source: extensions/NBC_UserAdvManager/branches/2.11/main.inc.php @ 3921

Last change on this file since 3921 was 3921, checked in by Eric, 15 years ago

[NBC_UserAdvManager] Merged from Trunk in Branch 2.11

  • Property svn:eol-style set to LF
File size: 14.8 KB
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.11.3
5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                        Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                        Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                        Bug fixed - Notice on forbidden characters function use
34                        Bug fixed - Audit on forbidden characters in username didn't work
35                        Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46                                ereg replaced by preg_match
47                                eregi replace by preg_match with "i" moderator
48                                split replace by preg_split
49                               
50-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...)
53                                                Beautify plugin's main admin panel
54                                               
55-- 2.11.1 : Bug fixed with install and upgrade functions
56                                                Language files correction
57
58-- 2.11.2 : Bug fixed on bad query for unvalidated users display in unvalidated users list
59                                                Bug fixed : Sql syntax error on plugin activation
60
61-- 2.11.3 : On Patricia's request (french forum), the unvalidated users management tab shows users according with the settings of unvalidated group and / or unvalidated status.
62                                                Email providers exclusion list can be set with CR/LF between each entry. The comma seperator (,) is still mandatory.
63                                                Bug fixed : Bad translation tag in french language file.
64                                                Improvement of unvalidated users management tab - Expired users are displayed in red color text.
65
66*/
67
68/*
69
70 ***** TODO List *****
71
72++ No validation needed for admins users comments (new trigger needed in comments.php)
73
74++ No single email check for admins (new trigger needed in (functions_user.inc.php ?))
75
76++ Password control and enforcement
77  -- Empty password (done in Piwigo 2.x)
78  ++ Can not be the same as username
79  ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
80 
81++ Security : Blocking brut-force attacks !
82
83++ Opportunity to copy a registered user for new user creation
84  ++ new copied user will (or not) belong to the same groups
85  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
86  ++ new copied user will (or not) get the same properties
87  ++ new copied user will (or not) get the same language
88  ... and so on
89 
90*/
91
92
93if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
94
95define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
96define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
97
98include_once (NBC_UserAdvManager_PATH.'include/constants.php');
99include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
100
101load_language('plugin.lang', NBC_UserAdvManager_PATH);
102
103
104/* Plugin admin */
105add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
106
107function nbc_UserAdvManager_admin_menu($menu)
108{
109  array_push($menu,
110    array(
111      'NAME' => 'UserAdvManager',
112      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
113    )
114  );
115
116  return $menu;
117}
118
119
120
121/* User creation */
122add_event_handler('register_user', 'UserAdvManager_Adduser');
123
124function UserAdvManager_Adduser($register_user)
125{
126  global $conf;
127 
128  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
129
130  if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
131       
132        SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
133}
134
135
136
137/* User deletion */
138add_event_handler('delete_user', 'UserAdvManager_Deluser');
139
140function UserAdvManager_Deluser($user_id)
141{
142
143  DeleteConfirmMail($user_id);
144
145}
146
147
148
149add_event_handler('init', 'UserAdvManager_InitPage');
150 
151function UserAdvManager_InitPage()
152{
153  load_language('plugin.lang', NBC_UserAdvManager_PATH);
154  global $conf, $template, $page, $lang;
155
156  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
157 
158
159  if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
160    $lang['reg_err_login5'] = l10n('reg_err_login5');
161 
162
163 
164/* User identification */
165  if (script_basename() == 'identification')
166  {
167    if (isset($_POST['login']))
168    {
169      /* User non case sensitive */
170      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
171      {
172        $new_username =  NotSensibleSearchUsername($_POST['username']);
173        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
174      }
175    }
176  }
177
178
179
180/* Admin user management */
181  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
182  {
183    if (isset($_POST['submit_add']))
184    {
185      /* User non case sensitive */
186      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
187      {
188        $new_username =  NotSensibleSearchUsername($_POST['login']);
189        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
190      }
191
192
193      /* Username without forbidden keys */
194      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
195      {
196        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
197        $_POST['login'] = '';
198      }
199
200      /* Email without forbidden domains */
201      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
202      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
203      //{
204      //  $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
205          //  $_POST['login'] = '';
206          //}
207      /* This work with a code copy of ValidateEmailProvider() function */
208                        if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
209                        {
210                        $ncsemail = strtolower($_POST['email']);
211                        $conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
212                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
213                    {
214                  $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
215                                if (preg_match($pattern, $ncsemail))
216                        {
217                        $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
218                        $_POST['login'] = '';
219                                        }
220                                }
221                        }
222    }
223  }
224
225/* User creation */
226  if (script_basename() == 'register')
227  {
228    if (isset($_POST['submit']))
229    {
230      /* Username non case sensitive */
231      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
232      {
233        $new_username =  NotSensibleSearchUsername($_POST['login']);
234        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
235      }
236
237
238      /* Username without forbidden keys */
239      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
240      {
241        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
242        $_POST['login'] = '';
243      }
244
245
246      /* Email without forbidden domains */
247      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
248      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
249      //{
250      //  $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
251      //  $_POST['mail_address'] = '';
252      //}
253      /* This work with a code copy of ValidateEmailProvider() function */
254                        if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
255                  {
256                        $ncsemail = strtolower($_POST['mail_address']);
257                    $conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
258                                for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
259                          {
260                                $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
261                                if (preg_match($pattern, $ncsemail))
262                                  {
263                                        $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
264                                                $_POST['login'] = '';
265                                  }
266                          }
267                  }
268    }
269  }
270
271/* User profile update */
272  if (script_basename() == 'profile')
273  {
274    if (isset($_POST['validate']))
275    {
276      /* Sending email to user */
277      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
278      {
279        global $conf, $user ;
280        $errors = array();
281 
282        $int_pattern = '/^\d+$/';
283        if (empty($_POST['nb_image_line'])
284            or (!preg_match($int_pattern, $_POST['nb_image_line'])))
285        {
286          $errors[] = l10n('nb_image_line_error');
287        }
288     
289        if (empty($_POST['nb_line_page'])
290            or (!preg_match($int_pattern, $_POST['nb_line_page'])))
291        {
292          $errors[] = l10n('nb_line_page_error');
293        }
294     
295        if ($_POST['maxwidth'] != ''
296            and (!preg_match($int_pattern, $_POST['maxwidth'])
297                 or $_POST['maxwidth'] < 50))
298        {
299          $errors[] = l10n('maxwidth_error');
300        }
301        if ($_POST['maxheight']
302             and (!preg_match($int_pattern, $_POST['maxheight'])
303                   or $_POST['maxheight'] < 50))
304        {
305          $errors[] = l10n('maxheight_error');
306        }
307
308        if (isset($_POST['mail_address']))
309        {
310          $mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
311          if (!empty($mail_error))
312          {
313            $errors[] = $mail_error;
314          }
315         
316                                        if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
317                                {
318                                        $ncsemail = strtolower($_POST['mail_address']);
319                                $conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
320                                                for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
321                                        {
322                                                $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
323                                                if (preg_match($pattern, $ncsemail))
324                                                {
325                                                $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
326                                                }
327                                        }
328                                }
329                if (!empty($mail_error))
330          {
331            $errors[] = $mail_error;
332          }
333        }
334
335        $typemail = 3;
336       
337        if (!empty($_POST['use_new_pwd']))
338        {
339          $typemail = 2;
340
341          // password must be the same as its confirmation
342          if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
343          {
344            $errors[] = l10n('New password confirmation does not correspond');
345          }
346     
347          if ( !defined('IN_ADMIN') )
348          {// changing password requires old password
349            $query = '
350              SELECT '.$conf['user_fields']['password'].' AS password
351              FROM '.USERS_TABLE.'
352              WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
353            ;';
354            list($current_password) = mysql_fetch_row(pwg_query($query));
355       
356            if ($conf['pass_convert']($_POST['password']) != $current_password)
357            {
358              $errors[] = l10n('Current password is wrong');
359            }
360          }
361        }
362       
363        $confirm_mail_need = false;
364             
365        if (!empty($_POST['mail_address']))
366        {
367          $query = '
368            SELECT '.$conf['user_fields']['email'].' AS email
369            FROM '.USERS_TABLE.'
370            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
371          ;';
372          list($current_email) = mysql_fetch_row(pwg_query($query));
373     
374          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
375            $confirm_mail_need = true;
376        }
377
378        if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
379        {
380          $query = '
381            SELECT '.$conf['user_fields']['username'].'
382            FROM '.USERS_TABLE.'
383            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
384          ;';
385          list($username) = mysql_fetch_row(pwg_query($query));
386
387
388          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
389        }
390      }
391    }
392  }
393}
394
395add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
396
397function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
398{
399  load_language('plugin.lang', NBC_UserAdvManager_PATH);
400  global $infos, $conf, $template;
401
402  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
403
404/* User creation OR update */
405  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
406  {
407    $comment_action = 'reject';
408
409    array_push($infos, l10n('UserAdvManager_Empty Author'));
410  }
411
412  return $comment_action;
413}
414
415?>
Note: See TracBrowser for help on using the repository browser.