Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @copyright       WebsiteBaker Org. e.V.
7
 * @author          Ryan Djurovich (2004-2009)
8
 * @author          Dietmar Wöllbrink (luisehahne)
9
 * @author          M.v.d.Decken (DarkViper)
10
 * @link            http://www.websitebaker.org/
11
 * @license         http://www.gnu.org/licenses/gpl.html
12
 * @platform        WebsiteBaker 2.8.x
13
 * @requirements    PHP 5.2.2 and higher
14
 * @version         $Id: class.wb.php 1983 2013-10-19 00:42:27Z Luisehahne $
15
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
16
 * @lastmodified    $Date: 2013-10-19 02:42:27 +0200 (Sat, 19 Oct 2013) $
17
 *
18
 */
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
22
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
23
	throw new IllegalFileException();
24
}
25
/* -------------------------------------------------------- */
26
// Include PHPLIB template class
27
if(!class_exists('Template', false)){ include(WB_PATH.'/include/phplib/template.inc'); }
28
// Include new wbmailer class (subclass of PHPmailer)
29
if(!class_exists('wbmailer', false)){ include(WB_PATH.'/framework/class.wbmailer.php'); }
30

    
31
class wb extends SecureForm
32
{
33
/** @var object instance of the database object */
34
	protected $_oDb      = null;
35
/** @var object instance holds several values from the application global scope */
36
	protected $_oReg     = null;
37
/** @var object instance holds all of the translations */
38
	protected $_oTrans   = null;
39

    
40
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
41

    
42
	// performed when frontend or backend is loaded.
43
	public function  __construct($mode = SecureForm::FRONTEND) {
44
		parent::__construct($mode);
45

    
46
		$this->_oDb    = WbDatabase::getInstance();
47
		$this->_oReg   = WbAdaptor::getInstance();
48
		$this->_oTrans = Translate::getInstance();
49
	}
50

    
51
/**
52
 *
53
 *
54
 * @return object instance of the database object of all visible languages with defined fields
55
 *
56
 */
57
	public function getAvailableLanguagesObjectInstance( ) {
58

    
59
			$sql = 'SELECT `directory`,`name` '
60
			     . 'FROM `'.$this->_oDb->TablePrefix.'addons` '
61
		         . 'WHERE `type` = \'language\' '
62
		         . 'ORDER BY `directory`';
63
        return ($this->_oDb->query($sql));
64
	}
65

    
66

    
67
/**
68
 *
69
 *
70
 * @return array of all visible languages with defined fields
71
 *
72
 */
73
	public function getAvailableLanguages( ) {
74
        $aRetval = array();
75
        if($oRes = $this->getAvailableLanguagesObjectInstance())
76
        {
77
            while($aRow = $oRes->fetchRow(MYSQL_ASSOC))
78
            {
79
                $aRetval[$aRow['directory']] = $aRow['name'];
80
            }
81
        }
82
        
83
        return ( $aRetval);
84
	}
85

    
86
/**
87
 *
88
 *
89
 * @return array of first visible language pages with defined fields
90
 *
91
 */
92
	public function getLanguagesDetailsInUsed ( ) {
93
//        global $database;
94
        $aRetval = array();
95
		$sql = 'SELECT DISTINCT `language`, `page_id`, `level`, `parent`, `root_parent`, '
96
			 .                 '`page_code`, `link`, `language`, `visibility`, '
97
			 .                 '`viewing_groups`,`viewing_users`,`position` '
98
			 . 'FROM `'.$this->_oDb->TablePrefix.'pages` '
99
			 . 'WHERE `level`= \'0\' '
100
			 .       'AND `root_parent`=`page_id` '
101
			 .       'AND `visibility`!=\'none\' '
102
			 .       'AND `visibility`!=\'hidden\' '
103
			 . 'GROUP BY `language` '
104
			 . 'ORDER BY `position`';
105
        if($oRes = $this->_oDb->query($sql))
106
        {
107
            while($aRow = $oRes->fetchRow(MYSQL_ASSOC))
108
            {
109
                if(!$this->page_is_visible($aRow)) {continue;}
110
                $aRetval[$aRow['language']] = $aRow;
111
            }
112
        }
113
        return $aRetval;
114
	}
115

    
116

    
117

    
118

    
119
/**
120
 *
121
 *
122
 * @return comma separate list of first visible languages
123
 *
124
 */
125
	public function getLanguagesInUsed ( ) {
126
        $aRetval = array_keys($this->getLanguagesDetailsInUsed()) ;
127
        if(sizeof($aRetval)==0) { return null; }
128
        return implode(',', $aRetval);
129
  	}
130

    
131

    
132
    /**
133
     * Created parse_url utf-8 compatible function
134
     * 
135
     * @param string $url The string to decode
136
     * @return array Associative array containing the different components
137
     * 
138
     */
139
		public function mb_parse_url($url) {
140
		$encodedUrl = preg_replace_callback('%[^:/?#&=\.]+%usD',
141
		              create_function('$aMatches', ';return urlencode($aMatches[0]);'),
142
/*		                           'urlencode(\'$0\')', */
143
		                           $url);
144
		$components = parse_url($encodedUrl);
145
		foreach ($components as &$component)
146
			$component = urldecode($component);
147
return $components;
148
    }
149

    
150
/* ****************
151
 * check if one or more group_ids are in both group_lists
152
 *
153
 * @access public
154
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
155
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
156
 * @param array &$matches: an array-var whitch will return possible matches
157
 * @return bool: true there is a match, otherwise false
158
 */
159
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
160
	{
161
		if( $groups_list1 == '' ) { return false; }
162
		if( $groups_list2 == '' ) { return false; }
163
		if( !is_array($groups_list1) ) {
164
			$groups_list1 = explode(',', $groups_list1);
165
		}
166
		if( !is_array($groups_list2) ) {
167
			$groups_list2 = explode(',', $groups_list2);
168
		}
169
		$matches = array_intersect( $groups_list1, $groups_list2);
170
		return ( sizeof($matches) != 0 );
171
	}
172
/* ****************
173
 * check if current user is member of at least one of given groups
174
 * ADMIN (uid=1) always is treated like a member of any groups
175
 *
176
 * @access public
177
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
178
 * @return bool: true if current user is member of one of this groups, otherwise false
179
 */
180
	public function ami_group_member( $groups_list = '' )
181
	{
182
		if( $this->get_user_id() == 1 ) { return true; }
183
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
184
	}
185

    
186
// Check whether a page is visible or not.
187
// This will check page-visibility and user- and group-rights.
188
/* page_is_visible() returns
189
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
190
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
191
*/
192
	public function page_is_visible($page)
193
    {
194
		// First check if visibility is 'none', 'deleted'
195
		$show_it = false; // shall we show the page?
196
		switch( $page['visibility'] )
197
		{
198
			case 'none':
199
			case 'deleted':
200
				$show_it = false;
201
				break;
202
			case 'hidden':
203
			case 'public':
204
				$show_it = true;
205
				break;
206
			case 'private':
207
			case 'registered':
208
				if($this->is_authenticated() == true)
209
				{
210
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
211
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
212
				}
213
		}
214

    
215
		return($show_it);
216
	}
217

    
218
	// Check if there is at least one active section on this page
219
	public function page_is_active($page)
220
    {
221
		global $database;
222
		$now = time();
223
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
224
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
225
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
226
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
227
		return ($database->get_one($sql) != false);
228
   	}
229

    
230
	// Check whether we should show a page or not (for front-end)
231
	public function show_page($page)
232
    {
233
		if( !is_array($page) )
234
		{
235
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
236
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
237
			if( ($res_pages = $database->query($sql))!= null )
238
			{
239
				if( !($page = $res_pages->fetchRow()) ) { return false; }
240
			}
241
		}
242
		return ($this->page_is_visible($page) && $this->page_is_active($page));
243
	}
244

    
245
	// Check if the user is already authenticated or not
246
	public function is_authenticated() {
247
		$retval = ( isset($_SESSION['USER_ID']) AND
248
		            $_SESSION['USER_ID'] != "" AND
249
		            is_numeric($_SESSION['USER_ID']));
250
        return $retval;
251
	}
252

    
253
	// Modified addslashes function which takes into account magic_quotes
254
	function add_slashes($input) {
255
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
256
			return $input;
257
		}
258
		return addslashes($input);
259
	}
260

    
261
	// Ditto for stripslashes
262
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
263
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
264
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
265
	function strip_slashes($input) {
266
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
267
			return $input;
268
		}
269
		return stripslashes($input);
270
	}
271

    
272
	// Escape backslashes for use with mySQL LIKE strings
273
	function escape_backslashes($input) {
274
		return str_replace("\\","\\\\",$input);
275
	}
276

    
277
	function page_link($link){
278
		// Check for :// in the link (used in URL's) as well as mailto:
279
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
280
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
281
		} else {
282
			return $link;
283
		}
284
	}
285

    
286
	// Get POST data
287
	function get_post($field) {
288
		return (isset($_POST[$field]) ? $_POST[$field] : null);
289
	}
290

    
291
	// Get POST data and escape it
292
	function get_post_escaped($field) {
293
		$result = $this->get_post($field);
294
		return (is_null($result)) ? null : $this->add_slashes($result);
295
	}
296

    
297
	// Get GET data
298
	function get_get($field) {
299
		return (isset($_GET[$field]) ? $_GET[$field] : null);
300
	}
301

    
302
	// Get SESSION data
303
	function get_session($field) {
304
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
305
	}
306

    
307
	// Get SERVER data
308
	function get_server($field) {
309
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
310
	}
311

    
312
	// Get the current users id
313
	function get_user_id() {
314
		return $this->get_session('USER_ID');
315
	}
316

    
317
	// Get the current users group id
318
	function get_group_id() {
319
		return $this->get_session('GROUP_ID');
320
	}
321

    
322
	// Get the current users group ids
323
	function get_groups_id() {
324
		return explode(",", $this->get_session('GROUPS_ID'));
325
	}
326

    
327
	// Get the current users group name
328
	function get_group_name() {
329
		return implode(",", $this->get_session('GROUP_NAME'));
330
	}
331

    
332
	// Get the current users group name
333
	function get_groups_name() {
334
		return $this->get_session('GROUP_NAME');
335
	}
336

    
337
	// Get the current users username
338
	function get_username() {
339
		return $this->get_session('USERNAME');
340
	}
341

    
342
	// Get the current users display name
343
	function get_display_name() {
344
		return $this->get_session('DISPLAY_NAME');
345
	}
346

    
347
	// Get the current users email address
348
	function get_email() {
349
		return $this->get_session('EMAIL');
350
	}
351

    
352
	// Get the current users home folder
353
	function get_home_folder() {
354
		return $this->get_session('HOME_FOLDER');
355
	}
356

    
357
	// Get the current users timezone
358
	function get_timezone() {
359
		
360
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $this->get_session('TIMEZONE'));
361
	}
362

    
363
	// Validate supplied email address
364
	function validate_email($email) {
365
		if(function_exists('idn_to_ascii')){ /* use pear if available */
366
			$email = idn_to_ascii($email);
367
		}else {
368
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
369
			$IDN = new idna_convert();
370
			$email = $IDN->encode($email);
371
			unset($IDN);
372
		}
373
		// regex from NorHei 2011-01-11
374
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
375
		return ($retval != false);
376
	}
377

    
378
	/**
379
     * replace header('Location:...  with new method
380
	 * if header send failed you get a manuell redirected link, so script don't break
381
	 *
382
	 * @param string $location, redirected url
383
	 * @return void
384
	 */
385
	public function send_header ($location) {
386
		if(!headers_sent()) {
387
			header('Location: '.$location);
388
		    exit(0);
389
		} else {
390
//			$aDebugBacktrace = debug_backtrace();
391
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
392
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
393
		         "Please click <a style=\"font-weight:bold;\" " .
394
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
395

    
396
			throw new AppException($msg);
397
		}
398
	}
399

    
400
/* ****************
401
 * set one or more bit in a integer value
402
 *
403
 * @access public
404
 * @param int $value: reference to the integer, containing the value
405
 * @param int $bits2set: the bitmask witch shall be added to value
406
 * @return void
407
 */
408
	function bit_set( &$value, $bits2set )
409
	{
410
		$value |= $bits2set;
411
	}
412

    
413
/* ****************
414
 * reset one or more bit from a integer value
415
 *
416
 * @access public
417
 * @param int $value: reference to the integer, containing the value
418
 * @param int $bits2reset: the bitmask witch shall be removed from value
419
 * @return void
420
 */
421
	function bit_reset( &$value, $bits2reset)
422
	{
423
		$value &= ~$bits2reset;
424
	}
425

    
426
/* ****************
427
 * check if one or more bit in a integer value are set
428
 *
429
 * @access public
430
 * @param int $value: reference to the integer, containing the value
431
 * @param int $bits2set: the bitmask witch shall be added to value
432
 * @return void
433
 */
434
	function bit_isset( $value, $bits2test )
435
	{
436
		return (($value & $bits2test) == $bits2test);
437
	}
438

    
439
	// Print a success message which then automatically redirects the user to another page
440
	function print_success( $message, $redirect = 'index.php' ) {
441
		$oTrans = Translate::getInstance();
442
		$oTrans->disableAddon();
443
        if(is_array($message)) {
444
           $message = implode ('<br />',$message);
445
        }
446
	    // fetch redirect timer for sucess messages from settings table
447
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
448
	    // add template variables
449
		// Setup template object, parse vars to it, then parse it
450
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
451
	    $tpl->set_file( 'page', 'success.htt' );
452
	    $tpl->set_block( 'page', 'main_block', 'main' );
453
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
454
	    $tpl->set_var( 'MESSAGE', $message );
455
	    $tpl->set_var( 'REDIRECT', $redirect );
456
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
457
	    $tpl->set_var( 'NEXT', $oTrans->TEXT_NEXT);
458
	    $tpl->set_var( 'BACK', $oTrans->TEXT_BACK);
459
	    if ($redirect_timer == -1) {
460
	        $tpl->set_block( 'show_redirect', '' );
461
	    }
462
	    else {
463
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
464
	    }
465
	    $tpl->parse( 'main', 'main_block', false );
466
	    $tpl->pparse( 'output', 'page' );
467
	}
468

    
469
	// Print an error message
470
	function print_error($message, $link = 'index.php', $auto_footer = true) {
471
		$oTrans = Translate::getInstance();
472
		$oTrans->disableAddon();
473
        if(is_array($message)) {
474
           $message = implode ('<br />',$message);
475
        }
476
		// Setup template object, parse vars to it, then parse it
477
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
478
		$success_template->set_file('page', 'error.htt');
479
		$success_template->set_block('page', 'main_block', 'main');
480
		$success_template->set_var('MESSAGE', $message);
481
		$success_template->set_var('LINK', $link);
482
		$success_template->set_var('BACK', $oTrans->TEXT_BACK);
483
		$success_template->parse('main', 'main_block', false);
484
		$success_template->pparse('output', 'page');
485
		if ( $auto_footer == true ) {
486
			if ( method_exists($this, "print_footer") ) {
487
				$this->print_footer();
488
			}
489
		}
490
		exit();
491
	}
492
/*
493
 * @param string $message: the message to format
494
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
495
 * @return string: the html-formatted message (using template 'message.htt')
496
 */
497
	public function format_message($message, $status = 'ok')
498
	{
499
		$id = uniqid('x');
500
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
501
		$tpl->set_file('page', 'message.htt');
502
		$tpl->set_block('page', 'main_block', 'main');
503
		$tpl->set_var('MESSAGE', $message);
504
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
505
		$tpl->set_var( 'ID', $id );
506
		if($status == 'ok' || $status == 'error' || $status = 'warning')
507
		{
508
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
509
		}else
510
		{
511
			$tpl->set_var('BOX_STATUS', '');
512
		}
513
		$tpl->set_var('STATUS', $status);
514
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
515
		$retval = '';
516
		if( $status != 'error' )
517
		{
518
			switch(REDIRECT_TIMER):
519
				case 0: // do not show message
520
					unset($tpl);
521
					break;
522
				case -1: // show message permanently
523
					$tpl->parse('main', 'main_block', false);
524
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
525
					unset($tpl);
526
					break;
527
				default: // hide message after REDIRECTOR_TIMER milliseconds
528
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
529
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
530
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
531
					$tpl->parse('main', 'main_block', false);
532
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
533
					unset($tpl);
534
			endswitch;
535
		}else
536
		{
537
			$tpl->parse('main', 'main_block', false);
538
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
539
			unset($tpl);
540
		}
541
		return $retval;
542
	}
543
/*
544
 * @param string $type: 'locked'(default)  or 'new'
545
 * @return void: terminates application
546
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
547
 *               'new' >> Show 'new site under construction'(former print_under_construction)
548
 */
549
	public function ShowMaintainScreen($type = 'locked')
550
	{
551
		global $database, $MESSAGE;
552
		$CHECK_BACK = $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'];
553
		$BE_PATIENT = '';
554
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
555

    
556
		$show_screen = false;
557
		if($type == 'locked')
558
		{
559
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
560
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
561
			{
562
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
563
	// first kick logged users out of the system
564
		// delete all remember keys from table 'user' except user_id=1
565
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
566
				$sql .= 'WHERE `user_id`<>1';
567
				$database->query($sql);
568
		// delete remember key-cookie if set
569
				if (isset($_COOKIE['REMEMBER_KEY'])) {
570
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
571
				}
572
		// overwrite session array
573
				$_SESSION = array();
574
		// delete session cookie if set
575
				if (ini_get("session.use_cookies")) {
576
					$params = session_get_cookie_params();
577
					setcookie(session_name(), '', time() - 42000, $params["path"],
578
						$params["domain"], $params["secure"], $params["httponly"]
579
					);
580
				}
581
		// delete the session itself
582
				session_destroy();
583
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
584
				$BE_PATIENT = $MESSAGE['GENERIC_BE_PATIENT'];
585
				$PAGE_ICON  = 'system';
586
				$show_screen = true;
587
			}
588
		} else {
589
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
590
			$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
591
			$PAGE_ICON  = 'negative';
592
			$show_screen = true;
593
		}
594
		if($show_screen)
595
		{
596
            $sMaintanceFile = $this->correct_theme_source('maintenance.htt');
597
    		if(file_exists($sMaintanceFile))
598
    		{
599
                $tpl = new Template(dirname( $sMaintanceFile ));
600
    		    $tpl->set_file( 'page', 'maintenance.htt' );
601
    		    $tpl->set_block( 'page', 'main_block', 'main' );
602

    
603
    			if(defined('DEFAULT_CHARSET'))
604
    			{
605
    				$charset=DEFAULT_CHARSET;
606
    			} else {
607
    				$charset='utf-8';
608
    			}
609
    		    $tpl->set_var( 'PAGE_TITLE', $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'] );
610
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
611
    	 	    $tpl->set_var( 'CHARSET', $charset );
612
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
613
    	 	    $tpl->set_var( 'BE_PATIENT', $BE_PATIENT );
614
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
615
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
616
    			$tpl->set_var( 'LANGUAGE', strtolower(LANGUAGE));
617
    		    $tpl->parse( 'main', 'main_block', false );
618
    		    $tpl->pparse( 'output', 'page' );
619
                exit();
620
    		} else {
621
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
622
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
623
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
624
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
625
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
626
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
627
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
628
    		}
629
    		flush();
630
            exit();
631
		}
632
	}
633

    
634
	// Validate send email
635
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
636
/*
637
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
638
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
639
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
640

    
641
	NOTE:
642
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
643
	via the Settings panel in the backend of Website Baker
644
*/
645

    
646
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
647
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
648
		$subject = preg_replace('/[\r\n]/', '', $subject);
649
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
650
		// $message_alt = $message;
651
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
652

    
653
		// create PHPMailer object and define default settings
654
		$myMail = new wbmailer();
655
		// set user defined from address
656
		if ($fromaddress!='') {
657
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
658
			$myMail->From = $fromaddress;                     // FROM:
659
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
660
		}
661
		if($replyTo) {
662
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
663
		}
664
		// define recepient and information to send out
665
		$myMail->AddAddress($toaddress);                      // TO:
666
		$myMail->Subject = $subject;                          // SUBJECT
667
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
668
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
669
		// check if there are any send mail errors, otherwise say successful
670
		if (!$myMail->Send()) {
671
			return false;
672
		} else {
673
			return true;
674
		}
675
	}
676

    
677
/**
678
 * checks if there is an alternative Theme template
679
 *
680
 * @param string $sThemeFile set the template.htt
681
 * @return string the relative theme path
682
 *
683
 */
684
        function correct_theme_source($sThemeFile = 'start.htt') {
685
		$sRetval = $sThemeFile;
686
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
687
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
688
		} else {
689
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
690
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
691
			} else {
692
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
693
			}
694
		}
695
		return $sRetval;
696
        }
697

    
698
/**
699
 * Check if a foldername doesn't have invalid characters
700
 *
701
 * @param String $str to check
702
 * @return Bool
703
 */
704
	function checkFolderName($str){
705
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
706
	}
707

    
708
/**
709
 * Check the given path to make sure current path is within given basedir
710
 * normally document root
711
 *
712
 * @param String $sCurrentPath
713
 * @param String $sBaseDir
714
 * @return $sCurrentPath or FALSE
715
 */
716
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
717
		// Clean the cuurent path
718
        $sCurrentPath = rawurldecode($sCurrentPath);
719
        $sCurrentPath = realpath($sCurrentPath);
720
        $sBaseDir = realpath($sBaseDir);
721
		// $sBaseDir needs to exist in the $sCurrentPath
722
		$pos = stripos ($sCurrentPath, $sBaseDir );
723

    
724
		if ( $pos === FALSE ){
725
			return false;
726
		} elseif( $pos == 0 ) {
727
			return $sCurrentPath;
728
		} else {
729
			return false;
730
		}
731
	}
732

    
733
/**
734
 * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
735
 * and return the cleaned string
736
 *
737
 * @param string $sValue
738
 * @returns
739
 *    false: if @param is not a string
740
 *    string: cleaned string
741
 */
742
	public function StripCodeFromText($sValue, $bPHPCode=false){
743
        if(!is_string($sValue)) { return false; }
744
        $sValue = ( ($bPHPCode==true) ? preg_replace ('/\[\[.*?\]\]\s*?|<\?php\s+.*\?>\s*?/isU', '', $sValue ) : $sValue );
745
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
746
        return (preg_replace ($sPattern, '', $sValue));
747
	}
748

    
749
/**
750
 * ReplaceAbsoluteMediaUrl
751
 * @param string $sContent
752
 * @return string
753
 * @description Replace URLs witch are pointing into MEDIA_DIRECTORY with an URL 
754
 *              independend placeholder
755
 */
756
	public function ReplaceAbsoluteMediaUrl($sContent){
757
		if(ini_get('magic_quotes_gpc')==true){
758
			$sContent = $this->strip_slashes($sContent);
759
		}
760
		if(is_string($sContent)) {
761
			$sMediaUrl = WB_URL.MEDIA_DIRECTORY;
762
			$searchfor = '@(<[^>]*=\s*")('.preg_quote($sMediaUrl).')([^">]*".*>)@siU';
763
			$sContent = preg_replace($searchfor, '$1{SYSVAR:MEDIA_REL}$3', $sContent );
764
		}
765
		return $sContent;
766
	}
767

    
768
	
769
	
770
}
(26-26/35)