Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framework
5
 * @package         frontend
6
 * @copyright       WebsiteBaker Org. e.V.
7
 * @author          Ryan Djurovich (2004-2009)
8
 * @author          Dietmar Wöllbrink (luisehahne)
9
 * @author          M.v.d.Decken (DarkViper)
10
 * @link            http://www.websitebaker.org/
11
 * @license         http://www.gnu.org/licenses/gpl.html
12
 * @platform        WebsiteBaker 2.8.x
13
 * @requirements    PHP 5.2.2 and higher
14
 * @version         $Id: class.wb.php 2077 2014-01-06 23:33:51Z darkviper $
15
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/class.wb.php $
16
 * @lastmodified    $Date: 2014-01-07 00:33:51 +0100 (Tue, 07 Jan 2014) $
17
 *
18
 */
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
22
	require_once(dirname(__FILE__).'/globalExceptionHandler.php');
23
	throw new IllegalFileException();
24
}
25
/* -------------------------------------------------------- */
26
// Include PHPLIB template class
27
if(!class_exists('Template', false)){ include(WB_PATH.'/include/phplib/template.inc'); }
28

    
29
class wb extends SecureForm
30
{
31
/** @var object instance of the database object */
32
	protected $_oDb      = null;
33
/** @var object instance holds several values from the application global scope */
34
	protected $_oReg     = null;
35
/** @var object instance holds all of the translations */
36
	protected $_oTrans   = null;
37

    
38
 	public $password_chars = 'a-zA-Z0-9\_\-\!\#\*\+\@\$\&\:';	// General initialization function
39

    
40
	// performed when frontend or backend is loaded.
41
	public function  __construct($mode = SecureForm::FRONTEND) {
42
		parent::__construct($mode);
43

    
44
		$this->_oDb    = WbDatabase::getInstance();
45
		$this->_oReg   = WbAdaptor::getInstance();
46
		$this->_oTrans = Translate::getInstance();
47
	}
48

    
49
/**
50
 *
51
 *
52
 * @return object instance of the database object of all visible languages with defined fields
53
 *
54
 */
55
	public function getAvailableLanguagesObjectInstance( ) {
56

    
57
			$sql = 'SELECT `directory`,`name` '
58
			     . 'FROM `'.$this->_oDb->TablePrefix.'addons` '
59
		         . 'WHERE `type` = \'language\' '
60
		         . 'ORDER BY `directory`';
61
        return ($this->_oDb->query($sql));
62
	}
63

    
64

    
65
/**
66
 *
67
 *
68
 * @return array of all visible languages with defined fields
69
 *
70
 */
71
	public function getAvailableLanguages( ) {
72
        $aRetval = array();
73
        if($oRes = $this->getAvailableLanguagesObjectInstance())
74
        {
75
            while($aRow = $oRes->fetchRow(MYSQL_ASSOC))
76
            {
77
                $aRetval[$aRow['directory']] = $aRow['name'];
78
            }
79
        }
80
        
81
        return ( $aRetval);
82
	}
83

    
84
/**
85
 *
86
 *
87
 * @return array of first visible language pages with defined fields
88
 *
89
 */
90
	public function getLanguagesDetailsInUsed ( ) {
91
//        global $database;
92
        $aRetval = array();
93
		$sql = 'SELECT DISTINCT `language`, `page_id`, `level`, `parent`, `root_parent`, '
94
			 .                 '`page_code`, `link`, `language`, `visibility`, '
95
			 .                 '`viewing_groups`,`viewing_users`,`position` '
96
			 . 'FROM `'.$this->_oDb->TablePrefix.'pages` '
97
			 . 'WHERE `level`= \'0\' '
98
			 .       'AND `root_parent`=`page_id` '
99
			 .       'AND `visibility`!=\'none\' '
100
			 .       'AND `visibility`!=\'hidden\' '
101
			 . 'GROUP BY `language` '
102
			 . 'ORDER BY `position`';
103
        if($oRes = $this->_oDb->query($sql))
104
        {
105
            while($aRow = $oRes->fetchRow(MYSQL_ASSOC))
106
            {
107
                if(!$this->page_is_visible($aRow)) {continue;}
108
                $aRetval[$aRow['language']] = $aRow;
109
            }
110
        }
111
        return $aRetval;
112
	}
113

    
114

    
115

    
116

    
117
/**
118
 *
119
 *
120
 * @return comma separate list of first visible languages
121
 *
122
 */
123
	public function getLanguagesInUsed ( ) {
124
        $aRetval = array_keys($this->getLanguagesDetailsInUsed()) ;
125
        if(sizeof($aRetval)==0) { return null; }
126
        return implode(',', $aRetval);
127
  	}
128

    
129

    
130
    /**
131
     * Created parse_url utf-8 compatible function
132
     * 
133
     * @param string $url The string to decode
134
     * @return array Associative array containing the different components
135
     * 
136
     */
137
		public function mb_parse_url($url) {
138
		$encodedUrl = preg_replace_callback('%[^:/?#&=\.]+%usD',
139
		              create_function('$aMatches', ';return urlencode($aMatches[0]);'),
140
/*		                           'urlencode(\'$0\')', */
141
		                           $url);
142
		$components = parse_url($encodedUrl);
143
		foreach ($components as &$component)
144
			$component = urldecode($component);
145
return $components;
146
    }
147

    
148
/* ****************
149
 * check if one or more group_ids are in both group_lists
150
 *
151
 * @access public
152
 * @param mixed $groups_list1: an array or a coma seperated list of group-ids
153
 * @param mixed $groups_list2: an array or a coma seperated list of group-ids
154
 * @param array &$matches: an array-var whitch will return possible matches
155
 * @return bool: true there is a match, otherwise false
156
 */
157
	public function is_group_match( $groups_list1 = '', $groups_list2 = '', &$matches = null )
158
	{
159
		if( $groups_list1 == '' ) { return false; }
160
		if( $groups_list2 == '' ) { return false; }
161
		if( !is_array($groups_list1) ) {
162
			$groups_list1 = explode(',', $groups_list1);
163
		}
164
		if( !is_array($groups_list2) ) {
165
			$groups_list2 = explode(',', $groups_list2);
166
		}
167
		$matches = array_intersect( $groups_list1, $groups_list2);
168
		return ( sizeof($matches) != 0 );
169
	}
170
/* ****************
171
 * check if current user is member of at least one of given groups
172
 * ADMIN (uid=1) always is treated like a member of any groups
173
 *
174
 * @access public
175
 * @param mixed $groups_list: an array or a coma seperated list of group-ids
176
 * @return bool: true if current user is member of one of this groups, otherwise false
177
 */
178
	public function ami_group_member( $groups_list = '' )
179
	{
180
		if( $this->get_user_id() == 1 ) { return true; }
181
		return $this->is_group_match( $groups_list, $this->get_groups_id() );
182
	}
183

    
184
// Check whether a page is visible or not.
185
// This will check page-visibility and user- and group-rights.
186
/* page_is_visible() returns
187
	false: if page-visibility is 'none' or 'deleted', or page-vis. is 'registered' or 'private' and user isn't allowed to see the page.
188
	true: if page-visibility is 'public' or 'hidden', or page-vis. is 'registered' or 'private' and user _is_ allowed to see the page.
189
*/
190
	public function page_is_visible($page)
191
    {
192
		// First check if visibility is 'none', 'deleted'
193
		$show_it = false; // shall we show the page?
194
		switch( $page['visibility'] )
195
		{
196
			case 'none':
197
			case 'deleted':
198
				$show_it = false;
199
				break;
200
			case 'hidden':
201
			case 'public':
202
				$show_it = true;
203
				break;
204
			case 'private':
205
			case 'registered':
206
				if($this->is_authenticated() == true)
207
				{
208
					$show_it = ( $this->is_group_match($this->get_groups_id(), $page['viewing_groups']) ||
209
								 $this->is_group_match($this->get_user_id(), $page['viewing_users']) );
210
				}
211
		}
212

    
213
		return($show_it);
214
	}
215

    
216
	// Check if there is at least one active section on this page
217
	public function page_is_active($page)
218
    {
219
		global $database;
220
		$now = time();
221
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'sections` ';
222
		$sql .= 'WHERE ('.$now.' BETWEEN `publ_start` AND `publ_end`) OR ';
223
		$sql .=       '('.$now.' > `publ_start` AND `publ_end`=0) ';
224
		$sql .=       'AND `page_id`='.(int)$page['page_id'];
225
		return ($database->get_one($sql) != false);
226
   	}
227

    
228
	// Check whether we should show a page or not (for front-end)
229
	public function show_page($page)
230
    {
231
		if( !is_array($page) )
232
		{
233
			$sql  = 'SELECT `page_id`, `visibility`, `viewing_groups`, `viewing_users` ';
234
			$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.(int)$page;
235
			if( ($res_pages = $database->query($sql))!= null )
236
			{
237
				if( !($page = $res_pages->fetchRow()) ) { return false; }
238
			}
239
		}
240
		return ($this->page_is_visible($page) && $this->page_is_active($page));
241
	}
242

    
243
	// Check if the user is already authenticated or not
244
	public function is_authenticated() {
245
		$retval = ( isset($_SESSION['USER_ID']) AND
246
		            $_SESSION['USER_ID'] != "" AND
247
		            is_numeric($_SESSION['USER_ID']));
248
        return $retval;
249
	}
250

    
251
	// Modified addslashes function which takes into account magic_quotes
252
	function add_slashes($input) {
253
		if( get_magic_quotes_gpc() || (!is_string($input)) ) {
254
			return $input;
255
		}
256
		return addslashes($input);
257
	}
258

    
259
	// Ditto for stripslashes
260
	// Attn: this is _not_ the counterpart to $this->add_slashes() !
261
	// Use stripslashes() to undo a preliminarily done $this->add_slashes()
262
	// The purpose of $this->strip_slashes() is to undo the effects of magic_quotes_gpc==On
263
	function strip_slashes($input) {
264
		if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
265
			return $input;
266
		}
267
		return stripslashes($input);
268
	}
269

    
270
	// Escape backslashes for use with mySQL LIKE strings
271
	function escape_backslashes($input) {
272
		return str_replace("\\","\\\\",$input);
273
	}
274

    
275
	function page_link($link){
276
		// Check for :// in the link (used in URL's) as well as mailto:
277
		if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
278
			return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
279
		} else {
280
			return $link;
281
		}
282
	}
283

    
284
	// Get POST data
285
	function get_post($field) {
286
		return (isset($_POST[$field]) ? $_POST[$field] : null);
287
	}
288

    
289
	// Get POST data and escape it
290
	function get_post_escaped($field) {
291
		$result = $this->get_post($field);
292
		return (is_null($result)) ? null : $this->add_slashes($result);
293
	}
294

    
295
	// Get GET data
296
	function get_get($field) {
297
		return (isset($_GET[$field]) ? $_GET[$field] : null);
298
	}
299

    
300
	// Get SESSION data
301
	function get_session($field) {
302
		return (isset($_SESSION[$field]) ? $_SESSION[$field] : null);
303
	}
304

    
305
	// Get SERVER data
306
	function get_server($field) {
307
		return (isset($_SERVER[$field]) ? $_SERVER[$field] : null);
308
	}
309

    
310
	// Get the current users id
311
	function get_user_id() {
312
		return $this->get_session('USER_ID');
313
	}
314

    
315
	// Get the current users group id
316
	function get_group_id() {
317
		return $this->get_session('GROUP_ID');
318
	}
319

    
320
	// Get the current users group ids
321
	function get_groups_id() {
322
		return explode(",", $this->get_session('GROUPS_ID'));
323
	}
324

    
325
	// Get the current users group name
326
	function get_group_name() {
327
		return implode(",", $this->get_session('GROUP_NAME'));
328
	}
329

    
330
	// Get the current users group name
331
	function get_groups_name() {
332
		return $this->get_session('GROUP_NAME');
333
	}
334

    
335
	// Get the current users username
336
	function get_username() {
337
		return $this->get_session('USERNAME');
338
	}
339

    
340
	// Get the current users display name
341
	function get_display_name() {
342
		return $this->get_session('DISPLAY_NAME');
343
	}
344

    
345
	// Get the current users email address
346
	function get_email() {
347
		return $this->get_session('EMAIL');
348
	}
349

    
350
	// Get the current users home folder
351
	function get_home_folder() {
352
		return $this->get_session('HOME_FOLDER');
353
	}
354

    
355
	// Get the current users timezone
356
	function get_timezone() {
357
		
358
		return (isset($_SESSION['USE_DEFAULT_TIMEZONE']) ? '-72000' : $this->get_session('TIMEZONE'));
359
	}
360

    
361
	// Validate supplied email address
362
	function validate_email($email) {
363
		if(function_exists('idn_to_ascii')){ /* use pear if available */
364
			$email = idn_to_ascii($email);
365
		}else {
366
			require_once(WB_PATH.'/include/idna_convert/idna_convert.class.php');
367
			$IDN = new idna_convert();
368
			$email = $IDN->encode($email);
369
			unset($IDN);
370
		}
371
		// regex from NorHei 2011-01-11
372
		$retval = preg_match("/^((([!#$%&'*+\\-\/\=?^_`{|}~\w])|([!#$%&'*+\\-\/\=?^_`{|}~\w][!#$%&'*+\\-\/\=?^_`{|}~\.\w]{0,}[!#$%&'*+\\-\/\=?^_`{|}~\w]))[@]\w+(([-.]|\-\-)\w+)*\.\w+(([-.]|\-\-)\w+)*)$/", $email);
373
		return ($retval != false);
374
	}
375

    
376
	/**
377
     * replace header('Location:...  with new method
378
	 * if header send failed you get a manuell redirected link, so script don't break
379
	 *
380
	 * @param string $location, redirected url
381
	 * @return void
382
	 */
383
	public function send_header ($location) {
384
		if(!headers_sent()) {
385
			header('Location: '.$location);
386
		    exit(0);
387
		} else {
388
//			$aDebugBacktrace = debug_backtrace();
389
//			array_walk( $aDebugBacktrace, create_function( '$a,$b', 'print "<br /><b>". basename( $a[\'file\'] ). "</b> &nbsp; <font color=\"red\">{$a[\'line\']}</font> &nbsp; <font color=\"green\">{$a[\'function\']} ()</font> &nbsp; -- ". dirname( $a[\'file\'] ). "/";' ) );
390
		    $msg =  "<div style=\"text-align:center;\"><h2>An error has occurred</h2><p>The <strong>Redirect</strong> could not be start automatically.\n" .
391
		         "Please click <a style=\"font-weight:bold;\" " .
392
		         "href=\"".$location."\">on this link</a> to continue!</p></div>\n";
393

    
394
			throw new AppException($msg);
395
		}
396
	}
397

    
398
/* ****************
399
 * set one or more bit in a integer value
400
 *
401
 * @access public
402
 * @param int $value: reference to the integer, containing the value
403
 * @param int $bits2set: the bitmask witch shall be added to value
404
 * @return void
405
 */
406
	function bit_set( &$value, $bits2set )
407
	{
408
		$value |= $bits2set;
409
	}
410

    
411
/* ****************
412
 * reset one or more bit from a integer value
413
 *
414
 * @access public
415
 * @param int $value: reference to the integer, containing the value
416
 * @param int $bits2reset: the bitmask witch shall be removed from value
417
 * @return void
418
 */
419
	function bit_reset( &$value, $bits2reset)
420
	{
421
		$value &= ~$bits2reset;
422
	}
423

    
424
/* ****************
425
 * check if one or more bit in a integer value are set
426
 *
427
 * @access public
428
 * @param int $value: reference to the integer, containing the value
429
 * @param int $bits2set: the bitmask witch shall be added to value
430
 * @return void
431
 */
432
	function bit_isset( $value, $bits2test )
433
	{
434
		return (($value & $bits2test) == $bits2test);
435
	}
436

