Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @copyright       WebsiteBaker Org. e.V.
7
 * @author          Ryan Djurovich (2004-2009)
8
 * @author          Dietmar Wöllbrink (luisehahne)
9
 * @author          M.v.d.Decken (DarkViper)
10
 * @link            http://www.websitebaker.org/
11
 * @license         http://www.gnu.org/licenses/gpl.html
12
 * @platform        WebsiteBaker 2.8.x
13
 * @requirements    PHP 5.2.2 and higher
14
 * @version         $Id: class.wb.php 2058 2014-01-01 02:21:24Z darkviper $
15
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
16
 * @lastmodified    $Date: 2014-01-01 03:21:24 +0100 (Wed, 01 Jan 2014) $
17
 *
18
 */
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
22
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
23
	throw new IllegalFileException();
24
}
25
/* -------------------------------------------------------- */
26
// Include PHPLIB template class
27
if(!class_exists('Template', false)){ include(WB_PATH.'/include/phplib/template.inc'); }
28
// Include new wbmailer class (subclass of PHPmailer)
29
if(!class_exists('wbmailer', false)){ include(WB_PATH.'/framework/class.wbmailer.php'); }
30

    
31
class wb extends SecureForm
32
{
33
/** @var object instance of the database object */
34
	protected $_oDb      = null;
35
/** @var object instance holds several values from the application global scope */
36
	protected $_oReg     = null;
37
/** @var object instance holds all of the translations */
38
	protected $_oTrans   = null;
39

    
40
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
41

    
42
	// performed when frontend or backend is loaded.
43
	public function  __construct($mode = SecureForm::FRONTEND) {
44
		parent::__construct($mode);
45

    
46
		$this->_oDb    = WbDatabase::getInstance();
47
		$this->_oReg   = WbAdaptor::getInstance();
48
		$this->_oTrans = Translate::getInstance();
49
	}
50

    
51
/**
52
 *
53
 *
54
 * @return object instance of the database object of all visible languages with defined fields
55
 *
56
 */
57
	public function getAvailableLanguagesObjectInstance( ) {
58

    
59
			$sql = 'SELECT `directory`,`name` '
60
			     . 'FROM `'.$this->_oDb->TablePrefix.'addons` '
61
		         . 'WHERE `type` = \'language\' '
62
		         . 'ORDER BY `directory`';
63
        return ($this->_oDb->query($sql));
64
	}
65

    
66

    
67
/**
68
 *
69
 *
70
 * @return array of all visible languages with defined fields
71
 *
72
 */
73
	public function getAvailableLanguages( ) {
74
        $aRetval = array();
75
        if($oRes = $this->getAvailableLanguagesObjectInstance())
76
        {
77
            while($aRow = $oRes->fetchRow(MYSQL_ASSOC))
78
            {
79
                $aRetval[$aRow['directory']] = $aRow['name'];
80
            }
81
        }
82
        
83
        return ( $aRetval);
84
	}
85

    
86
/**
87
 *
88
 *
89
 * @return array of first visible language pages with defined fields
90
 *
91
 */
92
	public function getLanguagesDetailsInUsed ( ) {
93
//        global $database;
94
        $aRetval = array();
95
		$sql = 'SELECT DISTINCT `language`, `page_id`, `level`, `parent`, `root_parent`, '
96
			 .                 '`page_code`, `link`, `language`, `visibility`, '
97
			 .                 '`viewing_groups`,`viewing_users`,`position` '
98
			 . 'FROM `'.$this->_oDb->TablePrefix.'pages` '
99
			 . 'WHERE `level`= \'0\' '
100
			 .       'AND `root_parent`=`page_id` '
101
			 .       'AND `visibility`!=\'none\' '
102
			 .       'AND `visibility`!=\'hidden\' '
103
			 . 'GROUP BY `language` '
104
			 . 'ORDER BY `position`';
105
        if($oRes = $this->_oDb->query($sql))
106
        {
107
            while($aRow = $oRes->fetchRow(MYSQL_ASSOC))
108
            {
109
                if(!$this->page_is_visible($aRow)) {continue;}
110
                $aRetval[$aRow['language']] = $aRow;
111
            }
112
        }
113
        return $aRetval;
114
	}
115

