Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: class.wb.php 1889 2013-03-19 09:34:11Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
14
 * @lastmodified    $Date: 2013-03-19 10:34:11 +0100 (Tue, 19 Mar 2013) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23
/* -------------------------------------------------------- */
24
// Include PHPLIB template class
25
if(!class_exists('Template', false)){ include(WB_PATH.'/include/phplib/template.inc'); }
26
// Include new wbmailer class (subclass of PHPmailer)
27
if(!class_exists('wbmailer', false)){ include(WB_PATH.'/framework/class.wbmailer.php'); }
28

    
29
class wb extends SecureForm
30
{
31

    
32
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
33

    
34
	// performed when frontend or backend is loaded.
35
	public function  __construct($mode = SecureForm::FRONTEND) {
36
		parent::__construct($mode);
37
	}
38

    
39
/**
40
 *
41
 *
42
 * @return array of first visible language pages with defined fields
43
 *
44
 */
45
	public function GetLanguagesDetailsInUsed ( ) {
46
        global $database;
47
        $aRetval = array();
48
        $sql =
49
            'SELECT DISTINCT `language`'.
50
            ', `page_id`,`level`,`parent`,`root_parent`,`page_code`,`link`,`language`'.
51
            ', `visibility`,`viewing_groups`,`viewing_users`,`position` '.
52
            'FROM `'.TABLE_PREFIX.'pages` '.
53
            'WHERE `level`= \'0\' '.
54
              'AND `root_parent`=`page_id` '.
55
              'AND `visibility`!=\'none\' '.
56
              'AND `visibility`!=\'hidden\' '.
57
            'GROUP BY `language` '.
58
            'ORDER BY `position`';
59

    
60
            if($oRes = $database->query($sql))
61
            {
62
                while($page = $oRes->fetchRow(MYSQL_ASSOC))
63
                {
64
                    if(!$this->page_is_visible($page)) {continue;}
65
                    $aRetval[$page['language']] = $page;
66
                }
67
            }
68
        return $aRetval;
69
	}
70

    
71
/**
72
 *
73
 *
74
 * @return comma separate list of first visible languages
75
 *
76
 */
77
	public function GetLanguagesInUsed ( ) {
78
        return implode(',', array_keys($this->GetLanguagesDetailsInUsed()));
79
  	}
80

    
81

    
82
    /**
83
     * Created parse_url utf-8 compatible function
84
     * 
85
     * @param string $url The string to decode
86
     * @return array Associative array containing the different components
87
     * 
88
     */
89
		public function mb_parse_url($url) {
90
		$encodedUrl = preg_replace_callback('%[^:/?#&=\.]+%usD',
91
		              create_function('$aMatches', ';return urlencode($aMatches[0]);'),
92
/*		                           'urlencode(\'$0\')', */
93
		                           $url);
94
		$components = parse_url($encodedUrl);
95
		foreach ($components as &$component)
96
			$component = urldecode($component);
97
return $components;
98
    }
99

    
100
/* ****************
101
 * check if one or more group_ids are in both group_lists
102
 *
103
 * @access public
104
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
105
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
106
 * @param array &$matches: an array-var whitch will return possible matches
107
 * @return bool: true there is a match, otherwise false
108
 */
109
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
110
	{
111
		if( $groups_list1 == '' ) { return false; }
112
		if( $groups_list2 == '' ) { return false; }
113
		if( !is_array($groups_list1) ) {
114
			$groups_list1 = explode(',', $groups_list1);
115
		}
116
		if( !is_array($groups_list2) ) {
117
			$groups_list2 = explode(',', $groups_list2);
118
		}
119
		$matches = array_intersect( $groups_list1, $groups_list2);
120
		return ( sizeof($matches) != 0 );
121
	}
122
/* ****************
123
 * check if current user is member of at least one of given groups
124
 * ADMIN (uid=1) always is treated like a member of any groups
125
 *
126
 * @access public
127
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
128
 * @return bool: true if current user is member of one of this groups, otherwise false
129
 */
130
	public function ami_group_member( $groups_list = '' )
131
	{
132
		if( $this->get_user_id() == 1 ) { return true; }
133
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
134
	}
135

