Project

General

Profile

1 1365 Luisehahne
<?php
2
/**
3
 *
4 1529 Luisehahne
 * @category        framework
5 1698 Luisehahne
 * @package         frontend
6 1923 darkviper
 * @copyright       WebsiteBaker Org. e.V.
7
 * @author          Ryan Djurovich (2004-2009)
8
 * @author          Dietmar Wöllbrink (luisehahne)
9
 * @author          M.v.d.Decken (DarkViper)
10 1907 Luisehahne
 * @link            http://www.websitebaker.org/
11 1365 Luisehahne
 * @license         http://www.gnu.org/licenses/gpl.html
12
 * @platform        WebsiteBaker 2.8.x
13 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
14 1365 Luisehahne
 * @version         $Id$
15 1907 Luisehahne
 * @filesource      $HeadURL$
16 1457 Luisehahne
 * @lastmodified    $Date$
17 1365 Luisehahne
 *
18
 */
19 1496 DarkViper
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21 1499 DarkViper
if(!defined('WB_PATH')) {
22
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
23
	throw new IllegalFileException();
24
}
25 1496 DarkViper
/* -------------------------------------------------------- */
26 1365 Luisehahne
// Include PHPLIB template class
27 1808 Luisehahne
if(!class_exists('Template', false)){ include(WB_PATH.'/include/phplib/template.inc'); }
28 1365 Luisehahne
// Include new wbmailer class (subclass of PHPmailer)
29 1808 Luisehahne
if(!class_exists('wbmailer', false)){ include(WB_PATH.'/framework/class.wbmailer.php'); }
30 1365 Luisehahne
31
class wb extends SecureForm
32
{
33
34 1457 Luisehahne
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
35 1782 Luisehahne
36 1365 Luisehahne
	// performed when frontend or backend is loaded.
37 1394 Luisehahne
	public function  __construct($mode = SecureForm::FRONTEND) {
38
		parent::__construct($mode);
39 1365 Luisehahne
	}
40
41 1791 Luisehahne
/**
42
 *
43
 *
44
 * @return array of first visible language pages with defined fields
45
 *
46
 */
47
	public function GetLanguagesDetailsInUsed ( ) {
48
        global $database;
49 1796 Luisehahne
        $aRetval = array();
50 1791 Luisehahne
        $sql =
51
            'SELECT DISTINCT `language`'.
52
            ', `page_id`,`level`,`parent`,`root_parent`,`page_code`,`link`,`language`'.
53
            ', `visibility`,`viewing_groups`,`viewing_users`,`position` '.
54
            'FROM `'.TABLE_PREFIX.'pages` '.
55
            'WHERE `level`= \'0\' '.
56
              'AND `root_parent`=`page_id` '.
57
              'AND `visibility`!=\'none\' '.
58
              'AND `visibility`!=\'hidden\' '.
59
            'GROUP BY `language` '.
60
            'ORDER BY `position`';
61 1782 Luisehahne
62 1791 Luisehahne
            if($oRes = $database->query($sql))
63
            {
64
                while($page = $oRes->fetchRow(MYSQL_ASSOC))
65
                {
66
                    if(!$this->page_is_visible($page)) {continue;}
67 1796 Luisehahne
                    $aRetval[$page['language']] = $page;
68 1791 Luisehahne
                }
69
            }
70 1796 Luisehahne
        return $aRetval;
71 1782 Luisehahne
	}
72
73 1791 Luisehahne
/**
74
 *
75
 *
76
 * @return comma separate list of first visible languages
77
 *
78
 */
79
	public function GetLanguagesInUsed ( ) {
80 1796 Luisehahne
        return implode(',', array_keys($this->GetLanguagesDetailsInUsed()));
81
  	}
82 1782 Luisehahne
83
84 1834 Luisehahne
    /**
85
     * Created parse_url utf-8 compatible function
86
     *
87
     * @param string $url The string to decode
88
     * @return array Associative array containing the different components
89
     *
90
     */
91 1889 Luisehahne
		public function mb_parse_url($url) {
92
		$encodedUrl = preg_replace_callback('%[^:/?#&=\.]+%usD',
93
		              create_function('$aMatches', ';return urlencode($aMatches[0]);'),
94
/*		                           'urlencode(\'$0\')', */
95
		                           $url);
96
		$components = parse_url($encodedUrl);
97
		foreach ($components as &$component)
98
			$component = urldecode($component);
99
return $components;
100 1834 Luisehahne
    }
101
102 1373 Luisehahne
/* ****************
103 1440 Luisehahne
 * check if one or more group_ids are in both group_lists
104
 *
105
 * @access public
106
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
107
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
108
 * @param array &$matches: an array-var whitch will return possible matches