    
116

    
117

    
118

    
119
/**
120
 *
121
 *
122
 * @return comma separate list of first visible languages
123
 *
124
 */
125
	public function getLanguagesInUsed ( ) {
126
        $aRetval = array_keys($this->getLanguagesDetailsInUsed()) ;
127
        if(sizeof($aRetval)==0) { return null; }
128
        return implode(',', $aRetval);
129
  	}
130

    
131

    
132
    /**
133
     * Created parse_url utf-8 compatible function
134
     * 
135
     * @param string $url The string to decode
136
     * @return array Associative array containing the different components
137
     * 
138
     */
139
		public function mb_parse_url($url) {
140
		$encodedUrl = preg_replace_callback('%[^:/?#&=\.]+%usD',
141
		              create_function('$aMatches', ';return urlencode($aMatches[0]);'),
142
/*		                           'urlencode(\'$0\')', */
143
		                           $url);
144
		$components = parse_url($encodedUrl);
145
		foreach ($components as &$component)
146
			$component = urldecode($component);
147
return $components;
148
    }
149

    
150
/* ****************
151
 * check if one or more group_ids are in both group_lists
152
 *
153
 * @access public
154
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
155
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
156
 * @param array &$matches: an array-var whitch will return possible matches
157
 * @return bool: true there is a match, otherwise false
158
 */
159
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
160
	{
161
		if( $groups_list1 == '' ) { return false; }
162
		if( $groups_list2 == '' ) { return false; }
163
		if( !is_array($groups_list1) ) {
164
			$groups_list1 = explode(',', $groups_list1);
165
		}
166
		if( !is_array($groups_list2) ) {
167
			$groups_list2 = explode(',', $groups_list2);
168
		}
169
		$matches = array_intersect( $groups_list1, $groups_list2);
170
		return ( sizeof($matches) != 0 );
171
	}
172
/* ****************
173
 * check if current user is member of at least one of given groups
174
 * ADMIN (uid=1) always is treated like a member of any groups
175
 *
176
 * @access public
177
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
178
 * @return bool: true if current user is member of one of this groups, otherwise false
179
 */
180
	public function ami_group_member( $groups_list = '' )
181
	{
182
		if( $this->get_user_id() == 1 ) { return true; }
183
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
184
	}
185

    
186
// Check whether a page is visible or not.
187
// This will check page-visibility and user- and group-rights.
188
/* page_is_visible() returns
189
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
190
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
191
*/
192
	public function page_is_visible($page)
193
    {
194
		// First check if visibility is 'none', 'deleted'
195
		$show_it = false; // shall we show the page?
196
		switch( $page['visibility'] )
197
		{
198
			case 'none':
199
			case 'deleted':
200
				$show_it = false;
201
				break;
202
			case 'hidden':
203
			case 'public':
204
				$show_it = true;
205
				break;
206
			case 'private':
207
			case 'registered':
208
				if($this->is_authenticated() == true)
209
				{
210
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
211
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
212
				}
213
		}
214

    
215
		return($show_it);
216
	}
217

    
218
	// Check if there is at least one active section on this page
219
	public function page_is_active($page)
220
    {
221
		global $database;
222
		$now = time();
223
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
224
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
225
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
226
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
227
		return ($database->get_one($sql) != false);
228
   	}
229

    
230
	// Check whether we should show a page or not (for front-end)
231
	public function show_page($page)
232
    {
233
		if( !is_array($page) )
234
		{
235
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
236
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
237
			if( ($res_pages = $database->query($sql))!= null )
238
			{
239
				if( !($page = $res_pages->fetchRow()) ) { return false; }
240
			}
241
		}
242
		return ($this->page_is_visible($page) && $this->page_is_active($page));
243
	}
244

