Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @copyright       WebsiteBaker Org. e.V.
7
 * @author          Ryan Djurovich (2004-2009)
8
 * @author          Dietmar Wöllbrink (luisehahne)
9
 * @author          M.v.d.Decken (DarkViper)
10
 * @link            http://www.websitebaker.org/
11
 * @license         http://www.gnu.org/licenses/gpl.html
12
 * @platform        WebsiteBaker 2.8.x
13
 * @requirements    PHP 5.2.2 and higher
14
 * @version         $Id: class.wb.php 1923 2013-06-08 09:58:47Z darkviper $
15
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
16
 * @lastmodified    $Date: 2013-06-08 11:58:47 +0200 (Sat, 08 Jun 2013) $
17
 *
18
 */
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
22
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
23
	throw new IllegalFileException();
24
}
25
/* -------------------------------------------------------- */
26
// Include PHPLIB template class
27
if(!class_exists('Template', false)){ include(WB_PATH.'/include/phplib/template.inc'); }
28
// Include new wbmailer class (subclass of PHPmailer)
29
if(!class_exists('wbmailer', false)){ include(WB_PATH.'/framework/class.wbmailer.php'); }
30

    
31
class wb extends SecureForm
32
{
33

    
34
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
35

    
36
	// performed when frontend or backend is loaded.
37
	public function  __construct($mode = SecureForm::FRONTEND) {
38
		parent::__construct($mode);
39
	}
40

    
41
/**
42
 *
43
 *
44
 * @return array of first visible language pages with defined fields
45
 *
46
 */
47
	public function GetLanguagesDetailsInUsed ( ) {
48
        global $database;
49
        $aRetval = array();
50
        $sql =
51
            'SELECT DISTINCT `language`'.
52
            ', `page_id`,`level`,`parent`,`root_parent`,`page_code`,`link`,`language`'.
53
            ', `visibility`,`viewing_groups`,`viewing_users`,`position` '.
54
            'FROM `'.TABLE_PREFIX.'pages` '.
55
            'WHERE `level`= \'0\' '.
56
              'AND `root_parent`=`page_id` '.
57
              'AND `visibility`!=\'none\' '.
58
              'AND `visibility`!=\'hidden\' '.
59
            'GROUP BY `language` '.
60
            'ORDER BY `position`';
61

    
62
            if($oRes = $database->query($sql))
63
            {
64
                while($page = $oRes->fetchRow(MYSQL_ASSOC))
65
                {
66
                    if(!$this->page_is_visible($page)) {continue;}
67
                    $aRetval[$page['language']] = $page;
68
                }
69
            }
70
        return $aRetval;
71
	}
72

    
73
/**
74
 *
75
 *
76
 * @return comma separate list of first visible languages
77
 *
78
 */
79
	public function GetLanguagesInUsed ( ) {
80
        return implode(',', array_keys($this->GetLanguagesDetailsInUsed()));
81
  	}
82

    
83

    
84
    /**
85
     * Created parse_url utf-8 compatible function
86
     * 
87
     * @param string $url The string to decode
88
     * @return array Associative array containing the different components
89
     * 
90
     */
91
		public function mb_parse_url($url) {
92
		$encodedUrl = preg_replace_callback('%[^:/?#&=\.]+%usD',
93
		              create_function('$aMatches', ';return urlencode($aMatches[0]);'),
94
/*		                           'urlencode(\'$0\')', */
95
		                           $url);
96
		$components = parse_url($encodedUrl);
97
		foreach ($components as &$component)
98
			$component = urldecode($component);
99
return $components;
100
    }
101

    
102
/* ****************
103
 * check if one or more group_ids are in both group_lists
104
 *
105
 * @access public
106
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
107
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
108
 * @param array &$matches: an array-var whitch will return possible matches
109
 * @return bool: true there is a match, otherwise false
110
 */
111
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
112
	{
113
		if( $groups_list1 == '' ) { return false; }
114
		if( $groups_list2 == '' ) { return false; }
115
		if( !is_array($groups_list1) ) {
116
			$groups_list1 = explode(',', $groups_list1);
117
		}
118
		if( !is_array($groups_list2) ) {
119
			$groups_list2 = explode(',', $groups_list2);
120
		}
121
		$matches = array_intersect( $groups_list1, $groups_list2);
122
		return ( sizeof($matches) != 0 );
123
	}
124
/* ****************
125
 * check if current user is member of at least one of given groups
126
 * ADMIN (uid=1) always is treated like a member of any groups
127
 *
128
 * @access public
129
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
130
 * @return bool: true if current user is member of one of this groups, otherwise false
131
 */
132
	public function ami_group_member( $groups_list = '' )
133
	{
134
		if( $this->get_user_id() == 1 ) { return true; }
135
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
136
	}
137

