Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4 1529 Luisehahne
 * @category        framework
5
 * @package         frontend
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7 1373 Luisehahne
 * @copyright       2009-2011, Website Baker Org. e.V.
8 1365 Luisehahne
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
12 1365 Luisehahne
 * @version         $Id$
13 1457 Luisehahne
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15 1365 Luisehahne
 *
16
 */
17 1496 DarkViper
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19 1499 DarkViper
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23 1496 DarkViper
/* -------------------------------------------------------- */
24 1365 Luisehahne
// Include PHPLIB template class
25
require_once(WB_PATH."/include/phplib/template.inc");
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28 1462 DarkViper
//require_once(WB_PATH."/framework/SecureForm.php");
29 1365 Luisehahne
30
class wb extends SecureForm
31
{
32
33 1457 Luisehahne
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
34 1365 Luisehahne
	// performed when frontend or backend is loaded.
35
36 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
37
		parent::__construct($mode);
38 1365 Luisehahne
	}
39
40 1373 Luisehahne
/* ****************
41 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
42
 *
43
 * @access public
44
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
45
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
46
 * @param array &$matches: an array-var whitch will return possible matches
47
 * @return bool: true there is a match, otherwise false
48
 */
49
	function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
50
	{
51
		if( $groups_list1 == '' ) { return false; }
52
		if( $groups_list2 == '' ) { return false; }
53
		if( !is_array($groups_list1) )
54
		{
55
			$groups_list1 = explode(',', $groups_list1);
56
		}
57
		if( !is_array($groups_list2) )
58
		{
59
			$groups_list2 = explode(',', $groups_list2);
60
		}
61
		$matches = array_intersect( $groups_list1, $groups_list2);
62
		return ( sizeof($matches) != 0 );
63
	}
64
/* ****************
65 1373 Luisehahne
 * check if current user is member of at least one of given groups
66
 * ADMIN (uid=1) always is treated like a member of any groups
67
 *
68
 * @access public
69
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
70
 * @return bool: true if current user is member of one of this groups, otherwise false
71
 */
72
	function ami_group_member( $groups_list = '' )
73
	{
74
		if( $this->get_user_id() == 1 ) { return true; }
75
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
76
	}
77
78 1365 Luisehahne
	// Check whether a page is visible or not.
79
	// This will check page-visibility and user- and group-rights.
80
	/* page_is_visible() returns
81
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
82
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
83
	*/
84 1373 Luisehahne
	function page_is_visible($page)
85 1365 Luisehahne
    {
86 1373 Luisehahne
		$show_it = false; // shall we show the page?
87
		$page_id = $page['page_id'];
88
		$visibility = $page['visibility'];
89
		$viewing_groups = $page['viewing_groups'];
90
		$viewing_users = $page['viewing_users'];
91
92 1372 Luisehahne
		// First check if visibility is 'none', 'deleted'
93 1373 Luisehahne
		if($visibility == 'none')
94
        {
95
			return(false);
96
		} elseif($visibility == 'deleted')
97
        {
98
			return(false);
99
		}
100
101
		// Now check if visibility is 'hidden', 'private' or 'registered'
102
		if($visibility == 'hidden') { // hidden: hide the menu-link, but show the page
103
			$show_it = true;
104
		} elseif($visibility == 'private' || $visibility == 'registered')
105
        {
106
			// Check if the user is logged in
107
			if($this->is_authenticated() == true)
108
            {
109
				// Now check if the user has perms to view the page
110
				$in_group = false;
111
				foreach($this->get_groups_id() as $cur_gid)
112
                {
113
				    if(in_array($cur_gid, explode(',', $viewing_groups)))
114
                    {
115
				        $in_group = true;
116
				    }
117
				}
118
				if($in_group || in_array($this->get_user_id(), explode(',', $viewing_users))) {
119
					$show_it = true;
120
				} else {
121
					$show_it = false;
122
				}
123
			} else {
124 1372 Luisehahne
				$show_it = false;
125 1373 Luisehahne
			}
126
		} elseif($visibility == 'public') {
127
			$show_it = true;
128
		} else {
129
			$show_it = false;
130 1365 Luisehahne
		}
131
		return($show_it);
132
	}
133
	// Check if there is at least one active section on this page
134
	function page_is_active($page)
135
    {
136
		global $database;
137 1373 Luisehahne
		$has_active_sections = false;
138
		$page_id = $page['page_id'];
139 1365 Luisehahne
		$now = time();
