source: extensions/NBC_UserAdvManager/branches/2.12/main.inc.php @ 4188

Revision 4188, 17.2 KB checked in by Eric, 10 years ago (diff)

[NBC_UserAdvManager] Merged from Trunk to Branch 2.12 :

  • Adding a password field control for SendMail2User - Neighborhood plugin compatibility improvement
  • Bug 1229 fixed - Email was no longer mandatory when plugin was active, even if Piwigo's email madatory option was set.
  • Property svn:eol-style set to LF
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.12.4
5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                                                Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                                                Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                                                Bug fixed - Notice on forbidden characters function use
34                                                Bug fixed - Audit on forbidden characters in username didn't work
35                                                Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46                                                        ereg replaced by preg_match
47                                                        eregi replace by preg_match with "i" moderator
48                                                        split replace by preg_split
49                               
50-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52
53 ***** Plugin history (branch 2.11)*****
54
55-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...)
56                                                Beautify plugin's main admin panel
57                                               
58-- 2.11.1 : Bug fixed with install and upgrade functions
59                                                Language files correction
60
61-- 2.11.2 : Bug fixed on bad query for unvalidated users display in unvalidated users list
62                                                Bug fixed : Sql syntax error on plugin activation
63
64-- 2.11.3 : On Patricia's request (french forum and bug 1173), the unvalidated users management tab shows users according with the settings of unvalidated group and / or unvalidated status.
65                                                Feature 1172 added : Email providers exclusion list can be set with CR/LF between each entry. The comma seperator (,) is still mandatory.
66                                                Bug 1175 fixed : Bad translation tag in french language file.
67                                                Improvement of unvalidated users management tab (feature 1174)- Expired users are displayed in red color text.
68
69-- 2.11.4 : Bug 1177 fixed : Width of excluded email providers list reset to ancient value (80 col)
70                                                Bug 1179 fixed : Adding a notice in plugin inline documentation for use of validation groups and status. A default group must be set in Piwigo's groups settings and the "Guest" (or another user) must be set as default for status values.
71                                                Bug 1182 fixed : Language tag missing in confirmation email generation
72
73-- 2.11.5 : Bug 1195 fixed : Registration displays the good title
74
75
76 ***** Plugin history (branch 2.12)*****
77
78-- 2.12.0 : Bug 1206 fixed : All plugin functionnalities work in user's profile page
79                Plugin's core code and admin panel refactoring
80                Password control and enforcement : A complexity score is computed on user registration. If this score is less than the goal set by admin, the password choosen is rejected.
81                Feature 1194 "Ghost Tracker" added : New plugin tab displays users who don't comes back to the gallery since x days. Ability to send email reminders and to delete reminded but "dead" users. It's the reason why this feature is called "Ghost Tracker".
82
83-- 2.12.1 : Rollback on admin panel improvement (it was a bad idea)
84
85-- 2.12.2 : Bug 1221 fixed - Adding of a new funtion to populate the lastvisit table on Ghost Tracker activation
86            Bug 1224 fixed - Error in database after plugin activation
87            Bug 1225 fixed - "Reminder" status don't change from "false" to "true" after the sent of a reminder email
88            Some code beautify (SQL requests and HTML 4 strict for tpl)
89
90-- 2.12.3 : Bug 1226 fixed - "duplicate key error" when lastvisit table is not empty and on using Ghost Tracker init function
91
92-- 2.12.4 : Adding a password field control for SendMail2User - Neighborhood plugin compatibility improvement
93            Bug 1229 fixed - Email was no longer mandatory when plugin was active, even if Piwigo's email madatory option was set.
94*/
95
96/*
97
98 ***** TODO List *****
99++ No validation needed for admins users comments (new trigger needed in comments.php ?)
100
101++ No single email check for admins (new trigger needed in functions_user.inc.php ?)
102
103++ Password control and enforcement
104  ?? Can not be the same as username -> Could password score control be sufficient ?
105 
106++ Security : Blocking brut-force attacks !
107              -> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin.
108              To unlock the locked account :
109               -> A new table in admin's plugin panel which would display the locked accounts.
110               -> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account.
111               -> Both of above solutions ?
112
113++ Opportunity to copy a registered user for new user creation
114  ++ new copied user will (or not) belong to the same groups
115  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
116  ++ new copied user will (or not) get the same properties
117  ++ new copied user will (or not) get the same language
118  ... and so on
119 
120*/
121
122
123if (!defined('PHPWG_ROOT_PATH'))
124{
125  die('Hacking attempt!');
126}
127
128define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
129define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
130
131include_once (NBC_UserAdvManager_PATH.'include/constants.php');
132include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
133
134load_language('plugin.lang', NBC_UserAdvManager_PATH);
135
136
137/* Plugin admin */
138add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
139
140function nbc_UserAdvManager_admin_menu($menu)
141{
142  array_push($menu,
143    array(
144      'NAME' => 'UserAdvManager',
145      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
146    )
147  );
148
149  return $menu;
150}
151
152
153add_event_handler('loc_begin_index', 'UserAdvManager_GhostTracker');
154
155function UserAdvManager_GhostTracker()
156{
157  global $conf, $user;
158 
159  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
160
161  if (isset($conf_nbc_UserAdvManager[17]) and $conf_nbc_UserAdvManager[17] == 'true' and !is_admin() and !is_a_guest())
162  {
163
164    $userid = get_userid($user['username']);
165         
166    /* Looking for existing entry in last visit table */
167    $query = '
168SELECT *
169  FROM '.USER_LASTVISIT_TABLE.'
170WHERE user_id = '.$userid.'
171;';
172       
173    $count = mysql_num_rows(pwg_query($query));
174         
175    if ($count == 0)
176    {
177      /* If not, data are inserted in table */
178      $query = '
179INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
180VALUES ('.$userid.', now(), "false")
181;';
182      pwg_query($query);
183    }
184    else if ($count > 0)
185    {
186      /* If yes, data are updated in table */
187      $query = '
188UPDATE '.USER_LASTVISIT_TABLE.'
189SET lastvisit = now(), reminder = "false"
190WHERE user_id = '.$userid.'
191LIMIT 1
192;';
193      pwg_query($query);
194    }
195  }
196}
197
198
199/* User creation */
200add_event_handler('register_user', 'UserAdvManager_Adduser');
201
202function UserAdvManager_Adduser($register_user)
203{
204  global $conf;
205 
206  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
207 
208  /* Sending registration confirmation by email */
209  if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
210  {
211    $passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
212    SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
213  }
214}
215
216
217
218/* User deletion */
219add_event_handler('delete_user', 'UserAdvManager_Deluser');
220
221function UserAdvManager_Deluser($user_id)
222{
223  /* Cleanup for ConfirmMail table */
224  DeleteConfirmMail($user_id);
225  /* Cleanup for LastVisit table */
226  DeleteLastVisit($user_id);
227}
228
229
230/* Check users registration */
231add_event_handler('register_user_check', 'UserAdvManager_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
232
233function UserAdvManager_RegistrationCheck($err, $user)
234{
235  global $errors, $conf;
236
237  $PasswordCheck = 0;
238 
239  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
240
241  /* Password enforcement control */
242  if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
243  {
244    if (!empty($user['password']) and !is_admin())
245    {
246      $PasswordCheck = testpassword($user['password']);
247 
248      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
249      {
250        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
251        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
252      }
253    }
254    else if (!empty($user['password']) and is_admin() and isset($conf_nbc_UserAdvManager[16]) and $conf_nbc_UserAdvManager[16] == 'true')
255    { 
256      $PasswordCheck = testpassword($user['password']);
257 
258      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
259      {
260        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
261        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
262      }
263    }
264  }
265
266  /* Username non case sensitive */
267  if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
268  {
269    $new_username =  NotSensibleSearchUsername($_POST['login']);
270    $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
271  }
272
273  /* Username without forbidden keys */
274  if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
275  {
276    $_POST['login'] = '';
277    return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'");
278  }
279
280  /* Email mandatory - Needed to be add here to avoid jump of standard Piwigo email control */
281  if (empty($_POST['mail_address']) and $conf['obligatory_user_mail_address'])
282  {
283    //$_POST['mail_address'] = '';
284    return l10n('reg_err_mail_address');
285  }
286
287  /* Email without forbidden domains */
288  if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
289  {
290    //$_POST['mail_address'] = '';
291    return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
292  }
293}
294
295
296if (script_basename() == 'profile')
297{
298  add_event_handler('loc_begin_profile', 'UserAdvManager_Profile_Init');
299
300  function UserAdvManager_Profile_Init()
301  {
302    global $conf, $user, $template;
303
304    $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
305
306    if (isset($_POST['validate']))
307    {
308      /* Email without forbidden domains */
309      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
310      {
311        if (!ValidateEmailProvider($_POST['mail_address']))
312        {
313          $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
314          unset($_POST['validate']);
315        }
316      }
317
318      $typemail = 3;
319     
320      if (!empty($_POST['use_new_pwd']))
321      {
322        $typemail = 2;
323       
324        /* Password enforcement control */
325        if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
326        {
327          $PasswordCheck = testpassword($_POST['use_new_pwd']);
328         
329          if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
330          {
331            $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
332            $template->append('errors', l10n_args($message).$conf_nbc_UserAdvManager[15]);
333            unset($_POST['use_new_pwd']);
334            unset($_POST['validate']);
335          }
336        }
337      }
338     
339      /* Sending registration confirmation by email */
340      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
341      {
342        $confirm_mail_need = false;
343             
344        if (!empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']))
345        {
346          $query = '
347SELECT '.$conf['user_fields']['email'].' AS email
348FROM '.USERS_TABLE.'
349WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
350;';
351         
352          list($current_email) = mysql_fetch_row(pwg_query($query));
353     
354          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
355       
356            $confirm_mail_need = true;
357        }
358       
359        if ((!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
360        {
361          $query = '
362SELECT '.$conf['user_fields']['username'].'
363FROM '.USERS_TABLE.'
364WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
365;';
366       
367          list($username) = mysql_fetch_row(pwg_query($query));
368
369          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
370        }
371      }
372    }
373  }
374}
375
376
377add_event_handler('init', 'UserAdvManager_InitPage');
378 
379function UserAdvManager_InitPage()
380{
381  load_language('plugin.lang', NBC_UserAdvManager_PATH);
382  global $conf, $template, $page, $lang, $errors;
383
384  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
385 
386  /* Username non case sensitive */
387  if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
388  {
389    $lang['reg_err_login5'] = l10n('reg_err_login5');
390  }
391 
392
393 
394/* User identification */
395  if (script_basename() == 'identification')
396  {
397    if (isset($_POST['login']))
398    {
399      /* User non case sensitive */
400      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
401      {
402        $new_username =  NotSensibleSearchUsername($_POST['username']);
403        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
404      }
405    }
406  }
407
408
409/* Admin user management */
410  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
411  {
412    if (isset($_POST['submit_add']))
413    {
414      /* User non case sensitive */
415      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
416      {
417        $new_username =  NotSensibleSearchUsername($_POST['login']);
418        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
419      }
420
421      /* Username without forbidden keys */
422      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
423      {
424        $template->append('errors', l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'");
425        unset($_POST['submit_add']);
426      }
427
428      /* Email without forbidden domains */
429      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
430      {
431        $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
432        unset($_POST['submit_add']);
433      }
434    }
435  }
436}
437
438
439add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
440
441function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
442{
443  load_language('plugin.lang', NBC_UserAdvManager_PATH);
444  global $infos, $conf, $template;
445
446  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
447
448/* User creation OR update */
449  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
450  {
451    $comment_action = 'reject';
452
453    array_push($infos, l10n('UserAdvManager_Empty Author'));
454  }
455
456  return $comment_action;
457}
458
459?>
Note: See TracBrowser for help on using the repository browser.