Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4 1529 Luisehahne
 * @category        framework
5
 * @package         frontend
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
8 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
12 1365 Luisehahne
 * @version         $Id$
13 1457 Luisehahne
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15 1365 Luisehahne
 *
16
 */
17 1496 DarkViper
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19 1499 DarkViper
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23 1496 DarkViper
/* -------------------------------------------------------- */
24 1365 Luisehahne
// Include PHPLIB template class
25
require_once(WB_PATH."/include/phplib/template.inc");
26
27
require_once(WB_PATH.'/framework/class.database.php');
28
29
// Include new wbmailer class (subclass of PHPmailer)
30
require_once(WB_PATH."/framework/class.wbmailer.php");
31
32 1462 DarkViper
//require_once(WB_PATH."/framework/SecureForm.php");
33 1365 Luisehahne
34
class wb extends SecureForm
35
{
36
37 1457 Luisehahne
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
38 1365 Luisehahne
	// performed when frontend or backend is loaded.
39
40 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
41
		parent::__construct($mode);
42 1365 Luisehahne
	}
43
44 1373 Luisehahne
/* ****************
45 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
46
 *
47
 * @access public
48
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
49
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
50
 * @param array &$matches: an array-var whitch will return possible matches
51
 * @return bool: true there is a match, otherwise false
52
 */
53
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
54
	{
55
		if( $groups_list1 == '' ) { return false; }
56
		if( $groups_list2 == '' ) { return false; }
57
		if( !is_array($groups_list1) )
58
		{
59
			$groups_list1 = explode(',', $groups_list1);
60
		}
61
		if( !is_array($groups_list2) )
62
		{
63
			$groups_list2 = explode(',', $groups_list2);
64
		}
65
		$matches = array_intersect( $groups_list1, $groups_list2);
66
		return ( sizeof($matches) != 0 );
67
	}
68
/* ****************
69 1373 Luisehahne
 * check if current user is member of at least one of given groups
70
 * ADMIN (uid=1) always is treated like a member of any groups
71
 *
72
 * @access public
73
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
74
 * @return bool: true if current user is member of one of this groups, otherwise false
75
 */
76
	function ami_group_member( $groups_list = '' )
77
	{
78
		if( $this->get_user_id() == 1 ) { return true; }
79
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
80
	}
81
82 1365 Luisehahne
	// Check whether a page is visible or not.
83
	// This will check page-visibility and user- and group-rights.
84
	/* page_is_visible() returns
85
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
86
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
87
	*/
88 1373 Luisehahne
	function page_is_visible($page)
89 1365 Luisehahne
    {
90 1373 Luisehahne
		$show_it = false; // shall we show the page?
91
		$page_id = $page['page_id'];
92
		$visibility = $page['visibility'];
93
		$viewing_groups = $page['viewing_groups'];
94
		$viewing_users = $page['viewing_users'];
95
96 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
97 1373 Luisehahne
		if($visibility == 'none')
98
        {
99
			return(false);
100
		} elseif($visibility == 'deleted')
101
        {
102
			return(false);
103
		}
104
105
		// Now check if visibility is 'hidden', 'private' or 'registered'
106
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
107
			$show_it = true;
108
		} elseif($visibility == 'private' || $visibility == 'registered')
109
        {
110
			// Check if the user is logged in
111
			if($this->is_authenticated() == true)
112
            {
113
				// Now check if the user has perms to view the page
114
				$in_group = false;
115
				foreach($this->get_groups_id() as $cur_gid)
116
                {
117
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
118
                    {
119
				        $in_group = true;
120
				    }
121
				}
122
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
123
					$show_it = true;
124
				} else {
125
					$show_it = false;
126
				}
127
			} else {
128 1372 Luisehahne
				$show_it = false;
