Context Navigation

source: extensions/NBC_UserAdvManager/branches/2.15/main.inc.php @ 7657

Last change on this file since 7657 was 7657, checked in by Eric, 13 years ago
Merge from Trunk to Branch 2.15
Property svn:eol-style set to `LF`
File size: 15.4 KB

Line
1	<?php
2	/*
3	Plugin Name: UserAdvManager
4	Version: 2.15.9
5	Description: Renforcer la gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/* History: UAM_PATH.'Changelog.txt.php' */
12
13	/*
14	*** TODO List ***
15	See project bugtracker: http://piwigo.org/bugs/my_view_page.php
16	*/
17
18	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
19	if (!defined('UAM_DIR')) define('UAM_DIR' , basename(dirname(__FILE__)));
20	if (!defined('UAM_PATH')) define('UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
21
22	include_once (UAM_PATH.'include/constants.php');
23	include_once (UAM_PATH.'include/functions.inc.php');
24
25	load_language('plugin.lang', UAM_PATH);
26
27
28	/* Plugin admin */
29	add_event_handler('get_admin_plugin_menu_links', 'UAM_admin_menu');
30
31	function UAM_admin_menu($menu)
32	{
33	// +-----------------------------------------------------------------------+
34	// \| Getting plugin name \|
35	// +-----------------------------------------------------------------------+
36	$plugin = PluginInfos(UAM_PATH);
37	$name = $plugin['name'];
38
39	array_push($menu,
40	array(
41	'NAME' => $name,
42	'URL' => get_admin_plugin_menu_link(UAM_PATH.'/admin/UAM_admin.php')
43	)
44	);
45
46	return $menu;
47	}
48
49	/* Lastvisit table feed for Ghost Tracker */
50	add_event_handler('loc_begin_index', 'UAM_GhostTracker');
51
52	function UAM_GhostTracker()
53	{
54	global $conf, $user;
55
56	$conf_UAM = unserialize($conf['UserAdvManager']);
57
58	/* Admins, Guests and Adult_Content users are not tracked for Ghost Tracker or Users Tracker */
59	if (!is_admin() and !is_a_guest() and $user['username'] != "16" and $user['username'] != "18")
60	{
61	if ((isset($conf_UAM[16]) and $conf_UAM[16] == 'true') or (isset($conf_UAM[19]) and $conf_UAM[19] == 'true'))
62	{
63
64	$userid = get_userid($user['username']);
65
66	/* Looking for existing entry in last visit table */
67	$query = '
68	SELECT *
69	FROM '.USER_LASTVISIT_TABLE.'
70	WHERE user_id = '.$userid.'
71	;';
72
73	$count = pwg_db_num_rows(pwg_query($query));
74
75	if ($count == 0)
76	{
77	/* If not, data are inserted in table */
78	$query = '
79	INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
80	VALUES ('.$userid.', now(), "false")
81	;';
82	pwg_query($query);
83	}
84	else if ($count > 0)
85	{
86	/* If yes, data are updated in table */
87	$query = '
88	UPDATE '.USER_LASTVISIT_TABLE.'
89	SET lastvisit = now(), reminder = "false"
90	WHERE user_id = '.$userid.'
91	LIMIT 1
92	;';
93	pwg_query($query);
94	}
95	}
96	}
97	}
98
99
100	/* User creation */
101	add_event_handler('register_user', 'UAM_Adduser');
102
103	function UAM_Adduser($register_user)
104	{
105	global $conf;
106
107	$conf_UAM = unserialize($conf['UserAdvManager']);
108
109	// Exclusion of Adult_Content users
110	if ($register_user['username'] != "16" and $register_user['username'] != "18")
111	{
112	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
113	{
114	/* This is to send an information email and set user to "waiting" group or status until admin validation */
115	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
116	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
117	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
118	}
119	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'false') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
120	{
121	/* This is to set user to "waiting" group or status until admin validation */
122	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
123	}
124	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'false'))
125	{
126	/* This is to send an information email without validation key */
127	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
128	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
129	}
130	/* Sending registration confirmation by email */
131	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true' or $conf_UAM[0] == 'false') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'true'))
132	{
133	if (is_admin() and isset($conf_UAM[20]) and $conf_UAM[20] == 'true')
134	{
135	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
136	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
137	}
138	elseif (is_admin() and isset($conf_UAM[20]) and $conf_UAM[20] == 'false')
139	{
140	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
141	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
142	}
143	elseif (!is_admin())
144	{
145	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
146	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
147	}
148	}
149	}
150	}
151
152
153	/* User deletion */
154	add_event_handler('delete_user', 'UAM_Deluser');
155
156	function UAM_Deluser($user_id)
157	{
158	/* Cleanup for ConfirmMail table */
