Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: class.wb.php 1834 2012-12-10 10:39:01Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
14
 * @lastmodified    $Date: 2012-12-10 11:39:01 +0100 (Mon, 10 Dec 2012) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23
/* -------------------------------------------------------- */
24
// Include PHPLIB template class
25
if(!class_exists('Template', false)){ include(WB_PATH.'/include/phplib/template.inc'); }
26
// Include new wbmailer class (subclass of PHPmailer)
27
if(!class_exists('wbmailer', false)){ include(WB_PATH.'/framework/class.wbmailer.php'); }
28

    
29
class wb extends SecureForm
30
{
31

    
32
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
33

    
34
	// performed when frontend or backend is loaded.
35
	public function  __construct($mode = SecureForm::FRONTEND) {
36
		parent::__construct($mode);
37
	}
38

    
39
/**
40
 *
41
 *
42
 * @return array of first visible language pages with defined fields
43
 *
44
 */
45
	public function GetLanguagesDetailsInUsed ( ) {
46
        global $database;
47
        $aRetval = array();
48
        $sql =
49
            'SELECT DISTINCT `language`'.
50
            ', `page_id`,`level`,`parent`,`root_parent`,`page_code`,`link`,`language`'.
51
            ', `visibility`,`viewing_groups`,`viewing_users`,`position` '.
52
            'FROM `'.TABLE_PREFIX.'pages` '.
53
            'WHERE `level`= \'0\' '.
54
              'AND `root_parent`=`page_id` '.
55
              'AND `visibility`!=\'none\' '.
56
              'AND `visibility`!=\'hidden\' '.
57
            'GROUP BY `language` '.
58
            'ORDER BY `position`';
59

    
60
            if($oRes = $database->query($sql))
61
            {
62
                while($page = $oRes->fetchRow(MYSQL_ASSOC))
63
                {
64
                    if(!$this->page_is_visible($page)) {continue;}
65
                    $aRetval[$page['language']] = $page;
66
                }
67
            }
68
        return $aRetval;
69
	}
70

    
71
/**
72
 *
73
 *
74
 * @return comma separate list of first visible languages
75
 *
76
 */
77
	public function GetLanguagesInUsed ( ) {
78
        return implode(',', array_keys($this->GetLanguagesDetailsInUsed()));
79
  	}
80

    
81

    
82
    /**
83
     * Created parse_url utf-8 compatible function
84
     * 
85
     * @param string $url The string to decode
86
     * @return array Associative array containing the different components
87
     * 
88
     */
89
    public function mb_parse_url($url) {
90
        $encodedUrl = preg_replace('%[^:/?#&=\.]+%usDe', 'urlencode(\'$0\')', $url);
91
        $components = parse_url($encodedUrl);
92
        foreach ($components as &$component)
93
            $component = urldecode($component);
94
        return $components;
95
    }
96

    
97
/* ****************
98
 * check if one or more group_ids are in both group_lists
99
 *
100
 * @access public
101
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
102
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
103
 * @param array &$matches: an array-var whitch will return possible matches
104
 * @return bool: true there is a match, otherwise false
105
 */
106
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
107
	{
108
		if( $groups_list1 == '' ) { return false; }
109
		if( $groups_list2 == '' ) { return false; }
110
		if( !is_array($groups_list1) )
111
		{
112
			$groups_list1 = explode(',', $groups_list1);
113
		}
114
		if( !is_array($groups_list2) )
115
		{
116
			$groups_list2 = explode(',', $groups_list2);
117
		}
118
		$matches = array_intersect( $groups_list1, $groups_list2);
119
		return ( sizeof($matches) != 0 );
120
	}
121
/* ****************
122
 * check if current user is member of at least one of given groups
123
 * ADMIN (uid=1) always is treated like a member of any groups
124
 *
125
 * @access public
126
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
127
 * @return bool: true if current user is member of one of this groups, otherwise false
128
 */
129
	public function ami_group_member( $groups_list = '' )
130
	{
131
		if( $this->get_user_id() == 1 ) { return true; }
132
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
133
	}
134

    
135
// Check whether a page is visible or not.
136
// This will check page-visibility and user- and group-rights.
137
/* page_is_visible() returns
138
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
139
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
140
*/
141
	public function page_is_visible($page)
142
    {
143
		// First check if visibility is 'none', 'deleted'
144
		$show_it = false; // shall we show the page?
145
		switch( $page['visibility'] )
146
		{
147
			case 'none':
148
			case 'deleted':
149
				$show_it = false;
150
				break;
151
			case 'hidden':
152
			case 'public':
153
				$show_it = true;
154
				break;
155
			case 'private':
156
			case 'registered':
157
				if($this->is_authenticated() == true)
158
				{
159
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
160
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
161
				}
162
		}
163

    
164
		return($show_it);
165
	}
166

    
167
	// Check if there is at least one active section on this page
168
	public function page_is_active($page)
169
    {
170
		global $database;
171
		$now = time();
172
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
173
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
174
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
175
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
176
		return ($database->get_one($sql) != false);
177
   	}
178

    
179
	// Check whether we should show a page or not (for front-end)
180
	public function show_page($page)
181
    {
182
		if( !is_array($page) )
183
		{
184
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
185
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
186
			if( ($res_pages = $database->query($sql))!= null )
187
			{
188
				if( !($page = $res_pages->fetchRow()) ) { return false; }
189
			}
190
		}
191
		return ($this->page_is_visible($page) && $this->page_is_active($page));
192
	}
193

    
194
	// Check if the user is already authenticated or not
195
	public function is_authenticated() {
196
		$retval = ( isset($_SESSION['USER_ID']) AND
197
		            $_SESSION['USER_ID'] != "" AND
198
		            is_numeric($_SESSION['USER_ID']));
199
        return $retval;
200
	}
201

    
202
	// Modified addslashes function which takes into account magic_quotes
203
	function add_slashes($input) {
204
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
205
			return $input;
206
		}
207
		return addslashes($input);
208
	}
209

    
210
	// Ditto for stripslashes
211
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
212
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
213
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
214
	function strip_slashes($input) {
215
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
216
			return $input;
217
		}
218
		return stripslashes($input);
219
	}
220

    
221
	// Escape backslashes for use with mySQL LIKE strings
222
	function escape_backslashes($input) {
223
		return str_replace("\\","\\\\",$input);
224
	}
225

    
226
	function page_link($link){
227
		// Check for :// in the link (used in URL's) as well as mailto:
228
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
229
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
230
		} else {
231
			return $link;
232
		}
233
	}
234

    
235
	// Get POST data
236
	function get_post($field) {
237
		return (isset($_POST[$field]) ? $_POST[$field] : null);
238
	}
239

    
240
	// Get POST data and escape it
241
	function get_post_escaped($field) {
242
		$result = $this->get_post($field);
243
		return (is_null($result)) ? null : $this->add_slashes($result);
244
	}
245

    
246
	// Get GET data
247
	function get_get($field) {
248
		return (isset($_GET[$field]) ? $_GET[$field] : null);
249
	}
250

    
251
	// Get SESSION data
252
	function get_session($field) {
253
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
254
	}
255

    
256
	// Get SERVER data
257
	function get_server($field) {
258
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
259
	}
260

    
261
	// Get the current users id
262
	function get_user_id() {
263
		return $this->get_session('USER_ID');
264
	}
265

    
266
	// Get the current users group id
267
	function get_group_id() {
268
		return $this->get_session('GROUP_ID');
269
	}
270

    
271
	// Get the current users group ids
272
	function get_groups_id() {
273
		return explode(",", $this->get_session('GROUPS_ID'));
274
	}
275

    
276
	// Get the current users group name
277
	function get_group_name() {
278
		return implode(",", $this->get_session('GROUP_NAME'));
279
	}
280

    
281
	// Get the current users group name
282
	function get_groups_name() {
283
		return $this->get_session('GROUP_NAME');
284
	}
285

    
286
	// Get the current users username
287
	function get_username() {
288
		return $this->get_session('USERNAME');
289
	}
290

    
291
	// Get the current users display name
292
	function get_display_name() {
293
		return $this->get_session('DISPLAY_NAME');
294
	}
295

    
296
	// Get the current users email address
297
	function get_email() {
298
		return $this->get_session('EMAIL');
299
	}
300

    
301
	// Get the current users home folder
302
	function get_home_folder() {
303
		return $this->get_session('HOME_FOLDER');
304
	}
305

    
306
	// Get the current users timezone
307
	function get_timezone() {
308
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $_SESSION['TIMEZONE']);
309
	}
310

    
311
	// Validate supplied email address
312
	function validate_email($email) {
313
		if(function_exists('idn_to_ascii')){ /* use pear if available */
314
			$email = idn_to_ascii($email);
315
		}else {
316
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
317
			$IDN = new idna_convert();
318
			$email = $IDN->encode($email);
319
			unset($IDN);
320
		}
321
		// regex from NorHei 2011-01-11
322
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
323
		return ($retval != false);
324
	}
325

    
326
	/**
327
     * replace header('Location:...  with new method
328
	 * if header send failed you get a manuell redirected link, so script don't break
329
	 *
330
	 * @param string $location, redirected url
331
	 * @return void
332
	 */
333
	public function send_header ($location) {
334
		if(!headers_sent()) {
335
			header('Location: '.$location);
336
		    exit(0);
337
		} else {
338
//			$aDebugBacktrace = debug_backtrace();
339
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
340
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
341
		         "Please click <a style=\"font-weight:bold;\" " .
342
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
343

    
344
			throw new AppException($msg);
345
		}
346
	}
347

    
348
/* ****************
349
 * set one or more bit in a integer value
350
 *
351
 * @access public
352
 * @param int $value: reference to the integer, containing the value
353
 * @param int $bits2set: the bitmask witch shall be added to value
354
 * @return void
355
 */
356
	function bit_set( &$value, $bits2set )
357
	{
358
		$value |= $bits2set;
359
	}
360

    
361
/* ****************
362
 * reset one or more bit from a integer value
363
 *
364
 * @access public
365
 * @param int $value: reference to the integer, containing the value
366
 * @param int $bits2reset: the bitmask witch shall be removed from value
367
 * @return void
368
 */
369
	function bit_reset( &$value, $bits2reset)
370
	{
371
		$value &= ~$bits2reset;
372
	}
373

    
374
/* ****************
375
 * check if one or more bit in a integer value are set
376
 *
377
 * @access public
378
 * @param int $value: reference to the integer, containing the value
379
 * @param int $bits2set: the bitmask witch shall be added to value
380
 * @return void
381
 */
382
	function bit_isset( $value, $bits2test )
383
	{
384
		return (($value & $bits2test) == $bits2test);
385
	}
386

    
387
	// Print a success message which then automatically redirects the user to another page
388
	function print_success( $message, $redirect = 'index.php' ) {
389
	    global $TEXT;
390
        if(is_array($message)) {
391
           $message = implode ('<br />',$message);
392
        }
393
	    // fetch redirect timer for sucess messages from settings table
394
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
395
	    // add template variables
396
		// Setup template object, parse vars to it, then parse it
397
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
398
	    $tpl->set_file( 'page', 'success.htt' );
399
	    $tpl->set_block( 'page', 'main_block', 'main' );
400
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
401
	    $tpl->set_var( 'MESSAGE', $message );
402
	    $tpl->set_var( 'REDIRECT', $redirect );
403
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
404
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
405
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
406
	    if ($redirect_timer == -1) {
407
	        $tpl->set_block( 'show_redirect', '' );
408
	    }
409
	    else {
410
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
411
	    }
412
	    $tpl->parse( 'main', 'main_block', false );
413
	    $tpl->pparse( 'output', 'page' );
414
	}
415