129 1373 Luisehahne
			}
130
		} elseif($visibility == 'public') {
131
			$show_it = true;
132
		} else {
133
			$show_it = false;
134 1365 Luisehahne
		}
135
		return($show_it);
136
	}
137
	// Check if there is at least one active section on this page
138
	function page_is_active($page)
139
    {
140
		global $database;
141 1373 Luisehahne
		$has_active_sections = false;
142
		$page_id = $page['page_id'];
143 1365 Luisehahne
		$now = time();
144 1487 DarkViper
		$sql  = 'SELECT `publ_start`, `publ_end` ';
145
		$sql .= 'FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
146
		$query_sections = $database->query($sql);
147
		if($query_sections->numRows() != 0) {
148
			while($section = $query_sections->fetchRow()) {
149
				if( $now<$section['publ_end'] &&
150
					($now>$section['publ_start'] || $section['publ_start']==0) ||
151
					$now>$section['publ_start'] && $section['publ_end']==0)
152
				{
153 1373 Luisehahne
					$has_active_sections = true;
154
					break;
155
				}
156
			}
157
		}
158
		return($has_active_sections);
159 1365 Luisehahne
	}
160
161
	// Check whether we should show a page or not (for front-end)
162
	function show_page($page)
163
    {
164 1487 DarkViper
		$retval = ($this->page_is_visible($page) && $this->page_is_active($page));
165
		return $retval;
166 1365 Luisehahne
	}
167
168
	// Check if the user is already authenticated or not
169
	function is_authenticated() {
170 1487 DarkViper
		$retval = ( isset($_SESSION['USER_ID']) AND
171
		            $_SESSION['USER_ID'] != "" AND
172
		            is_numeric($_SESSION['USER_ID']));
173
        return $retval;
174 1365 Luisehahne
	}
175
176
	// Modified addslashes function which takes into account magic_quotes
177
	function add_slashes($input) {
178 1487 DarkViper
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
179 1365 Luisehahne
			return $input;
180
		}
181 1487 DarkViper
		return addslashes($input);
182 1365 Luisehahne
	}
183
184
	// Ditto for stripslashes
185
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
186
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
187
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
188
	function strip_slashes($input) {
189
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
190
			return $input;
191
		}
192 1487 DarkViper
		return stripslashes($input);
193 1365 Luisehahne
	}
194
195
	// Escape backslashes for use with mySQL LIKE strings
196
	function escape_backslashes($input) {
197
		return str_replace("\\","\\\\",$input);
198
	}
199
200
	function page_link($link){
201
		// Check for :// in the link (used in URL's) as well as mailto:
202 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
203 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
204
		} else {
205
			return $link;
206
		}
207
	}
208
209
	// Get POST data
210
	function get_post($field) {
211 1487 DarkViper
		return (isset($_POST[$field]) ? $_POST[$field] : null);
212 1365 Luisehahne
	}
213
214
	// Get POST data and escape it
215
	function get_post_escaped($field) {
216
		$result = $this->get_post($field);
217
		return (is_null($result)) ? null : $this->add_slashes($result);
218
	}
219
220
	// Get GET data
221
	function get_get($field) {
222 1487 DarkViper
		return (isset($_GET[$field]) ? $_GET[$field] : null);
223 1365 Luisehahne
	}
224
225
	// Get SESSION data
226
	function get_session($field) {
227 1487 DarkViper
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
228 1365 Luisehahne
	}
229
230
	// Get SERVER data
231
	function get_server($field) {
232 1487 DarkViper
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
233 1365 Luisehahne
	}
234
235
	// Get the current users id
236
	function get_user_id() {
237 1511 Luisehahne
		return $this->get_session('USER_ID');
238 1365 Luisehahne
	}
239
240 1373 Luisehahne
	// Get the current users group id
241 1365 Luisehahne
	function get_group_id() {
242 1511 Luisehahne
		return $this->get_session('GROUP_ID');
243 1365 Luisehahne
	}
244
245
	// Get the current users group ids
246
	function get_groups_id() {
247 1511 Luisehahne
		return explode(",", $this->get_session('GROUPS_ID'));
248 1365 Luisehahne
	}
249
250
	// Get the current users group name
251
	function get_group_name() {
252 1511 Luisehahne
		return implode(",", $this->get_session('GROUP_NAME'));
253 1365 Luisehahne
	}
254
255
	// Get the current users group name
256
	function get_groups_name() {
257 1511 Luisehahne
		return $this->get_session('GROUP_NAME');
258 1365 Luisehahne
	}
259
260
	// Get the current users username
261
	function get_username() {
262 1511 Luisehahne
		return $this->get_session('USERNAME');
263 1365 Luisehahne
	}
264
265
	// Get the current users display name
266
	function get_display_name() {
267 1511 Luisehahne
		return $this->get_session('DISPLAY_NAME');
268 1365 Luisehahne
	}
269
270
	// Get the current users email address
271
	function get_email() {
272 1511 Luisehahne
		return $this->get_session('EMAIL');
273 1365 Luisehahne
	}
274
275
	// Get the current users home folder
276
	function get_home_folder() {
277 1511 Luisehahne
		return $this->get_session('HOME_FOLDER');
278 1365 Luisehahne
	}
279
280
	// Get the current users timezone
281
	function get_timezone() {
282 1487 DarkViper
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
283 1365 Luisehahne
	}
284
285 1373 Luisehahne
	// Validate supplied email address
286
	function validate_email($email) {
287
		if(function_exists('idn_to_ascii')){ /* use pear if available */
288
			$email = idn_to_ascii($email);
289
		}else {
290
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
291
			$IDN = new idna_convert();
292
			$email = $IDN->encode($email);
293
			unset($IDN);
294 1372 Luisehahne
		}
295 1378 Luisehahne
		// regex from NorHei 2011-01-11
296
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
297
		return ($retval != false);
298 1372 Luisehahne
	}
299
300
/* ****************
301 1365 Luisehahne
 * set one or more bit in a integer value
302
 *
303
 * @access public
304
 * @param int $value: reference to the integer, containing the value
305
 * @param int $bits2set: the bitmask witch shall be added to value
306
 * @return void
307
 */
308
	function bit_set( &$value, $bits2set )
309
	{
310
		$value |= $bits2set;
311
	}
312
313
/* ****************
314
 * reset one or more bit from a integer value
315
 *
316
 * @access public
317
 * @param int $value: reference to the integer, containing the value
318
 * @param int $bits2reset: the bitmask witch shall be removed from value
319
 * @return void
320
 */
321
	function bit_reset( &$value, $bits2reset)
322
	{
323
		$value &= ~$bits2reset;
324
	}
325
326
/* ****************
327
 * check if one or more bit in a integer value are set
328
 *
329
 * @access public
330
 * @param int $value: reference to the integer, containing the value
331
 * @param int $bits2set: the bitmask witch shall be added to value
332
 * @return void
333
 */
334
	function bit_isset( $value, $bits2test )
335
	{
336
		return (($value & $bits2test) == $bits2test);
337
	}
338
339
	// Print a success message which then automatically redirects the user to another page
340 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
341 1365 Luisehahne
	    global $TEXT;
342 1443 Luisehahne
        if(is_array($message)) {
343
           $message = implode ('<br />',$message);
344
        }
345 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
346 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
347 1365 Luisehahne
	    // add template variables
348 1529 Luisehahne
		// Setup template object, parse vars to it, then parse it
349 1625 Luisehahne
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
350 1365 Luisehahne
	    $tpl->set_file( 'page', 'success.htt' );
351
	    $tpl->set_block( 'page', 'main_block', 'main' );
352 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
353
	    $tpl->set_var( 'MESSAGE', $message );
354
	    $tpl->set_var( 'REDIRECT', $redirect );
355
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
356 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
357
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
358 1397 Luisehahne
	    if ($redirect_timer == -1) {
359 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
360 1373 Luisehahne
	    }
361
	    else {
362 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
363
	    }
364
	    $tpl->parse( 'main', 'main_block', false );
365
	    $tpl->pparse( 'output', 'page' );
366
	}
367
368
	// Print an error message
369 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
370 1365 Luisehahne
		global $TEXT;
371 1443 Luisehahne
        if(is_array($message)) {
372
           $message = implode ('<br />',$message);
373
        }
374 1529 Luisehahne
