Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: class.wb.php 1791 2012-10-23 22:55:23Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
14
 * @lastmodified    $Date: 2012-10-24 00:55:23 +0200 (Wed, 24 Oct 2012) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23
/* -------------------------------------------------------- */
24
// Include PHPLIB template class
25
require_once(WB_PATH."/include/phplib/template.inc");
26
// Include new wbmailer class (subclass of PHPmailer)
27
require_once(WB_PATH."/framework/class.wbmailer.php");
28
//require_once(WB_PATH."/framework/SecureForm.php");
29

    
30
class wb extends SecureForm
31
{
32

    
33
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
34

    
35
	// performed when frontend or backend is loaded.
36
	public function  __construct($mode = SecureForm::FRONTEND) {
37
		parent::__construct($mode);
38
	}
39

    
40
/**
41
 *
42
 *
43
 * @return array of first visible language pages with defined fields
44
 *
45
 */
46
	public function GetLanguagesDetailsInUsed ( ) {
47
        global $database;
48
        $retVal = array();
49
        $sql =
50
            'SELECT DISTINCT `language`'.
51
            ', `page_id`,`level`,`parent`,`root_parent`,`page_code`,`link`,`language`'.
52
            ', `visibility`,`viewing_groups`,`viewing_users`,`position` '.
53
            'FROM `'.TABLE_PREFIX.'pages` '.
54
            'WHERE `level`= \'0\' '.
55
              'AND `root_parent`=`page_id` '.
56
              'AND `visibility`!=\'none\' '.
57
              'AND `visibility`!=\'hidden\' '.
58
            'GROUP BY `language` '.
59
            'ORDER BY `position`';
60

    
61
            if($oRes = $database->query($sql))
62
            {
63
                while($page = $oRes->fetchRow(MYSQL_ASSOC))
64
                {
65
                    if(!$this->page_is_visible($page)) {continue;}
66
                    $retVal[$page['language']] = $page;
67
                }
68
            }
69
        return $retVal;
70
	}
71

    
72
/**
73
 *
74
 *
75
 * @return comma separate list of first visible languages
76
 *
77
 */
78
	public function GetLanguagesInUsed ( ) {
79
		global $database;
80
        $retVal = '';
81
        $page = array();
82
        $sql =
83
            'SELECT DISTINCT `language`'.
84
            ', `page_id`,`level`,`parent`,`root_parent`,`page_code`,`link`,`language`'.
85
            ', `visibility`,`viewing_groups`,`viewing_users`,`position` '.
86
            'FROM `'.TABLE_PREFIX.'pages` '.
87
            'WHERE `level`= \'0\' '.
88
              'AND `root_parent`=`page_id` '.
89
              'AND `visibility`!=\'none\' '.
90
              'AND `visibility`!=\'hidden\' '.
91
            'GROUP BY `language` '.
92
            'ORDER BY `position`';
93

    
94
            if($oRes = $database->query($sql))
95
            {
96
                while($page = $oRes->fetchRow(MYSQL_ASSOC))
97
                {
98
                    if(!$this->page_is_visible($page)) {continue;}
99
                    $retVal .= $page['language'].',';
100
                }
101
            }
102
            return trim($retVal,',');
103
	}
104

    
105

    
106
/* ****************
107
 * check if one or more group_ids are in both group_lists
108
 *
109
 * @access public
110
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
111
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
112
 * @param array &$matches: an array-var whitch will return possible matches
113
 * @return bool: true there is a match, otherwise false
114
 */
115
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
116
	{
117
		if( $groups_list1 == '' ) { return false; }
118
		if( $groups_list2 == '' ) { return false; }
119
		if( !is_array($groups_list1) )
120
		{
121
			$groups_list1 = explode(',', $groups_list1);
122
		}
123
		if( !is_array($groups_list2) )
124
		{
125
			$groups_list2 = explode(',', $groups_list2);
126
		}
127
		$matches = array_intersect( $groups_list1, $groups_list2);
128
		return ( sizeof($matches) != 0 );
129
	}
130
/* ****************
131
 * check if current user is member of at least one of given groups
132
 * ADMIN (uid=1) always is treated like a member of any groups
133
 *
134
 * @access public
135
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
136
 * @return bool: true if current user is member of one of this groups, otherwise false
137
 */
138
	public function ami_group_member( $groups_list = '' )
139
	{
140
		if( $this->get_user_id() == 1 ) { return true; }
141
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
142
	}
143

    
144
// Check whether a page is visible or not.
145
// This will check page-visibility and user- and group-rights.
146
/* page_is_visible() returns
147
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
148
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
149
*/
150
	public function page_is_visible($page)
151
    {
152
		// First check if visibility is 'none', 'deleted'
153
		$show_it = false; // shall we show the page?
154
		switch( $page['visibility'] )
155
		{
156
			case 'none':
157
			case 'deleted':
158
				$show_it = false;
159
				break;
160
			case 'hidden':
161
			case 'public':
162
				$show_it = true;
163
				break;
164
			case 'private':
165
			case 'registered':
166
				if($this->is_authenticated() == true)
167
				{
168
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
169
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
170
				}
171
		}
172

    
173
		return($show_it);
174
	}
175

    
176
	// Check if there is at least one active section on this page
177
	public function page_is_active($page)
178
    {
179
		global $database;
180
		$now = time();
181
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
182
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
183
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
184
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
185
		return ($database->get_one($sql) != false);
186
   	}
187

    
188
	// Check whether we should show a page or not (for front-end)
189
	public function show_page($page)
190
    {
191
		if( !is_array($page) )
192
		{
193
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
194
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
195
			if( ($res_pages = $database->query($sql))!= null )
196
			{
197
				if( !($page = $res_pages->fetchRow()) ) { return false; }
198
			}
199
		}
200
		return ($this->page_is_visible($page) && $this->page_is_active($page));
201
	}
202

    
203
	// Check if the user is already authenticated or not
204
	public function is_authenticated() {
205
		$retval = ( isset($_SESSION['USER_ID']) AND
206
		            $_SESSION['USER_ID'] != "" AND
207
		            is_numeric($_SESSION['USER_ID']));
208
        return $retval;
209
	}
210

    
211
	// Modified addslashes function which takes into account magic_quotes
212
	function add_slashes($input) {
213
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
214
			return $input;
215
		}
216
		return addslashes($input);
217
	}
218

    
219
	// Ditto for stripslashes
220
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
221
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
222
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
223
	function strip_slashes($input) {
224
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
225
			return $input;
226
		}
227
		return stripslashes($input);
228
	}
229

    
230
	// Escape backslashes for use with mySQL LIKE strings
231
	function escape_backslashes($input) {
232
		return str_replace("\\","\\\\",$input);
233
	}
234

    
235
	function page_link($link){
236
		// Check for :// in the link (used in URL's) as well as mailto:
237
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
238
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
239
		} else {
240
			return $link;
241
		}
242
	}
243

    
244
	// Get POST data
245
	function get_post($field) {
246
		return (isset($_POST[$field]) ? $_POST[$field] : null);
247
	}
248

    
249
	// Get POST data and escape it
250
	function get_post_escaped($field) {
251
		$result = $this->get_post($field);
252
		return (is_null($result)) ? null : $this->add_slashes($result);
253
	}
254

    
255
	// Get GET data
256
	function get_get($field) {
257
		return (isset($_GET[$field]) ? $_GET[$field] : null);
258
	}
259

    
260
	// Get SESSION data
261
	function get_session($field) {
262
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
263
	}
264

    
265
	// Get SERVER data
266
	function get_server($field) {
267
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
268
	}
269

    
270
	// Get the current users id
271
	function get_user_id() {
272
		return $this->get_session('USER_ID');
273
	}
274

    
275
	// Get the current users group id
276
	function get_group_id() {
277
		return $this->get_session('GROUP_ID');
278
	}
279

    
280
	// Get the current users group ids
281
	function get_groups_id() {
282
		return explode(",", $this->get_session('GROUPS_ID'));
283
	}
284

    
285
	// Get the current users group name
286
	function get_group_name() {
287
		return implode(",", $this->get_session('GROUP_NAME'));
288
	}
289