    
416
	// Print an error message
417
	function print_error($message, $link = 'index.php', $auto_footer = true) {
418
		global $TEXT;
419
        if(is_array($message)) {
420
           $message = implode ('<br />',$message);
421
        }
422
		// Setup template object, parse vars to it, then parse it
423
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
424
		$success_template->set_file('page', 'error.htt');
425
		$success_template->set_block('page', 'main_block', 'main');
426
		$success_template->set_var('MESSAGE', $message);
427
		$success_template->set_var('LINK', $link);
428
		$success_template->set_var('BACK', $TEXT['BACK']);
429
		$success_template->parse('main', 'main_block', false);
430
		$success_template->pparse('output', 'page');
431
		if ( $auto_footer == true ) {
432
			if ( method_exists($this, "print_footer") ) {
433
				$this->print_footer();
434
			}
435
		}
436
		exit();
437
	}
438
/*
439
 * @param string $message: the message to format
440
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
441
 * @return string: the html-formatted message (using template 'message.htt')
442
 */
443
	public function format_message($message, $status = 'ok')
444
	{
445
		$id = uniqid('x');
446
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
447
		$tpl->set_file('page', 'message.htt');
448
		$tpl->set_block('page', 'main_block', 'main');
449
		$tpl->set_var('MESSAGE', $message);
450
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
451
		$tpl->set_var( 'ID', $id );
452
		if($status == 'ok' || $status == 'error' || $status = 'warning')
453
		{
454
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
455
		}else
456
		{
457
			$tpl->set_var('BOX_STATUS', '');
458
		}
459
		$tpl->set_var('STATUS', $status);
460
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
461
		$retval = '';
462
		if( $status != 'error' )
463
		{
464
			switch(REDIRECT_TIMER):
465
				case 0: // do not show message
466
					unset($tpl);
467
					break;
468
				case -1: // show message permanently
469
					$tpl->parse('main', 'main_block', false);
470
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
471
					unset($tpl);
472
					break;
473
				default: // hide message after REDIRECTOR_TIMER milliseconds
474
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
475
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
476
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
477
					$tpl->parse('main', 'main_block', false);
478
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
479
					unset($tpl);
480
			endswitch;
481
		}else
482
		{
483
			$tpl->parse('main', 'main_block', false);
484
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
485
			unset($tpl);
486
		}
487
		return $retval;
488
	}
489
/*
490
 * @param string $type: 'locked'(default)  or 'new'
491
 * @return void: terminates application
492
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
493
 *               'new' >> Show 'new site under construction'(former print_under_construction)
494
 */
495
	public function ShowMaintainScreen($type = 'locked')
496
	{
497
		global $database, $MESSAGE;
498
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
499
		$BE_PATIENT = '';
500
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
501

    
502
		$show_screen = false;
503
		if($type == 'locked')
504
		{
505
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
506
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
507
			{
508
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
509
	// first kick logged users out of the system
510
		// delete all remember keys from table 'user' except user_id=1
511
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
512
				$sql .= 'WHERE `user_id`<>1';
513
				$database->query($sql);
514
		// delete remember key-cookie if set
515
				if (isset($_COOKIE['REMEMBER_KEY'])) {
516
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
517
				}
518
		// overwrite session array
519
				$_SESSION = array();
520
		// delete session cookie if set
521
				if (ini_get("session.use_cookies")) {
522
					$params = session_get_cookie_params();
523
					setcookie(session_name(), '', time() - 42000, $params["path"],
524
						$params["domain"], $params["secure"], $params["httponly"]
525
					);
526
				}
527
		// delete the session itself
528
				session_destroy();
529
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
530
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
531
				$PAGE_ICON  = 'system';
532
				$show_screen = true;
533
			}
534
		} else {
535
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
536
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
537
			$PAGE_ICON  = 'negative';
538
			$show_screen = true;
539
		}
540
		if($show_screen)
541
		{
542
            $sMaintanceFile = $this->correct_theme_source('maintenance.htt');
543
    		if(file_exists($sMaintanceFile))
544
    		{
545
                $tpl = new Template(dirname( $sMaintanceFile ));
546
    		    $tpl->set_file( 'page', 'maintenance.htt' );
547
    		    $tpl->set_block( 'page', 'main_block', 'main' );
548

    
549
    			if(defined('DEFAULT_CHARSET'))
550
    			{
551
    				$charset=DEFAULT_CHARSET;
552
    			} else {
553
    				$charset='utf-8';
554
    			}
555
    		    $tpl->set_var( 'PAGE_TITLE', $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'] );
556
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
557
    	 	    $tpl->set_var( 'CHARSET', $charset );
558
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
559
    	 	    $tpl->set_var( 'BE_PATIENT', $BE_PATIENT );
560
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
561
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
562
    			$tpl->set_var( 'LANGUAGE', strtolower(LANGUAGE));
563
    		    $tpl->parse( 'main', 'main_block', false );
564
    		    $tpl->pparse( 'output', 'page' );
565
                exit();
566
    		} else {
567
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
568
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
569
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
570
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
571
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
572
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
573
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
574
    		}
575
    		flush();
576
            exit();
577
		}
578
	}
579

    
580
	// Validate send email
581
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
582
/*
583
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
584
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
585
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
586

    
587
	NOTE:
588
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
589
	via the Settings panel in the backend of Website Baker
590
*/
591

    
592
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
593
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
594
		$subject = preg_replace('/[\r\n]/', '', $subject);
595
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
596
		// $message_alt = $message;
597
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
598

    
599
		// create PHPMailer object and define default settings
600
		$myMail = new wbmailer();
601
		// set user defined from address
602
		if ($fromaddress!='') {
603
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
604
			$myMail->From = $fromaddress;                     // FROM:
605
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
606
		}
607
		if($replyTo) {
608
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
609
		}
610
		// define recepient and information to send out
611
		$myMail->AddAddress($toaddress);                      // TO:
612
		$myMail->Subject = $subject;                          // SUBJECT
613
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
614
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
615
		// check if there are any send mail errors, otherwise say successful
616
		if (!$myMail->Send()) {
617
			return false;
618
		} else {
619
			return true;
620
		}
621
	}
622

    
623
	 /**
624
	  * checks if there is an alternative Theme template
625
	  *
626
	  * @param string $sThemeFile set the template.htt
627
	  * @return string the relative theme path
628
	  *
629
	  */
630
        function correct_theme_source($sThemeFile = 'start.htt') {
631
		$sRetval = $sThemeFile;
632
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
633
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
634
		} else {
635
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
636
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
637
			} else {
638
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
639
			}
640
		}
641
		return $sRetval;
642
        }
643

    
644
	/**
645
	 * Check if a foldername doesn't have invalid characters
646
	 *
647
	 * @param String $str to check
648
	 * @return Bool
649
	 */
650
	function checkFolderName($str){
651
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
652
	}
653

    
654
	/**
655
	 * Check the given path to make sure current path is within given basedir
656
	 * normally document root
657
	 *
658
	 * @param String $sCurrentPath
659
	 * @param String $sBaseDir
660
	 * @return $sCurrentPath or FALSE
661
	 */
662
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
663
		// Clean the cuurent path
664
        $sCurrentPath = rawurldecode($sCurrentPath);
665
        $sCurrentPath = realpath($sCurrentPath);
666
        $sBaseDir = realpath($sBaseDir);
667
		// $sBaseDir needs to exist in the $sCurrentPath
668
		$pos = stripos ($sCurrentPath, $sBaseDir );
669

    
670
		if ( $pos === FALSE ){
671
			return false;
672
		} elseif( $pos == 0 ) {
673
			return $sCurrentPath;
674
		} else {
675
			return false;
676
		}
677
	}
678

    
679
	/**
680
     *
681
     * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
682
     * and return the cleaned string
683
	 *
684
	 * @param string $sValue
685
     * @returns
686
     *    false: if @param is not a string
687
     *    string: cleaned string
688
	 */
689
	public function StripCodeFromText($sValue, $bPHPCode=false){
690
        if(!is_string($sValue)) { return false; }
691
        $sValue = ( ($bPHPCode==true) ? preg_replace ('/\[\[.*?\]\]\s*?|<\?php\s+.*\?>\s*?/isU', '', $sValue ) : $sValue );
692
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
693
        return (preg_replace ($sPattern, '', $sValue));
694
	}
695

    
696

    
697
}
(20-20/29)