		// Setup template object, parse vars to it, then parse it
375 1625 Luisehahne
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
376 1365 Luisehahne
		$success_template->set_file('page', 'error.htt');
377
		$success_template->set_block('page', 'main_block', 'main');
378
		$success_template->set_var('MESSAGE', $message);
379
		$success_template->set_var('LINK', $link);
380
		$success_template->set_var('BACK', $TEXT['BACK']);
381
		$success_template->parse('main', 'main_block', false);
382
		$success_template->pparse('output', 'page');
383
		if ( $auto_footer == true ) {
384
			if ( method_exists($this, "print_footer") ) {
385
				$this->print_footer();
386
			}
387
		}
388
		exit();
389
	}
390
391
	// Validate send email
392 1650 darkviper
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
393 1487 DarkViper
/*
394
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
395
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
396
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
397 1365 Luisehahne
398 1487 DarkViper
	NOTE:
399
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
400
	via the Settings panel in the backend of Website Baker
401
*/
402 1365 Luisehahne
403
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
404
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
405
		$subject = preg_replace('/[\r\n]/', '', $subject);
406 1650 darkviper
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
407 1463 Luisehahne
		// $message_alt = $message;
408
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
409
410 1365 Luisehahne
		// create PHPMailer object and define default settings
411
		$myMail = new wbmailer();
412
		// set user defined from address
413
		if ($fromaddress!='') {
414 1487 DarkViper
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
415
			$myMail->From = $fromaddress;                     // FROM:
416 1650 darkviper
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
417
		}
418
		if($replyTo) {
419 1487 DarkViper
			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
420 1365 Luisehahne
		}
421
		// define recepient and information to send out
422 1487 DarkViper
		$myMail->AddAddress($toaddress);                      // TO:
423
		$myMail->Subject = $subject;                          // SUBJECT
424
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
425
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
426 1365 Luisehahne
		// check if there are any send mail errors, otherwise say successful
427
		if (!$myMail->Send()) {
428
			return false;
429
		} else {
430
			return true;
431
		}
432
	}
433
434 1625 Luisehahne
	 /**
435
	  * checks if there is an alternative Theme template
436
	  *
437
	  * @param string $sThemeFile set the template.htt
438
	  * @return string the relative theme path
439
	  *
440
	  */
441
        function correct_theme_source($sThemeFile = 'start.htt') {
442
		$sRetval = $sThemeFile;
443
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
444
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
445
		} else {
446 1641 Luisehahne
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
447
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
448 1625 Luisehahne
			} else {
449
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
450
			}
451
		}
452
		return $sRetval;
453
        }
454 1529 Luisehahne
455
	/**
456
	 * Check if a foldername doesn't have invalid characters
457
	 *
458
	 * @param String $str to check
459
	 * @return Bool
460
	 */
461
	function checkFolderName($str){
462
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
463
	}
464
465
	/**
466
	 * Check the given path to make sure current path is within given basedir
467
	 * normally document root
468
	 *
469
	 * @param String $sCurrentPath
470
	 * @param String $sBaseDir
471
	 * @return $sCurrentPath or FALSE
472
	 */
473
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
474
		// Clean the cuurent path
475
        $sCurrentPath = rawurldecode($sCurrentPath);
476
        $sCurrentPath = realpath($sCurrentPath);
477
        $sBaseDir = realpath($sBaseDir);
478
		// $sBaseDir needs to exist in the $sCurrentPath
479
		$pos = stripos ($sCurrentPath, $sBaseDir );
480
481
		if ( $pos === FALSE ){
482
			return false;
483
		} elseif( $pos == 0 ) {
484
			return $sCurrentPath;
485
		} else {
486
			return false;
487
		}
488
	}
489
490 1365 Luisehahne
}