    
437
	// Print a success message which then automatically redirects the user to another page
438
	function print_success( $message, $redirect = 'index.php' ) {
439
		$oTrans = Translate::getInstance();
440
		$oTrans->disableAddon();
441
        if(is_array($message)) {
442
           $message = implode ('<br />',$message);
443
        }
444
	    // fetch redirect timer for sucess messages from settings table
445
	    $redirect_timer = ((defined( 'REDIRECT_TIMER' )) && (REDIRECT_TIMER <= 10000)) ? REDIRECT_TIMER : 0;
446
	    // add template variables
447
		// Setup template object, parse vars to it, then parse it
448
		$tpl = new Template(dirname($this->correct_theme_source('success.htt')));
449
	    $tpl->set_file( 'page', 'success.htt' );
450
	    $tpl->set_block( 'page', 'main_block', 'main' );
451
	    $tpl->set_block( 'main_block', 'show_redirect_block', 'show_redirect' );
452
	    $tpl->set_var( 'MESSAGE', $message );
453
	    $tpl->set_var( 'REDIRECT', $redirect );
454
	    $tpl->set_var( 'REDIRECT_TIMER', $redirect_timer );
455
	    $tpl->set_var( 'NEXT', $oTrans->TEXT_NEXT);
456
	    $tpl->set_var( 'BACK', $oTrans->TEXT_BACK);
457
	    if ($redirect_timer == -1) {
458
	        $tpl->set_block( 'show_redirect', '' );
459
	    }
460
	    else {
461
	        $tpl->parse( 'show_redirect', 'show_redirect_block', true );
462
	    }
463
	    $tpl->parse( 'main', 'main_block', false );
464
	    $tpl->pparse( 'output', 'page' );
465
	}
466

    
467
	// Print an error message
468
	function print_error($message, $link = 'index.php', $auto_footer = true) {
469
		$oTrans = Translate::getInstance();
470
		$oTrans->disableAddon();
471
        if(is_array($message)) {
472
           $message = implode ('<br />',$message);
473
        }
474
		// Setup template object, parse vars to it, then parse it
475
		$success_template = new Template(dirname($this->correct_theme_source('error.htt')));
476
		$success_template->set_file('page', 'error.htt');
477
		$success_template->set_block('page', 'main_block', 'main');
478
		$success_template->set_var('MESSAGE', $message);
479
		$success_template->set_var('LINK', $link);
480
		$success_template->set_var('BACK', $oTrans->TEXT_BACK);
481
		$success_template->parse('main', 'main_block', false);
482
		$success_template->pparse('output', 'page');
483
		if ( $auto_footer == true ) {
484
			if ( method_exists($this, "print_footer") ) {
485
				$this->print_footer();
486
			}
487
		}
488
		exit();
489
	}
490
/*
491
 * @param string $message: the message to format
492
 * @param string $status:  ('ok' / 'error' / '') status defines the apereance of the box
493
 * @return string: the html-formatted message (using template 'message.htt')
494
 */
495
	public function format_message($message, $status = 'ok')
496
	{
497
		$id = uniqid('x');
498
		$tpl = new Template(dirname($this->correct_theme_source('message.htt')));
499
		$tpl->set_file('page', 'message.htt');
500
		$tpl->set_block('page', 'main_block', 'main');
501
		$tpl->set_var('MESSAGE', $message);
502
 	    $tpl->set_var( 'THEME_URL', THEME_URL );
503
		$tpl->set_var( 'ID', $id );
504
		if($status == 'ok' || $status == 'error' || $status = 'warning')
505
		{
506
			$tpl->set_var('BOX_STATUS', ' box-'.$status);
507
		}else
508
		{
509
			$tpl->set_var('BOX_STATUS', '');
510
		}
511
		$tpl->set_var('STATUS', $status);
512
		if(!defined('REDIRECT_TIMER') ) { define('REDIRECT_TIMER', -1); }
513
		$retval = '';
514
		if( $status != 'error' )
515
		{
516
			switch(REDIRECT_TIMER):
517
				case 0: // do not show message
518
					unset($tpl);
519
					break;
520
				case -1: // show message permanently
521
					$tpl->parse('main', 'main_block', false);
522
					$retval = $tpl->finish($tpl->parse('output', 'page', false));
523
					unset($tpl);
524
					break;
525
				default: // hide message after REDIRECTOR_TIMER milliseconds
526
					$retval = '<script type="text/javascript">/* <![CDATA[ */ function '.$id.'_hide() {'.
527
							  'document.getElementById(\''.$id.'\').style.display = \'none\';}'.
528
							  'window.setTimeout(\''.$id.'_hide()\', '.REDIRECT_TIMER.');/* ]]> */ </script>';
529
					$tpl->parse('main', 'main_block', false);
530
					$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
531
					unset($tpl);
532
			endswitch;
533
		}else
534
		{
535
			$tpl->parse('main', 'main_block', false);
536
			$retval = $tpl->finish($tpl->parse('output', 'page', false)).$retval;
537
			unset($tpl);
538
		}
539
		return $retval;
540
	}
541
/*
542
 * @param string $type: 'locked'(default)  or 'new'
543
 * @return void: terminates application
544
 * @description: 'locked' >> Show maintenance screen and terminate, if system is locked
545
 *               'new' >> Show 'new site under construction'(former print_under_construction)
546
 */
547
	public function ShowMaintainScreen($type = 'locked')
548
	{
549
		global $database, $MESSAGE;
550
		$LANGUAGE   = strtolower((isset($_SESSION['LANGUAGE']) ? $_SESSION['LANGUAGE'] : LANGUAGE ));
551
		$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'];
552
		$PAGE_ICON  = 'negative';
553
		$show_screen = false;
554
		if($type == 'locked')
555
		{
556
			$curr_user = (intval(isset($_SESSION['USER_ID']) ? $_SESSION['USER_ID'] : 0) ) ;
557
			if( (defined('SYSTEM_LOCKED') && (int)SYSTEM_LOCKED == 1) && ($curr_user != 1))
558
			{
559
				header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
560
	// first kick logged users out of the system
561
		// delete all remember keys from table 'user' except user_id=1
562
				$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET `remember_key`=\'\' ';
563
				$sql .= 'WHERE `user_id`<>1';
564
				$database->query($sql);
565
		// delete remember key-cookie if set
566
				if (isset($_COOKIE['REMEMBER_KEY'])) {
567
					setcookie('REMEMBER_KEY', '', time() - 3600, '/');
568
				}
569
		// overwrite session array
570
				$_SESSION = array();
571
		// delete session cookie if set
572
				if (ini_get("session.use_cookies")) {
573
					$params = session_get_cookie_params();
574
					setcookie(session_name(), '', time() - 42000, $params["path"],
575
						$params["domain"], $params["secure"], $params["httponly"]
576
					);
577
				}
578
		// delete the session itself
579
				session_destroy();
580
				$PAGE_TITLE = $MESSAGE['GENERIC_WEBSITE_LOCKED'];
581
				$PAGE_ICON  = 'system';
582
				$show_screen = true;
583
			}
584
		} else {
585
			header($_SERVER['SERVER_PROTOCOL'].' 503 Service Unavailable');
586
			$show_screen = true;
587
		}
588
		if($show_screen)
589
		{
590
            $sMaintanceFile = $this->correct_theme_source('maintenance.htt');
591
    		if(file_exists($sMaintanceFile))
592
    		{
593
                $tpl = new Template(dirname( $sMaintanceFile ));
594
    		    $tpl->set_file( 'page', 'maintenance.htt' );
595
    		    $tpl->set_block( 'page', 'main_block', 'main' );
596

    
597
    			if(defined('DEFAULT_CHARSET'))
598
    			{
599
    				$charset=DEFAULT_CHARSET;
600
    			} else {
601
    				$charset='utf-8';
602
    			}
603
    		    $tpl->set_var( 'PAGE_TITLE', $PAGE_TITLE );
604
    	 	    $tpl->set_var( 'CHECK_BACK', $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] );
605
    	 	    $tpl->set_var( 'CHARSET', $charset );
606
    	 	    $tpl->set_var( 'WB_URL', WB_URL );
607
    	 	    $tpl->set_var( 'BE_PATIENT', $MESSAGE['GENERIC_BE_PATIENT'] );
608
    	 	    $tpl->set_var( 'THEME_URL', THEME_URL );
609
    			$tpl->set_var( 'PAGE_ICON', $PAGE_ICON);
610
    			$tpl->set_var( 'LANGUAGE', $LANGUAGE);
611
    		    $tpl->parse( 'main', 'main_block', false );
612
    		    $tpl->pparse( 'output', 'page' );
613
                exit();
614
    		} else {
615
    		 require_once(WB_PATH.'/languages/'.DEFAULT_LANGUAGE.'.php');
616
    		echo '<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http:www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
617
    		<head><title>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</title>
618
    		<style type="text/css"><!-- body{ font-family: Verdana, Arial, Helvetica, sans-serif;font-size: 12px; background-image: url("'.WB_URL.'/templates/'.DEFAULT_THEME.'/images/background.png");background-repeat: repeat-x; background-color: #A8BCCB; text-align: center; }
619
    		h1 { margin: 0; padding: 0; font-size: 18px; color: #000; text-transform: uppercase;}--></style></head><body>
620
    		<br /><h1>'.$MESSAGE['GENERIC_WEBSITE_UNDER_CONSTRUCTION'].'</h1><br />
621
    		'.$MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'].'</body></html>';
622
    		}
623
    		flush();
624
            exit();
625
		}
626
	}
627

    
628
	// Validate send email
629
	function mail($fromaddress, $toaddress, $subject, $message, $fromname='', $replyTo='') {
630
/*
631
	INTEGRATED OPEN SOURCE PHPMAILER CLASS FOR SMTP SUPPORT AND MORE
632
	SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
633
	NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE (C. Sommer)
634

    
635
	NOTE:
636
	To use SMTP for sending out mails, you have to specify the SMTP host of your domain
637
	via the Settings panel in the backend of Website Baker
638
*/
639

    
640
		$fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
641
		$toaddress = preg_replace('/[\r\n]/', '', $toaddress);
642
		$subject = preg_replace('/[\r\n]/', '', $subject);
643
		$replyTo = preg_replace('/[\r\n]/', '', $replyTo);
644
		// $message_alt = $message;
645
		// $message = preg_replace('/[\r\n]/', '<br \>', $message);
646

    
647
		// create PHPMailer object and define default settings
648
		$myMail = new WbMailer();
649
		// set user defined from address
650
		if ($fromaddress!='') {
651
			if($fromname!='') $myMail->FromName = $fromname;  // FROM-NAME
652
			$myMail->From = $fromaddress;                     // FROM:
653
//			$myMail->AddReplyTo($fromaddress);                // REPLY TO:
654
		}
655
		if($replyTo) {
656
			$myMail->AddReplyTo($replyTo);                // REPLY TO:
657
		}
658
		// define recepient and information to send out
659
		$myMail->AddAddress($toaddress);                      // TO:
660
		$myMail->Subject = $subject;                          // SUBJECT
661
		$myMail->Body = nl2br($message);                      // CONTENT (HTML)
662
		$myMail->AltBody = strip_tags($message);              // CONTENT (TEXT)
663
		// check if there are any send mail errors, otherwise say successful
664
		if (!$myMail->Send()) {
665
            if (DEBUG) { msgQueue::add('PHPMailer Error: '.$myMail->ErrorInfo); }
666
			return false;
667
		} else {
668
			return true;
669
		}
670
	}
671

    
672
/**
673
 * checks if there is an alternative Theme template
674
 *
675
 * @param string $sThemeFile set the template.htt
676
 * @return string the relative theme path
677
 *
678
 */
679
        function correct_theme_source($sThemeFile = 'start.htt') {
680
		$sRetval = $sThemeFile;
681
		if (file_exists(THEME_PATH.'/templates/'.$sThemeFile )) {
682
			$sRetval = THEME_PATH.'/templates/'.$sThemeFile;
683
		} else {
684
			if (file_exists(ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile ) ) {
685
			$sRetval = ADMIN_PATH.'/skel/themes/htt/'.$sThemeFile;
686
			} else {
687
				throw new InvalidArgumentException('missing template file '.$sThemeFile);
688
			}
689
		}
690
		return $sRetval;
691
        }
692

    
693
/**
694
 * Check if a foldername doesn't have invalid characters
695
 *
696
 * @param String $str to check
697
 * @return Bool
698
 */
699
	function checkFolderName($str){
700
		return !( preg_match('#\^|\\\|\/|\.|\?|\*|"|\'|\<|\>|\:|\|#i', $str) ? TRUE : FALSE );
701
	}
702

    
703
/**
704
 * Check the given path to make sure current path is within given basedir
705
 * normally document root
706
 *
707
 * @param String $sCurrentPath
708
 * @param String $sBaseDir
709
 * @return $sCurrentPath or FALSE
710
 */
711
	function checkpath($sCurrentPath, $sBaseDir = WB_PATH){
712
		// Clean the cuurent path
713
        $sCurrentPath = rawurldecode($sCurrentPath);
714
        $sCurrentPath = realpath($sCurrentPath);
715
        $sBaseDir = realpath($sBaseDir);
716
		// $sBaseDir needs to exist in the $sCurrentPath
717
		$pos = stripos ($sCurrentPath, $sBaseDir );
718

    
719
		if ( $pos === FALSE ){
720
			return false;
721
		} elseif( $pos == 0 ) {
722
			return $sCurrentPath;
723
		} else {
724
			return false;
725
		}
726
	}
727

    
728
/**
729
 * remove <?php code ?>, [[text]], link, script, scriptblock and styleblock from a given string
730
 * and return the cleaned string
731
 *
732
 * @param string $sValue
733
 * @returns
734
 *    false: if @param is not a string
735
 *    string: cleaned string
736
 */
737
	public function StripCodeFromText($sValue, $bPHPCode=false){
738
        if(!is_string($sValue)) { return false; }
739
        $sValue = ( ($bPHPCode==true) ? preg_replace ('/\[\[.*?\]\]\s*?|<\?php\s+.*\?>\s*?/isU', '', $sValue ) : $sValue );
740
        $sPattern = '/\[\[.*?\]\]\s*?|<!--\s+.*?-->\s*?|<(script|link|style)[^>]*\/>\s*?|<(script|link|style)[^>]*?>.*?<\/\2>\s*?|\s*$/isU';
741
        return (preg_replace ($sPattern, '', $sValue));
742
	}
743

    
744
/**
745
 * ReplaceAbsoluteMediaUrl
746
 * @param string $sContent
747
 * @return string
748
 * @description Replace URLs witch are pointing into MEDIA_DIRECTORY with an URL 
749
 *              independend placeholder
750
 */
751
	public function ReplaceAbsoluteMediaUrl($sContent){
752
        $oReg = WbAdaptor::getInstance();
753
		if(ini_get('magic_quotes_gpc')==true){
754
			$sContent = $this->strip_slashes($sContent);
755
		}
756
		if(is_string($sContent)) {
757
			$aSearchfor = array('@(<[^>]*=\s*")('.preg_quote($oReg->AppUrl.$oReg->MediaDir).')([^">]*".*>)@siU',
758
			                    '@(<[^>]*=\s*")('.preg_quote($oReg->AppUrl).')([^">]*".*>)@siU');
759
			$aReplacements = array('$1{SYSVAR:AppUrl.MediaDir}$3',
760
			                       '$1{SYSVAR:AppUrl}$3');
761
			$sContent = preg_replace($aSearchfor, $aReplacements, $sContent );
762
		}
763
		return $sContent;
764
	}
765

    
766
	
767
	
768
}
(28-28/36)