Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4 1529 Luisehahne
 * @category        framework
5 1698 Luisehahne
 * @package         frontend
6 1782 Luisehahne
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
7 1907 Luisehahne
 * @copyright       2009-2013, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9 1365 Luisehahne
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
12 1365 Luisehahne
 * @version         $Id$
13 1907 Luisehahne
 * @filesource      $HeadURL$
14 1457 Luisehahne
 * @lastmodified    $Date$
15 1365 Luisehahne
 *
16
 */
17 1496 DarkViper
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19 1499 DarkViper
if(!defined('WB_PATH')) {
20
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
	throw new IllegalFileException();
22
}
23 1496 DarkViper
/* -------------------------------------------------------- */
24 1365 Luisehahne
// Include PHPLIB template class
25 1808 Luisehahne
if(!class_exists('Template', false)){ include(WB_PATH.'/include/phplib/template.inc'); }
26 1365 Luisehahne
// Include new wbmailer class (subclass of PHPmailer)
27 1808 Luisehahne
if(!class_exists('wbmailer', false)){ include(WB_PATH.'/framework/class.wbmailer.php'); }
28 1365 Luisehahne
29
class wb extends SecureForm
30
{
31
32 1457 Luisehahne
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
33 1782 Luisehahne
34 1365 Luisehahne
	// performed when frontend or backend is loaded.
35 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
36
		parent::__construct($mode);
37 1365 Luisehahne
	}
38
39 1791 Luisehahne
/**
40
 *
41
 *
42
 * @return array of first visible language pages with defined fields
43
 *
44
 */
45
	public function GetLanguagesDetailsInUsed ( ) {
46
        global $database;
47 1796 Luisehahne
        $aRetval = array();
48 1791 Luisehahne
        $sql =
49
            'SELECT DISTINCT `language`'.
50
            ', `page_id`,`level`,`parent`,`root_parent`,`page_code`,`link`,`language`'.
51
            ', `visibility`,`viewing_groups`,`viewing_users`,`position` '.
52
            'FROM `'.TABLE_PREFIX.'pages` '.
53
            'WHERE `level`= \'0\' '.
54
              'AND `root_parent`=`page_id` '.
55
              'AND `visibility`!=\'none\' '.
56
              'AND `visibility`!=\'hidden\' '.
57
            'GROUP BY `language` '.
58
            'ORDER BY `position`';
59 1782 Luisehahne
60 1791 Luisehahne
            if($oRes = $database->query($sql))
61
            {
62
                while($page = $oRes->fetchRow(MYSQL_ASSOC))
63
                {
64
                    if(!$this->page_is_visible($page)) {continue;}
65 1796 Luisehahne
                    $aRetval[$page['language']] = $page;
66 1791 Luisehahne
                }
67
            }
68 1796 Luisehahne
        return $aRetval;
69 1782 Luisehahne
	}
70
71 1791 Luisehahne
/**
72
 *
73
 *
74
 * @return comma separate list of first visible languages
75
 *
76
 */
77
	public function GetLanguagesInUsed ( ) {
78 1796 Luisehahne
        return implode(',', array_keys($this->GetLanguagesDetailsInUsed()));
79
  	}
80 1782 Luisehahne
81
82 1834 Luisehahne
    /**
83
     * Created parse_url utf-8 compatible function
84
     *
85
     * @param string $url The string to decode
86
     * @return array Associative array containing the different components
87
     *
88
     */
89 1889 Luisehahne
		public function mb_parse_url($url) {
90
		$encodedUrl = preg_replace_callback('%[^:/?#&=\.]+%usD',
91
		              create_function('$aMatches', ';return urlencode($aMatches[0]);'),
92
/*		                           'urlencode(\'$0\')', */
93
		                           $url);
94
		$components = parse_url($encodedUrl);
95
		foreach ($components as &$component)
96
			$component = urldecode($component);
97
return $components;
98 1834 Luisehahne
    }
99
100 1373 Luisehahne
/* ****************
101 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
102
 *
103
 * @access public
104
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
105
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
106
 * @param array &$matches: an array-var whitch will return possible matches
107
 * @return bool: true there is a match, otherwise false
108
 */
109 1698 Luisehahne
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
110 1440 Luisehahne
	{
111
		if( $groups_list1 == '' ) { return false; }
112
		if( $groups_list2 == '' ) { return false; }
113 1889 Luisehahne
		if( !is_array($groups_list1) ) {
114 1440 Luisehahne
			$groups_list1 = explode(',', $groups_list1);
115
		}
116 1889 Luisehahne
		if( !is_array($groups_list2) ) {
117 1440 Luisehahne
			$groups_list2 = explode(',', $groups_list2);
118
		}
119
		$matches = array_intersect( $groups_list1, $groups_list2);
120
		return ( sizeof($matches) != 0 );
121
	}
122
/* ****************
123 1373 Luisehahne
 * check if current user is member of at least one of given groups
124
 * ADMIN (uid=1) always is treated like a member of any groups
125
 *
126
 * @access public
127
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
128
 * @return bool: true if current user is member of one of this groups, otherwise false
129
 */
130 1698 Luisehahne
	public function ami_group_member( $groups_list = '' )
131 1373 Luisehahne
	{
132
		if( $this->get_user_id() == 1 ) { return true; }
133
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
134
	}
135
136 1791 Luisehahne
// Check whether a page is visible or not.
137
// This will check page-visibility and user- and group-rights.
138
/* page_is_visible() returns
139
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
140
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
141
*/
142 1698 Luisehahne
	public function page_is_visible($page)
143 1365 Luisehahne
    {
144 1698 Luisehahne
		// First check if visibility is 'none', 'deleted'
145 1373 Luisehahne
		$show_it = false; // shall we show the page?
146 1698 Luisehahne
		switch( $page['visibility'] )
147
		{
148
			case 'none':
149
			case 'deleted':
150
				$show_it = false;
151
				break;
152
			case 'hidden':
153
			case 'public':
154
				$show_it = true;
155
				break;
156
			case 'private':
157
			case 'registered':
158
				if($this->is_authenticated() == true)
159
				{
160
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
161
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
162
				}
163 1373 Luisehahne
		}
164
165 1365 Luisehahne
		return($show_it);
166
	}
167 1698 Luisehahne
168 1365 Luisehahne
	// Check if there is at least one active section on this page
169 1698 Luisehahne
	public function page_is_active($page)
170 1365 Luisehahne
    {
171
		global $database;
172
		$now = time();
173 1698 Luisehahne
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
174
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
175
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
176
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
177
		return ($database->get_one($sql) != false);
178
   	}
179 1365 Luisehahne
180
	// Check whether we should show a page or not (for front-end)
181 1698 Luisehahne
	public function show_page($page)
182 1365 Luisehahne
    {
183 1698 Luisehahne
		if( !is_array($page) )
184
		{
185
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
186
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
187
			if( ($res_pages = $database->query($sql))!= null )
188
			{
189
				if( !($page = $res_pages->fetchRow()) ) { return false; }
190
			}
191
		}
192
		return ($this->page_is_visible($page) && $this->page_is_active($page));
193 1365 Luisehahne
	}
194
195
	// Check if the user is already authenticated or not
196 1698 Luisehahne
	public function is_authenticated() {
197 1487 DarkViper
		$retval = ( isset($_SESSION['USER_ID']) AND
198
		            $_SESSION['USER_ID'] != "" AND
199
		            is_numeric($_SESSION['USER_ID']));
200
        return $retval;
201 1365 Luisehahne
	}
202
203
	// Modified addslashes function which takes into account magic_quotes
204
	function add_slashes($input) {
205 1487 DarkViper
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
206 1365 Luisehahne
			return $input;
207
		}
208 1487 DarkViper
		return addslashes($input);
209 1365 Luisehahne
	}
210
211
	// Ditto for stripslashes
212
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
213
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
214
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
215
	function strip_slashes($input) {
216
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
217
			return $input;
218
		}
219 1487 DarkViper
		return stripslashes($input);
220 1365 Luisehahne
	}
221
222
	// Escape backslashes for use with mySQL LIKE strings
223
	function escape_backslashes($input) {
224
		return str_replace("\\","\\\\",$input);
225
	}
226
227
	function page_link($link){
228
		// Check for :// in the link (used in URL's) as well as mailto:
229 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
230 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
231
		} else {
232
			return $link;
233
		}
234
	}
235 1698 Luisehahne
236 1365 Luisehahne
	// Get POST data
237
	function get_post($field) {
238 1487 DarkViper
		return (isset($_POST[$field]) ? $_POST[$field] : null);
239 1365 Luisehahne
	}
240
241
	// Get POST data and escape it
242
	function get_post_escaped($field) {
243
		$result = $this->get_post($field);
244
		return (is_null($result)) ? null : $this->add_slashes($result);
245
	}
246 1698 Luisehahne
247 1365 Luisehahne
	// Get GET data
248
	function get_get($field) {
249 1487 DarkViper
		return (isset($_GET[$field]) ? $_GET[$field] : null);
250 1365 Luisehahne
	}
251
252
	// Get SESSION data
253
	function get_session($field) {
254 1487 DarkViper
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
255 1365 Luisehahne
	}
256
257
	// Get SERVER data
258
	function get_server($field) {
259 1487 DarkViper
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
260 1365 Luisehahne
	}
261
262
	// Get the current users id
263
	function get_user_id() {
264 1511 Luisehahne
		return $this->get_session('USER_ID');
265 1365 Luisehahne
	}
266
267 1373 Luisehahne
	// Get the current users group id
268 1365 Luisehahne
	function get_group_id() {
269 1511 Luisehahne
		return $this->get_session('GROUP_ID');
270 1365 Luisehahne
	}
271
272
	// Get the current users group ids
273
	function get_groups_id() {
274 1511 Luisehahne
		return explode(",", $this->get_session('GROUPS_ID'));
275 1365 Luisehahne
	}
276
277
	// Get the current users group name
278
	function get_group_name() {
279 1511 Luisehahne
		return implode(",", $this->get_session('GROUP_NAME'));
280 1365 Luisehahne
	}
281
282
	// Get the current users group name
283
	function get_groups_name() {
284 1511 Luisehahne
		return $this->get_session('GROUP_NAME');
285 1365 Luisehahne
	}
286
287
	// Get the current users username
288
	function get_username() {
289 1511 Luisehahne
		return $this->get_session('USERNAME');
290 1365 Luisehahne
	}
291
292
	// Get the current users display name
293
	function get_display_name() {
294 1511 Luisehahne
		return $this->get_session('DISPLAY_NAME');
295 1365 Luisehahne
	}
296
297
	// Get the current users email address
298
	function get_email() {
299 1511 Luisehahne
		return $this->get_session('EMAIL');
300 1365 Luisehahne
	}
301
302
	// Get the current users home folder
303
	function get_home_folder() {
304 1511 Luisehahne
		return $this->get_session('HOME_FOLDER');
305 1365 Luisehahne
	}
306
307
	// Get the current users timezone
308
	function get_timezone() {
309 1872 Luisehahne
310
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $this->get_session('TIMEZONE'));
311 1365 Luisehahne
	}
312
313 1373 Luisehahne
	// Validate supplied email address
314
	function validate_email($email) {
315
		if(function_exists('idn_to_ascii')){ /* use pear if available */
316
			$email = idn_to_ascii($email);
317
		}else {
318
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
319
			$IDN = new idna_convert();
320
			$email = $IDN->encode($email);
321
			unset($IDN);
322 1372 Luisehahne
		}
323 1378 Luisehahne
		// regex from NorHei 2011-01-11
324
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
325
		return ($retval != false);
326 1372 Luisehahne
	}
327
328 1698 Luisehahne
	/**
329
     * replace header('Location:...  with new method
330
	 * if header send failed you get a manuell redirected link, so script don't break
331 1777 Luisehahne
	 *
332 1698 Luisehahne
	 * @param string $location, redirected url
333
	 * @return void
334
	 */
335
	public function send_header ($location) {
336
		if(!headers_sent()) {
337
			header('Location: '.$location);
338
		    exit(0);
339
		} else {
340
//			$aDebugBacktrace = debug_backtrace();
341
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
342
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
343
		         "Please click <a style=\"font-weight:bold;\" " .