140 1487 DarkViper
		$sql  = 'SELECT `publ_start`, `publ_end` ';
141
		$sql .= 'FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
142
		$query_sections = $database->query($sql);
143
		if($query_sections->numRows() != 0) {
144
			while($section = $query_sections->fetchRow()) {
145
				if( $now<$section['publ_end'] &&
146
					($now>$section['publ_start'] || $section['publ_start']==0) ||
147
					$now>$section['publ_start'] && $section['publ_end']==0)
148
				{
149 1373 Luisehahne
					$has_active_sections = true;
150
					break;
151
				}
152
			}
153
		}
154
		return($has_active_sections);
155 1365 Luisehahne
	}
156
157
	// Check whether we should show a page or not (for front-end)
158
	function show_page($page)
159
    {
160 1487 DarkViper
		$retval = ($this->page_is_visible($page) && $this->page_is_active($page));
161
		return $retval;
162 1365 Luisehahne
	}
163
164
	// Check if the user is already authenticated or not
165
	function is_authenticated() {
166 1487 DarkViper
		$retval = ( isset($_SESSION['USER_ID']) AND
167
		            $_SESSION['USER_ID'] != "" AND
168
		            is_numeric($_SESSION['USER_ID']));
169
        return $retval;
170 1365 Luisehahne
	}
171
172
	// Modified addslashes function which takes into account magic_quotes
173
	function add_slashes($input) {
174 1487 DarkViper
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
175 1365 Luisehahne
			return $input;
176
		}
177 1487 DarkViper
		return addslashes($input);
178 1365 Luisehahne
	}
179
180
	// Ditto for stripslashes
181
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
182
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
183
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
184
	function strip_slashes($input) {
185
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
186
			return $input;
187
		}
188 1487 DarkViper
		return stripslashes($input);
189 1365 Luisehahne
	}
190
191
	// Escape backslashes for use with mySQL LIKE strings
192
	function escape_backslashes($input) {
193
		return str_replace("\\","\\\\",$input);
194
	}
195
196
	function page_link($link){
197
		// Check for :// in the link (used in URL's) as well as mailto:
198 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
199 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
200
		} else {
201
			return $link;
202
		}
203
	}
204
205
	// Get POST data
206
	function get_post($field) {
207 1487 DarkViper
		return (isset($_POST[$field]) ? $_POST[$field] : null);
208 1365 Luisehahne
	}
209
210
	// Get POST data and escape it
211
	function get_post_escaped($field) {
212
		$result = $this->get_post($field);
213
		return (is_null($result)) ? null : $this->add_slashes($result);
214
	}
215
216
	// Get GET data
217
	function get_get($field) {
218 1487 DarkViper
		return (isset($_GET[$field]) ? $_GET[$field] : null);
219 1365 Luisehahne
	}
220
221
	// Get SESSION data
222
	function get_session($field) {
223 1487 DarkViper
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
224 1365 Luisehahne
	}
225
226
	// Get SERVER data
227
	function get_server($field) {
228 1487 DarkViper
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
229 1365 Luisehahne
	}
230
231
	// Get the current users id
232
	function get_user_id() {
233 1511 Luisehahne
		return $this->get_session('USER_ID');
234 1365 Luisehahne
	}
235
236 1373 Luisehahne
	// Get the current users group id
237 1365 Luisehahne
	function get_group_id() {
238 1511 Luisehahne
		return $this->get_session('GROUP_ID');
239 1365 Luisehahne
	}
240
241
	// Get the current users group ids
242
	function get_groups_id() {
243 1511 Luisehahne
		return explode(",", $this->get_session('GROUPS_ID'));
244 1365 Luisehahne
	}
245
246
	// Get the current users group name
247
	function get_group_name() {
248 1511 Luisehahne
		return implode(",", $this->get_session('GROUP_NAME'));
249 1365 Luisehahne
	}
250
251
	// Get the current users group name
252
	function get_groups_name() {
253 1511 Luisehahne
		return $this->get_session('GROUP_NAME');
254 1365 Luisehahne
	}
255
256
	// Get the current users username
257
	function get_username() {
258 1511 Luisehahne
		return $this->get_session('USERNAME');
259 1365 Luisehahne
	}
260
261
	// Get the current users display name
262
	function get_display_name() {
263 1511 Luisehahne
		return $this->get_session('DISPLAY_NAME');
264 1365 Luisehahne
	}
265
266
	// Get the current users email address
267
	function get_email() {
268 1511 Luisehahne
		return $this->get_session('EMAIL');
269 1365 Luisehahne
	}
270
271
	// Get the current users home folder
272
	function get_home_folder() {
273 1511 Luisehahne
		return $this->get_session('HOME_FOLDER');
274 1365 Luisehahne
	}
275
276
	// Get the current users timezone
277
	function get_timezone() {
278 1487 DarkViper
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
279 1365 Luisehahne
	}
280
281 1373 Luisehahne
	// Validate supplied email address
282
	function validate_email($email) {
283
		if(function_exists('idn_to_ascii')){ /* use pear if available */
284
			$email = idn_to_ascii($email);
285
		}else {
286
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
287
			$IDN = new idna_convert();
288
			$email = $IDN->encode($email);
289
			unset($IDN);
290 1372 Luisehahne
		}
291 1378 Luisehahne
		// regex from NorHei 2011-01-11
292
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
293
		return ($retval != false);
294 1372 Luisehahne
	}
295
296
/* ****************
297 1365 Luisehahne
 * set one or more bit in a integer value
298
 *
299
 * @access public
300
 * @param int $value: reference to the integer, containing the value
301
 * @param int $bits2set: the bitmask witch shall be added to value
302
 * @return void
303
 */
304
	function bit_set( &$value, $bits2set )
305
	{
306
		$value |= $bits2set;
307
	}
308
309
/* ****************
310
 * reset one or more bit from a integer value
311
 *
312
 * @access public
313
 * @param int $value: reference to the integer, containing the value
314
 * @param int $bits2reset: the bitmask witch shall be removed from value
315
 * @return void
316
 */
317
	function bit_reset( &$value, $bits2reset)
318
	{
319
		$value &= ~$bits2reset;
320
	}
321
322
/* ****************
323
 * check if one or more bit in a integer value are set
324
 *
325
 * @access public
326
 * @param int $value: reference to the integer, containing the value
327
 * @param int $bits2set: the bitmask witch shall be added to value
328
 * @return void
329
 */
330
	function bit_isset( $value, $bits2test )
331
	{
332
		return (($value & $bits2test) == $bits2test);
333
	}
334
335
	// Print a success message which then automatically redirects the user to another page
336 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
337 1365 Luisehahne
	    global $TEXT;
338 1443 Luisehahne
        if(is_array($message)) {
339
           $message = implode ('<br />',$message);
340
        }
341 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
342 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
343 1365 Luisehahne
	    // add template variables
344 1529 Luisehahne
		// Setup template object, parse vars to it, then parse it
345 1625 Luisehahne
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
346 1365 Luisehahne
	    $tpl->set_file( 'page', 'success.htt' );
347
	    $tpl->set_block( 'page', 'main_block', 'main' );
348 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
349
	    $tpl->set_var( 'MESSAGE', $message );
350
	    $tpl->set_var( 'REDIRECT', $redirect );
351
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
352 1372 Luisehahne
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
353
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
354 1397 Luisehahne
	    if ($redirect_timer == -1) {
355 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
356 1373 Luisehahne
	    }
357
	    else {
358 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
359
	    }
360
	    $tpl->parse( 'main', 'main_block', false );
361
	    $tpl->pparse( 'output', 'page' );
362
	}
363
364
	// Print an error message
365 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
366 1365 Luisehahne
		global $TEXT;
367 1443 Luisehahne
        if(is_array($message)) {
368
           $message = implode ('<br />',$message);
369
        }
370 1529 Luisehahne
		// Setup template object, parse vars to it, then parse it
371 1625 Luisehahne
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
372 1365 Luisehahne
		$success_template->set_file('page', 'error.htt');
373
		$success_template->set_block('page', 'main_block', 'main');
374
		$success_template->set_var('MESSAGE', $message);
375
		$success_template->set_var('LINK', $link);
376
		$success_template->set_var('BACK', $TEXT['BACK']);
377
		$success_template->parse('main', 'main_block', false);
378
		$success_template->pparse('output', 'page');
379
		if ( $auto_footer == true ) {
380
			if ( method_exists($this, "print_footer") ) {
381
				$this->print_footer();
382
			}
383
		}
384
		exit();
385
	}
386 1684 Luisehahne
/*
387
 * @param string $message: the message to format
388
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
389
 * @return string: the html-formatted message (using template 'message.htt')
390
 */
391
	public function format_message($message, $status = 'ok')
392
	{
393
		$id = uniqid('x');
394
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
395
		$tpl->set_file('page', 'message.htt');
396
		$tpl->set_block('page', 'main_block', 'main');
397
		$tpl->set_var('MESSAGE', $message);
398
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
399
		$tpl->set_var( 'ID', $id );
400
		if($status == 'ok' || $status == 'error' || $status = 'warning')
401
		{
402
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
403
		}else
404
		{
405
			$tpl->set_var('BOX_STATUS', '');
406
		}
407
		$tpl->set_var('STATUS', $status);
408
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
409
		$retval = '';
410
		if( $status != 'error' )
411
		{
412
			switch(REDIRECT_TIMER):
413
				case 0: // do not show message
414
					unset($tpl);
415
					break;
416
				case -1: // show message permanently
417
					$tpl->parse('main', 'main_block', false);
418
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
419
					unset($tpl);
420
					break;
421
				default: // hide message after REDIRECTOR_TIMER milliseconds
422
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
423
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
424
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
425
					$tpl->parse('main', 'main_block', false);
426
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
427
					unset($tpl);
428
			endswitch;
429
		}else
430
		{
431
			$tpl->parse('main', 'main_block', false);
432
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
433
			unset($tpl);
434
		}
435
		return $retval;
436
	}
437 1365 Luisehahne
438
	// Validate send email
439 1650 darkviper
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
440 1487 DarkViper
/*
441
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
442
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
443
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
444 1365 Luisehahne
445 1487 DarkViper
	NOTE:
446
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
447
	via the Settings panel in the backend of Website Baker
448
*/
449 1365 Luisehahne
450
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
451
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
452
		$subject = preg_replace('/[\r\n]/', '', $subject);
453 1650 darkviper
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
454 1463 Luisehahne
		// $message_alt = $message;
455
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
456
457 1365 Luisehahne
		// create PHPMailer object and define default settings
458
		$myMail = new wbmailer();
459
		// set user defined from address
460
		if ($fromaddress!='') {
461 1487 DarkViper
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
462
			$myMail->From = $fromaddress;                     // FROM:
463 1650 darkviper
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
464
		}
465
		if($replyTo) {
466 1655 Luisehahne
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
467 1365 Luisehahne
		}
468
		// define recepient and information to send out
469 1487 DarkViper
		$myMail->AddAddress($toaddress);                      // TO:
470
		$myMail->Subject = $subject;                          // SUBJECT
471
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
472
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
473 1365 Luisehahne
		// check if there are any send mail errors, otherwise say successful
474
		if (!$myMail->Send()) {
475
			return false;
476
		} else {
477
			return true;
478
		}
479
	}
480
481 1625 Luisehahne
	 /**
482
	  * checks if there is an alternative Theme template
483
	  *
484
	  * @param string $sThemeFile set the template.htt
485
	  * @return string the relative theme path
486
	  *
487
	  */
488
        function correct_theme_source($sThemeFile = 'start.htt') {
489
		$sRetval = $sThemeFile;
490
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
491
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
492
		} else {
493 1641 Luisehahne
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
494
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
495 1625 Luisehahne
			} else {
496
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
497
			}
498
		}
499
		return $sRetval;
500
        }
501 1529 Luisehahne
502
	/**
503
	 * Check if a foldername doesn't have invalid characters
504
	 *
505
	 * @param String $str to check
506
	 * @return Bool
507
	 */
508
	function checkFolderName($str){
509
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
510
	}
511
512
	/**
513
	 * Check the given path to make sure current path is within given basedir
514
	 * normally document root
515
	 *
516
	 * @param String $sCurrentPath
517
	 * @param String $sBaseDir
518
	 * @return $sCurrentPath or FALSE
519
	 */
520
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
521
		// Clean the cuurent path
522
        $sCurrentPath = rawurldecode($sCurrentPath);
523
        $sCurrentPath = realpath($sCurrentPath);
524
        $sBaseDir = realpath($sBaseDir);
525
		// $sBaseDir needs to exist in the $sCurrentPath
526
		$pos = stripos ($sCurrentPath, $sBaseDir );
527
528
		if ( $pos === FALSE ){
529
			return false;
530
		} elseif( $pos == 0 ) {
531
			return $sCurrentPath;
532
		} else {
533
			return false;
534
		}
535
	}
536
537 1365 Luisehahne
}