159	DeleteConfirmMail($user_id);
160	/* Cleanup for LastVisit table */
161	DeleteLastVisit($user_id);
162	/* Cleanup Redirection settings */
163	DeleteRedir($user_id);
164	}
165
166
167	// Check users registration
168	add_event_handler('register_user_check', 'UAM_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
169
170	function UAM_RegistrationCheck($err, $user)
171	{
172	global $errors, $conf;
173
174	// Exclusion of Adult_Content users
175	if ($user['username'] != "16" and $user['username'] != "18")
176	{
177	// ***********************************************************
178	// We need to reset the standard Piwigo's register controls
179	// because the call of register_user_check trigger resets them
180	// ***********************************************************
181	// **********************************
182	// Standard Piwigo's username control
183	// **********************************
184	if ($_POST['login'] == '')
185	{
186	return l10n('reg_err_login1');
187	}
188	if (preg_match('/^.* $/', $_POST['login']))
189	{
190	return l10n('reg_err_login2');
191	}
192	if (preg_match('/^ .*$/', $_POST['login']))
193	{
194	return l10n('reg_err_login3');
195	}
196	if (get_userid($_POST['login']))
197	{
198	return l10n('reg_err_login5');
199	}
200
201	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') // not the same email variable if we are on users registration page or on admin's user registration page
202	{
203	// Email doblons check
204	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
205	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
206	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
207
208	if (!preg_match($regex, $_POST['email']))
209	{
210	return l10n('reg_err_mail_address');
211	}
212
213	$query = '
214	SELECT count(*)
215	FROM '.USERS_TABLE.'
216	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['email'].'\')
217	;';
218	list($count) = pwg_db_fetch_row(pwg_query($query));
219	if ($count != 0)
220	{
221	return l10n('reg_err_mail_address_dbl');
222	}
223	}
224
225	if (script_basename() == 'register') // not the same email variable if we are on users registration page or on admin's user registration page
226	{
227	// Email doblons check
228	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
229	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
230	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
231
232	if (!preg_match($regex, $_POST['mail_address']))
233	{
234	return l10n('reg_err_mail_address');
235	}
236
237	$query = '
238	SELECT count(*)
239	FROM '.USERS_TABLE.'
240	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\')
241	;';
242	list($count) = pwg_db_fetch_row(pwg_query($query));
243	if ($count != 0)
244	{
245	return l10n('reg_err_mail_address_dbl');
246	}
247	}
248	// ******************************************
249	// End of Piwigo's standard register controls
250	// ******************************************
251
252
253	// ******************************************
254	// Here begins the advanced register controls
255	// ******************************************
256	$PasswordCheck = 0;
257
258	$conf_UAM = unserialize($conf['UserAdvManager']);
259
260	// Password enforcement control
261	if (isset($conf_UAM[13]) and $conf_UAM[13] == 'true' and !empty($conf_UAM[14]))
262	{
263	if (!empty($user['password']) and !is_admin())
264	{
265	$PasswordCheck = testpassword($user['password']);
266
267	if ($PasswordCheck < $conf_UAM[14])
268	{
269	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
270	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[14]);
271	}
272	}
273	else if (!empty($user['password']) and is_admin() and isset($conf_UAM[15]) and $conf_UAM[15] == 'true')
274	{
275	$PasswordCheck = testpassword($user['password']);
276
277	if ($PasswordCheck < $conf_UAM[14])
278	{
279	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
280	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[14]);
281	}
282	}
283	}
284
285	// Username without forbidden keys
286	if (isset($conf_UAM[6]) and $conf_UAM[6] == 'true' and !empty($_POST['login']) and ValidateUsername($_POST['login']) and !is_admin())
287	{
288	$_POST['login'] = '';
289	return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_UAM[7]."'");
290	}
291
292	// Email without forbidden domains
293	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']) and !is_admin())
294	{
295	$_POST['mail_address'] = '';
296	return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_UAM[12]."'");
297	}
298	}
299	}
300
301
302	if (script_basename() == 'profile')
303	{
304	add_event_handler('loc_begin_profile', 'UAM_Profile_Init');
305
306	function UAM_Profile_Init()
307	{
308	global $conf, $user, $template;
309
310	$conf_UAM = unserialize($conf['UserAdvManager']);
311
312	if ((isset($conf_UAM[21]) and $conf_UAM[21] == 'true'))
313	{
314	$user_idsOK = array();
315	if (!check_consult($user['id'], $user_idsOK))
316	{
317	$user_idsOK[] = $user['id'];
318
319	$query = "
