Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: class.wb.php 1782 2012-10-11 12:29:11Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
14
 * @lastmodified    $Date: 2012-10-11 14:29:11 +0200 (Thu, 11 Oct 2012) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23
/* -------------------------------------------------------- */
24
// Include PHPLIB template class
25
require_once(WB_PATH."/include/phplib/template.inc");
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28
//require_once(WB_PATH."/framework/SecureForm.php");
29

    
30
class wb extends SecureForm
31
{
32

    
33
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
34

    
35
	// performed when frontend or backend is loaded.
36
	public function  __construct($mode = SecureForm::FRONTEND) {
37
		parent::__construct($mode);
38
	}
39

    
40

    
41
	/**
42
	 *
43
	 *
44
	 * @param mixed $lang
45
	 * @param mixed $level
46
	 * @param mixed $parent
47
	 * @return
48
	 */
49
	public function GetLanguagesPages ( $lang, $level, $parent ) {
50
		global $database;
51
        $page = array();
52
        $sql =
53
        'SELECT `language`,`visibility`,`viewing_groups`,`viewing_users`,`language`,`position`, '.
54
        '`page_id`,`level`,`parent`,`root_parent`,`page_code`,`link` '.
55
        'FROM `'.TABLE_PREFIX.'pages` '.
56
        'WHERE `level`=\''.$level.'\' '.
57
          'AND `language`=\''.$lang['language'].'\' '.
58
          'AND `visibility`!=\'none\' '.
59
          'AND `visibility`!=\'hidden\' '.
60
          'AND `parent`=\''.$parent.'\' '.
61
          'AND `root_parent`=`page_id` '.
62
        'ORDER BY `position`';
63
        if($oPage = $database->query($sql))
64
        {
65
            $page = $oPage->fetchRow(MYSQL_ASSOC);
66
        }
67
        return $page;
68
	}
69

    
70
	/**
71
	 *
72
	 *
73
	 * @return
74
	 */
75
	public function GetLanguagesInUsed (  ) {
76
		global $database;
77
        $retVal = '';
78
        $page = array();
79
        $sql =
80
        'SELECT DISTINCT `language` '.
81
        'FROM `'.TABLE_PREFIX.'pages` '.
82
        'WHERE `level`= \'0\' '.
83
          'AND `visibility`!=\'none\' '.
84
          'AND `visibility`!=\'hidden\' '.
85
       'ORDER BY `position`';
86

    
87
        if($oRes = $database->query($sql))
88
        {
89
            while($lang = $oRes->fetchRow(MYSQL_ASSOC))
90
            {
91
                $page = $this->GetLanguagesPages ( $lang, 0, 0 );
92
                if(!$this->page_is_visible($page)) {continue;}
93
                $retVal .= $page['language'].',';
94
            }
95
        }
96
        return trim($retVal,',');
97
	}
98

    
99

    
100
/* ****************
101
 * check if one or more group_ids are in both group_lists
102
 *
103
 * @access public
104
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
105
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
106
 * @param array &$matches: an array-var whitch will return possible matches
107
 * @return bool: true there is a match, otherwise false
108
 */
109
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
110
	{
111
		if( $groups_list1 == '' ) { return false; }
112
		if( $groups_list2 == '' ) { return false; }
113
		if( !is_array($groups_list1) )
114
		{
115
			$groups_list1 = explode(',', $groups_list1);
116
		}
117
		if( !is_array($groups_list2) )
118
		{
119
			$groups_list2 = explode(',', $groups_list2);
120
		}
121
		$matches = array_intersect( $groups_list1, $groups_list2);
122
		return ( sizeof($matches) != 0 );
123
	}
124
/* ****************
125
 * check if current user is member of at least one of given groups
126
 * ADMIN (uid=1) always is treated like a member of any groups
127
 *
128
 * @access public
129
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
130
 * @return bool: true if current user is member of one of this groups, otherwise false
131
 */
132
	public function ami_group_member( $groups_list = '' )
133
	{
134
		if( $this->get_user_id() == 1 ) { return true; }
135
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
136
	}
137

    
138
	// Check whether a page is visible or not.
139
	// This will check page-visibility and user- and group-rights.
140
	/* page_is_visible() returns
141
		false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
142
		true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
143
	*/
144
	public function page_is_visible($page)
145
    {
146
		// First check if visibility is 'none', 'deleted'
147
		$show_it = false; // shall we show the page?
148
		switch( $page['visibility'] )
149
		{
150
			case 'none':
151
			case 'deleted':
152
				$show_it = false;
153
				break;
154
			case 'hidden':
155
			case 'public':
156
				$show_it = true;
157
				break;
158
			case 'private':
159
			case 'registered':
160
				if($this->is_authenticated() == true)
161
				{
162
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
163
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
164
				}
165
		}
166

    
167
		return($show_it);
168
	}
169

    
170
	// Check if there is at least one active section on this page
171
	public function page_is_active($page)
172
    {
173
		global $database;
174
		$now = time();
175
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
176
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
177
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
178
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
179
		return ($database->get_one($sql) != false);
180
   	}
181

    
182
	// Check whether we should show a page or not (for front-end)
183
	public function show_page($page)
184
    {
185
		if( !is_array($page) )
186
		{
187
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
188
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
189
			if( ($res_pages = $database->query($sql))!= null )
190
			{
191
				if( !($page = $res_pages->fetchRow()) ) { return false; }
192
			}
193
		}
194
		return ($this->page_is_visible($page) && $this->page_is_active($page));
195
	}
196

    
197
	// Check if the user is already authenticated or not
198
	public function is_authenticated() {
199
		$retval = ( isset($_SESSION['USER_ID']) AND
200
		            $_SESSION['USER_ID'] != "" AND
201
		            is_numeric($_SESSION['USER_ID']));
202
        return $retval;
203
	}
204

    
205
	// Modified addslashes function which takes into account magic_quotes
206
	function add_slashes($input) {
207
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
208
			return $input;
209
		}
210
		return addslashes($input);
211
	}
212

    
213
	// Ditto for stripslashes
214
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
215
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
216
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
217
	function strip_slashes($input) {
218
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
219
			return $input;
220
		}
221
		return stripslashes($input);
222
	}
223

    
224
	// Escape backslashes for use with mySQL LIKE strings
225
	function escape_backslashes($input) {
226
		return str_replace("\\","\\\\",$input);
227
	}
228

    
229
	function page_link($link){
230
		// Check for :// in the link (used in URL's) as well as mailto:
231
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
232
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
233
		} else {
234
			return $link;
235
		}
236
	}
237

    
238
	// Get POST data
239
	function get_post($field) {
240
		return (isset($_POST[$field]) ? $_POST[$field] : null);
241
	}
242

    
243
	// Get POST data and escape it
244
	function get_post_escaped($field) {
245
		$result = $this->get_post($field);
246
		return (is_null($result)) ? null : $this->add_slashes($result);
247
	}
248

    
249
	// Get GET data
250
	function get_get($field) {
251
		return (isset($_GET[$field]) ? $_GET[$field] : null);
252
	}
253

    
254
	// Get SESSION data
255
	function get_session($field) {
256
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
257
	}
258

    
259
	// Get SERVER data
260
	function get_server($field) {
261
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
262
	}
263

    
264
	// Get the current users id
265
	function get_user_id() {
266
		return $this->get_session('USER_ID');
267
	}
268

    
269
	// Get the current users group id
270
	function get_group_id() {
271
		return $this->get_session('GROUP_ID');
272
	}
273

    
274
	// Get the current users group ids
275
	function get_groups_id() {
276
		return explode(",", $this->get_session('GROUPS_ID'));
277
	}
278

    
279
	// Get the current users group name
280
	function get_group_name() {
281
		return implode(",", $this->get_session('GROUP_NAME'));
282
	}
283

    
284
	// Get the current users group name
285
	function get_groups_name() {
286
		return $this->get_session('GROUP_NAME');
287
	}
288

    
289
	// Get the current users username
290
	function get_username() {
291
		return $this->get_session('USERNAME');
292
	}
293

    
294
	// Get the current users display name
295
	function get_display_name() {
296
		return $this->get_session('DISPLAY_NAME');
297
	}
298

    
299
	// Get the current users email address
300
	function get_email() {
301
		return $this->get_session('EMAIL');
302
	}
303

    
304
	// Get the current users home folder
305
	function get_home_folder() {
306
		return $this->get_session('HOME_FOLDER');
307
	}
308

    
309
	// Get the current users timezone
310
	function get_timezone() {
311
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
312
	}
313

    
314
	// Validate supplied email address
315
	function validate_email($email) {
316
		if(function_exists('idn_to_ascii')){ /* use pear if available */
317
			$email = idn_to_ascii($email);
318
		}else {
319
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
320
			$IDN = new idna_convert();
321
			$email = $IDN->encode($email);
322
			unset($IDN);
323
		}
324
		// regex from NorHei 2011-01-11
325
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
326
		return ($retval != false);
327
	}
328

    
329
	/**
330
     * replace header('Location:...  with new method
331
	 * if header send failed you get a manuell redirected link, so script don't break
332
	 *
333
	 * @param string $location, redirected url
334
	 * @return void
335
	 */
336
	public function send_header ($location) {
337
		if(!headers_sent()) {
338
			header('Location: '.$location);
339
		    exit(0);
340
		} else {
341
//			$aDebugBacktrace = debug_backtrace();
342
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
343
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
344
		         "Please click <a style=\"font-weight:bold;\" " .
345
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
346

    
347
			throw new AppException($msg);
348
		}
349
	}
350

    
351
/* ****************
352
 * set one or more bit in a integer value
353
 *
354
 * @access public
355
 * @param int $value: reference to the integer, containing the value
356
 * @param int $bits2set: the bitmask witch shall be added to value
357
 * @return void
358
 */
359
	function bit_set( &$value, $bits2set )
360
	{
361
		$value |= $bits2set;
362
	}
363

    
364
/* ****************
365
 * reset one or more bit from a integer value
366
 *
367
 * @access public
368
 * @param int $value: reference to the integer, containing the value
369
 * @param int $bits2reset: the bitmask witch shall be removed from value
370
 * @return void
371
 */
372
	function bit_reset( &$value, $bits2reset)
373
	{
374
		$value &= ~$bits2reset;
375
	}
376

    
377
/* ****************
378
 * check if one or more bit in a integer value are set
379
 *
380
 * @access public
381
 * @param int $value: reference to the integer, containing the value
382
 * @param int $bits2set: the bitmask witch shall be added to value
383
 * @return void
384
 */
385
	function bit_isset( $value, $bits2test )
386
	{
387
		return (($value & $bits2test) == $bits2test);
388
	}
389

    
390
	// Print a success message which then automatically redirects the user to another page
391
	function print_success( $message, $redirect = 'index.php' ) {
392
	    global $TEXT;
393
        if(is_array($message)) {
394
           $message = implode ('<br />',$message);
395
        }
396
	    // fetch redirect timer for sucess messages from settings table
397
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
398
	    // add template variables
399
		// Setup template object, parse vars to it, then parse it
400
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
401
	    $tpl->set_file( 'page', 'success.htt' );
402
	    $tpl->set_block( 'page', 'main_block', 'main' );
403
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
404
	    $tpl->set_var( 'MESSAGE', $message );
405
	    $tpl->set_var( 'REDIRECT', $redirect );
406
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
407
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
408
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
409
	    if ($redirect_timer == -1) {
410
	        $tpl->set_block( 'show_redirect', '' );
411
	    }
412
	    else {
413
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
414
	    }
415
	    $tpl->parse( 'main', 'main_block', false );
416
	    $tpl->pparse( 'output', 'page' );
417
	}
418