    
290
	// Get the current users group name
291
	function get_groups_name() {
292
		return $this->get_session('GROUP_NAME');
293
	}
294

    
295
	// Get the current users username
296
	function get_username() {
297
		return $this->get_session('USERNAME');
298
	}
299

    
300
	// Get the current users display name
301
	function get_display_name() {
302
		return $this->get_session('DISPLAY_NAME');
303
	}
304

    
305
	// Get the current users email address
306
	function get_email() {
307
		return $this->get_session('EMAIL');
308
	}
309

    
310
	// Get the current users home folder
311
	function get_home_folder() {
312
		return $this->get_session('HOME_FOLDER');
313
	}
314

    
315
	// Get the current users timezone
316
	function get_timezone() {
317
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
318
	}
319

    
320
	// Validate supplied email address
321
	function validate_email($email) {
322
		if(function_exists('idn_to_ascii')){ /* use pear if available */
323
			$email = idn_to_ascii($email);
324
		}else {
325
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
326
			$IDN = new idna_convert();
327
			$email = $IDN->encode($email);
328
			unset($IDN);
329
		}
330
		// regex from NorHei 2011-01-11
331
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
332
		return ($retval != false);
333
	}
334

    
335
	/**
336
     * replace header('Location:...  with new method
337
	 * if header send failed you get a manuell redirected link, so script don't break
338
	 *
339
	 * @param string $location, redirected url
340
	 * @return void
341
	 */
342
	public function send_header ($location) {
343
		if(!headers_sent()) {
344
			header('Location: '.$location);
345
		    exit(0);
346
		} else {
347
//			$aDebugBacktrace = debug_backtrace();
348
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
349
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
350
		         "Please click <a style=\"font-weight:bold;\" " .
351
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
352

    
353
			throw new AppException($msg);
354
		}
355
	}
356

    
357
/* ****************
358
 * set one or more bit in a integer value
359
 *
360
 * @access public
361
 * @param int $value: reference to the integer, containing the value
362
 * @param int $bits2set: the bitmask witch shall be added to value
363
 * @return void
364
 */
365
	function bit_set( &$value, $bits2set )
366
	{
367
		$value |= $bits2set;
368
	}
369

    
370
/* ****************
371
 * reset one or more bit from a integer value
372
 *
373
 * @access public
374
 * @param int $value: reference to the integer, containing the value
375
 * @param int $bits2reset: the bitmask witch shall be removed from value
376
 * @return void
377
 */
378
	function bit_reset( &$value, $bits2reset)
379
	{
380
		$value &= ~$bits2reset;
381
	}
382

    
383
/* ****************
384
 * check if one or more bit in a integer value are set
385
 *
386
 * @access public
387
 * @param int $value: reference to the integer, containing the value
388
 * @param int $bits2set: the bitmask witch shall be added to value
389
 * @return void
390
 */
391
	function bit_isset( $value, $bits2test )
392
	{
393
		return (($value & $bits2test) == $bits2test);
394
	}
395

    
396
	// Print a success message which then automatically redirects the user to another page
397
	function print_success( $message, $redirect = 'index.php' ) {
398
	    global $TEXT;
399
        if(is_array($message)) {
400
           $message = implode ('<br />',$message);
401
        }
402
	    // fetch redirect timer for sucess messages from settings table
403
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
404
	    // add template variables
405
		// Setup template object, parse vars to it, then parse it
406
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
407
	    $tpl->set_file( 'page', 'success.htt' );
408
	    $tpl->set_block( 'page', 'main_block', 'main' );
409
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
410
	    $tpl->set_var( 'MESSAGE', $message );
411
	    $tpl->set_var( 'REDIRECT', $redirect );
412
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
413
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
414
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
415
	    if ($redirect_timer == -1) {
416
	        $tpl->set_block( 'show_redirect', '' );
417
	    }
418
	    else {
419
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
420
	    }
421
	    $tpl->parse( 'main', 'main_block', false );
422
	    $tpl->pparse( 'output', 'page' );
423
	}
424

    
425
	// Print an error message
426
	function print_error($message, $link = 'index.php', $auto_footer = true) {
427
		global $TEXT;
428
        if(is_array($message)) {
429
           $message = implode ('<br />',$message);
430
        }
431
		// Setup template object, parse vars to it, then parse it
432
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
433
		$success_template->set_file('page', 'error.htt');
434
		$success_template->set_block('page', 'main_block', 'main');
435
		$success_template->set_var('MESSAGE', $message);
436
		$success_template->set_var('LINK', $link);
437
		$success_template->set_var('BACK', $TEXT['BACK']);
438
		$success_template->parse('main', 'main_block', false);
439
		$success_template->pparse('output', 'page');
440
		if ( $auto_footer == true ) {
441
			if ( method_exists($this, "print_footer") ) {
442
				$this->print_footer();
443
			}
444
		}
445
		exit();
446
	}
447
/*
448
 * @param string $message: the message to format
449
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
450
 * @return string: the html-formatted message (using template 'message.htt')
451
 */
452
	public function format_message($message, $status = 'ok')
453
	{
454
		$id = uniqid('x');
455
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
456
		$tpl->set_file('page', 'message.htt');
457
		$tpl->set_block('page', 'main_block', 'main');
458
		$tpl->set_var('MESSAGE', $message);
459
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
460
		$tpl->set_var( 'ID', $id );
461
		if($status == 'ok' || $status == 'error' || $status = 'warning')
462
		{
463
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
464
		}else
465
		{
466
			$tpl->set_var('BOX_STATUS', '');
467
		}
468
		$tpl->set_var('STATUS', $status);
469
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
470
		$retval = '';
471
		if( $status != 'error' )
472
		{
473
			switch(REDIRECT_TIMER):
474
				case 0: // do not show message
475
					unset($tpl);
476
					break;
477
				case -1: // show message permanently
478
					$tpl->parse('main', 'main_block', false);
479
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
480
					unset($tpl);
481
					break;
482
				default: // hide message after REDIRECTOR_TIMER milliseconds
483
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
484
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
485
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
486
					$tpl->parse('main', 'main_block', false);
487
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
488
					unset($tpl);
489
			endswitch;
490
		}else
491
		{
492
			$tpl->parse('main', 'main_block', false);
493
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
494
			unset($tpl);
495
		}
496
		return $retval;
497
	}
498
/*
499
 * @param string $type: 'locked'(default)  or 'new'
500
 * @return void: terminates application
501
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
502
 *               'new' >> Show 'new site under construction'(former print_under_construction)
503
 */
504
	public function ShowMaintainScreen($type = 'locked')
505
	{
506
		global $database, $MESSAGE;
507
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
508
		$BE_PATIENT = '';
509
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
510

    
511
		$show_screen = false;
512
		if($type == 'locked')
513
		{
514
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
515
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
516
			{
517
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
518
	// first kick logged users out of the system
519
		// delete all remember keys from table 'user' except user_id=1
520
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
521
				$sql .= 'WHERE `user_id`<>1';
522
				$database->query($sql);
523
		// delete remember key-cookie if set
524
				if (isset($_COOKIE['REMEMBER_KEY'])) {
525
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
526
				}
527
		// overwrite session array
528
				$_SESSION = array();
529
		// delete session cookie if set
530
				if (ini_get("session.use_cookies")) {
531
					$params = session_get_cookie_params();
532
					setcookie(session_name(), '', time() - 42000, $params["path"],
533
						$params["domain"], $params["secure"], $params["httponly"]
534
					);
535
				}
536
		// delete the session itself
537
				session_destroy();
538
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
539
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
540
				$PAGE_ICON  = 'system';
541
				$show_screen = true;
542
			}
543
		} else {
544
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
545
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
546
			$PAGE_ICON  = 'negative';
547
			$show_screen = true;
548
		}
549
		if($show_screen)
550
		{
551
            $sMaintanceFile = $this->correct_theme_source('maintance.htt');
552
    		if(file_exists($sMaintanceFile))
553
    		{
554
                $tpl = new Template(dirname( $sMaintanceFile ));
555
    		    $tpl->set_file( 'page', 'maintance.htt' );
556
    		    $tpl->set_block( 'page', 'main_block', 'main' );
557