    
245
	// Check if the user is already authenticated or not
246
	public function is_authenticated() {
247
		$retval = ( isset($_SESSION['USER_ID']) AND
248
		            $_SESSION['USER_ID'] != "" AND
249
		            is_numeric($_SESSION['USER_ID']));
250
        return $retval;
251
	}
252

    
253
	// Modified addslashes function which takes into account magic_quotes
254
	function add_slashes($input) {
255
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
256
			return $input;
257
		}
258
		return addslashes($input);
259
	}
260

    
261
	// Ditto for stripslashes
262
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
263
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
264
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
265
	function strip_slashes($input) {
266
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
267
			return $input;
268
		}
269
		return stripslashes($input);
270
	}
271

    
272
	// Escape backslashes for use with mySQL LIKE strings
273
	function escape_backslashes($input) {
274
		return str_replace("\\","\\\\",$input);
275
	}
276

    
277
	function page_link($link){
278
		// Check for :// in the link (used in URL's) as well as mailto:
279
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
280
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
281
		} else {
282
			return $link;
283
		}
284
	}
285

    
286
	// Get POST data
287
	function get_post($field) {
288
		return (isset($_POST[$field]) ? $_POST[$field] : null);
289
	}
290

    
291
	// Get POST data and escape it
292
	function get_post_escaped($field) {
293
		$result = $this->get_post($field);
294
		return (is_null($result)) ? null : $this->add_slashes($result);
295
	}
296

    
297
	// Get GET data
298
	function get_get($field) {
299
		return (isset($_GET[$field]) ? $_GET[$field] : null);
300
	}
301

    
302
	// Get SESSION data
303
	function get_session($field) {
304
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
305
	}
306

    
307
	// Get SERVER data
308
	function get_server($field) {
309
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
310
	}
311

    
312
	// Get the current users id
313
	function get_user_id() {
314
		return $this->get_session('USER_ID');
315
	}
316

    
317
	// Get the current users group id
318
	function get_group_id() {
319
		return $this->get_session('GROUP_ID');
320
	}
321

    
322
	// Get the current users group ids
323
	function get_groups_id() {
324
		return explode(",", $this->get_session('GROUPS_ID'));
325
	}
326

    
327
	// Get the current users group name
328
	function get_group_name() {
329
		return implode(",", $this->get_session('GROUP_NAME'));
330
	}
331

    
332
	// Get the current users group name
333
	function get_groups_name() {
334
		return $this->get_session('GROUP_NAME');
335
	}
336

    
337
	// Get the current users username
338
	function get_username() {
339
		return $this->get_session('USERNAME');
340
	}
341

    
342
	// Get the current users display name
343
	function get_display_name() {
344
		return $this->get_session('DISPLAY_NAME');
345
	}
346

    
347
	// Get the current users email address
348
	function get_email() {
349
		return $this->get_session('EMAIL');
350
	}
351

    
352
	// Get the current users home folder
353
	function get_home_folder() {
354
		return $this->get_session('HOME_FOLDER');
355
	}
356

    
357
	// Get the current users timezone
358
	function get_timezone() {
359
		
360
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $this->get_session('TIMEZONE'));
361
	}
362

    
363
	// Validate supplied email address
364
	function validate_email($email) {
365
		if(function_exists('idn_to_ascii')){ /* use pear if available */
366
			$email = idn_to_ascii($email);
367
		}else {
368
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
369
			$IDN = new idna_convert();
370
			$email = $IDN->encode($email);
371
			unset($IDN);
372
		}
373
		// regex from NorHei 2011-01-11
374
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
375
		return ($retval != false);
376
	}
377

    
378
	/**
379
     * replace header('Location:...  with new method
380
	 * if header send failed you get a manuell redirected link, so script don't break
381
	 *
382
	 * @param string $location, redirected url
383
	 * @return void
384
	 */
385
	public function send_header ($location) {
386
		if(!headers_sent()) {
387
			header('Location: '.$location);
388
		    exit(0);
389
		} else {
390
//			$aDebugBacktrace = debug_backtrace();
391
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
392
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
393
		         "Please click <a style=\"font-weight:bold;\" " .
394
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
395