    
419
	// Print an error message
420
	function print_error($message, $link = 'index.php', $auto_footer = true) {
421
		global $TEXT;
422
        if(is_array($message)) {
423
           $message = implode ('<br />',$message);
424
        }
425
		// Setup template object, parse vars to it, then parse it
426
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
427
		$success_template->set_file('page', 'error.htt');
428
		$success_template->set_block('page', 'main_block', 'main');
429
		$success_template->set_var('MESSAGE', $message);
430
		$success_template->set_var('LINK', $link);
431
		$success_template->set_var('BACK', $TEXT['BACK']);
432
		$success_template->parse('main', 'main_block', false);
433
		$success_template->pparse('output', 'page');
434
		if ( $auto_footer == true ) {
435
			if ( method_exists($this, "print_footer") ) {
436
				$this->print_footer();
437
			}
438
		}
439
		exit();
440
	}
441
/*
442
 * @param string $message: the message to format
443
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
444
 * @return string: the html-formatted message (using template 'message.htt')
445
 */
446
	public function format_message($message, $status = 'ok')
447
	{
448
		$id = uniqid('x');
449
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
450
		$tpl->set_file('page', 'message.htt');
451
		$tpl->set_block('page', 'main_block', 'main');
452
		$tpl->set_var('MESSAGE', $message);
453
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
454
		$tpl->set_var( 'ID', $id );
455
		if($status == 'ok' || $status == 'error' || $status = 'warning')
456
		{
457
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
458
		}else
459
		{
460
			$tpl->set_var('BOX_STATUS', '');
461
		}
462
		$tpl->set_var('STATUS', $status);
463
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
464
		$retval = '';
465
		if( $status != 'error' )
466
		{
467
			switch(REDIRECT_TIMER):
468
				case 0: // do not show message
469
					unset($tpl);
470
					break;
471
				case -1: // show message permanently
472
					$tpl->parse('main', 'main_block', false);
473
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
474
					unset($tpl);
475
					break;
476
				default: // hide message after REDIRECTOR_TIMER milliseconds
477
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
478
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
479
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
480
					$tpl->parse('main', 'main_block', false);
481
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
482
					unset($tpl);
483
			endswitch;
484
		}else
485
		{
486
			$tpl->parse('main', 'main_block', false);
487
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
488
			unset($tpl);
489
		}
490
		return $retval;
491
	}
492
/*
493
 * @param string $type: 'locked'(default)  or 'new'
494
 * @return void: terminates application
495
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
496
 *               'new' >> Show 'new site under construction'(former print_under_construction)
497
 */
498
	public function ShowMaintainScreen($type = 'locked')
499
	{
500
		global $database, $MESSAGE;
501
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
502
		$BE_PATIENT = '';
503
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
504

    
505
		$show_screen = false;
506
		if($type == 'locked')
507
		{
508
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
509
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
510
			{
511
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
512
	// first kick logged users out of the system
513
		// delete all remember keys from table 'user' except user_id=1
514
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
515
				$sql .= 'WHERE `user_id`<>1';
516
				$database->query($sql);
517
		// delete remember key-cookie if set
518
				if (isset($_COOKIE['REMEMBER_KEY'])) {
519
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
520
				}
521
		// overwrite session array
522
				$_SESSION = array();
523
		// delete session cookie if set
524
				if (ini_get("session.use_cookies")) {
525
					$params = session_get_cookie_params();
526
					setcookie(session_name(), '', time() - 42000, $params["path"],
527
						$params["domain"], $params["secure"], $params["httponly"]
528
					);
529
				}
530
		// delete the session itself
531
				session_destroy();
532
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
533
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
534
				$PAGE_ICON  = 'system';
535
				$show_screen = true;
536
			}
537
		} else {
538
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
539
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
540
			$PAGE_ICON  = 'negative';
541
			$show_screen = true;
542
		}
543
		if($show_screen)
544
		{
545
            $sMaintanceFile = $this->correct_theme_source('maintance.htt');
546
    		if(file_exists($sMaintanceFile))
547
    		{
548
                $tpl = new Template(dirname( $sMaintanceFile ));
549
    		    $tpl->set_file( 'page', 'maintance.htt' );
550
    		    $tpl->set_block( 'page', 'main_block', 'main' );
551

    
552
    			if(defined('DEFAULT_CHARSET'))
553
    			{
554
    				$charset=DEFAULT_CHARSET;
555
    			} else {
556
    				$charset='utf-8';
557
    			}
558
    		    $tpl->set_var( 'PAGE_TITLE', $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'] );
559
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
560
    	 	    $tpl->set_var( 'CHARSET', $charset );
561
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
562
    	 	    $tpl->set_var( 'BE_PATIENT', $BE_PATIENT );
563
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
564
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
565
    			$tpl->set_var( 'LANGUAGE', strtolower(LANGUAGE));
566
    		    $tpl->parse( 'main', 'main_block', false );
567
    		    $tpl->pparse( 'output', 'page' );
568
                exit();
569
    		} else {
570
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
571
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
572
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
573
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
574
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
575
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
576
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
577
    		}
578
    		flush();
579
            exit();
580
		}
581
	}
582

    
583
	// Validate send email
584
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
585
/*
586
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
587
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
588
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
589

    
590
	NOTE:
591
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
592
	via the Settings panel in the backend of Website Baker
593
*/
594

    
595
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
596
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
597
		$subject = preg_replace('/[\r\n]/', '', $subject);
598
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
599
		// $message_alt = $message;
600
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
601

    
602
		// create PHPMailer object and define default settings
603
		$myMail = new wbmailer();
604
		// set user defined from address
605
		if ($fromaddress!='') {
606
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
607
			$myMail->From = $fromaddress;                     // FROM:
608
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
609
		}
610
		if($replyTo) {
611
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
612
		}
613
		// define recepient and information to send out
614
		$myMail->AddAddress($toaddress);                      // TO:
615
		$myMail->Subject = $subject;                          // SUBJECT
616
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
617
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
618
		// check if there are any send mail errors, otherwise say successful
619
		if (!$myMail->Send()) {
620
			return false;
621
		} else {
622
			return true;
623
		}
624
	}
625

    
626
	 /**
627
	  * checks if there is an alternative Theme template
628
	  *
629
	  * @param string $sThemeFile set the template.htt
630
	  * @return string the relative theme path
631
	  *
632
	  */
633
        function correct_theme_source($sThemeFile = 'start.htt') {
634
		$sRetval = $sThemeFile;
635
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
636
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
637
		} else {
638
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
639
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
640
			} else {
641
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
642
			}
643
		}
644
		return $sRetval;
645
        }
646

    
647
	/**
648
	 * Check if a foldername doesn't have invalid characters
649
	 *
650
	 * @param String $str to check
651
	 * @return Bool
652
	 */
653
	function checkFolderName($str){
654
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
655
	}
656

    
657
	/**
658
	 * Check the given path to make sure current path is within given basedir
659
	 * normally document root
660
	 *
661
	 * @param String $sCurrentPath
662
	 * @param String $sBaseDir
663
	 * @return $sCurrentPath or FALSE
664
	 */
665
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
666
		// Clean the cuurent path
667
        $sCurrentPath = rawurldecode($sCurrentPath);
668
        $sCurrentPath = realpath($sCurrentPath);
669
        $sBaseDir = realpath($sBaseDir);
670
		// $sBaseDir needs to exist in the $sCurrentPath
671
		$pos = stripos ($sCurrentPath, $sBaseDir );
672

    
673
		if ( $pos === FALSE ){
674
			return false;
675
		} elseif( $pos == 0 ) {
676
			return $sCurrentPath;
677
		} else {
678
			return false;
679
		}
680
	}
681

    
682
	/**
683
     *
684
     * remove [[text]], link, script, scriptblock and styleblock from a given string
685
     * and return the cleaned string
686
	 *
687
	 * @param string $sValue
688
     * @returns
689
     *    false: if @param is not a string
690
     *    string: cleaned string
691
	 */
692
	public function StripCodeFromText($sValue){
693
        if(!is_string($sValue)) { return false; }
694
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
695
        return (preg_replace ($sPattern, '', $sValue));
696
	}
697

    
698

    
699
}
(16-16/25)