344
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
345
346
			throw new AppException($msg);
347
		}
348
	}
349
350 1372 Luisehahne
/* ****************
351 1365 Luisehahne
 * set one or more bit in a integer value
352
 *
353
 * @access public
354
 * @param int $value: reference to the integer, containing the value
355
 * @param int $bits2set: the bitmask witch shall be added to value
356
 * @return void
357
 */
358
	function bit_set( &$value, $bits2set )
359
	{
360
		$value |= $bits2set;
361
	}
362
363
/* ****************
364
 * reset one or more bit from a integer value
365
 *
366
 * @access public
367
 * @param int $value: reference to the integer, containing the value
368
 * @param int $bits2reset: the bitmask witch shall be removed from value
369
 * @return void
370
 */
371
	function bit_reset( &$value, $bits2reset)
372
	{
373
		$value &= ~$bits2reset;
374
	}
375
376
/* ****************
377
 * check if one or more bit in a integer value are set
378
 *
379
 * @access public
380
 * @param int $value: reference to the integer, containing the value
381
 * @param int $bits2set: the bitmask witch shall be added to value
382
 * @return void
383
 */
384
	function bit_isset( $value, $bits2test )
385
	{
386
		return (($value & $bits2test) == $bits2test);
387
	}
388
389
	// Print a success message which then automatically redirects the user to another page
390 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
391 1904 darkviper
		$oTrans = Translate::getInstance();
392
		$oTrans->disableAddon();
393 1443 Luisehahne
        if(is_array($message)) {
394
           $message = implode ('<br />',$message);
395
        }
396 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
397 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
398 1365 Luisehahne
	    // add template variables
399 1529 Luisehahne
		// Setup template object, parse vars to it, then parse it
400 1625 Luisehahne
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
401 1365 Luisehahne
	    $tpl->set_file( 'page', 'success.htt' );
402
	    $tpl->set_block( 'page', 'main_block', 'main' );
403 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
404
	    $tpl->set_var( 'MESSAGE', $message );
405
	    $tpl->set_var( 'REDIRECT', $redirect );
406
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
407 1904 darkviper
	    $tpl->set_var( 'NEXT', $oTrans->TEXT_NEXT);
408
	    $tpl->set_var( 'BACK', $oTrans->TEXT_BACK);
409 1397 Luisehahne
	    if ($redirect_timer == -1) {
410 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
411 1373 Luisehahne
	    }
412
	    else {
413 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
414
	    }
415
	    $tpl->parse( 'main', 'main_block', false );
416
	    $tpl->pparse( 'output', 'page' );
417
	}
418
419
	// Print an error message
420 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
421 1904 darkviper
		$oTrans = Translate::getInstance();
422
		$oTrans->disableAddon();
423 1443 Luisehahne
        if(is_array($message)) {
424
           $message = implode ('<br />',$message);
425
        }
426 1529 Luisehahne
		// Setup template object, parse vars to it, then parse it
427 1625 Luisehahne
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
428 1365 Luisehahne
		$success_template->set_file('page', 'error.htt');
429
		$success_template->set_block('page', 'main_block', 'main');
430
		$success_template->set_var('MESSAGE', $message);
431
		$success_template->set_var('LINK', $link);
432 1904 darkviper
		$success_template->set_var('BACK', $oTrans->TEXT_BACK);
433 1365 Luisehahne
		$success_template->parse('main', 'main_block', false);
434
		$success_template->pparse('output', 'page');
435
		if ( $auto_footer == true ) {
436
			if ( method_exists($this, "print_footer") ) {
437
				$this->print_footer();
438
			}
439
		}
440
		exit();
441
	}
442 1684 Luisehahne
/*
443
 * @param string $message: the message to format
444
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
445
 * @return string: the html-formatted message (using template 'message.htt')
446
 */
447
	public function format_message($message, $status = 'ok')
448
	{
449
		$id = uniqid('x');
450
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
451
		$tpl->set_file('page', 'message.htt');
452
		$tpl->set_block('page', 'main_block', 'main');
453
		$tpl->set_var('MESSAGE', $message);
454
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
455
		$tpl->set_var( 'ID', $id );
456
		if($status == 'ok' || $status == 'error' || $status = 'warning')
457
		{
458
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
459
		}else
460
		{
461
			$tpl->set_var('BOX_STATUS', '');
462
		}
463
		$tpl->set_var('STATUS', $status);
464
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
465
		$retval = '';
466
		if( $status != 'error' )
467
		{
468
			switch(REDIRECT_TIMER):
469
				case 0: // do not show message
470
					unset($tpl);
471
					break;
472
				case -1: // show message permanently
473
					$tpl->parse('main', 'main_block', false);
474
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
475
					unset($tpl);
476
					break;
477
				default: // hide message after REDIRECTOR_TIMER milliseconds
478
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
479
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
480
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
481
					$tpl->parse('main', 'main_block', false);
482
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
483
					unset($tpl);
484
			endswitch;
485
		}else
486
		{
487
			$tpl->parse('main', 'main_block', false);
488
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
489
			unset($tpl);
490
		}
491
		return $retval;
492
	}
493 1782 Luisehahne
/*
494
 * @param string $type: 'locked'(default)  or 'new'
495
 * @return void: terminates application
496
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
497
 *               'new' >> Show 'new site under construction'(former print_under_construction)
498
 */
499
	public function ShowMaintainScreen($type = 'locked')
500
	{
501
		global $database, $MESSAGE;
502
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
503
		$BE_PATIENT = '';
504
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
505 1365 Luisehahne
506 1782 Luisehahne
		$show_screen = false;
507
		if($type == 'locked')
508
		{
509
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
510
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
511
			{
512
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
513
	// first kick logged users out of the system
514
		// delete all remember keys from table 'user' except user_id=1
515
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
516
				$sql .= 'WHERE `user_id`<>1';
517
				$database->query($sql);
518
		// delete remember key-cookie if set
519
				if (isset($_COOKIE['REMEMBER_KEY'])) {
520
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
521
				}
522
		// overwrite session array
523
				$_SESSION = array();
524
		// delete session cookie if set
525
				if (ini_get("session.use_cookies")) {
526
					$params = session_get_cookie_params();
527
					setcookie(session_name(), '', time() - 42000, $params["path"],
528
						$params["domain"], $params["secure"], $params["httponly"]
529
					);
530
				}
531
		// delete the session itself
532
				session_destroy();
533
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
534
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
535
				$PAGE_ICON  = 'system';
536
				$show_screen = true;
537
			}
538
		} else {
539
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
540
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
541
			$PAGE_ICON  = 'negative';
542
			$show_screen = true;
543
		}
544
		if($show_screen)
545
		{
546 1808 Luisehahne
            $sMaintanceFile = $this->correct_theme_source('maintenance.htt');
547 1782 Luisehahne
    		if(file_exists($sMaintanceFile))
548
    		{
549
                $tpl = new Template(dirname( $sMaintanceFile ));
550 1808 Luisehahne
    		    $tpl->set_file( 'page', 'maintenance.htt' );
551 1782 Luisehahne
    		    $tpl->set_block( 'page', 'main_block', 'main' );
552
553
    			if(defined('DEFAULT_CHARSET'))
554
    			{
555
    				$charset=DEFAULT_CHARSET;
556
    			} else {
557
    				$charset='utf-8';
558
    			}
559
    		    $tpl->set_var( 'PAGE_TITLE', $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'] );
560
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
561
    	 	    $tpl->set_var( 'CHARSET', $charset );
562
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
563
    	 	    $tpl->set_var( 'BE_PATIENT', $BE_PATIENT );
564
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
565
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
566
    			$tpl->set_var( 'LANGUAGE', strtolower(LANGUAGE));
567
    		    $tpl->parse( 'main', 'main_block', false );
568
    		    $tpl->pparse( 'output', 'page' );
569
                exit();
570
    		} else {
571
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
572
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
573
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
574
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
575
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
576
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
577
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
578
    		}
579
    		flush();
580
            exit();
581
		}
582
	}
583
584 1365 Luisehahne
	// Validate send email
585 1650 darkviper
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
586 1698 Luisehahne
/*
587 1487 DarkViper
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
588
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
589
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