    
136
// Check whether a page is visible or not.
137
// This will check page-visibility and user- and group-rights.
138
/* page_is_visible() returns
139
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
140
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
141
*/
142
	public function page_is_visible($page)
143
    {
144
		// First check if visibility is 'none', 'deleted'
145
		$show_it = false; // shall we show the page?
146
		switch( $page['visibility'] )
147
		{
148
			case 'none':
149
			case 'deleted':
150
				$show_it = false;
151
				break;
152
			case 'hidden':
153
			case 'public':
154
				$show_it = true;
155
				break;
156
			case 'private':
157
			case 'registered':
158
				if($this->is_authenticated() == true)
159
				{
160
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
161
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
162
				}
163
		}
164

    
165
		return($show_it);
166
	}
167

    
168
	// Check if there is at least one active section on this page
169
	public function page_is_active($page)
170
    {
171
		global $database;
172
		$now = time();
173
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
174
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
175
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
176
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
177
		return ($database->get_one($sql) != false);
178
   	}
179

    
180
	// Check whether we should show a page or not (for front-end)
181
	public function show_page($page)
182
    {
183
		if( !is_array($page) )
184
		{
185
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
186
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
187
			if( ($res_pages = $database->query($sql))!= null )
188
			{
189
				if( !($page = $res_pages->fetchRow()) ) { return false; }
190
			}
191
		}
192
		return ($this->page_is_visible($page) && $this->page_is_active($page));
193
	}
194

    
195
	// Check if the user is already authenticated or not
196
	public function is_authenticated() {
197
		$retval = ( isset($_SESSION['USER_ID']) AND
198
		            $_SESSION['USER_ID'] != "" AND
199
		            is_numeric($_SESSION['USER_ID']));
200
        return $retval;
201
	}
202

    
203
	// Modified addslashes function which takes into account magic_quotes
204
	function add_slashes($input) {
205
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
206
			return $input;
207
		}
208
		return addslashes($input);
209
	}
210

    
211
	// Ditto for stripslashes
212
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
213
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
214
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
215
	function strip_slashes($input) {
216
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
217
			return $input;
218
		}
219
		return stripslashes($input);
220
	}
221

    
222
	// Escape backslashes for use with mySQL LIKE strings
223
	function escape_backslashes($input) {
224
		return str_replace("\\","\\\\",$input);
225
	}
226

    
227
	function page_link($link){
228
		// Check for :// in the link (used in URL's) as well as mailto:
229
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
230
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
231
		} else {
232
			return $link;
233
		}
234
	}
235

    
236
	// Get POST data
237
	function get_post($field) {
238
		return (isset($_POST[$field]) ? $_POST[$field] : null);
239
	}
240

    
241
	// Get POST data and escape it
242
	function get_post_escaped($field) {
243
		$result = $this->get_post($field);
244
		return (is_null($result)) ? null : $this->add_slashes($result);
245
	}
246

    
247
	// Get GET data
248
	function get_get($field) {
249
		return (isset($_GET[$field]) ? $_GET[$field] : null);
250
	}
251

    
252
	// Get SESSION data
253
	function get_session($field) {
254
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
255
	}
256

    
257
	// Get SERVER data
258
	function get_server($field) {
259
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
260
	}
261

    
262
	// Get the current users id
263
	function get_user_id() {
264
		return $this->get_session('USER_ID');
265
	}
266

    
267
	// Get the current users group id
268
	function get_group_id() {
269
		return $this->get_session('GROUP_ID');
270
	}
271

    
272
	// Get the current users group ids
273
	function get_groups_id() {
274
		return explode(",", $this->get_session('GROUPS_ID'));
275
	}
276

    
277
	// Get the current users group name
278
	function get_group_name() {
279
		return implode(",", $this->get_session('GROUP_NAME'));
280
	}
281

    
282
	// Get the current users group name
283
	function get_groups_name() {
284
		return $this->get_session('GROUP_NAME');
285
	}
286

    
287
	// Get the current users username
288
	function get_username() {
289
		return $this->get_session('USERNAME');
290
	}
291