    
558
    			if(defined('DEFAULT_CHARSET'))
559
    			{
560
    				$charset=DEFAULT_CHARSET;
561
    			} else {
562
    				$charset='utf-8';
563
    			}
564
    		    $tpl->set_var( 'PAGE_TITLE', $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'] );
565
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
566
    	 	    $tpl->set_var( 'CHARSET', $charset );
567
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
568
    	 	    $tpl->set_var( 'BE_PATIENT', $BE_PATIENT );
569
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
570
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
571
    			$tpl->set_var( 'LANGUAGE', strtolower(LANGUAGE));
572
    		    $tpl->parse( 'main', 'main_block', false );
573
    		    $tpl->pparse( 'output', 'page' );
574
                exit();
575
    		} else {
576
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
577
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
578
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
579
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
580
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
581
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
582
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
583
    		}
584
    		flush();
585
            exit();
586
		}
587
	}
588

    
589
	// Validate send email
590
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
591
/*
592
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
593
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
594
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
595

    
596
	NOTE:
597
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
598
	via the Settings panel in the backend of Website Baker
599
*/
600

    
601
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
602
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
603
		$subject = preg_replace('/[\r\n]/', '', $subject);
604
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
605
		// $message_alt = $message;
606
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
607

    
608
		// create PHPMailer object and define default settings
609
		$myMail = new wbmailer();
610
		// set user defined from address
611
		if ($fromaddress!='') {
612
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
613
			$myMail->From = $fromaddress;                     // FROM:
614
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
615
		}
616
		if($replyTo) {
617
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
618
		}
619
		// define recepient and information to send out
620
		$myMail->AddAddress($toaddress);                      // TO:
621
		$myMail->Subject = $subject;                          // SUBJECT
622
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
623
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
624
		// check if there are any send mail errors, otherwise say successful
625
		if (!$myMail->Send()) {
626
			return false;
627
		} else {
628
			return true;
629
		}
630
	}
631

    
632
	 /**
633
	  * checks if there is an alternative Theme template
634
	  *
635
	  * @param string $sThemeFile set the template.htt
636
	  * @return string the relative theme path
637
	  *
638
	  */
639
        function correct_theme_source($sThemeFile = 'start.htt') {
640
		$sRetval = $sThemeFile;
641
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
642
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
643
		} else {
644
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
645
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
646
			} else {
647
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
648
			}
649
		}
650
		return $sRetval;
651
        }
652

    
653
	/**
654
	 * Check if a foldername doesn't have invalid characters
655
	 *
656
	 * @param String $str to check
657
	 * @return Bool
658
	 */
659
	function checkFolderName($str){
660
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
661
	}
662

    
663
	/**
664
	 * Check the given path to make sure current path is within given basedir
665
	 * normally document root
666
	 *
667
	 * @param String $sCurrentPath
668
	 * @param String $sBaseDir
669
	 * @return $sCurrentPath or FALSE
670
	 */
671
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
672
		// Clean the cuurent path
673
        $sCurrentPath = rawurldecode($sCurrentPath);
674
        $sCurrentPath = realpath($sCurrentPath);
675
        $sBaseDir = realpath($sBaseDir);
676
		// $sBaseDir needs to exist in the $sCurrentPath
677
		$pos = stripos ($sCurrentPath, $sBaseDir );
678

    
679
		if ( $pos === FALSE ){
680
			return false;
681
		} elseif( $pos == 0 ) {
682
			return $sCurrentPath;
683
		} else {
684
			return false;
685
		}
686
	}
687

    
688
	/**
689
     *
690
     * remove [[text]], link, script, scriptblock and styleblock from a given string
691
     * and return the cleaned string
692
	 *
693
	 * @param string $sValue
694
     * @returns
695
     *    false: if @param is not a string
696
     *    string: cleaned string
697
	 */
698
	public function StripCodeFromText($sValue){
699
        if(!is_string($sValue)) { return false; }
700
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
701
        return (preg_replace ($sPattern, '', $sValue));
702
	}
703

    
704

    
705
}
(16-16/25)