590 1365 Luisehahne
591 1487 DarkViper
	NOTE:
592
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
593
	via the Settings panel in the backend of Website Baker
594 1698 Luisehahne
*/
595 1365 Luisehahne
596
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
597
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
598
		$subject = preg_replace('/[\r\n]/', '', $subject);
599 1650 darkviper
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
600 1463 Luisehahne
		// $message_alt = $message;
601
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
602
603 1365 Luisehahne
		// create PHPMailer object and define default settings
604
		$myMail = new wbmailer();
605
		// set user defined from address
606
		if ($fromaddress!='') {
607 1487 DarkViper
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
608
			$myMail->From = $fromaddress;                     // FROM:
609 1650 darkviper
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
610
		}
611
		if($replyTo) {
612 1655 Luisehahne
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
613 1365 Luisehahne
		}
614
		// define recepient and information to send out
615 1487 DarkViper
		$myMail->AddAddress($toaddress);                      // TO:
616
		$myMail->Subject = $subject;                          // SUBJECT
617
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
618
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
619 1365 Luisehahne
		// check if there are any send mail errors, otherwise say successful
620
		if (!$myMail->Send()) {
621
			return false;
622
		} else {
623
			return true;
624
		}
625
	}
626
627 1904 darkviper
/**
628
 * checks if there is an alternative Theme template
629
 *
630
 * @param string $sThemeFile set the template.htt
631
 * @return string the relative theme path
632
 *
633
 */
634 1625 Luisehahne
        function correct_theme_source($sThemeFile = 'start.htt') {
635
		$sRetval = $sThemeFile;
636
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
637
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
638
		} else {
639 1641 Luisehahne
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
640
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
641 1625 Luisehahne
			} else {
642
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
643
			}
644
		}
645
		return $sRetval;
646
        }
647 1529 Luisehahne
648 1904 darkviper
/**
649
 * Check if a foldername doesn't have invalid characters
650
 *
651
 * @param String $str to check
652
 * @return Bool
653
 */
654 1529 Luisehahne
	function checkFolderName($str){
655
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
656
	}
657
658 1904 darkviper
/**
659
 * Check the given path to make sure current path is within given basedir
660
 * normally document root
661
 *
662
 * @param String $sCurrentPath
663
 * @param String $sBaseDir
664
 * @return $sCurrentPath or FALSE
665
 */
666 1529 Luisehahne
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
667
		// Clean the cuurent path
668
        $sCurrentPath = rawurldecode($sCurrentPath);
669
        $sCurrentPath = realpath($sCurrentPath);
670
        $sBaseDir = realpath($sBaseDir);
671
		// $sBaseDir needs to exist in the $sCurrentPath
672
		$pos = stripos ($sCurrentPath, $sBaseDir );
673
674
		if ( $pos === FALSE ){
675
			return false;
676
		} elseif( $pos == 0 ) {
677
			return $sCurrentPath;
678
		} else {
679
			return false;
680
		}
681
	}
682
683 1904 darkviper
/**
684
 * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
685
 * and return the cleaned string
686
 *
687
 * @param string $sValue
688
 * @returns
689
 *    false: if @param is not a string
690
 *    string: cleaned string
691
 */
692 1808 Luisehahne
	public function StripCodeFromText($sValue, $bPHPCode=false){
693 1777 Luisehahne
        if(!is_string($sValue)) { return false; }
694 1808 Luisehahne
        $sValue = ( ($bPHPCode==true) ? preg_replace ('/\[\[.*?\]\]\s*?|<\?php\s+.*\?>\s*?/isU', '', $sValue ) : $sValue );
695 1777 Luisehahne
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
696
        return (preg_replace ($sPattern, '', $sValue));
697
	}
698
699 1904 darkviper
/**
700
 * ReplaceAbsoluteMediaUrl
701
 * @param string $sContent
702
 * @return string
703
 * @description Replace URLs witch are pointing into MEDIA_DIRECTORY with an URL
704
 *              independend placeholder
705
 */
706
	public function ReplaceAbsoluteMediaUrl($sContent){
707
		if(ini_get('magic_quotes_gpc')==true){
708
			$sContent = $this->strip_slashes($sContent);
709
		}
710
		if(is_string($sContent)) {
711
			$sMediaUrl = WB_URL.MEDIA_DIRECTORY;
712
			$searchfor = '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).')([^">]*".*>)@siU';
713
			$sContent = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $sContent );
714
		}
715
		return $sContent;
716
	}
717 1777 Luisehahne
718 1904 darkviper
719
720 1365 Luisehahne
}