    
396
			throw new AppException($msg);
397
		}
398
	}
399

    
400
/* ****************
401
 * set one or more bit in a integer value
402
 *
403
 * @access public
404
 * @param int $value: reference to the integer, containing the value
405
 * @param int $bits2set: the bitmask witch shall be added to value
406
 * @return void
407
 */
408
	function bit_set( &$value, $bits2set )
409
	{
410
		$value |= $bits2set;
411
	}
412

    
413
/* ****************
414
 * reset one or more bit from a integer value
415
 *
416
 * @access public
417
 * @param int $value: reference to the integer, containing the value
418
 * @param int $bits2reset: the bitmask witch shall be removed from value
419
 * @return void
420
 */
421
	function bit_reset( &$value, $bits2reset)
422
	{
423
		$value &= ~$bits2reset;
424
	}
425

    
426
/* ****************
427
 * check if one or more bit in a integer value are set
428
 *
429
 * @access public
430
 * @param int $value: reference to the integer, containing the value
431
 * @param int $bits2set: the bitmask witch shall be added to value
432
 * @return void
433
 */
434
	function bit_isset( $value, $bits2test )
435
	{
436
		return (($value & $bits2test) == $bits2test);
437
	}
438

    
439
	// Print a success message which then automatically redirects the user to another page
440
	function print_success( $message, $redirect = 'index.php' ) {
441
		$oTrans = Translate::getInstance();
442
		$oTrans->disableAddon();
443
        if(is_array($message)) {
444
           $message = implode ('<br />',$message);
445
        }
446
	    // fetch redirect timer for sucess messages from settings table
447
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
448
	    // add template variables
449
		// Setup template object, parse vars to it, then parse it
450
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
451
	    $tpl->set_file( 'page', 'success.htt' );
452
	    $tpl->set_block( 'page', 'main_block', 'main' );
453
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
454
	    $tpl->set_var( 'MESSAGE', $message );
455
	    $tpl->set_var( 'REDIRECT', $redirect );
456
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
457
	    $tpl->set_var( 'NEXT', $oTrans->TEXT_NEXT);
458
	    $tpl->set_var( 'BACK', $oTrans->TEXT_BACK);
459
	    if ($redirect_timer == -1) {
460
	        $tpl->set_block( 'show_redirect', '' );
461
	    }
462
	    else {
463
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
464
	    }
465
	    $tpl->parse( 'main', 'main_block', false );
466
	    $tpl->pparse( 'output', 'page' );
467
	}
468

    
469
	// Print an error message
470
	function print_error($message, $link = 'index.php', $auto_footer = true) {
471
		$oTrans = Translate::getInstance();
472
		$oTrans->disableAddon();
473
        if(is_array($message)) {
474
           $message = implode ('<br />',$message);
475
        }
476
		// Setup template object, parse vars to it, then parse it
477
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
478
		$success_template->set_file('page', 'error.htt');
479
		$success_template->set_block('page', 'main_block', 'main');
480
		$success_template->set_var('MESSAGE', $message);
481
		$success_template->set_var('LINK', $link);
482
		$success_template->set_var('BACK', $oTrans->TEXT_BACK);
483
		$success_template->parse('main', 'main_block', false);
484
		$success_template->pparse('output', 'page');
485
		if ( $auto_footer == true ) {
486
			if ( method_exists($this, "print_footer") ) {
487
				$this->print_footer();
488
			}
489
		}
490
		exit();
491
	}
492
/*
493
 * @param string $message: the message to format
494
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
495
 * @return string: the html-formatted message (using template 'message.htt')
496
 */
497
	public function format_message($message, $status = 'ok')
498
	{
499
		$id = uniqid('x');
500
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
501
		$tpl->set_file('page', 'message.htt');
502
		$tpl->set_block('page', 'main_block', 'main');
503
		$tpl->set_var('MESSAGE', $message);
504
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
505
		$tpl->set_var( 'ID', $id );
506
		if($status == 'ok' || $status == 'error' || $status = 'warning')
507
		{
508
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
509
		}else
510
		{
511
			$tpl->set_var('BOX_STATUS', '');
512
		}
513
		$tpl->set_var('STATUS', $status);
514
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
515
		$retval = '';
516
		if( $status != 'error' )
517
		{
518
			switch(REDIRECT_TIMER):
519
				case 0: // do not show message
520
					unset($tpl);
521
					break;
522
				case -1: // show message permanently
523
					$tpl->parse('main', 'main_block', false);
524
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
525
					unset($tpl);
526
					break;
527
				default: // hide message after REDIRECTOR_TIMER milliseconds
528
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
529
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
530
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
531
					$tpl->parse('main', 'main_block', false);
532
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
533
					unset($tpl);
534
			endswitch;
535
		}else
536
		{
537
			$tpl->parse('main', 'main_block', false);
538
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
539
			unset($tpl);
540
		}
541
		return $retval;
542
	}
543
/*
544
 * @param string $type: 'locked'(default)  or 'new'
545
 * @return void: terminates application
546
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
547
 *               'new' >> Show 'new site under construction'(former print_under_construction)
548
 */
549
	public function ShowMaintainScreen($type = 'locked')
550
	{
551
		global $database, $MESSAGE;
552
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
553
		$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
554
		$PAGE_ICON  = 'negative';
555
		$show_screen = false;
556
		if($type == 'locked')
557
		{
558
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
559
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
560
			{
561
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
562
	// first kick logged users out of the system
563
		// delete all remember keys from table 'user' except user_id=1
564
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
565
				$sql .= 'WHERE `user_id`<>1';
566
				$database->query($sql);
567
		// delete remember key-cookie if set
568
				if (isset($_COOKIE['REMEMBER_KEY'])) {
569
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
570
				}
571
		// overwrite session array
572
				$_SESSION = array();
573
		// delete session cookie if set
574
				if (ini_get("session.use_cookies")) {
575
					$params = session_get_cookie_params();
576
					setcookie(session_name(), '', time() - 42000, $params["path"],
577
						$params["domain"], $params["secure"], $params["httponly"]
578
					);
579
				}
580
		// delete the session itself
581
				session_destroy();
582
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
583
				$PAGE_ICON  = 'system';
584
				$show_screen = true;
585
			}
586
		} else {
587
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
588
			$show_screen = true;
589
		}
590
		if($show_screen)
591
		{
592
            $sMaintanceFile = $this->correct_theme_source('maintenance.htt');
593
    		if(file_exists($sMaintanceFile))
594
    		{
595
                $tpl = new Template(dirname( $sMaintanceFile ));
596
    		    $tpl->set_file( 'page', 'maintenance.htt' );
597
    		    $tpl->set_block( 'page', 'main_block', 'main' );
598

    
599
    			if(defined('DEFAULT_CHARSET'))
600
    			{
601
    				$charset=DEFAULT_CHARSET;
602
    			} else {
603
    				$charset='utf-8';
604
    			}
605
    		    $tpl->set_var( 'PAGE_TITLE', $PAGE_TITLE );
606
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
607
    	 	    $tpl->set_var( 'CHARSET', $charset );
608
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
609
    	 	    $tpl->set_var( 'BE_PATIENT', $MESSAGE['GENERIC_BE_PATIENT'] );
610
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
611
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
612
    			$tpl->set_var( 'LANGUAGE', $LANGUAGE);
613
    		    $tpl->parse( 'main', 'main_block', false );
614
    		    $tpl->pparse( 'output', 'page' );
615
                exit();
616
    		} else {
617
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
618
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
619
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
620
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
621
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
622
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
623
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
624
    		}
625
    		flush();
626
            exit();
627
		}
628
	}
629

    
630
	// Validate send email
631
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
632
/*
633
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
634
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
635
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
636

    
637
	NOTE:
638
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
639
	via the Settings panel in the backend of Website Baker
640
*/
641

    
642
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
643
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
644
		$subject = preg_replace('/[\r\n]/', '', $subject);
645
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
646
		// $message_alt = $message;
647
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
648

    
649
		// create PHPMailer object and define default settings
650
		$myMail = new WbMailer();
651
		// set user defined from address
652
		if ($fromaddress!='') {
653
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
654
			$myMail->From = $fromaddress;                     // FROM:
655
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
656
		}
657
		if($replyTo) {
658
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
659
		}
660
		// define recepient and information to send out
661
		$myMail->AddAddress($toaddress);                      // TO:
662
		$myMail->Subject = $subject;                          // SUBJECT
663
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
664
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
665
		// check if there are any send mail errors, otherwise say successful
666
		if (!$myMail->Send()) {
667
			return false;
668
		} else {
669
			return true;
670
		}
671
	}
672

    
673
/**
674
 * checks if there is an alternative Theme template
675
 *
676
 * @param string $sThemeFile set the template.htt
677
 * @return string the relative theme path
678
 *
679
 */
680
        function correct_theme_source($sThemeFile = 'start.htt') {
681
		$sRetval = $sThemeFile;
682
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
683
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
684
		} else {
685
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
686
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
687
			} else {
688
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
689
			}
690
		}
691
		return $sRetval;
692
        }
693

    
694
/**
695
 * Check if a foldername doesn't have invalid characters
696
 *
697
 * @param String $str to check
698
 * @return Bool
699
 */
700
	function checkFolderName($str){
701
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
702
	}
703

    
704
/**
705
 * Check the given path to make sure current path is within given basedir
706
 * normally document root
707
 *
708
 * @param String $sCurrentPath
709
 * @param String $sBaseDir
710
 * @return $sCurrentPath or FALSE
711
 */
712
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
713
		// Clean the cuurent path
714
        $sCurrentPath = rawurldecode($sCurrentPath);
715
        $sCurrentPath = realpath($sCurrentPath);
716
        $sBaseDir = realpath($sBaseDir);
717
		// $sBaseDir needs to exist in the $sCurrentPath
718
		$pos = stripos ($sCurrentPath, $sBaseDir );
719

    
720
		if ( $pos === FALSE ){
721
			return false;
722
		} elseif( $pos == 0 ) {
723
			return $sCurrentPath;
724
		} else {
725
			return false;
726
		}
727
	}
728

    
729
/**
730
 * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
731
 * and return the cleaned string
732
 *
733
 * @param string $sValue
734
 * @returns
735
 *    false: if @param is not a string
736
 *    string: cleaned string
737
 */
738
	public function StripCodeFromText($sValue, $bPHPCode=false){
739
        if(!is_string($sValue)) { return false; }
740
        $sValue = ( ($bPHPCode==true) ? preg_replace ('/\[\[.*?\]\]\s*?|<\?php\s+.*\?>\s*?/isU', '', $sValue ) : $sValue );
741
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
742
        return (preg_replace ($sPattern, '', $sValue));
743
	}
744

    
745
/**
746
 * ReplaceAbsoluteMediaUrl
747
 * @param string $sContent
748
 * @return string
749
 * @description Replace URLs witch are pointing into MEDIA_DIRECTORY with an URL 
750
 *              independend placeholder
751
 */
752
	public function ReplaceAbsoluteMediaUrl($sContent){
753
        $oReg = WbAdaptor::getInstance();
754
		if(ini_get('magic_quotes_gpc')==true){
755
			$sContent = $this->strip_slashes($sContent);
756
		}
757
		if(is_string($sContent)) {
758
			$aSearchfor = array('@(<[^>]*=\s*")('.preg_quote($oReg->AppUrl.$oReg->MediaDir).')([^">]*".*>)@siU',
759
			                    '@(<[^>]*=\s*")('.preg_quote($oReg->AppUrl).')([^">]*".*>)@siU');
760
			$aReplacements = array('$1{SYSVAR:AppUrl.MediaDir}$3',
761
			                       '$1{SYSVAR:AppUrl}$3');
762
			$sContent = preg_replace($aSearchfor, $aReplacements, $sContent );
763
		}
764
		return $sContent;
765
	}
766

    
767
	
768
	
769
}
(28-28/36)