320	UPDATE ".CONFIG_TABLE."
321	SET value = \"".implode(',', $user_idsOK)."\"
322	WHERE param = 'UserAdvManager_Redir';";
323
324	pwg_query($query);
325	}
326	}
327
328	if (isset($_POST['validate']) and !is_admin())
329	{
330	/* Email without forbidden domains */
331	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['mail_address']))
332	{
333	if (ValidateEmailProvider($_POST['mail_address']))
334	{
335	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[12]."'");
336	unset($_POST['validate']);
337	}
338	}
339
340	$typemail = 3;
341
342	if (!empty($_POST['use_new_pwd']))
343	{
344	$typemail = 2;
345
346	/* Password enforcement control */
347	if (isset($conf_UAM[13]) and $conf_UAM[13] == 'true' and !empty($conf_UAM[14]))
348	{
349	$PasswordCheck = testpassword($_POST['use_new_pwd']);
350
351	if ($PasswordCheck < $conf_UAM[14])
352	{
353	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
354	$template->append('errors', l10n_args($message).$conf_UAM[14]);
355	unset($_POST['use_new_pwd']);
356	unset($_POST['validate']);
357	}
358	}
359	}
360
361	/* Sending registration confirmation by email */
362	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or (isset($conf_UAM[1]) and $conf_UAM[1] == 'true') or (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
363	{
364	$confirm_mail_need = false;
365
366	if (!empty($_POST['mail_address']))
367	{
368	$query = '
369	SELECT '.$conf['user_fields']['email'].' AS email
370	FROM '.USERS_TABLE.'
371	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
372	;';
373
374	list($current_email) = pwg_db_fetch_row(pwg_query($query));
375
376	/* This is to send a new validation key */
377	if ($_POST['mail_address'] != $current_email and (isset($conf_UAM[1]) and $conf_UAM[1] == 'true'))
378
379	$confirm_mail_need = true;
380
381	/* This is to set the user to "waiting" group or status until admin validation */
382	if ($_POST['mail_address'] != $current_email and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
383
384	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
385	$confirm_mail_need = false;
386	}
387
388	if ((!empty($_POST['use_new_pwd']) and (isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or $confirm_mail_need))
389	{
390	$query = '
391	SELECT '.$conf['user_fields']['username'].'
392	FROM '.USERS_TABLE.'
393	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
394	;';
395
396	list($username) = pwg_db_fetch_row(pwg_query($query));
397
398	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
399	}
400	}
401	}
402	}
403	}
404
405
406	// RedirectToProfile - Thx to LucMorizur
407	// redirects a visitor (except for admins, webmasters and generic statuses) to his
408	// profile.php page
409	//
410	// no variable, no return
411	add_event_handler('login_success', 'RedirectToProfile');
412
413	function RedirectToProfile()
414	{
415	global $conf, $user;
416
417	$conf_UAM = unserialize($conf['UserAdvManager']);
418
419	$query ='
420	SELECT user_id, status
421	FROM '.USER_INFOS_TABLE.'
422	WHERE user_id = '.$user['id'].'
423	;';
424	$data = pwg_db_fetch_assoc(pwg_query($query));
425
426	if ($data['status'] <> "admin" and $data['status'] <> "webmaster" and $data['status'] <> "generic")
427	{
428	if ((isset($conf_UAM[21]) and $conf_UAM[21] == 'true'))
429	{
430	$user_idsOK = array();
431	if (!check_consult($user['id'], $user_idsOK))
432	redirect(PHPWG_ROOT_PATH.'profile.php');
433	}
434	}
435	}
436
437
438	add_event_handler('init', 'UAM_InitPage');
439	/* * Important ! This is necessary to make email exclusion work in admin's users management panel * */
440	function UAM_InitPage()
441	{
442	load_language('plugin.lang', UAM_PATH);
443	global $conf, $template, $page, $lang, $errors;
444
445	$conf_UAM = unserialize($conf['UserAdvManager']);
446
447	/* Admin user management */
448	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
449	{
450	if (isset($_POST['submit_add']))
451	{
452	/* Email without forbidden domains */
453	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['email']) and ValidateEmailProvider($_POST['email']))
454	{
455	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[12]."'");
456	unset($_POST['submit_add']);
457	}
458	}
459	}
460	}
461
462
463	add_event_handler('user_comment_check', 'UAM_CheckEmptyCommentAuthor', 50, 2);
464
465	function UAM_CheckEmptyCommentAuthor($comment_action, $comm)
466	{
467	load_language('plugin.lang', UAM_PATH);
468	global $infos, $conf, $template;
469
470	$conf_UAM = unserialize($conf['UserAdvManager']);
471
472	/* User creation OR update */
473	if (isset($conf_UAM[5]) and $conf_UAM[5] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
474	{
475	$comment_action = 'reject';
476
477	array_push($infos, l10n('UAM_Empty Author'));
478	}
479
480	return $comment_action;
481	}
482	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: