Context Navigation

main.inc.php @ 4062

Last change on this file since 4062 was 4062, checked in by Eric, 15 years ago

[NBC_UserAdvManager] 4061 merged from trunk to branch 2.11

Bug 1195 fixed : Registration page displays now the good title

Property svn:eol-style set to LF

File size: 15.3 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.11.5
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41	-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43	-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45	-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46	ereg replaced by preg_match
47	eregi replace by preg_match with "i" moderator
48	split replace by preg_split
49
50	-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52	-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...)
53	Beautify plugin's main admin panel
54
55	-- 2.11.1 : Bug fixed with install and upgrade functions
56	Language files correction
57
58	-- 2.11.2 : Bug fixed on bad query for unvalidated users display in unvalidated users list
59	Bug fixed : Sql syntax error on plugin activation
60
61	-- 2.11.3 : On Patricia's request (french forum and bug 1173), the unvalidated users management tab shows users according with the settings of unvalidated group and / or unvalidated status.
62	Feature 1172 : Email providers exclusion list can be set with CR/LF between each entry. The comma seperator (,) is still mandatory.
63	Bug 1175 fixed : Bad translation tag in french language file.
64	Improvement of unvalidated users management tab (feature 1174)- Expired users are displayed in red color text.
65
66	-- 2.11.4 : Bug 1177 fixed : Width of excluded email providers list reset to ancient value (80 col)
67	Bug 1179 fixed : Adding a notice in plugin inline documentation for use of validation groups and status. A default group must be set in Piwigo's groups settings and the "Guest" (or another user) must be set as default for status values.
68	Bug 1182 fixed : Language tag missing in confirmation email generation
69
70	-- 2.11.5 : Bug 1195 fixed : Registration displays the good title
71
72	*/
73
74	/*
75
76	*** TODO List ***
77
78	++ No validation needed for admins users comments (new trigger needed in comments.php)
79
80	++ No single email check for admins (new trigger needed in (functions_user.inc.php ?))
81
82	++ Password control and enforcement
83	-- Empty password (done in Piwigo 2.x)
84	++ Can not be the same as username
85	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
86
87	++ Security : Blocking brut-force attacks !
88
89	++ Opportunity to copy a registered user for new user creation
90	++ new copied user will (or not) belong to the same groups
91	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
92	++ new copied user will (or not) get the same properties
93	++ new copied user will (or not) get the same language
94	... and so on
95
96	*/
97
98
99	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
100
101	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
102	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
103
104	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
105	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
106
107	load_language('plugin.lang', NBC_UserAdvManager_PATH);
108
109
110	/* Plugin admin */
111	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
112
113	function nbc_UserAdvManager_admin_menu($menu)
114	{
115	array_push($menu,
116	array(
117	'NAME' => 'UserAdvManager',
118	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
119	)
120	);
121
122	return $menu;
123	}
124
125
126
127	/* User creation */
128	add_event_handler('register_user', 'UserAdvManager_Adduser');
129
130	function UserAdvManager_Adduser($register_user)
131	{
132	global $conf;
133
134	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
135
136	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
137
138	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
139	}
140
141
142
143	/* User deletion */
144	add_event_handler('delete_user', 'UserAdvManager_Deluser');
145
146	function UserAdvManager_Deluser($user_id)
147	{
148
149	DeleteConfirmMail($user_id);
150
151	}
152
153
154
155	add_event_handler('init', 'UserAdvManager_InitPage');
156
157	function UserAdvManager_InitPage()
158	{
159	load_language('plugin.lang', NBC_UserAdvManager_PATH);
160	global $conf, $template, $page, $lang;
161
162	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
163
164
165	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
166	$lang['reg_err_login5'] = l10n('reg_err_login5');
167
168
169
170	/* User identification */
171	if (script_basename() == 'identification')
172	{
173	if (isset($_POST['login']))
174	{
175	/* User non case sensitive */
176	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
177	{
178	$new_username = NotSensibleSearchUsername($_POST['username']);
179	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
180	}
181	}
182	}
183
184
185
186	/* Admin user management */
187	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
188	{
189	if (isset($_POST['submit_add']))
190	{
191	/* User non case sensitive */
192	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
193	{
194	$new_username = NotSensibleSearchUsername($_POST['login']);
195	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
196	}
197
198
199	/* Username without forbidden keys */
200	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
201	{
202	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
203	$_POST['login'] = '';
204	}
205
206	/* Email without forbidden domains */
207	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
208	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
209	//{
210	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
211	// $_POST['login'] = '';
212	//}
213	/* This work with a code copy of ValidateEmailProvider() function */
214	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
215	{
216	$ncsemail = strtolower($_POST['email']);
217	$conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
218	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
219	{
220	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
221	if (preg_match($pattern, $ncsemail))
222	{
223	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
224	$_POST['login'] = '';
225	}
226	}
227	}
228	}
229	}
230
231	/* User creation */
232	if (script_basename() == 'register')
233	{
234	if (isset($_POST['submit']))
235	{
236	/* Username non case sensitive */
237	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
238	{
239	$new_username = NotSensibleSearchUsername($_POST['login']);
240	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
241	}
242
243
244	/* Username without forbidden keys */
245	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
246	{
247	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
248	$_POST['login'] = '';
249	}
250
251
252	/* Email without forbidden domains */
253	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
254	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
255	//{
256	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
257	// $_POST['mail_address'] = '';
258	//}
259	/* This work with a code copy of ValidateEmailProvider() function */
260	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
261	{
262	$ncsemail = strtolower($_POST['mail_address']);
263	$conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
264	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
265	{
266	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
267	if (preg_match($pattern, $ncsemail))
268	{
269	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
270	$_POST['login'] = '';
271	}
272	}
273	}
274	}
275	}
276
277	/* User profile update */
278	if (script_basename() == 'profile')
279	{
280	if (isset($_POST['validate']))
281	{
282	/* Sending email to user */
283	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
284	{
285	global $conf, $user ;
286	$errors = array();
287
288	$int_pattern = '/^\d+$/';
289	if (empty($_POST['nb_image_line'])
290	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
291	{
292	$errors[] = l10n('nb_image_line_error');
293	}
294
295	if (empty($_POST['nb_line_page'])
296	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
297	{
298	$errors[] = l10n('nb_line_page_error');
299	}
300
301	if ($_POST['maxwidth'] != ''
302	and (!preg_match($int_pattern, $_POST['maxwidth'])
303	or $_POST['maxwidth'] < 50))
304	{
305	$errors[] = l10n('maxwidth_error');
306	}
307	if ($_POST['maxheight']
308	and (!preg_match($int_pattern, $_POST['maxheight'])
309	or $_POST['maxheight'] < 50))
310	{
311	$errors[] = l10n('maxheight_error');
312	}
313
314	if (isset($_POST['mail_address']))
315	{
316	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
317	if (!empty($mail_error))
318	{
319	$errors[] = $mail_error;
320	}
321
322	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
323	{
324	$ncsemail = strtolower($_POST['mail_address']);
325	$conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
326	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
327	{
328	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
329	if (preg_match($pattern, $ncsemail))
330	{
331	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
332	}
333	}
334	}
335	if (!empty($mail_error))
336	{
337	$errors[] = $mail_error;
338	}
339	}
340
341	$typemail = 3;
342
343	if (!empty($_POST['use_new_pwd']))
344	{
345	$typemail = 2;
346
347	// password must be the same as its confirmation
348	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
349	{
350	$errors[] = l10n('New password confirmation does not correspond');
351	}
352
353	if ( !defined('IN_ADMIN') )
354	{// changing password requires old password
355	$query = '
356	SELECT '.$conf['user_fields']['password'].' AS password
357	FROM '.USERS_TABLE.'
358	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
359	;';
360	list($current_password) = mysql_fetch_row(pwg_query($query));
361
362	if ($conf['pass_convert']($_POST['password']) != $current_password)
363	{
364	$errors[] = l10n('Current password is wrong');
365	}
366	}
367	}
368
369	$confirm_mail_need = false;
370
371	if (!empty($_POST['mail_address']))
372	{
373	$query = '
374	SELECT '.$conf['user_fields']['email'].' AS email
375	FROM '.USERS_TABLE.'
376	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
377	;';
378	list($current_email) = mysql_fetch_row(pwg_query($query));
379
380	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
381	$confirm_mail_need = true;
382	}
383
384	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
385	{
386	$query = '
387	SELECT '.$conf['user_fields']['username'].'
388	FROM '.USERS_TABLE.'
389	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
390	;';
391	list($username) = mysql_fetch_row(pwg_query($query));
392
393
394	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
395	}
396	}
397	}
398	}
399	}
400
401	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
402
403	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
404	{
405	load_language('plugin.lang', NBC_UserAdvManager_PATH);
406	global $infos, $conf, $template;
407
408	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
409
410	/* User creation OR update */
411	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
412	{
413	$comment_action = 'reject';
414
415	array_push($infos, l10n('UserAdvManager_Empty Author'));
416	}
417
418	return $comment_action;
419	}
420
421	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: extensions/NBC_UserAdvManager/branches/2.11/main.inc.php @ 4062

Download in other formats: