[3859] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | Plugin Name: NBC UserAdvManager |
---|
| 4 | Version: 2.11.0 |
---|
| 5 | Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management |
---|
| 6 | Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216 |
---|
| 7 | Author: Nicco, Eric |
---|
| 8 | Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net |
---|
| 9 | */ |
---|
| 10 | |
---|
| 11 | /* |
---|
| 12 | ***** Plugin history (branch 2.10)***** |
---|
| 13 | |
---|
| 14 | -- 2.10.0-beta : Initial beta release for Piwigo compatibility |
---|
| 15 | -- 2.10.1-beta : Small correction on generated path |
---|
| 16 | -- 2.10.2-beta : Bug resolved on register validation page |
---|
| 17 | |
---|
| 18 | -- 2.10.3 : Final and fully functional release |
---|
| 19 | Bug resolved on plugin activation |
---|
| 20 | |
---|
| 21 | -- 2.10.4 : Bug fixed on profiles update |
---|
| 22 | |
---|
| 23 | -- 2.10.5 : Improved code on profiles update |
---|
| 24 | |
---|
| 25 | -- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version) |
---|
| 26 | |
---|
| 27 | -- 2.10.7 : Bug fixed on user's validation email sending |
---|
| 28 | |
---|
| 29 | -- 2.10.8 : ConfirmMail page looks better (Sylvia theme only) |
---|
| 30 | Improved code for checking author on guest comments |
---|
| 31 | |
---|
| 32 | -- 2.10.9 : Bug fixed - Missing english translation |
---|
| 33 | Bug fixed - Notice on forbidden characters function use |
---|
| 34 | Bug fixed - Audit on forbidden characters in username didn't work |
---|
| 35 | Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one. |
---|
| 36 | |
---|
| 37 | -- 2.10.9a : Email provider exclusion is no longer case sensitive |
---|
| 38 | |
---|
| 39 | -- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path. |
---|
| 40 | |
---|
| 41 | -- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail" |
---|
| 42 | |
---|
| 43 | -- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl |
---|
| 44 | |
---|
| 45 | -- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like : |
---|
| 46 | ereg replaced by preg_match |
---|
| 47 | eregi replace by preg_match with "i" moderator |
---|
| 48 | split replace by preg_split |
---|
| 49 | |
---|
| 50 | -- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin |
---|
| 51 | |
---|
| 52 | -- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...) |
---|
| 53 | Beautify plugin's main admin panel |
---|
| 54 | |
---|
| 55 | */ |
---|
| 56 | |
---|
| 57 | /* |
---|
| 58 | |
---|
| 59 | ***** TODO List ***** |
---|
| 60 | |
---|
| 61 | ++ No validation needed for admins users comments (new trigger needed in comments.php) |
---|
| 62 | |
---|
| 63 | ++ No single email check for admins (new trigger needed in (functions_user.inc.php ?)) |
---|
| 64 | |
---|
| 65 | ++ Password control and enforcement |
---|
| 66 | -- Empty password (done in Piwigo 2.x) |
---|
| 67 | ++ Can not be the same as username |
---|
| 68 | ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length) |
---|
| 69 | |
---|
| 70 | ++ Security : Blocking brut-force attacks ! |
---|
| 71 | |
---|
| 72 | ++ Opportunity to copy a registered user for new user creation |
---|
| 73 | ++ new copied user will (or not) belong to the same groups |
---|
| 74 | ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??)) |
---|
| 75 | ++ new copied user will (or not) get the same properties |
---|
| 76 | ++ new copied user will (or not) get the same language |
---|
| 77 | ... and so on |
---|
| 78 | |
---|
| 79 | */ |
---|
| 80 | |
---|
| 81 | |
---|
| 82 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
| 83 | |
---|
| 84 | define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__))); |
---|
| 85 | define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/'); |
---|
| 86 | |
---|
| 87 | include_once (NBC_UserAdvManager_PATH.'include/constants.php'); |
---|
| 88 | include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php'); |
---|
| 89 | |
---|
| 90 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
| 91 | |
---|
| 92 | |
---|
| 93 | /* Plugin admin */ |
---|
| 94 | add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu'); |
---|
| 95 | |
---|
| 96 | function nbc_UserAdvManager_admin_menu($menu) |
---|
| 97 | { |
---|
| 98 | array_push($menu, |
---|
| 99 | array( |
---|
| 100 | 'NAME' => 'UserAdvManager', |
---|
| 101 | 'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php') |
---|
| 102 | ) |
---|
| 103 | ); |
---|
| 104 | |
---|
| 105 | return $menu; |
---|
| 106 | } |
---|
| 107 | |
---|
| 108 | |
---|
| 109 | |
---|
| 110 | /* User creation */ |
---|
| 111 | add_event_handler('register_user', 'UserAdvManager_Adduser'); |
---|
| 112 | |
---|
| 113 | function UserAdvManager_Adduser($register_user) |
---|
| 114 | { |
---|
| 115 | global $conf; |
---|
| 116 | |
---|
| 117 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
| 118 | |
---|
| 119 | if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true')) |
---|
| 120 | |
---|
| 121 | SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true); |
---|
| 122 | } |
---|
| 123 | |
---|
| 124 | |
---|
| 125 | |
---|
| 126 | /* User deletion */ |
---|
| 127 | add_event_handler('delete_user', 'UserAdvManager_Deluser'); |
---|
| 128 | |
---|
| 129 | function UserAdvManager_Deluser($user_id) |
---|
| 130 | { |
---|
| 131 | |
---|
| 132 | DeleteConfirmMail($user_id); |
---|
| 133 | |
---|
| 134 | } |
---|
| 135 | |
---|
| 136 | |
---|
| 137 | |
---|
| 138 | add_event_handler('init', 'UserAdvManager_InitPage'); |
---|
| 139 | |
---|
| 140 | function UserAdvManager_InitPage() |
---|
| 141 | { |
---|
| 142 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
| 143 | global $conf, $template, $page, $lang; |
---|
| 144 | |
---|
| 145 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
| 146 | |
---|
| 147 | |
---|
| 148 | if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' ) |
---|
| 149 | $lang['reg_err_login5'] = l10n('new_reg_err_login5'); |
---|
| 150 | |
---|
| 151 | |
---|
| 152 | |
---|
| 153 | /* User identification */ |
---|
| 154 | if (script_basename() == 'identification') |
---|
| 155 | { |
---|
| 156 | if (isset($_POST['login'])) |
---|
| 157 | { |
---|
| 158 | /* User non case sensitive */ |
---|
| 159 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' ) |
---|
| 160 | { |
---|
| 161 | $new_username = NotSensibleSearchUsername($_POST['username']); |
---|
| 162 | $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username; |
---|
| 163 | } |
---|
| 164 | } |
---|
| 165 | } |
---|
| 166 | |
---|
| 167 | |
---|
| 168 | |
---|
| 169 | /* Admin user management */ |
---|
| 170 | if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') |
---|
| 171 | { |
---|
| 172 | if (isset($_POST['submit_add'])) |
---|
| 173 | { |
---|
| 174 | /* User non case sensitive */ |
---|
| 175 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' ) |
---|
| 176 | { |
---|
| 177 | $new_username = NotSensibleSearchUsername($_POST['login']); |
---|
| 178 | $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username; |
---|
| 179 | } |
---|
| 180 | |
---|
| 181 | |
---|
| 182 | /* Username without forbidden keys */ |
---|
| 183 | if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login'])) |
---|
| 184 | { |
---|
| 185 | $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'"; |
---|
| 186 | $_POST['login'] = ''; |
---|
| 187 | } |
---|
| 188 | |
---|
| 189 | /* Email without forbidden domains */ |
---|
| 190 | /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/ |
---|
| 191 | //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email'])) |
---|
| 192 | //{ |
---|
| 193 | // $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"; |
---|
| 194 | // $_POST['login'] = ''; |
---|
| 195 | //} |
---|
| 196 | /* This work with a code copy of ValidateEmailProvider() function */ |
---|
| 197 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email'])) |
---|
| 198 | { |
---|
| 199 | $ncsemail = strtolower($_POST['email']); |
---|
| 200 | $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]); |
---|
| 201 | for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++) |
---|
| 202 | { |
---|
| 203 | $pattern = '/'.$conf_nbc_MailExclusion[$i].'/'; |
---|
| 204 | if (preg_match($pattern, $ncsemail)) |
---|
| 205 | { |
---|
| 206 | $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"; |
---|
| 207 | $_POST['login'] = ''; |
---|
| 208 | } |
---|
| 209 | } |
---|
| 210 | } |
---|
| 211 | } |
---|
| 212 | } |
---|
| 213 | |
---|
| 214 | /* User creation */ |
---|
| 215 | if (script_basename() == 'register') |
---|
| 216 | { |
---|
| 217 | if (isset($_POST['submit'])) |
---|
| 218 | { |
---|
| 219 | /* Username non case sensitive */ |
---|
| 220 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true') |
---|
| 221 | { |
---|
| 222 | $new_username = NotSensibleSearchUsername($_POST['login']); |
---|
| 223 | $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username; |
---|
| 224 | } |
---|
| 225 | |
---|
| 226 | |
---|
| 227 | /* Username without forbidden keys */ |
---|
| 228 | if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login'])) |
---|
| 229 | { |
---|
| 230 | $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'"; |
---|
| 231 | $_POST['login'] = ''; |
---|
| 232 | } |
---|
| 233 | |
---|
| 234 | |
---|
| 235 | /* Email without forbidden domains */ |
---|
| 236 | /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/ |
---|
| 237 | //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address'])) |
---|
| 238 | //{ |
---|
| 239 | // $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"; |
---|
| 240 | // $_POST['mail_address'] = ''; |
---|
| 241 | //} |
---|
| 242 | /* This work with a code copy of ValidateEmailProvider() function */ |
---|
| 243 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address'])) |
---|
| 244 | { |
---|
| 245 | $ncsemail = strtolower($_POST['mail_address']); |
---|
| 246 | $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]); |
---|
| 247 | for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++) |
---|
| 248 | { |
---|
| 249 | $pattern = '/'.$conf_nbc_MailExclusion[$i].'/'; |
---|
| 250 | if (preg_match($pattern, $ncsemail)) |
---|
| 251 | { |
---|
| 252 | $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"; |
---|
| 253 | $_POST['login'] = ''; |
---|
| 254 | } |
---|
| 255 | } |
---|
| 256 | } |
---|
| 257 | } |
---|
| 258 | } |
---|
| 259 | |
---|
| 260 | /* User profile update */ |
---|
| 261 | if (script_basename() == 'profile') |
---|
| 262 | { |
---|
| 263 | if (isset($_POST['validate'])) |
---|
| 264 | { |
---|
| 265 | /* Sending email to user */ |
---|
| 266 | if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true')) |
---|
| 267 | { |
---|
| 268 | global $conf, $user ; |
---|
| 269 | $errors = array(); |
---|
| 270 | |
---|
| 271 | $int_pattern = '/^\d+$/'; |
---|
| 272 | if (empty($_POST['nb_image_line']) |
---|
| 273 | or (!preg_match($int_pattern, $_POST['nb_image_line']))) |
---|
| 274 | { |
---|
| 275 | $errors[] = l10n('nb_image_line_error'); |
---|
| 276 | } |
---|
| 277 | |
---|
| 278 | if (empty($_POST['nb_line_page']) |
---|
| 279 | or (!preg_match($int_pattern, $_POST['nb_line_page']))) |
---|
| 280 | { |
---|
| 281 | $errors[] = l10n('nb_line_page_error'); |
---|
| 282 | } |
---|
| 283 | |
---|
| 284 | if ($_POST['maxwidth'] != '' |
---|
| 285 | and (!preg_match($int_pattern, $_POST['maxwidth']) |
---|
| 286 | or $_POST['maxwidth'] < 50)) |
---|
| 287 | { |
---|
| 288 | $errors[] = l10n('maxwidth_error'); |
---|
| 289 | } |
---|
| 290 | if ($_POST['maxheight'] |
---|
| 291 | and (!preg_match($int_pattern, $_POST['maxheight']) |
---|
| 292 | or $_POST['maxheight'] < 50)) |
---|
| 293 | { |
---|
| 294 | $errors[] = l10n('maxheight_error'); |
---|
| 295 | } |
---|
| 296 | |
---|
| 297 | if (isset($_POST['mail_address'])) |
---|
| 298 | { |
---|
| 299 | $mail_error = validate_mail_address($user['id'], $_POST['mail_address']); |
---|
| 300 | if (!empty($mail_error)) |
---|
| 301 | { |
---|
| 302 | $errors[] = $mail_error; |
---|
| 303 | } |
---|
| 304 | |
---|
| 305 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address'])) |
---|
| 306 | { |
---|
| 307 | $ncsemail = strtolower($_POST['mail_address']); |
---|
| 308 | $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]); |
---|
| 309 | for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++) |
---|
| 310 | { |
---|
| 311 | $pattern = '/'.$conf_nbc_MailExclusion[$i].'/'; |
---|
| 312 | if (preg_match($pattern, $ncsemail)) |
---|
| 313 | { |
---|
| 314 | $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"; |
---|
| 315 | } |
---|
| 316 | } |
---|
| 317 | } |
---|
| 318 | if (!empty($mail_error)) |
---|
| 319 | { |
---|
| 320 | $errors[] = $mail_error; |
---|
| 321 | } |
---|
| 322 | } |
---|
| 323 | |
---|
| 324 | $typemail = 3; |
---|
| 325 | |
---|
| 326 | if (!empty($_POST['use_new_pwd'])) |
---|
| 327 | { |
---|
| 328 | $typemail = 2; |
---|
| 329 | |
---|
| 330 | // password must be the same as its confirmation |
---|
| 331 | if ($_POST['use_new_pwd'] != $_POST['passwordConf']) |
---|
| 332 | { |
---|
| 333 | $errors[] = l10n('New password confirmation does not correspond'); |
---|
| 334 | } |
---|
| 335 | |
---|
| 336 | if ( !defined('IN_ADMIN') ) |
---|
| 337 | {// changing password requires old password |
---|
| 338 | $query = ' |
---|
| 339 | SELECT '.$conf['user_fields']['password'].' AS password |
---|
| 340 | FROM '.USERS_TABLE.' |
---|
| 341 | WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\' |
---|
| 342 | ;'; |
---|
| 343 | list($current_password) = mysql_fetch_row(pwg_query($query)); |
---|
| 344 | |
---|
| 345 | if ($conf['pass_convert']($_POST['password']) != $current_password) |
---|
| 346 | { |
---|
| 347 | $errors[] = l10n('Current password is wrong'); |
---|
| 348 | } |
---|
| 349 | } |
---|
| 350 | } |
---|
| 351 | |
---|
| 352 | $confirm_mail_need = false; |
---|
| 353 | |
---|
| 354 | if (!empty($_POST['mail_address'])) |
---|
| 355 | { |
---|
| 356 | $query = ' |
---|
| 357 | SELECT '.$conf['user_fields']['email'].' AS email |
---|
| 358 | FROM '.USERS_TABLE.' |
---|
| 359 | WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\' |
---|
| 360 | ;'; |
---|
| 361 | list($current_email) = mysql_fetch_row(pwg_query($query)); |
---|
| 362 | |
---|
| 363 | if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') ) |
---|
| 364 | $confirm_mail_need = true; |
---|
| 365 | } |
---|
| 366 | |
---|
| 367 | if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) ) |
---|
| 368 | { |
---|
| 369 | $query = ' |
---|
| 370 | SELECT '.$conf['user_fields']['username'].' |
---|
| 371 | FROM '.USERS_TABLE.' |
---|
| 372 | WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\' |
---|
| 373 | ;'; |
---|
| 374 | list($username) = mysql_fetch_row(pwg_query($query)); |
---|
| 375 | |
---|
| 376 | |
---|
| 377 | SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need); |
---|
| 378 | } |
---|
| 379 | } |
---|
| 380 | } |
---|
| 381 | } |
---|
| 382 | } |
---|
| 383 | |
---|
| 384 | add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2); |
---|
| 385 | |
---|
| 386 | function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm) |
---|
| 387 | { |
---|
| 388 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
| 389 | global $infos, $conf, $template; |
---|
| 390 | |
---|
| 391 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
| 392 | |
---|
| 393 | /* User creation OR update */ |
---|
| 394 | if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest') |
---|
| 395 | { |
---|
| 396 | $comment_action = 'reject'; |
---|
| 397 | |
---|
| 398 | array_push($infos, l10n('UserAdvManager_Empty Author')); |
---|
| 399 | } |
---|
| 400 | |
---|
| 401 | return $comment_action; |
---|
| 402 | } |
---|
| 403 | |
---|
| 404 | ?> |
---|