    
292
	// Get the current users display name
293
	function get_display_name() {
294
		return $this->get_session('DISPLAY_NAME');
295
	}
296

    
297
	// Get the current users email address
298
	function get_email() {
299
		return $this->get_session('EMAIL');
300
	}
301

    
302
	// Get the current users home folder
303
	function get_home_folder() {
304
		return $this->get_session('HOME_FOLDER');
305
	}
306

    
307
	// Get the current users timezone
308
	function get_timezone() {
309
		
310
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $this->get_session('TIMEZONE'));
311
	}
312

    
313
	// Validate supplied email address
314
	function validate_email($email) {
315
		if(function_exists('idn_to_ascii')){ /* use pear if available */
316
			$email = idn_to_ascii($email);
317
		}else {
318
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
319
			$IDN = new idna_convert();
320
			$email = $IDN->encode($email);
321
			unset($IDN);
322
		}
323
		// regex from NorHei 2011-01-11
324
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
325
		return ($retval != false);
326
	}
327

    
328
	/**
329
     * replace header('Location:...  with new method
330
	 * if header send failed you get a manuell redirected link, so script don't break
331
	 *
332
	 * @param string $location, redirected url
333
	 * @return void
334
	 */
335
	public function send_header ($location) {
336
		if(!headers_sent()) {
337
			header('Location: '.$location);
338
		    exit(0);
339
		} else {
340
//			$aDebugBacktrace = debug_backtrace();
341
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
342
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
343
		         "Please click <a style=\"font-weight:bold;\" " .
344
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
345

    
346
			throw new AppException($msg);
347
		}
348
	}
349

    
350
/* ****************
351
 * set one or more bit in a integer value
352
 *
353
 * @access public
354
 * @param int $value: reference to the integer, containing the value
355
 * @param int $bits2set: the bitmask witch shall be added to value
356
 * @return void
357
 */
358
	function bit_set( &$value, $bits2set )
359
	{
360
		$value |= $bits2set;
361
	}
362

    
363
/* ****************
364
 * reset one or more bit from a integer value
365
 *
366
 * @access public
367
 * @param int $value: reference to the integer, containing the value
368
 * @param int $bits2reset: the bitmask witch shall be removed from value
369
 * @return void
370
 */
371
	function bit_reset( &$value, $bits2reset)
372
	{
373
		$value &= ~$bits2reset;
374
	}
375

    
376
/* ****************
377
 * check if one or more bit in a integer value are set
378
 *
379
 * @access public
380
 * @param int $value: reference to the integer, containing the value
381
 * @param int $bits2set: the bitmask witch shall be added to value
382
 * @return void
383
 */
384
	function bit_isset( $value, $bits2test )
385
	{
386
		return (($value & $bits2test) == $bits2test);
387
	}
388

    
389
	// Print a success message which then automatically redirects the user to another page
390
	function print_success( $message, $redirect = 'index.php' ) {
391
	    global $TEXT;
392
        if(is_array($message)) {
393
           $message = implode ('<br />',$message);
394
        }
395
	    // fetch redirect timer for sucess messages from settings table
396
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
397
	    // add template variables
398
		// Setup template object, parse vars to it, then parse it
399
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
400
	    $tpl->set_file( 'page', 'success.htt' );
401
	    $tpl->set_block( 'page', 'main_block', 'main' );
402
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
403
	    $tpl->set_var( 'MESSAGE', $message );
404
	    $tpl->set_var( 'REDIRECT', $redirect );
405
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
406
	    $tpl->set_var( 'NEXT', $TEXT['NEXT'] );
407
	    $tpl->set_var( 'BACK', $TEXT['BACK'] );
408
	    if ($redirect_timer == -1) {
409
	        $tpl->set_block( 'show_redirect', '' );
410
	    }
411
	    else {
412
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
413
	    }
414
	    $tpl->parse( 'main', 'main_block', false );
415
	    $tpl->pparse( 'output', 'page' );
416
	}
417

    
418
	// Print an error message
419
	function print_error($message, $link = 'index.php', $auto_footer = true) {
420
		global $TEXT;
421
        if(is_array($message)) {
422
           $message = implode ('<br />',$message);
423
        }
424
		// Setup template object, parse vars to it, then parse it
425
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
426
		$success_template->set_file('page', 'error.htt');
427
		$success_template->set_block('page', 'main_block', 'main');
428
		$success_template->set_var('MESSAGE', $message);
429
		$success_template->set_var('LINK', $link);
430
		$success_template->set_var('BACK', $TEXT['BACK']);
431
		$success_template->parse('main', 'main_block', false);
432
		$success_template->pparse('output', 'page');
433
		if ( $auto_footer == true ) {
434
			if ( method_exists($this, "print_footer") ) {
435
				$this->print_footer();
436
			}
437
		}
438
		exit();
439
	}
440
/*
441
 * @param string $message: the message to format
442
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
443
 * @return string: the html-formatted message (using template 'message.htt')
444
 */
445
	public function format_message($message, $status = 'ok')
446
	{
447
		$id = uniqid('x');
448
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
449
		$tpl->set_file('page', 'message.htt');
450
		$tpl->set_block('page', 'main_block', 'main');
451
		$tpl->set_var('MESSAGE', $message);
452
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
453
		$tpl->set_var( 'ID', $id );
454
		if($status == 'ok' || $status == 'error' || $status = 'warning')
455
		{
456
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
457
		}else
458
		{
459
			$tpl->set_var('BOX_STATUS', '');
460
		}
461
		$tpl->set_var('STATUS', $status);
462
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
463
		$retval = '';
464
		if( $status != 'error' )
465
		{
466
			switch(REDIRECT_TIMER):
467
				case 0: // do not show message
468
					unset($tpl);
469
					break;
470
				case -1: // show message permanently
471
					$tpl->parse('main', 'main_block', false);
472
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
473
					unset($tpl);
474
					break;
475
				default: // hide message after REDIRECTOR_TIMER milliseconds
476
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
477
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
478
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
479
					$tpl->parse('main', 'main_block', false);
480
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
481
					unset($tpl);
482
			endswitch;
483
		}else
484
		{
485
			$tpl->parse('main', 'main_block', false);
486
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
487
			unset($tpl);
488
		}
489
		return $retval;
490
	}
491
/*
492
 * @param string $type: 'locked'(default)  or 'new'
493
 * @return void: terminates application
494
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
495
 *               'new' >> Show 'new site under construction'(former print_under_construction)
496
 */
497
	public function ShowMaintainScreen($type = 'locked')
498
	{
499
		global $database, $MESSAGE;
500
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
501
		$BE_PATIENT = '';
502
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
503

    
504
		$show_screen = false;
505
		if($type == 'locked')
506
		{
507
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
508
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
509
			{
510
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
511
	// first kick logged users out of the system
512
		// delete all remember keys from table 'user' except user_id=1
513
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
514
				$sql .= 'WHERE `user_id`<>1';
515
				$database->query($sql);
516
		// delete remember key-cookie if set
517
				if (isset($_COOKIE['REMEMBER_KEY'])) {
518
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
519
				}
520
		// overwrite session array
521
				$_SESSION = array();
522
		// delete session cookie if set
523
				if (ini_get("session.use_cookies")) {
524
					$params = session_get_cookie_params();
525
					setcookie(session_name(), '', time() - 42000, $params["path"],
526
						$params["domain"], $params["secure"], $params["httponly"]
527
					);
528
				}
529
		// delete the session itself
530
				session_destroy();
531
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
532
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
533
				$PAGE_ICON  = 'system';
534
				$show_screen = true;
535
			}
536
		} else {
537
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
538
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
539
			$PAGE_ICON  = 'negative';
540
			$show_screen = true;
541
		}
542
		if($show_screen)
543
		{
544
            $sMaintanceFile = $this->correct_theme_source('maintenance.htt');
545
    		if(file_exists($sMaintanceFile))
546
    		{
547
                $tpl = new Template(dirname( $sMaintanceFile ));
548
    		    $tpl->set_file( 'page', 'maintenance.htt' );
549
    		    $tpl->set_block( 'page', 'main_block', 'main' );
550

    
551
    			if(defined('DEFAULT_CHARSET'))
552
    			{
553
    				$charset=DEFAULT_CHARSET;
554
    			} else {
555
    				$charset='utf-8';
556
    			}
557
    		    $tpl->set_var( 'PAGE_TITLE', $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'] );
558
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
559
    	 	    $tpl->set_var( 'CHARSET', $charset );
560
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
561
    	 	    $tpl->set_var( 'BE_PATIENT', $BE_PATIENT );
562
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
563
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
564
    			$tpl->set_var( 'LANGUAGE', strtolower(LANGUAGE));
565
    		    $tpl->parse( 'main', 'main_block', false );
566
    		    $tpl->pparse( 'output', 'page' );
567
                exit();
568
    		} else {
569
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
570
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
571
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
572
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
573
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
574
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
575
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
576
    		}
577
    		flush();
578
            exit();
579
		}
580
	}
581

    
582
	// Validate send email
583
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
584
/*
585
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
586
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
587
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
588

    
589
	NOTE:
590
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
591
	via the Settings panel in the backend of Website Baker
592
*/
593

    
594
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
595
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
596
		$subject = preg_replace('/[\r\n]/', '', $subject);
597
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
598
		// $message_alt = $message;
599
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
600

    
601
		// create PHPMailer object and define default settings
602
		$myMail = new wbmailer();
603
		// set user defined from address
604
		if ($fromaddress!='') {
605
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
606
			$myMail->From = $fromaddress;                     // FROM:
607
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
608
		}
609
		if($replyTo) {
610
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
611
		}
612
		// define recepient and information to send out
613
		$myMail->AddAddress($toaddress);                      // TO:
614
		$myMail->Subject = $subject;                          // SUBJECT
615
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
616
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
617
		// check if there are any send mail errors, otherwise say successful
618
		if (!$myMail->Send()) {
619
			return false;
620
		} else {
621
			return true;
622
		}
623
	}
624

    
625
	 /**
626
	  * checks if there is an alternative Theme template
627
	  *
628
	  * @param string $sThemeFile set the template.htt
629
	  * @return string the relative theme path
630
	  *
631
	  */
632
        function correct_theme_source($sThemeFile = 'start.htt') {
633
		$sRetval = $sThemeFile;
634
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
635
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
636
		} else {
637
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
638
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
639
			} else {
640
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
641
			}
642
		}
643
		return $sRetval;
644
        }
645

    
646
	/**
647
	 * Check if a foldername doesn't have invalid characters
648
	 *
649
	 * @param String $str to check
650
	 * @return Bool
651
	 */
652
	function checkFolderName($str){
653
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
654
	}
655

    
656
	/**
657
	 * Check the given path to make sure current path is within given basedir
658
	 * normally document root
659
	 *
660
	 * @param String $sCurrentPath
661
	 * @param String $sBaseDir
662
	 * @return $sCurrentPath or FALSE
663
	 */
664
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
665
		// Clean the cuurent path
666
        $sCurrentPath = rawurldecode($sCurrentPath);
667
        $sCurrentPath = realpath($sCurrentPath);
668
        $sBaseDir = realpath($sBaseDir);
669
		// $sBaseDir needs to exist in the $sCurrentPath
670
		$pos = stripos ($sCurrentPath, $sBaseDir );
671

    
672
		if ( $pos === FALSE ){
673
			return false;
674
		} elseif( $pos == 0 ) {
675
			return $sCurrentPath;
676
		} else {
677
			return false;
678
		}
679
	}
680

    
681
	/**
682
     *
683
     * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
684
     * and return the cleaned string
685
	 *
686
	 * @param string $sValue
687
     * @returns
688
     *    false: if @param is not a string
689
     *    string: cleaned string
690
	 */
691
	public function StripCodeFromText($sValue, $bPHPCode=false){
692
        if(!is_string($sValue)) { return false; }
693
        $sValue = ( ($bPHPCode==true) ? preg_replace ('/\[\[.*?\]\]\s*?|<\?php\s+.*\?>\s*?/isU', '', $sValue ) : $sValue );
694
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
695
        return (preg_replace ($sPattern, '', $sValue));
696
	}
697

    
698

    
699
}
(24-24/33)