109
 * @return bool: true there is a match, otherwise false
110
 */
111 1698 Luisehahne
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
112 1440 Luisehahne
	{
113
		if( $groups_list1 == '' ) { return false; }
114
		if( $groups_list2 == '' ) { return false; }
115 1889 Luisehahne
		if( !is_array($groups_list1) ) {
116 1440 Luisehahne
			$groups_list1 = explode(',', $groups_list1);
117
		}
118 1889 Luisehahne
		if( !is_array($groups_list2) ) {
119 1440 Luisehahne
			$groups_list2 = explode(',', $groups_list2);
120
		}
121
		$matches = array_intersect( $groups_list1, $groups_list2);
122
		return ( sizeof($matches) != 0 );
123
	}
124
/* ****************
125 1373 Luisehahne
 * check if current user is member of at least one of given groups
126
 * ADMIN (uid=1) always is treated like a member of any groups
127
 *
128
 * @access public
129
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
130
 * @return bool: true if current user is member of one of this groups, otherwise false
131
 */
132 1698 Luisehahne
	public function ami_group_member( $groups_list = '' )
133 1373 Luisehahne
	{
134
		if( $this->get_user_id() == 1 ) { return true; }
135
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
136
	}
137
138 1791 Luisehahne
// Check whether a page is visible or not.
139
// This will check page-visibility and user- and group-rights.
140
/* page_is_visible() returns
141
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
142
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
143
*/
144 1698 Luisehahne
	public function page_is_visible($page)
145 1365 Luisehahne
    {
146 1698 Luisehahne
		// First check if visibility is 'none', 'deleted'
147 1373 Luisehahne
		$show_it = false; // shall we show the page?
148 1698 Luisehahne
		switch( $page['visibility'] )
149
		{
150
			case 'none':
151
			case 'deleted':
152
				$show_it = false;
153
				break;
154
			case 'hidden':
155
			case 'public':
156
				$show_it = true;
157
				break;
158
			case 'private':
159
			case 'registered':
160
				if($this->is_authenticated() == true)
161
				{
162
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
163
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
164
				}
165 1373 Luisehahne
		}
166
167 1365 Luisehahne
		return($show_it);
168
	}
169 1698 Luisehahne
170 1365 Luisehahne
	// Check if there is at least one active section on this page
171 1698 Luisehahne
	public function page_is_active($page)
172 1365 Luisehahne
    {
173
		global $database;
174
		$now = time();
175 1698 Luisehahne
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
176
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
177
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
178
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
179
		return ($database->get_one($sql) != false);
180
   	}
181 1365 Luisehahne
182
	// Check whether we should show a page or not (for front-end)
183 1698 Luisehahne
	public function show_page($page)
184 1365 Luisehahne
    {
185 1698 Luisehahne
		if( !is_array($page) )
186
		{
187
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
188
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
189
			if( ($res_pages = $database->query($sql))!= null )
190
			{
191
				if( !($page = $res_pages->fetchRow()) ) { return false; }
192
			}
193
		}
194
		return ($this->page_is_visible($page) && $this->page_is_active($page));
195 1365 Luisehahne
	}
196
197
	// Check if the user is already authenticated or not
198 1698 Luisehahne
	public function is_authenticated() {
199 1487 DarkViper
		$retval = ( isset($_SESSION['USER_ID']) AND
200
		            $_SESSION['USER_ID'] != "" AND
201
		            is_numeric($_SESSION['USER_ID']));
202
        return $retval;
203 1365 Luisehahne
	}
204
205
	// Modified addslashes function which takes into account magic_quotes
206
	function add_slashes($input) {
207 1487 DarkViper
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
208 1365 Luisehahne
			return $input;
209
		}
210 1487 DarkViper
		return addslashes($input);
211 1365 Luisehahne
	}
212
213
	// Ditto for stripslashes
214
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
215
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
216
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
217
	function strip_slashes($input) {
218
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
219
			return $input;
220
		}
221 1487 DarkViper
		return stripslashes($input);
222 1365 Luisehahne
	}
223
224
	// Escape backslashes for use with mySQL LIKE strings
225
	function escape_backslashes($input) {
226
		return str_replace("\\","\\\\",$input);
227
	}
228
229
	function page_link($link){
230
		// Check for :// in the link (used in URL's) as well as mailto:
231 1373 Luisehahne
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
232 1365 Luisehahne
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
233
		} else {
234
			return $link;
235
		}
236
	}
237 1698 Luisehahne
238 1365 Luisehahne
	// Get POST data
239
	function get_post($field) {
240 1487 DarkViper
		return (isset($_POST[$field]) ? $_POST[$field] : null);
241 1365 Luisehahne
	}
242
243
	// Get POST data and escape it
244
	function get_post_escaped($field) {
245
		$result = $this->get_post($field);
246
		return (is_null($result)) ? null : $this->add_slashes($result);
247
	}
248 1698 Luisehahne
249 1365 Luisehahne
	// Get GET data
250
	function get_get($field) {
251 1487 DarkViper
		return (isset($_GET[$field]) ? $_GET[$field] : null);
252 1365 Luisehahne
	}
253
254
	// Get SESSION data
255
	function get_session($field) {
256 1487 DarkViper
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
257 1365 Luisehahne
	}
258
259
	// Get SERVER data
260
	function get_server($field) {
261 1487 DarkViper
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
262 1365 Luisehahne
	}
263
264
	// Get the current users id
265
	function get_user_id() {
266 1511 Luisehahne
		return $this->get_session('USER_ID');
267 1365 Luisehahne
	}
268
269 1373 Luisehahne
	// Get the current users group id
270 1365 Luisehahne
	function get_group_id() {
271 1511 Luisehahne
		return $this->get_session('GROUP_ID');
272 1365 Luisehahne
	}
273
274
	// Get the current users group ids
275
	function get_groups_id() {
276 1511 Luisehahne
		return explode(",", $this->get_session('GROUPS_ID'));
277 1365 Luisehahne
	}
278
279
	// Get the current users group name
280
	function get_group_name() {
281 1511 Luisehahne
		return implode(",", $this->get_session('GROUP_NAME'));
282 1365 Luisehahne
	}
283
284
	// Get the current users group name
285
	function get_groups_name() {
286 1511 Luisehahne
		return $this->get_session('GROUP_NAME');
287 1365 Luisehahne
	}
288
289
	// Get the current users username
290
	function get_username() {
291 1511 Luisehahne
		return $this->get_session('USERNAME');
292 1365 Luisehahne
	}
293
294
	// Get the current users display name
295
	function get_display_name() {
296 1511 Luisehahne
		return $this->get_session('DISPLAY_NAME');
297 1365 Luisehahne
	}
298
299
	// Get the current users email address
300
	function get_email() {
301 1511 Luisehahne
		return $this->get_session('EMAIL');
302 1365 Luisehahne
	}
303
304
	// Get the current users home folder
305
	function get_home_folder() {
306 1511 Luisehahne
		return $this->get_session('HOME_FOLDER');
307 1365 Luisehahne
	}
308
309
	// Get the current users timezone
310
	function get_timezone() {
311 1872 Luisehahne
312
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $this->get_session('TIMEZONE'));
313 1365 Luisehahne
	}
314
315 1373 Luisehahne
	// Validate supplied email address
316
	function validate_email($email) {
317
		if(function_exists('idn_to_ascii')){ /* use pear if available */
318
			$email = idn_to_ascii($email);
319
		}else {
320
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
321
			$IDN = new idna_convert();
322
			$email = $IDN->encode($email);
323
			unset($IDN);
324 1372 Luisehahne
		}
325 1378 Luisehahne
		// regex from NorHei 2011-01-11
326
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
327
		return ($retval != false);
328 1372 Luisehahne
	}
329
330 1698 Luisehahne
	/**
331
     * replace header('Location:...  with new method
332
	 * if header send failed you get a manuell redirected link, so script don't break
333 1777 Luisehahne
	 *
334 1698 Luisehahne
	 * @param string $location, redirected url
335
	 * @return void
336
	 */
337
	public function send_header ($location) {
338
		if(!headers_sent()) {
339
			header('Location: '.$location);
340
		    exit(0);
341
		} else {
342
//			$aDebugBacktrace = debug_backtrace();
343
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
344
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
345
		         "Please click <a style=\"font-weight:bold;\" " .
346
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
347
348
			throw new AppException($msg);
349
		}
350
	}
351
352 1372 Luisehahne
/* ****************
353 1365 Luisehahne
 * set one or more bit in a integer value
354
 *
355
 * @access public
356
 * @param int $value: reference to the integer, containing the value
357
 * @param int $bits2set: the bitmask witch shall be added to value
358
 * @return void
359
 */
360
	function bit_set( &$value, $bits2set )
361
	{
362
		$value |= $bits2set;
363
	}
364
365
/* ****************
366
 * reset one or more bit from a integer value
367
 *
368
 * @access public
369
 * @param int $value: reference to the integer, containing the value
370
 * @param int $bits2reset: the bitmask witch shall be removed from value
371
 * @return void
372
 */
373
	function bit_reset( &$value, $bits2reset)
374
	{
375
		$value &= ~$bits2reset;
376
	}
377
378
/* ****************
379
 * check if one or more bit in a integer value are set
380
 *
381
 * @access public
382
 * @param int $value: reference to the integer, containing the value
383
 * @param int $bits2set: the bitmask witch shall be added to value
384
 * @return void
385
 */
386
	function bit_isset( $value, $bits2test )
387
	{
388
		return (($value & $bits2test) == $bits2test);
389
	}
390
391
	// Print a success message which then automatically redirects the user to another page
392 1373 Luisehahne
	function print_success( $message, $redirect = 'index.php' ) {
393 1904 darkviper
		$oTrans = Translate::getInstance();
394
		$oTrans->disableAddon();
395 1443 Luisehahne
        if(is_array($message)) {
396
           $message = implode ('<br />',$message);
397
        }
398 1373 Luisehahne
	    // fetch redirect timer for sucess messages from settings table
399 1397 Luisehahne
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
400 1365 Luisehahne
	    // add template variables
401 1529 Luisehahne
		// Setup template object, parse vars to it, then parse it
402 1625 Luisehahne
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
403 1365 Luisehahne
	    $tpl->set_file( 'page', 'success.htt' );
404
	    $tpl->set_block( 'page', 'main_block', 'main' );
405 1373 Luisehahne
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
406
	    $tpl->set_var( 'MESSAGE', $message );
407
	    $tpl->set_var( 'REDIRECT', $redirect );
408
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
409 1904 darkviper
	    $tpl->set_var( 'NEXT', $oTrans->TEXT_NEXT);
410
	    $tpl->set_var( 'BACK', $oTrans->TEXT_BACK);
411 1397 Luisehahne
	    if ($redirect_timer == -1) {
412 1365 Luisehahne
	        $tpl->set_block( 'show_redirect', '' );
413 1373 Luisehahne
	    }
414
	    else {
415 1365 Luisehahne
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
416
	    }
417
	    $tpl->parse( 'main', 'main_block', false );
418
	    $tpl->pparse( 'output', 'page' );
419
	}
420
421
	// Print an error message
422 1373 Luisehahne
	function print_error($message, $link = 'index.php', $auto_footer = true) {
423 1904 darkviper
		$oTrans = Translate::getInstance();
424
		$oTrans->disableAddon();
425 1443 Luisehahne
        if(is_array($message)) {
426
           $message = implode ('<br />',$message);
427
        }
428 1529 Luisehahne
		// Setup template object, parse vars to it, then parse it
429 1625 Luisehahne
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
430 1365 Luisehahne
		$success_template->set_file('page', 'error.htt');
431
		$success_template->set_block('page', 'main_block', 'main');
432
		$success_template->set_var('MESSAGE', $message);
433
		$success_template->set_var('LINK', $link);
434 1904 darkviper
		$success_template->set_var('BACK', $oTrans->TEXT_BACK);
435 1365 Luisehahne
		$success_template->parse('main', 'main_block', false);
436
		$success_template->pparse('output', 'page');
437
		if ( $auto_footer == true ) {
438
			if ( method_exists($this, "print_footer") ) {
439
				$this->print_footer();
440
			}
441
		}
442
		exit();
443
	}
444 1684 Luisehahne
/*
445
 * @param string $message: the message to format
446
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
447
 * @return string: the html-formatted message (using template 'message.htt')
448
 */
449
	public function format_message($message, $status = 'ok')
450
	{
451
		$id = uniqid('x');
452
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
453
		$tpl->set_file('page', 'message.htt');
454
		$tpl->set_block('page', 'main_block', 'main');
455
		$tpl->set_var('MESSAGE', $message);
456
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
457
		$tpl->set_var( 'ID', $id );
458
		if($status == 'ok' || $status == 'error' || $status = 'warning')
459
		{
460
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
461
		}else
462
		{
463
			$tpl->set_var('BOX_STATUS', '');
464
		}
465
		$tpl->set_var('STATUS', $status);
466
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
467
		$retval = '';
468
		if( $status != 'error' )
469
		{
470
			switch(REDIRECT_TIMER):
471
				case 0: // do not show message
472
					unset($tpl);
473
					break;
474
				case -1: // show message permanently
475
					$tpl->parse('main', 'main_block', false);
476
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
477
					unset($tpl);
478
					break;
479
				default: // hide message after REDIRECTOR_TIMER milliseconds
480
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
481
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
482
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
483
					$tpl->parse('main', 'main_block', false);
484
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
485
					unset($tpl);
486
			endswitch;
487
		}else
488
		{
489
			$tpl->parse('main', 'main_block', false);
490
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
491
			unset($tpl);
492
		}
493
		return $retval;
494
	}
495 1782 Luisehahne
/*
496
 * @param string $type: 'locked'(default)  or 'new'
497
 * @return void: terminates application
498
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
499
 *               'new' >> Show 'new site under construction'(former print_under_construction)
500
 */
501
	public function ShowMaintainScreen($type = 'locked')
502
	{
503
		global $database, $MESSAGE;
504
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
505
		$BE_PATIENT = '';
506
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
507 1365 Luisehahne
508 1782 Luisehahne
		$show_screen = false;
509
		if($type == 'locked')
510
		{
511
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
512
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
513
			{
514
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
515
	// first kick logged users out of the system
516
		// delete all remember keys from table 'user' except user_id=1
517
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
518
				$sql .= 'WHERE `user_id`<>1';
519
				$database->query($sql);
520
		// delete remember key-cookie if set
521
				if (isset($_COOKIE['REMEMBER_KEY'])) {
522
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
523
				}
524
		// overwrite session array
525
				$_SESSION = array();
526
		// delete session cookie if set
527
				if (ini_get("session.use_cookies")) {
528
					$params = session_get_cookie_params();
529
					setcookie(session_name(), '', time() - 42000, $params["path"],
530
						$params["domain"], $params["secure"], $params["httponly"]
531
					);
532
				}
533
		// delete the session itself
534
				session_destroy();
535
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
536
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
537
				$PAGE_ICON  = 'system';
538
				$show_screen = true;
539
			}
540
		} else {
541
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
542
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
543
			$PAGE_ICON  = 'negative';
544
			$show_screen = true;
545
		}
546
		if($show_screen)
547
		{
548 1808 Luisehahne
            $sMaintanceFile = $this->correct_theme_source('maintenance.htt');
549 1782 Luisehahne
    		if(file_exists($sMaintanceFile))
550
    		{
551
                $tpl = new Template(dirname( $sMaintanceFile ));
552 1808 Luisehahne
    		    $tpl->set_file( 'page', 'maintenance.htt' );
553 1782 Luisehahne
    		    $tpl->set_block( 'page', 'main_block', 'main' );
554
555
    			if(defined('DEFAULT_CHARSET'))
556
    			{
557
    				$charset=DEFAULT_CHARSET;
558
    			} else {
559
    				$charset='utf-8';
560
    			}
561
    		    $tpl->set_var( 'PAGE_TITLE', $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'] );
562
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
563
    	 	    $tpl->set_var( 'CHARSET', $charset );
564
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
565
    	 	    $tpl->set_var( 'BE_PATIENT', $BE_PATIENT );
566
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
567
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
568
    			$tpl->set_var( 'LANGUAGE', strtolower(LANGUAGE));
569
    		    $tpl->parse( 'main', 'main_block', false );
570
    		    $tpl->pparse( 'output', 'page' );
571
                exit();
572
    		} else {
573
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
574
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
575
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
576
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
577
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
578
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
579
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
580
    		}
581
    		flush();
582
            exit();
583
		}
584
	}
585
586 1365 Luisehahne
	// Validate send email
587 1650 darkviper
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
588 1698 Luisehahne
/*
589 1487 DarkViper
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
590
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
591
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
592 1365 Luisehahne
593 1487 DarkViper
	NOTE:
594
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
595
	via the Settings panel in the backend of Website Baker
596 1698 Luisehahne
*/
597 1365 Luisehahne
598
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
599
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
600
		$subject = preg_replace('/[\r\n]/', '', $subject);
601 1650 darkviper
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
602 1463 Luisehahne
		// $message_alt = $message;
603
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
604
605 1365 Luisehahne
		// create PHPMailer object and define default settings
606
		$myMail = new wbmailer();
607
		// set user defined from address
608
		if ($fromaddress!='') {
609 1487 DarkViper
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
610
			$myMail->From = $fromaddress;                     // FROM:
611 1650 darkviper
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
612
		}
613
		if($replyTo) {
614 1655 Luisehahne
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
615 1365 Luisehahne
		}
616
		// define recepient and information to send out
617 1487 DarkViper
		$myMail->AddAddress($toaddress);                      // TO:
618
		$myMail->Subject = $subject;                          // SUBJECT
619
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
620
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
621 1365 Luisehahne
		// check if there are any send mail errors, otherwise say successful
622
		if (!$myMail->Send()) {
623
			return false;
624
		} else {
625
			return true;
626
		}
627
	}
628
629 1904 darkviper
/**
630
 * checks if there is an alternative Theme template
631
 *
632
 * @param string $sThemeFile set the template.htt
633
 * @return string the relative theme path
634
 *
635
 */
636 1625 Luisehahne
        function correct_theme_source($sThemeFile = 'start.htt') {
637
		$sRetval = $sThemeFile;
638
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
639
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
640
		} else {
641 1641 Luisehahne
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
642
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
643 1625 Luisehahne
			} else {
644
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
645
			}
646
		}
647
		return $sRetval;
648
        }
649 1529 Luisehahne
650 1904 darkviper
/**
651
 * Check if a foldername doesn't have invalid characters
652
 *
653
 * @param String $str to check
654
 * @return Bool
655
 */
656 1529 Luisehahne
	function checkFolderName($str){
657
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
658
	}
659
660 1904 darkviper
/**
661
 * Check the given path to make sure current path is within given basedir
662
 * normally document root
663
 *
664
 * @param String $sCurrentPath
665
 * @param String $sBaseDir
666
 * @return $sCurrentPath or FALSE
667
 */
668 1529 Luisehahne
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
669
		// Clean the cuurent path
670
        $sCurrentPath = rawurldecode($sCurrentPath);
671
        $sCurrentPath = realpath($sCurrentPath);
672
        $sBaseDir = realpath($sBaseDir);
673
		// $sBaseDir needs to exist in the $sCurrentPath
674
		$pos = stripos ($sCurrentPath, $sBaseDir );
675
676
		if ( $pos === FALSE ){
677
			return false;
678
		} elseif( $pos == 0 ) {
679
			return $sCurrentPath;
680
		} else {
681
			return false;
682
		}
683
	}
684
685 1904 darkviper
/**
686
 * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
687
 * and return the cleaned string
688
 *
689
 * @param string $sValue
690
 * @returns
691
 *    false: if @param is not a string
692
 *    string: cleaned string
693
 */
694 1808 Luisehahne
	public function StripCodeFromText($sValue, $bPHPCode=false){
695 1777 Luisehahne
        if(!is_string($sValue)) { return false; }
696 1808 Luisehahne
        $sValue = ( ($bPHPCode==true) ? preg_replace ('/\[\[.*?\]\]\s*?|<\?php\s+.*\?>\s*?/isU', '', $sValue ) : $sValue );
697 1777 Luisehahne
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
698
        return (preg_replace ($sPattern, '', $sValue));
699
	}
700
701 1904 darkviper
/**
702
 * ReplaceAbsoluteMediaUrl
703
 * @param string $sContent
704
 * @return string
705
 * @description Replace URLs witch are pointing into MEDIA_DIRECTORY with an URL
706
 *              independend placeholder
707
 */
708
	public function ReplaceAbsoluteMediaUrl($sContent){
709
		if(ini_get('magic_quotes_gpc')==true){
710
			$sContent = $this->strip_slashes($sContent);
711
		}
712
		if(is_string($sContent)) {
713
			$sMediaUrl = WB_URL.MEDIA_DIRECTORY;
714
			$searchfor = '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).')([^">]*".*>)@siU';
715
			$sContent = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $sContent );
716
		}
717
		return $sContent;
718
	}
719 1777 Luisehahne
720 1904 darkviper
721
722 1365 Luisehahne
}