mode = SecureForm::FRONTEND) {
41
		parent::__construct($mode);
42
	}
43

    
44
/* ****************
45
 * check if one or more group_ids are in both group_lists
46
 *
47
 * @access public
48
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
49
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
50
 * @param array &$matches: an array-var whitch will return possible matches
51
 * @return bool: true there is a match, otherwise false
52
 */
53
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
54
	{
55
		if( $groups_list1 == '' ) { return false; }
56
		if( $groups_list2 == '' ) { return false; }
57
		if( !is_array($groups_list1) )
58
		{
59
			$groups_list1 = explode(',', $groups_list1);
60
		}
61
		if( !is_array($groups_list2) )
62
		{
63
			$groups_list2 = explode(',', $groups_list2);
64
		}
65
		$matches = array_intersect( $groups_list1, $groups_list2);
66
		return ( sizeof($matches) != 0 );
67
	}
68
/* ****************
69
 * check if current user is member of at least one of given groups
70
 * ADMIN (uid=1) always is treated like a member of any groups
71
 *
72
 * @access public
73
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
74
 * @return bool: true if current user is member of one of this groups, otherwise false
75
 */
76
	function ami_group_member( $groups_list = '' )
77
	{
78
		if( $this->get_user_id() == 1 ) { return true; }
79
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
80
	}
81

    
82
	// Check whether a page is visible or not.
83
	// This will check page-visibility and user- and group-rights.
84
	/* page_is_visible() returns
85
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
86
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
87
	*/
88
	function page_is_visible($page)
89
    {
90
		$show_it = false; // shall we show the page?
91
		$page_id = $page['page_id'];
92
		$visibility = $page['visibility'];
93
		$viewing_groups = $page['viewing_groups'];
94
		$viewing_users = $page['viewing_users'];
95

    
96
		// First check if visibility is 'none', 'deleted'
97
		if($visibility == 'none')
98
        {
99
			return(false);
100
		} elseif($visibility == 'deleted')
101
        {
102
			return(false);
103
		}
104

    
105
		// Now check if visibility is 'hidden', 'private' or 'registered'
106
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
107
			$show_it = true;
108
		} elseif($visibility == 'private' || $visibility == 'registered')
109
        {
110
			// Check if the user is logged in
111
			if($this->is_authenticated() == true)
112
            {
113
				// Now check if the user has perms to view the page
114
				$in_group = false;
115
				foreach($this->get_groups_id() as $cur_gid)
116
                {
117
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
118
                    {
119
				        $in_group = true;
120
				    }
121
				}
122
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
123
					$show_it = true;
124
				} else {
125
					$show_it = false;
126
				}
127
			} else {
128
				$show_it = false;
129
			}
130
		} elseif($visibility == 'public') {
131
			$show_it = true;
132
		} else {
133
			$show_it = false;
134
		}
135
		return($show_it);
136
	}
137
	// Check if there is at least one active section on this page
138
	function page_is_active($page)
139
    {
140
		global $database;
141
		$has_active_sections = false;
142
		$page_id = $page['page_id'];
143
		$now = time();
144
		$sql  = 'SELECT `publ_start`, `publ_end` ';
145
		$sql .= 'FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
146
		$query_sections = $database->query($sql);
147
		if($query_sections->numRows() != 0) {
148
			while($section = $query_sections->fetchRow()) {
149
				if( $now<$section['publ_end'] &&
150
					($now>$section['publ_start'] || $section['publ_start']==0) ||
151
					$now>$section['publ_start'] && $section['publ_end']==0)
152
				{
153
					$has_active_sections = true;
154
					break;
155
				}
156
			}
157
		}
158
		return($has_active_sections);
159
	}
160

    
161
	// Check whether we should show a page or not (for front-end)
162
	function show_page($page)
163
    {
164
		$retval = ($this->page_is_visible($page) && $this->page_is_active($page));
165
		return $retval;
166
	}
167

    
168
	// Check if the user is already authenticated or not
169
	function is_authenticated() {
170
		$retval = ( isset($_SESSION['USER_ID']) AND
171
		            $_SESSION['USER_ID'] != "" AND
172
		            is_numeric($_SESSION['USER_ID']));
173
        return $retval;
174
	}
175

    
176
	// Modified addslashes function which takes into account magic_quotes
177
	function add_slashes($input) {
178
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
179
			return $input;
180
		}
181
		return addslashes($input);
182
	}
183

    
184
	// Ditto for stripslashes
185
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
186
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
187
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
188
	function strip_slashes($input) {
189
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
190
			return $input;
191
		}
192
		return stripslashes($input);
193
	}
194

    
195
	// Escape backslashes for use with mySQL LIKE strings
196
	function escape_backslashes($input) {
197
		return str_replace("\\","\\\\",$input);
198
	}
199

    
200
	function page_link($link){
201
		// Check for :// in the link (used in URL's) as well as mailto:
202
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
203
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
204
		} else {
205
			return $link;
206
		}
207
	}
208
	
209
	// Get POST data
210
	function get_post($field) {
211
		return (isset($_POST[$field]) ? $_POST[$field] : null);
212
	}
213

    
214
	// Get POST data and escape it
215
	function get_post_escaped($field) {
216
		$result = $this->get_post($field);
217
		return (is_null($result)) ? null : $this->add_slashes($result);
218
	}
219
	
220
	// Get GET data
221
	function get_get($field) {
222
		return (isset($_GET[$field]) ? $_GET[$field] : null);
223
	}
224

    
225
	// Get SESSION data
226
	function get_session($field) {
227
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
228
	}
229

    
230
	// Get SERVER data
231
	function get_server($field) {
232
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
233
	}
234

    
235
	// Get the current users id
236
	function get_user_id() {
237
		return $this->get_session('USER_ID');
238
	}
239

    
240
	// Get the current users group id
241
	function get_group_id() {
242
		return $this->get_session('GROUP_ID');
243
	}
244

    
245
	// Get the current users group ids
246
	function get_groups_id() {
247
		return explode(",", $this->get_session('GROUPS_ID'));
248
	}
249

    
250
	// Get the current users group name
251
	function get_group_name() {
252
		return implode(",", $this->get_session('GROUP_NAME'));
253
	}
254

    
255
	// Get the current users group name
256
	function get_groups_name() {
257
		return $this->get_session('GROUP_NAME');
258
	}
259

    
260
	// Get the current users username
261
	function get_username() {
262
		return $this->get_session('USERNAME');
263
	}
264

    
265
	// Get the current users display name
266
	function get_display_name() {
267
		return $this->get_session('DISPLAY_NAME');
268
	}
269

    
270
	// Get the current users email address
271
	function get_email() {
272
		return $this->get_session('EMAIL');
273
	}
274

    
275
	// Get the current users home folder
276
	function get_home_folder() {
277
		return $this->get_session('HOME_FOLDER');
278
	}
279

    
280
	// Get the current users timezone
281
	function get_timezone() {
282
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
283
	}
284

    
285
	// Validate supplied email address
286
	function validate_email($email) {
287
		if(function_exists('idn_to_ascii')){ /* use pear if available */
288
			$email = idn_to_ascii($email);
289
		}else {
290
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
291
			$IDN = new idna_convert();
292
			$email = $IDN->encode($email);
293
			unset($IDN);
294
		}
295
		// regex from NorHei 2011-01-11
296
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
297
		return ($retval != false);
298
	}
299

    
300
/* ****************
301
 * set one or more bit in a integer value
302
 *
303
 * @access public
304
 * @param int $value: reference to the integer, containing the value
305
 * @param int $bits2set: the bitmask witch shall be added to value
306
 * @return void
307
 */
308
	function bit_set( &$value, $bits2set )
309
	{
310
		$value |= $bits2set;
311
	}
312

    
313
/* ****************
314
 * reset one or more bit from a integer value
315
 *
316
 * @access public
317
 * @param int $value: reference to the integer, containing the value
318
 * @param int $bits2reset: the bitmask witch shall be removed from value
319
 * @return void
320
 */
321
	function bit_reset( &$value, $bits2reset)
322
	{
323
		$value &= ~$bits2reset;
324
	}
325

    
326
/* ****************
327
 * check if one or more bit in a integer value are set
328
 *
329
 * @access public
330
 * @param int $value: reference to the integer, containing the value
331
 * @param int $bits2set: the bitmask witch shall be added to value
332
 * @return void
333
 */
334
	function bit_isset( $value, $bits2test )
335
	{
336
		return (($value & $bits2test) == $bits2test);
337
	}
338

    
339
	// Print a success message which then automatically redirects the user to another page
340
	function print_success( $message, $redirect = 'index.php' ) {
341
	    global $TEXT;
342
        if(is_array($message)) {
343
           $message = implode ('<br />',$message);
344
        }
345
	    // fetch redirect timer for sucess messages from settings table
346
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
347
	    // add template variables
348
		// Setup template object, parse vars to it, then parse it
349
		$ThemePath = realpath(WB_PATH.$this->correct_theme_source('success.htt'));
350
		$tpl = new Template($ThemePath);
351
	    $tpl->set_file( 'page', 'success.htt' );
352
	    $tpl->set_block( 'page', 'main_block', 'main' );
353
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
354
	    $tpl->set_var( 'MESSAGE', $message );
355
	    $tpl->set_var( 'REDIRECT', $redirect );
356
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
357
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
358
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
359
	    if ($redirect_timer == -1) {
360
	        $tpl->set_block( 'show_redirect', '' );
361
	    }
362
	    else {
363
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
364
	    }
365
	    $tpl->parse( 'main', 'main_block', false );
366
	    $tpl->pparse( 'output', 'page' );
367
	}
368

    
369
	// Print an error message
370
	function print_error($message, $link = 'index.php', $auto_footer = true) {
371
		global $TEXT;
372
        if(is_array($message)) {
373
           $message = implode ('<br />',$message);
374
        }
375
		// Setup template object, parse vars to it, then parse it
376
		$ThemePath = realpath(WB_PATH.$this->correct_theme_source('error.htt'));
377
		$success_template = new Template($ThemePath);
378
		$success_template->set_file('page', 'error.htt');
379
		$success_template->set_block('page', 'main_block', 'main');
380
		$success_template->set_var('MESSAGE', $message);
381
		$success_template->set_var('LINK', $link);
382
		$success_template->set_var('BACK', $TEXT['BACK']);
383
		$success_template->parse('main', 'main_block', false);
384
		$success_template->pparse('output', 'page');
385
		if ( $auto_footer == true ) {
386
			if ( method_exists($this, "print_footer") ) {
387
				$this->print_footer();
388
			}
389
		}
390
		exit();
391
	}
392

    
393
	// Validate send email
394
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='') {
395
/* 
396
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
397
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
398
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
399

    
400
	NOTE:
401
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
402
	via the Settings panel in the backend of Website Baker
403
*/ 
404

    
405
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
406
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
407
		$subject = preg_replace('/[\r\n]/', '', $subject);
408
		// $message_alt = $message;
409
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
410

    
411
		// create PHPMailer object and define default settings
412
		$myMail = new wbmailer();
413
		// set user defined from address
414
		if ($fromaddress!='') {
415
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
416
			$myMail->From = $fromaddress;                     // FROM:
417
			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
418
		}
419
		// define recepient and information to send out
420
		$myMail->AddAddress($toaddress);                      // TO:
421
		$myMail->Subject = $subject;                          // SUBJECT
422
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
423
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
424
		// check if there are any send mail errors, otherwise say successful
425
		if (!$myMail->Send()) {
426
			return false;
427
		} else {
428
			return true;
429
		}
430
	}
431

    
432
	/**
433
	 * checks if there is an alternative Theme template
434
	 *
435
	 * @access public
436
	 * @param string : set the template.htt
437
	 * @return string: the relative theme path
438
	 *
439
	 */
440
	function correct_theme_source($sThemeFile = 'start.htt'){
441
		$sThemePath = ADMIN_URL.'/themes/templates';
442
		if ( file_exists( THEME_PATH.'/templates/'.$sThemeFile ) ){
443
			$sThemePath = THEME_URL.'/templates';
444
	}
445
		return str_replace(WB_URL,'',$sThemePath);
446
	}
447

    
448
	/**
449
	 * Check if a foldername doesn't have invalid characters
450
	 *
451
	 * @param String $str to check
452
	 * @return Bool
453
	 */
454
	function checkFolderName($str){
455
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
456
	}
457

    
458
	/**
459
	 * Check the given path to make sure current path is within given basedir
460
	 * normally document root
461
	 *
462
	 * @param String $sCurrentPath
463
	 * @param String $sBaseDir
464
	 * @return $sCurrentPath or FALSE
465
	 */
466
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
467
		// Clean the cuurent path
468
        $sCurrentPath = rawurldecode($sCurrentPath);
469
        $sCurrentPath = realpath($sCurrentPath);
470
        $sBaseDir = realpath($sBaseDir);
471
		// $sBaseDir needs to exist in the $sCurrentPath
472
		$pos = stripos ($sCurrentPath, $sBaseDir );
473

    
474
		if ( $pos === FALSE ){
475
			return false;
476
		} elseif( $pos == 0 ) {
477
			return $sCurrentPath;
478
		} else {
479
			return false;
480
		}
481
	}
482

    
483
}
(12-12/20)