Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend 
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2011, Website Baker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: class.wb.php 1655 2012-03-31 23:41:19Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
14
 * @lastmodified    $Date: 2012-04-01 01:41:19 +0200 (Sun, 01 Apr 2012) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23
/* -------------------------------------------------------- */
24
// Include PHPLIB template class
25
require_once(WB_PATH."/include/phplib/template.inc");
26

    
27
require_once(WB_PATH.'/framework/class.database.php');
28

    
29
// Include new wbmailer class (subclass of PHPmailer)
30
require_once(WB_PATH."/framework/class.wbmailer.php");
31

    
32
//require_once(WB_PATH."/framework/SecureForm.php");
33

    
34
class wb extends SecureForm
35
{
36

    
37
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
38
	// performed when frontend or backend is loaded.
39

    
40
	public function  __construct($mode = SecureForm::FRONTEND) {
41
		parent::__construct($mode);
42
	}
43

    
44
/* ****************
45
 * check if one or more group_ids are in both group_lists
46
 *
47
 * @access public
48
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
49
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
50
 * @param array &$matches: an array-var whitch will return possible matches
51
 * @return bool: true there is a match, otherwise false
52
 */
53
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
54
	{
55
		if( $groups_list1 == '' ) { return false; }
56
		if( $groups_list2 == '' ) { return false; }
57
		if( !is_array($groups_list1) )
58
		{
59
			$groups_list1 = explode(',', $groups_list1);
60
		}
61
		if( !is_array($groups_list2) )
62
		{
63
			$groups_list2 = explode(',', $groups_list2);
64
		}
65
		$matches = array_intersect( $groups_list1, $groups_list2);
66
		return ( sizeof($matches) != 0 );
67
	}
68
/* ****************
69
 * check if current user is member of at least one of given groups
70
 * ADMIN (uid=1) always is treated like a member of any groups
71
 *
72
 * @access public
73
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
74
 * @return bool: true if current user is member of one of this groups, otherwise false
75
 */
76
	function ami_group_member( $groups_list = '' )
77
	{
78
		if( $this->get_user_id() == 1 ) { return true; }
79
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
80
	}
81

    
82
	// Check whether a page is visible or not.
83
	// This will check page-visibility and user- and group-rights.
84
	/* page_is_visible() returns
85
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
86
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
87
	*/
88
	function page_is_visible($page)
89
    {
90
		$show_it = false; // shall we show the page?
91
		$page_id = $page['page_id'];
92
		$visibility = $page['visibility'];
93
		$viewing_groups = $page['viewing_groups'];
94
		$viewing_users = $page['viewing_users'];
95

    
96
		// First check if visibility is 'none', 'deleted'
97
		if($visibility == 'none')
98
        {
99
			return(false);
100
		} elseif($visibility == 'deleted')
101
        {
102
			return(false);
103
		}
104

    
105
		// Now check if visibility is 'hidden', 'private' or 'registered'
106
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
107
			$show_it = true;
108
		} elseif($visibility == 'private' || $visibility == 'registered')
109
        {
110
			// Check if the user is logged in
111
			if($this->is_authenticated() == true)
112
            {
113
				// Now check if the user has perms to view the page
114
				$in_group = false;
115
				foreach($this->get_groups_id() as $cur_gid)
116
                {
117
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
118
                    {
119
				        $in_group = true;
120
				    }
121
				}
122
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
123
					$show_it = true;
124
				} else {
125
					$show_it = false;
126
				}
127
			} else {
128
				$show_it = false;
129
			}
130
		} elseif($visibility == 'public') {
131
			$show_it = true;
132
		} else {
133
			$show_it = false;
134
		}
135
		return($show_it);
136
	}
137
	// Check if there is at least one active section on this page
138
	function page_is_active($page)
139
    {
140
		global $database;
141
		$has_active_sections = false;
142
		$page_id = $page['page_id'];
143
		$now = time();
144
		$sql  = 'SELECT `publ_start`, `publ_end` ';
145
		$sql .= 'FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
146
		$query_sections = $database->query($sql);
147
		if($query_sections->numRows() != 0) {
148
			while($section = $query_sections->fetchRow()) {
149
				if( $now<$section['publ_end'] &&
150
					($now>$section['publ_start'] || $section['publ_start']==0) ||
151
					$now>$section['publ_start'] && $section['publ_end']==0)
152
				{
153
					$has_active_sections = true;
154
					break;
155
				}
156
			}
157
		}
158
		return($has_active_sections);
159
	}
160

    
161
	// Check whether we should show a page or not (for front-end)
162
	function show_page($page)
163
    {
164
		$retval = ($this->page_is_visible($page) && $this->page_is_active($page));
165
		return $retval;
166
	}
167

    
168
	// Check if the user is already authenticated or not
169
	function is_authenticated() {
170
		$retval = ( isset($_SESSION['USER_ID']) AND
171
		            $_SESSION['USER_ID'] != "" AND
172
		            is_numeric($_SESSION['USER_ID']));
173
        return $retval;
174
	}
175

    
176
	// Modified addslashes function which takes into account magic_quotes
177
	function add_slashes($input) {
178
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
179
			return $input;
180
		}
181
		return addslashes($input);
182
	}
183

    
184
	// Ditto for stripslashes
185
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
186
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
187
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
188
	function strip_slashes($input) {
189
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
190
			return $input;
191
		}
192
		return stripslashes($input);
193
	}
194

    
195
	// Escape backslashes for use with mySQL LIKE strings
196
	function escape_backslashes($input) {
197
		return str_replace("\\","\\\\",$input);
198
	}
199

    
200
	function page_link($link){
201
		// Check for :// in the link (used in URL's) as well as mailto:
202
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
203
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
204
		} else {
205
			return $link;
206
		}
207
	}
208
	
209
	// Get POST data
210
	function get_post($field) {
211
		return (isset($_POST[$field]) ? $_POST[$field] : null);
212
	}
213

    
214
	// Get POST data and escape it
215
	function get_post_escaped($field) {
216
		$result = $this->get_post($field);
217
		return (is_null($result)) ? null : $this->add_slashes($result);
218
	}
219
	
220
	// Get GET data
221
	function get_get($field) {
222
		return (isset($_GET[$field]) ? $_GET[$field] : null);
223
	}
224

    
225
	// Get SESSION data
226
	function get_session($field) {
227
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
228
	}
229

    
230
	// Get SERVER data
231
	function get_server($field) {
232
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
233
	}
234

    
235
	// Get the current users id
236
	function get_user_id() {
237
		return $this->get_session('USER_ID');
238
	}
239

    
240
	// Get the current users group id
241
	function get_group_id() {
242
		return $this->get_session('GROUP_ID');
243
	}
244

    
245
	// Get the current users group ids
246
	function get_groups_id() {
247
		return explode(",", $this->get_session('GROUPS_ID'));
248
	}
249

    
250
	// Get the current users group name
251
	function get_group_name() {
252
		return implode(",", $this->get_session('GROUP_NAME'));
253
	}
254

    
255
	// Get the current users group name
256
	function get_groups_name() {
257
		return $this->get_session('GROUP_NAME');
258
	}
259

    
260
	// Get the current users username
261
	function get_username() {
262
		return $this->get_session('USERNAME');
263
	}
264

    
265
	// Get the current users display name
266
	function get_display_name() {
267
		return $this->get_session('DISPLAY_NAME');
268
	}
269

    
270
	// Get the current users email address
271
	function get_email() {
272
		return $this->get_session('EMAIL');
273
	}
274

    
275
	// Get the current users home folder
276
	function get_home_folder() {
277
		return $this->get_session('HOME_FOLDER');
278
	}
279

    
280
	// Get the current users timezone
281
	function get_timezone() {
282
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
283
	}
284

    
285
	// Validate supplied email address
286
	function validate_email($email) {
287
		if(function_exists('idn_to_ascii')){ /* use pear if available */
288
			$email = idn_to_ascii($email);
289
		}else {
290
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
291
			$IDN = new idna_convert();
292
			$email = $IDN->encode($email);
293
			unset($IDN);
294
		}
295
		// regex from NorHei 2011-01-11
296
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
297
		return ($retval != false);
298
	}
299

    
300
/* ****************
301
 * set one or more bit in a integer value
302
 *
303
 * @access public
304
 * @param int $value: reference to the integer, containing the value
305
 * @param int $bits2set: the bitmask witch shall be added to value
306
 * @return void
307
 */
308
	function bit_set( &$value, $bits2set )
309
	{
310
		$value |= $bits2set;
311
	}
312

    
313
/* ****************
314
 * reset one or more bit from a integer value
315
 *
316
 * @access public
317
 * @param int $value: reference to the integer, containing the value
318
 * @param int $bits2reset: the bitmask witch shall be removed from value
319
 * @return void
320
 */
321
	function bit_reset( &$value, $bits2reset)
322
	{
323
		$value &= ~$bits2reset;
324
	}
325

    
326
/* ****************
327
 * check if one or more bit in a integer value are set
328
 *
329
 * @access public
330
 * @param int $value: reference to the integer, containing the value
331
 * @param int $bits2set: the bitmask witch shall be added to value
332
 * @return void
333
 */
334
	function bit_isset( $value, $bits2test )
335
	{
336
		return (($value & $bits2test) == $bits2test);
337
	}
338

    
339
	// Print a success message which then automatically redirects the user to another page
340
	function print_success( $message, $redirect = 'index.php' ) {
341
	    global $TEXT;
342
        if(is_array($message)) {
343
           $message = implode ('<br />',$message);
344
        }
345
	    // fetch redirect timer for sucess messages from settings table
346
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
347
	    // add template variables
348
		// Setup template object, parse vars to it, then parse it
349
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
350
	    $tpl->set_file( 'page', 'success.htt' );
351
	    $tpl->set_block( 'page', 'main_block', 'main' );
352
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
353
	    $tpl->set_var( 'MESSAGE', $message );
354
	    $tpl->set_var( 'REDIRECT', $redirect );
355
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
356
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
357
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
358
	    if ($redirect_timer == -1) {
359
	        $tpl->set_block( 'show_redirect', '' );
360
	    }
361
	    else {
362
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
363
	    }
364
	    $tpl->parse( 'main', 'main_block', false );
365
	    $tpl->pparse( 'output', 'page' );
366
	}
367

    
368
	// Print an error message
369
	function print_error($message, $link = 'index.php', $auto_footer = true) {
370
		global $TEXT;
371
        if(is_array($message)) {
372
           $message = implode ('<br />',$message);
373
        }
374
		// Setup template object, parse vars to it, then parse it
375
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
376
		$success_template->set_file('page', 'error.htt');
377
		$success_template->set_block('page', 'main_block', 'main');
378
		$success_template->set_var('MESSAGE', $message);
379
		$success_template->set_var('LINK', $link);
380
		$success_template->set_var('BACK', $TEXT['BACK']);
381
		$success_template->parse('main', 'main_block', false);
382
		$success_template->pparse('output', 'page');
383
		if ( $auto_footer == true ) {
384
			if ( method_exists($this, "print_footer") ) {
385
				$this->print_footer();
386
			}
387
		}
388
		exit();
389
	}
390

    
391
	// Validate send email
392
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
393
/* 
394
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
395
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
396
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
397

    
398
	NOTE:
399
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
400
	via the Settings panel in the backend of Website Baker
401
*/ 
402

    
403
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
404
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
405
		$subject = preg_replace('/[\r\n]/', '', $subject);
406
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
407
		// $message_alt = $message;
408
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
409

    
410
		// create PHPMailer object and define default settings
411
		$myMail = new wbmailer();
412
		// set user defined from address
413
		if ($fromaddress!='') {
414
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
415
			$myMail->From = $fromaddress;                     // FROM:
416
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
417
		}
418
		if($replyTo) {
419
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
420
		}
421
		// define recepient and information to send out
422
		$myMail->AddAddress($toaddress);                      // TO:
423
		$myMail->Subject = $subject;                          // SUBJECT
424
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
425
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
426
		// check if there are any send mail errors, otherwise say successful
427
		if (!$myMail->Send()) {
428
			return false;
429
		} else {
430
			return true;
431
		}
432
	}
433

    
434
	 /**
435
	  * checks if there is an alternative Theme template
436
	  *
437
	  * @param string $sThemeFile set the template.htt
438
	  * @return string the relative theme path
439
	  *
440
	  */
441
        function correct_theme_source($sThemeFile = 'start.htt') {
442
		$sRetval = $sThemeFile;
443
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
444
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
445
		} else {
446
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
447
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
448
			} else {
449
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
450
			}
451
		}
452
		return $sRetval;
453
        }
454

    
455
	/**
456
	 * Check if a foldername doesn't have invalid characters
457
	 *
458
	 * @param String $str to check
459
	 * @return Bool
460
	 */
461
	function checkFolderName($str){
462
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
463
	}
464

    
465
	/**
466
	 * Check the given path to make sure current path is within given basedir
467
	 * normally document root
468
	 *
469
	 * @param String $sCurrentPath
470
	 * @param String $sBaseDir
471
	 * @return $sCurrentPath or FALSE
472
	 */
473
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
474
		// Clean the cuurent path
475
        $sCurrentPath = rawurldecode($sCurrentPath);
476
        $sCurrentPath = realpath($sCurrentPath);
477
        $sBaseDir = realpath($sBaseDir);
478
		// $sBaseDir needs to exist in the $sCurrentPath
479
		$pos = stripos ($sCurrentPath, $sBaseDir );
480

    
481
		if ( $pos === FALSE ){
482
			return false;
483
		} elseif( $pos == 0 ) {
484
			return $sCurrentPath;
485
		} else {
486
			return false;
487
		}
488
	}
489

    
490
}
(14-14/22)