Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend 
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2011, Website Baker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: class.wb.php 1680 2012-05-02 22:17:37Z darkviper $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
14
 * @lastmodified    $Date: 2012-05-03 00:17:37 +0200 (Thu, 03 May 2012) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23
/* -------------------------------------------------------- */
24
// Include PHPLIB template class
25
require_once(WB_PATH."/include/phplib/template.inc");
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28
//require_once(WB_PATH."/framework/SecureForm.php");
29

    
30
class wb extends SecureForm
31
{
32

    
33
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
34
	// performed when frontend or backend is loaded.
35

    
36
	public function  __construct($mode = SecureForm::FRONTEND) {
37
		parent::__construct($mode);
38
	}
39

    
40
/* ****************
41
 * check if one or more group_ids are in both group_lists
42
 *
43
 * @access public
44
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
45
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
46
 * @param array &$matches: an array-var whitch will return possible matches
47
 * @return bool: true there is a match, otherwise false
48
 */
49
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
50
	{
51
		if( $groups_list1 == '' ) { return false; }
52
		if( $groups_list2 == '' ) { return false; }
53
		if( !is_array($groups_list1) )
54
		{
55
			$groups_list1 = explode(',', $groups_list1);
56
		}
57
		if( !is_array($groups_list2) )
58
		{
59
			$groups_list2 = explode(',', $groups_list2);
60
		}
61
		$matches = array_intersect( $groups_list1, $groups_list2);
62
		return ( sizeof($matches) != 0 );
63
	}
64
/* ****************
65
 * check if current user is member of at least one of given groups
66
 * ADMIN (uid=1) always is treated like a member of any groups
67
 *
68
 * @access public
69
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
70
 * @return bool: true if current user is member of one of this groups, otherwise false
71
 */
72
	function ami_group_member( $groups_list = '' )
73
	{
74
		if( $this->get_user_id() == 1 ) { return true; }
75
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
76
	}
77

    
78
	// Check whether a page is visible or not.
79
	// This will check page-visibility and user- and group-rights.
80
	/* page_is_visible() returns
81
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
82
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
83
	*/
84
	function page_is_visible($page)
85
    {
86
		$show_it = false; // shall we show the page?
87
		$page_id = $page['page_id'];
88
		$visibility = $page['visibility'];
89
		$viewing_groups = $page['viewing_groups'];
90
		$viewing_users = $page['viewing_users'];
91

    
92
		// First check if visibility is 'none', 'deleted'
93
		if($visibility == 'none')
94
        {
95
			return(false);
96
		} elseif($visibility == 'deleted')
97
        {
98
			return(false);
99
		}
100

    
101
		// Now check if visibility is 'hidden', 'private' or 'registered'
102
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
103
			$show_it = true;
104
		} elseif($visibility == 'private' || $visibility == 'registered')
105
        {
106
			// Check if the user is logged in
107
			if($this->is_authenticated() == true)
108
            {
109
				// Now check if the user has perms to view the page
110
				$in_group = false;
111
				foreach($this->get_groups_id() as $cur_gid)
112
                {
113
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
114
                    {
115
				        $in_group = true;
116
				    }
117
				}
118
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
119
					$show_it = true;
120
				} else {
121
					$show_it = false;
122
				}
123
			} else {
124
				$show_it = false;
125
			}
126
		} elseif($visibility == 'public') {
127
			$show_it = true;
128
		} else {
129
			$show_it = false;
130
		}
131
		return($show_it);
132
	}
133
	// Check if there is at least one active section on this page
134
	function page_is_active($page)
135
    {
136
		global $database;
137
		$has_active_sections = false;
138
		$page_id = $page['page_id'];
139
		$now = time();
140
		$sql  = 'SELECT `publ_start`, `publ_end` ';
141
		$sql .= 'FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
142
		$query_sections = $database->query($sql);
143
		if($query_sections->numRows() != 0) {
144
			while($section = $query_sections->fetchRow()) {
145
				if( $now<$section['publ_end'] &&
146
					($now>$section['publ_start'] || $section['publ_start']==0) ||
147
					$now>$section['publ_start'] && $section['publ_end']==0)
148
				{
149
					$has_active_sections = true;
150
					break;
151
				}
152
			}
153
		}
154
		return($has_active_sections);
155
	}
156

    
157
	// Check whether we should show a page or not (for front-end)
158
	function show_page($page)
159
    {
160
		$retval = ($this->page_is_visible($page) && $this->page_is_active($page));
161
		return $retval;
162
	}
163

    
164
	// Check if the user is already authenticated or not
165
	function is_authenticated() {
166
		$retval = ( isset($_SESSION['USER_ID']) AND
167
		            $_SESSION['USER_ID'] != "" AND
168
		            is_numeric($_SESSION['USER_ID']));
169
        return $retval;
170
	}
171

    
172
	// Modified addslashes function which takes into account magic_quotes
173
	function add_slashes($input) {
174
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
175
			return $input;
176
		}
177
		return addslashes($input);
178
	}
179

    
180
	// Ditto for stripslashes
181
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
182
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
183
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
184
	function strip_slashes($input) {
185
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
186
			return $input;
187
		}
188
		return stripslashes($input);
189
	}
190

    
191
	// Escape backslashes for use with mySQL LIKE strings
192
	function escape_backslashes($input) {
193
		return str_replace("\\","\\\\",$input);
194
	}
195

    
196
	function page_link($link){
197
		// Check for :// in the link (used in URL's) as well as mailto:
198
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
199
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
200
		} else {
201
			return $link;
202
		}
203
	}
204
	
205
	// Get POST data
206
	function get_post($field) {
207
		return (isset($_POST[$field]) ? $_POST[$field] : null);
208
	}
209

    
210
	// Get POST data and escape it
211
	function get_post_escaped($field) {
212
		$result = $this->get_post($field);
213
		return (is_null($result)) ? null : $this->add_slashes($result);
214
	}
215
	
216
	// Get GET data
217
	function get_get($field) {
218
		return (isset($_GET[$field]) ? $_GET[$field] : null);
219
	}
220

    
221
	// Get SESSION data
222
	function get_session($field) {
223
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
224
	}
225

    
226
	// Get SERVER data
227
	function get_server($field) {
228
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
229
	}
230

    
231
	// Get the current users id
232
	function get_user_id() {
233
		return $this->get_session('USER_ID');
234
	}
235

    
236
	// Get the current users group id
237
	function get_group_id() {
238
		return $this->get_session('GROUP_ID');
239
	}
240

    
241
	// Get the current users group ids
242
	function get_groups_id() {
243
		return explode(",", $this->get_session('GROUPS_ID'));
244
	}
245

    
246
	// Get the current users group name
247
	function get_group_name() {
248
		return implode(",", $this->get_session('GROUP_NAME'));
249
	}
250

    
251
	// Get the current users group name
252
	function get_groups_name() {
253
		return $this->get_session('GROUP_NAME');
254
	}
255

    
256
	// Get the current users username
257
	function get_username() {
258
		return $this->get_session('USERNAME');
259
	}
260

    
261
	// Get the current users display name
262
	function get_display_name() {
263
		return $this->get_session('DISPLAY_NAME');
264
	}
265

    
266
	// Get the current users email address
267
	function get_email() {
268
		return $this->get_session('EMAIL');
269
	}
270

    
271
	// Get the current users home folder
272
	function get_home_folder() {
273
		return $this->get_session('HOME_FOLDER');
274
	}
275

    
276
	// Get the current users timezone
277
	function get_timezone() {
278
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
279
	}
280

    
281
	// Validate supplied email address
282
	function validate_email($email) {
283
		if(function_exists('idn_to_ascii')){ /* use pear if available */
284
			$email = idn_to_ascii($email);
285
		}else {
286
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
287
			$IDN = new idna_convert();
288
			$email = $IDN->encode($email);
289
			unset($IDN);
290
		}
291
		// regex from NorHei 2011-01-11
292
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
293
		return ($retval != false);
294
	}
295

    
296
/* ****************
297
 * set one or more bit in a integer value
298
 *
299
 * @access public
300
 * @param int $value: reference to the integer, containing the value
301
 * @param int $bits2set: the bitmask witch shall be added to value
302
 * @return void
303
 */
304
	function bit_set( &$value, $bits2set )
305
	{
306
		$value |= $bits2set;
307
	}
308

    
309
/* ****************
310
 * reset one or more bit from a integer value
311
 *
312
 * @access public
313
 * @param int $value: reference to the integer, containing the value
314
 * @param int $bits2reset: the bitmask witch shall be removed from value
315
 * @return void
316
 */
317
	function bit_reset( &$value, $bits2reset)
318
	{
319
		$value &= ~$bits2reset;
320
	}
321

    
322
/* ****************
323
 * check if one or more bit in a integer value are set
324
 *
325
 * @access public
326
 * @param int $value: reference to the integer, containing the value
327
 * @param int $bits2set: the bitmask witch shall be added to value
328
 * @return void
329
 */
330
	function bit_isset( $value, $bits2test )
331
	{
332
		return (($value & $bits2test) == $bits2test);
333
	}
334

    
335
	// Print a success message which then automatically redirects the user to another page
336
	function print_success( $message, $redirect = 'index.php' ) {
337
	    global $TEXT;
338
        if(is_array($message)) {
339
           $message = implode ('<br />',$message);
340
        }
341
	    // fetch redirect timer for sucess messages from settings table
342
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
343
	    // add template variables
344
		// Setup template object, parse vars to it, then parse it
345
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
346
	    $tpl->set_file( 'page', 'success.htt' );
347
	    $tpl->set_block( 'page', 'main_block', 'main' );
348
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
349
	    $tpl->set_var( 'MESSAGE', $message );
350
	    $tpl->set_var( 'REDIRECT', $redirect );
351
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
352
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
353
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
354
	    if ($redirect_timer == -1) {
355
	        $tpl->set_block( 'show_redirect', '' );
356
	    }
357
	    else {
358
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
359
	    }
360
	    $tpl->parse( 'main', 'main_block', false );
361
	    $tpl->pparse( 'output', 'page' );
362
	}
363

    
364
	// Print an error message
365
	function print_error($message, $link = 'index.php', $auto_footer = true) {
366
		global $TEXT;
367
        if(is_array($message)) {
368
           $message = implode ('<br />',$message);
369
        }
370
		// Setup template object, parse vars to it, then parse it
371
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
372
		$success_template->set_file('page', 'error.htt');
373
		$success_template->set_block('page', 'main_block', 'main');
374
		$success_template->set_var('MESSAGE', $message);
375
		$success_template->set_var('LINK', $link);
376
		$success_template->set_var('BACK', $TEXT['BACK']);
377
		$success_template->parse('main', 'main_block', false);
378
		$success_template->pparse('output', 'page');
379
		if ( $auto_footer == true ) {
380
			if ( method_exists($this, "print_footer") ) {
381
				$this->print_footer();
382
			}
383
		}
384
		exit();
385
	}
386

    
387
	// Validate send email
388
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
389
/* 
390
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
391
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
392
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
393

    
394
	NOTE:
395
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
396
	via the Settings panel in the backend of Website Baker
397
*/ 
398

    
399
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
400
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
401
		$subject = preg_replace('/[\r\n]/', '', $subject);
402
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
403
		// $message_alt = $message;
404
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
405

    
406
		// create PHPMailer object and define default settings
407
		$myMail = new wbmailer();
408
		// set user defined from address
409
		if ($fromaddress!='') {
410
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
411
			$myMail->From = $fromaddress;                     // FROM:
412
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
413
		}
414
		if($replyTo) {
415
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
416
		}
417
		// define recepient and information to send out
418
		$myMail->AddAddress($toaddress);                      // TO:
419
		$myMail->Subject = $subject;                          // SUBJECT
420
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
421
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
422
		// check if there are any send mail errors, otherwise say successful
423
		if (!$myMail->Send()) {
424
			return false;
425
		} else {
426
			return true;
427
		}
428
	}
429

    
430
	 /**
431
	  * checks if there is an alternative Theme template
432
	  *
433
	  * @param string $sThemeFile set the template.htt
434
	  * @return string the relative theme path
435
	  *
436
	  */
437
        function correct_theme_source($sThemeFile = 'start.htt') {
438
		$sRetval = $sThemeFile;
439
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
440
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
441
		} else {
442
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
443
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
444
			} else {
445
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
446
			}
447
		}
448
		return $sRetval;
449
        }
450

    
451
	/**
452
	 * Check if a foldername doesn't have invalid characters
453
	 *
454
	 * @param String $str to check
455
	 * @return Bool
456
	 */
457
	function checkFolderName($str){
458
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
459
	}
460

    
461
	/**
462
	 * Check the given path to make sure current path is within given basedir
463
	 * normally document root
464
	 *
465
	 * @param String $sCurrentPath
466
	 * @param String $sBaseDir
467
	 * @return $sCurrentPath or FALSE
468
	 */
469
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
470
		// Clean the cuurent path
471
        $sCurrentPath = rawurldecode($sCurrentPath);
472
        $sCurrentPath = realpath($sCurrentPath);
473
        $sBaseDir = realpath($sBaseDir);
474
		// $sBaseDir needs to exist in the $sCurrentPath
475
		$pos = stripos ($sCurrentPath, $sBaseDir );
476

    
477
		if ( $pos === FALSE ){
478
			return false;
479
		} elseif( $pos == 0 ) {
480
			return $sCurrentPath;
481
		} else {
482
			return false;
483
		}
484
	}
485

    
486
}
(15-15/23)