    
138
// Check whether a page is visible or not.
139
// This will check page-visibility and user- and group-rights.
140
/* page_is_visible() returns
141
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
142
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
143
*/
144
	public function page_is_visible($page)
145
    {
146
		// First check if visibility is 'none', 'deleted'
147
		$show_it = false; // shall we show the page?
148
		switch( $page['visibility'] )
149
		{
150
			case 'none':
151
			case 'deleted':
152
				$show_it = false;
153
				break;
154
			case 'hidden':
155
			case 'public':
156
				$show_it = true;
157
				break;
158
			case 'private':
159
			case 'registered':
160
				if($this->is_authenticated() == true)
161
				{
162
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
163
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
164
				}
165
		}
166

    
167
		return($show_it);
168
	}
169

    
170
	// Check if there is at least one active section on this page
171
	public function page_is_active($page)
172
    {
173
		global $database;
174
		$now = time();
175
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
176
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
177
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
178
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
179
		return ($database->get_one($sql) != false);
180
   	}
181

    
182
	// Check whether we should show a page or not (for front-end)
183
	public function show_page($page)
184
    {
185
		if( !is_array($page) )
186
		{
187
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
188
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
189
			if( ($res_pages = $database->query($sql))!= null )
190
			{
191
				if( !($page = $res_pages->fetchRow()) ) { return false; }
192
			}
193
		}
194
		return ($this->page_is_visible($page) && $this->page_is_active($page));
195
	}
196

    
197
	// Check if the user is already authenticated or not
198
	public function is_authenticated() {
199
		$retval = ( isset($_SESSION['USER_ID']) AND
200
		            $_SESSION['USER_ID'] != "" AND
201
		            is_numeric($_SESSION['USER_ID']));
202
        return $retval;
203
	}
204

    
205
	// Modified addslashes function which takes into account magic_quotes
206
	function add_slashes($input) {
207
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
208
			return $input;
209
		}
210
		return addslashes($input);
211
	}
212

    
213
	// Ditto for stripslashes
214
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
215
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
216
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
217
	function strip_slashes($input) {
218
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
219
			return $input;
220
		}
221
		return stripslashes($input);
222
	}
223

    
224
	// Escape backslashes for use with mySQL LIKE strings
225
	function escape_backslashes($input) {
226
		return str_replace("\\","\\\\",$input);
227
	}
228

    
229
	function page_link($link){
230
		// Check for :// in the link (used in URL's) as well as mailto:
231
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
232
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
233
		} else {
234
			return $link;
235
		}
236
	}
237

    
238
	// Get POST data
239
	function get_post($field) {
240
		return (isset($_POST[$field]) ? $_POST[$field] : null);
241
	}
242

    
243
	// Get POST data and escape it
244
	function get_post_escaped($field) {
245
		$result = $this->get_post($field);
246
		return (is_null($result)) ? null : $this->add_slashes($result);
247
	}
248

    
249
	// Get GET data
250
	function get_get($field) {
251
		return (isset($_GET[$field]) ? $_GET[$field] : null);
252
	}
253

    
254
	// Get SESSION data
255
	function get_session($field) {
256
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
257
	}
258

    
259
	// Get SERVER data
260
	function get_server($field) {
261
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
262
	}
263

    
264
	// Get the current users id
265
	function get_user_id() {
266
		return $this->get_session('USER_ID');
267
	}
268

    
269
	// Get the current users group id
270
	function get_group_id() {
271
		return $this->get_session('GROUP_ID');
272
	}
273

    
274
	// Get the current users group ids
275
	function get_groups_id() {
276
		return explode(",", $this->get_session('GROUPS_ID'));
277
	}
278

    
279
	// Get the current users group name
280
	function get_group_name() {
281
		return implode(",", $this->get_session('GROUP_NAME'));
282
	}
283

    
284
	// Get the current users group name
285
	function get_groups_name() {
286
		return $this->get_session('GROUP_NAME');
287
	}
288

    
289
	// Get the current users username
290
	function get_username() {
291
		return $this->get_session('USERNAME');
292
	}
293

    
294
	// Get the current users display name
295
	function get_display_name() {
296
		return $this->get_session('DISPLAY_NAME');
297
	}
298

    
299
	// Get the current users email address
300
	function get_email() {
301
		return $this->get_session('EMAIL');
302
	}
303

    
304
	// Get the current users home folder
305
	function get_home_folder() {
306
		return $this->get_session('HOME_FOLDER');
307
	}
308

    
309
	// Get the current users timezone
310
	function get_timezone() {
311
		
312
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $this->get_session('TIMEZONE'));
313
	}
314

    
315
	// Validate supplied email address
316
	function validate_email($email) {
317
		if(function_exists('idn_to_ascii')){ /* use pear if available */
318
			$email = idn_to_ascii($email);
319
		}else {
320
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
321
			$IDN = new idna_convert();
322
			$email = $IDN->encode($email);
323
			unset($IDN);
324
		}
325
		// regex from NorHei 2011-01-11
326
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
327
		return ($retval != false);
328
	}
329

    
330
	/**
331
     * replace header('Location:...  with new method
332
	 * if header send failed you get a manuell redirected link, so script don't break
333
	 *
334
	 * @param string $location, redirected url
335
	 * @return void
336
	 */
337
	public function send_header ($location) {
338
		if(!headers_sent()) {
339
			header('Location: '.$location);
340
		    exit(0);
341
		} else {
342
//			$aDebugBacktrace = debug_backtrace();
343
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
344
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
345
		         "Please click <a style=\"font-weight:bold;\" " .
346
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
347

    
348
			throw new AppException($msg);
349
		}
350
	}
351

    
352
/* ****************
353
 * set one or more bit in a integer value
354
 *
355
 * @access public
356
 * @param int $value: reference to the integer, containing the value
357
 * @param int $bits2set: the bitmask witch shall be added to value
358
 * @return void
359
 */
360
	function bit_set( &$value, $bits2set )
361
	{
362
		$value |= $bits2set;
363
	}
364

    
365
/* ****************
366
 * reset one or more bit from a integer value
367
 *
368
 * @access public
369
 * @param int $value: reference to the integer, containing the value
370
 * @param int $bits2reset: the bitmask witch shall be removed from value
371
 * @return void
372
 */
373
	function bit_reset( &$value, $bits2reset)
374
	{
375
		$value &= ~$bits2reset;
376
	}
377

    
378
/* ****************
379
 * check if one or more bit in a integer value are set
380
 *
381
 * @access public
382
 * @param int $value: reference to the integer, containing the value
383
 * @param int $bits2set: the bitmask witch shall be added to value
384
 * @return void
385
 */
386
	function bit_isset( $value, $bits2test )
387
	{
388
		return (($value & $bits2test) == $bits2test);
389
	}
390

    
391
	// Print a success message which then automatically redirects the user to another page
392
	function print_success( $message, $redirect = 'index.php' ) {
393
		$oTrans = Translate::getInstance();
394
		$oTrans->disableAddon();
395
        if(is_array($message)) {
396
           $message = implode ('<br />',$message);
397
        }
398
	    // fetch redirect timer for sucess messages from settings table
399
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
400
	    // add template variables
401
		// Setup template object, parse vars to it, then parse it
402
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
403
	    $tpl->set_file( 'page', 'success.htt' );
404
	    $tpl->set_block( 'page', 'main_block', 'main' );
405
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
406
	    $tpl->set_var( 'MESSAGE', $message );
407
	    $tpl->set_var( 'REDIRECT', $redirect );
408
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
409
	    $tpl->set_var( 'NEXT', $oTrans->TEXT_NEXT);
410
	    $tpl->set_var( 'BACK', $oTrans->TEXT_BACK);
411
	    if ($redirect_timer == -1) {
412
	        $tpl->set_block( 'show_redirect', '' );
413
	    }
414
	    else {
415
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
416
	    }
417
	    $tpl->parse( 'main', 'main_block', false );
418
	    $tpl->pparse( 'output', 'page' );
419
	}
420

    
421
	// Print an error message
422
	function print_error($message, $link = 'index.php', $auto_footer = true) {
423
		$oTrans = Translate::getInstance();
424
		$oTrans->disableAddon();
425
        if(is_array($message)) {
426
           $message = implode ('<br />',$message);
427
        }
428
		// Setup template object, parse vars to it, then parse it
429
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
430
		$success_template->set_file('page', 'error.htt');
431
		$success_template->set_block('page', 'main_block', 'main');
432
		$success_template->set_var('MESSAGE', $message);
433
		$success_template->set_var('LINK', $link);
434
		$success_template->set_var('BACK', $oTrans->TEXT_BACK);
435
		$success_template->parse('main', 'main_block', false);
436
		$success_template->pparse('output', 'page');
437
		if ( $auto_footer == true ) {
438
			if ( method_exists($this, "print_footer") ) {
439
				$this->print_footer();
440
			}
441
		}
442
		exit();
443
	}
444
/*
445
 * @param string $message: the message to format
446
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
447
 * @return string: the html-formatted message (using template 'message.htt')
448
 */
449
	public function format_message($message, $status = 'ok')
450
	{
451
		$id = uniqid('x');
452
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
453
		$tpl->set_file('page', 'message.htt');
454
		$tpl->set_block('page', 'main_block', 'main');
455
		$tpl->set_var('MESSAGE', $message);
456
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
457
		$tpl->set_var( 'ID', $id );
458
		if($status == 'ok' || $status == 'error' || $status = 'warning')
459
		{
460
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
461
		}else
462
		{
463
			$tpl->set_var('BOX_STATUS', '');
464
		}
465
		$tpl->set_var('STATUS', $status);
466
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
467
		$retval = '';
468
		if( $status != 'error' )
469
		{
470
			switch(REDIRECT_TIMER):
471
				case 0: // do not show message
472
					unset($tpl);
473
					break;
474
				case -1: // show message permanently
475
					$tpl->parse('main', 'main_block', false);
476
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
477
					unset($tpl);
478
					break;
479
				default: // hide message after REDIRECTOR_TIMER milliseconds
480
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
481
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
482
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
483
					$tpl->parse('main', 'main_block', false);
484
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
485
					unset($tpl);
486
			endswitch;
487
		}else
488
		{
489
			$tpl->parse('main', 'main_block', false);
490
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
491
			unset($tpl);
492
		}
493
		return $retval;
494
	}
495
/*
496
 * @param string $type: 'locked'(default)  or 'new'
497
 * @return void: terminates application
498
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
499
 *               'new' >> Show 'new site under construction'(former print_under_construction)
500
 */
501
	public function ShowMaintainScreen($type = 'locked')
502
	{
503
		global $database, $MESSAGE;
504
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
505
		$BE_PATIENT = '';
506
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
507

    
508
		$show_screen = false;
509
		if($type == 'locked')
510
		{
511
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
512
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
513
			{
514
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
515
	// first kick logged users out of the system
516
		// delete all remember keys from table 'user' except user_id=1
517
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
518
				$sql .= 'WHERE `user_id`<>1';
519
				$database->query($sql);
520
		// delete remember key-cookie if set
521
				if (isset($_COOKIE['REMEMBER_KEY'])) {
522
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
523
				}
524
		// overwrite session array
525
				$_SESSION = array();
526
		// delete session cookie if set
527
				if (ini_get("session.use_cookies")) {
528
					$params = session_get_cookie_params();
529
					setcookie(session_name(), '', time() - 42000, $params["path"],
530
						$params["domain"], $params["secure"], $params["httponly"]
531
					);
532
				}
533
		// delete the session itself
534
				session_destroy();
535
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
536
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
537
				$PAGE_ICON  = 'system';
538
				$show_screen = true;
539
			}
540
		} else {
541
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
542
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
543
			$PAGE_ICON  = 'negative';
544
			$show_screen = true;
545
		}
546
		if($show_screen)
547
		{
548
            $sMaintanceFile = $this->correct_theme_source('maintenance.htt');
549
    		if(file_exists($sMaintanceFile))
550
    		{
551
                $tpl = new Template(dirname( $sMaintanceFile ));
552
    		    $tpl->set_file( 'page', 'maintenance.htt' );
553
    		    $tpl->set_block( 'page', 'main_block', 'main' );
554

    
555
    			if(defined('DEFAULT_CHARSET'))
556
    			{
557
    				$charset=DEFAULT_CHARSET;
558
    			} else {
559
    				$charset='utf-8';
560
    			}
561
    		    $tpl->set_var( 'PAGE_TITLE', $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'] );
562
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
563
    	 	    $tpl->set_var( 'CHARSET', $charset );
564
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
565
    	 	    $tpl->set_var( 'BE_PATIENT', $BE_PATIENT );
566
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
567
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
568
    			$tpl->set_var( 'LANGUAGE', strtolower(LANGUAGE));
569
    		    $tpl->parse( 'main', 'main_block', false );
570
    		    $tpl->pparse( 'output', 'page' );
571
                exit();
572
    		} else {
573
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
574
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
575
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
576
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
577
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
578
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
579
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
580
    		}
581
    		flush();
582
            exit();
583
		}
584
	}
585

    
586
	// Validate send email
587
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
588
/*
589
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
590
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
591
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
592

    
593
	NOTE:
594
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
595
	via the Settings panel in the backend of Website Baker
596
*/
597

    
598
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
599
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
600
		$subject = preg_replace('/[\r\n]/', '', $subject);
601
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
602
		// $message_alt = $message;
603
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
604

    
605
		// create PHPMailer object and define default settings
606
		$myMail = new wbmailer();
607
		// set user defined from address
608
		if ($fromaddress!='') {
609
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
610
			$myMail->From = $fromaddress;                     // FROM:
611
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
612
		}
613
		if($replyTo) {
614
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
615
		}
616
		// define recepient and information to send out
617
		$myMail->AddAddress($toaddress);                      // TO:
618
		$myMail->Subject = $subject;                          // SUBJECT
619
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
620
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
621
		// check if there are any send mail errors, otherwise say successful
622
		if (!$myMail->Send()) {
623
			return false;
624
		} else {
625
			return true;
626
		}
627
	}
628

    
629
/**
630
 * checks if there is an alternative Theme template
631
 *
632
 * @param string $sThemeFile set the template.htt
633
 * @return string the relative theme path
634
 *
635
 */
636
        function correct_theme_source($sThemeFile = 'start.htt') {
637
		$sRetval = $sThemeFile;
638
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
639
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
640
		} else {
641
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
642
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
643
			} else {
644
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
645
			}
646
		}
647
		return $sRetval;
648
        }
649

    
650
/**
651
 * Check if a foldername doesn't have invalid characters
652
 *
653
 * @param String $str to check
654
 * @return Bool
655
 */
656
	function checkFolderName($str){
657
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
658
	}
659

    
660
/**
661
 * Check the given path to make sure current path is within given basedir
662
 * normally document root
663
 *
664
 * @param String $sCurrentPath
665
 * @param String $sBaseDir
666
 * @return $sCurrentPath or FALSE
667
 */
668
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
669
		// Clean the cuurent path
670
        $sCurrentPath = rawurldecode($sCurrentPath);
671
        $sCurrentPath = realpath($sCurrentPath);
672
        $sBaseDir = realpath($sBaseDir);
673
		// $sBaseDir needs to exist in the $sCurrentPath
674
		$pos = stripos ($sCurrentPath, $sBaseDir );
675

    
676
		if ( $pos === FALSE ){
677
			return false;
678
		} elseif( $pos == 0 ) {
679
			return $sCurrentPath;
680
		} else {
681
			return false;
682
		}
683
	}
684

    
685
/**
686
 * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
687
 * and return the cleaned string
688
 *
689
 * @param string $sValue
690
 * @returns
691
 *    false: if @param is not a string
692
 *    string: cleaned string
693
 */
694
	public function StripCodeFromText($sValue, $bPHPCode=false){
695
        if(!is_string($sValue)) { return false; }
696
        $sValue = ( ($bPHPCode==true) ? preg_replace ('/\[\[.*?\]\]\s*?|<\?php\s+.*\?>\s*?/isU', '', $sValue ) : $sValue );
697
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
698
        return (preg_replace ($sPattern, '', $sValue));
699
	}
700

    
701
/**
702
 * ReplaceAbsoluteMediaUrl
703
 * @param string $sContent
704
 * @return string
705
 * @description Replace URLs witch are pointing into MEDIA_DIRECTORY with an URL 
706
 *              independend placeholder
707
 */
708
	public function ReplaceAbsoluteMediaUrl($sContent){
709
		if(ini_get('magic_quotes_gpc')==true){
710
			$sContent = $this->strip_slashes($sContent);
711
		}
712
		if(is_string($sContent)) {
713
			$sMediaUrl = WB_URL.MEDIA_DIRECTORY;
714
			$searchfor = '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).')([^">]*".*>)@siU';
715
			$sContent = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $sContent );
716
		}
717
		return $sContent;
718
	}
719

    
720
	
721
	
722
}
(23-23/32)