Context Navigation

source: extensions/NBC_UserAdvManager/branches/2.10/main.inc.php @ 3740

Last change on this file since 3740 was 3740, checked in by Eric, 15 years ago
2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated. ereg() was replaced by preg_match() eregi() was replace by preg_match() with "i" moderator split() was replace by preg_split()
File size: 16.3 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.10.9e
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41	-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43	-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45	-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46	ereg replaced by preg_match
47	eregi replace by preg_match with "i" moderator
48	split replace by preg_split
49
50	*/
51
52	/*
53
54	*** TODO List ***
55
56	-- No validation needed for admins users comments (new trigger needed in comments.php)
57
58	-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
59
60	-- Administration page for Confirm Mail
61	++ Admin tabsheet for Confirm Mail to set options :
62	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
63	++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
64	++ List of users with expired validation time
65	++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
66	++ Opportunities to take actions on database tables :
67	++ Re-asking validation (case of non reception of validation email)
68	++ Force expiration
69	++ Force confirmation
70	++ Cleanup expired user's accounts
71	++ (...)
72
73	-- Password control and enforcement
74	-- Empty password (done in Piwigo 2.x)
75	++ Can not be the same as username
76	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
77
78	-- Security : Blocking brut-force attacks !
79
80	-- Opportunity to copy a registered user for new user creation
81	++ new copied user will (or not) belong to the same groups
82	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
83	++ new copied user will (or not) get the same properties
84	++ new copied user will (or not) get the same language
85	... and so on
86
87	*/
88
89
90
91	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
92	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
93	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
94	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
95	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
96	load_language('plugin.lang', NBC_UserAdvManager_PATH);
97
98
99	/* Plugin admin */
100	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
101
102	function nbc_UserAdvManager_admin_menu($menu)
103	{
104	array_push($menu,
105	array(
106	'NAME' => 'UserAdvManager',
107	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
108	)
109	);
110
111	return $menu;
112	}
113
114
115
116	/* User creation */
117	add_event_handler('register_user', 'UserAdvManager_Adduser');
118
119	function UserAdvManager_Adduser($register_user)
120	{
121	global $conf;
122
123	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
124
125	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
126	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
127	}
128
129
130
131	/* User deletion */
132	add_event_handler('delete_user', 'UserAdvManager_Deluser');
133
134	function UserAdvManager_Deluser($user_id)
135	{
136
137	DeleteConfirmMail($user_id);
138
139	}
140
141
142
143	add_event_handler('init', 'UserAdvManager_InitPage');
144
145	function UserAdvManager_InitPage()
146	{
147	load_language('plugin.lang', NBC_UserAdvManager_PATH);
148	global $conf, $template, $page, $lang;
149
150	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
151
152
153	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
154	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
155
156
157
158	/* User identification */
159	if (script_basename() == 'identification')
160	{
161	if (isset($_POST['login']))
162	{
163	/* User non case sensitive */
164	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
165	{
166	$new_username = NotSensibleSearchUsername($_POST['username']);
167	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
168	}
169	}
170	}
171
172
173
174	/* Admin user management */
175	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
176	{
177	if (isset($_POST['submit_add']))
178	{
179	/* User non case sensitive */
180	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
181	{
182	$new_username = NotSensibleSearchUsername($_POST['login']);
183	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
184	}
185
186
187	/* Username without forbidden keys */
188	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
189	{
190	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
191	$_POST['login'] = '';
192	}
193
194	/* Email without forbidden domains */
195	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
196	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
197	//{
198	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
199	// $_POST['login'] = '';
200	//}
201	/* This work with a code copy of ValidateEmailProvider() function */
202	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
203	{
204	$ncsemail = strtolower($_POST['email']);
205	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
206	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
207	{
208	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
209	if (preg_match($pattern, $ncsemail))
210	{
211	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
212	$_POST['login'] = '';
213	}
214	}
215	}
216	}
217	}
218
219	/* User creation */
220	if (script_basename() == 'register')
221	{
222	if (isset($_POST['submit']))
223	{
224	/* Username non case sensitive */
225	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
226	{
227	$new_username = NotSensibleSearchUsername($_POST['login']);
228	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
229	}
230
231
232	/* Username without forbidden keys */
233	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
234	{
235	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
236	$_POST['login'] = '';
237	}
238
239
240	/* Email without forbidden domains */
241	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
242	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
243	//{
244	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
245	// $_POST['mail_address'] = '';
246	//}
247	/* This work with a code copy of ValidateEmailProvider() function */
248	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
249	{
250	$ncsemail = strtolower($_POST['mail_address']);
251	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
252	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
253	{
254	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
255	if (preg_match($pattern, $ncsemail))
256	{
257	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
258	$_POST['login'] = '';
259	}
260	}
261	}
262	}
263	}
264
265	/* User profile update */
266	if (script_basename() == 'profile')
267	{
268	if (isset($_POST['validate']))
269	{
270	/* Sending email to user */
271	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
272	{
273	global $conf, $user ;
274	$errors = array();
275
276	$int_pattern = '/^\d+$/';
277	if (empty($_POST['nb_image_line'])
278	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
279	{
280	$errors[] = l10n('nb_image_line_error');
281	}
282
283	if (empty($_POST['nb_line_page'])
284	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
285	{
286	$errors[] = l10n('nb_line_page_error');
287	}
288
289	if ($_POST['maxwidth'] != ''
290	and (!preg_match($int_pattern, $_POST['maxwidth'])
291	or $_POST['maxwidth'] < 50))
292	{
293	$errors[] = l10n('maxwidth_error');
294	}
295	if ($_POST['maxheight']
296	and (!preg_match($int_pattern, $_POST['maxheight'])
297	or $_POST['maxheight'] < 50))
298	{
299	$errors[] = l10n('maxheight_error');
300	}
301	// periods must be integer values, they represents number of days
302	if (!preg_match($int_pattern, $_POST['recent_period'])
303	or $_POST['recent_period'] <= 0)
304	{
305	$errors[] = l10n('periods_error') ;
306	}
307
308	if (isset($_POST['mail_address']))
309	{
310	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
311	if (!empty($mail_error))
312	{
313	$errors[] = $mail_error;
314	}
315	/* This don't work on user's profile page - Why ?? */
316	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
317	{
318	$ncsemail = strtolower($_POST['mail_address']);
319	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
320	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
321	{
322	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
323	if (preg_match($pattern, $ncsemail))
324	{
325	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
326	}
327	}
328	}
329	if (!empty($mail_error))
330	{
331	$errors[] = $mail_error;
332	}
333	}
334	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
335	//if (isset($_POST['mail_address']))
336	//{
337	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
338	// if (!empty($mail_error))
339	// {
340	// $errors[] = $mail_error;
341	// }
342	//}
343
344	$typemail = 3;
345
346	if (!empty($_POST['use_new_pwd']))
347	{
348	$typemail = 2;
349
350	// password must be the same as its confirmation
351	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
352	{
353	$errors[] = l10n('New password confirmation does not correspond');
354	}
355
356	if ( !defined('IN_ADMIN') )
357	{// changing password requires old password
358	$query = '
359	SELECT '.$conf['user_fields']['password'].' AS password
360	FROM '.USERS_TABLE.'
361	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
362	;';
363	list($current_password) = mysql_fetch_row(pwg_query($query));
364
365	if ($conf['pass_convert']($_POST['password']) != $current_password)
366	{
367	$errors[] = l10n('Current password is wrong');
368	}
369	}
370	}
371
372	$confirm_mail_need = false;
373
374	if (!empty($_POST['mail_address']))
375	{
376	$query = '
377	SELECT '.$conf['user_fields']['email'].' AS email
378	FROM '.USERS_TABLE.'
379	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
380	;';
381	list($current_email) = mysql_fetch_row(pwg_query($query));
382
383	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
384	$confirm_mail_need = true;
385	}
386
387	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
388	{
389	$query = '
390	SELECT '.$conf['user_fields']['username'].'
391	FROM '.USERS_TABLE.'
392	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
393	;';
394	list($username) = mysql_fetch_row(pwg_query($query));
395
396
397	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
398	}
399	}
400	}
401	}
402	}
403
404	add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
405
406	function ChangeRegisterProfilePage()
407	{
408	global $conf, $template;
409
410	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
411
412	/* creation OU mise a jour de user */
413	// if (in_array(script_basename(), array('register', 'profile')))
414	// {
415	//if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
416	//{
417	// $template->set_filenames( array('register'=>'register.tpl') );
418
419	// $template->loadfile('register');
420
421	// $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);
422	//}
423	// }
424	}
425
426	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
427
428	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
429	{
430	load_language('plugin.lang', NBC_UserAdvManager_PATH);
431	global $infos, $conf, $template;
432
433	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
434
435	/* User creation OR update */
436	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
437	{
438	$comment_action = 'reject';
439
440	array_push($infos, l10n('UserAdvManager_Empty Author'));
441	}
442
443	return $comment_action;
444	}
445
446	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: