Context Navigation

source: extensions/NBC_UserAdvManager/main.inc.php @ 3417

Last change on this file since 3417 was 3416, checked in by Eric, 15 years ago
ConfirmMail.tpl : $U_HOME replaced by $GALLERY_URL only if $GALLERY_URL is empty. ConfirmMail.php : $GALLERY_URL set. main.inc.php : Plugin version (2.10.9b) and history update.
Property svn:eol-style set to `LF`
File size: 15.2 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.10.9b
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41
42	*/
43
44	/*
45
46	*** TODO List ***
47
48	-- No validation needed for admins users comments (new trigger needed in comments.php)
49
50	-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
51
52	-- Administration page for Confirm Mail
53	++ Admin tabsheet for Confirm Mail to set options :
54	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
55	++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
56	++ List of users with expired validation time
57	++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
58	++ Opportunities to take actions on database tables :
59	++ Re-asking validation (case of non reception of validation email)
60	++ Force expiration
61	++ Force confirmation
62	++ Cleanup expired user's accounts
63	++ (...)
64
65	-- Password control and enforcement
66	-- Empty password (done in Piwigo 2.x)
67	++ Can not be the same as username
68	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
69
70	-- Security : Blocking brut-force attacks !
71
72	-- Opportunity to copy a registered user for new user creation
73	++ new copied user will (or not) belong to the same groups
74	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
75	++ new copied user will (or not) get the same properties
76	++ new copied user will (or not) get the same language
77	... and so on
78
79	*/
80
81
82
83	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
84	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
85	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
86	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
87	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
88	load_language('plugin.lang', NBC_UserAdvManager_PATH);
89
90
91	/* Plugin admin */
92	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
93
94	function nbc_UserAdvManager_admin_menu($menu)
95	{
96	array_push($menu,
97	array(
98	'NAME' => 'UserAdvManager',
99	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
100	)
101	);
102
103	return $menu;
104	}
105
106
107
108	/* User creation */
109	add_event_handler('register_user', 'UserAdvManager_Adduser');
110
111	function UserAdvManager_Adduser($register_user)
112	{
113	global $conf;
114
115	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
116
117	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
118	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
119	}
120
121
122
123	/* User deletion */
124	add_event_handler('delete_user', 'UserAdvManager_Deluser');
125
126	function UserAdvManager_Deluser($user_id)
127	{
128
129	DeleteConfirmMail($user_id);
130
131	}
132
133
134
135	add_event_handler('init', 'UserAdvManager_InitPage');
136
137	function UserAdvManager_InitPage()
138	{
139	load_language('plugin.lang', NBC_UserAdvManager_PATH);
140	global $conf, $template, $page, $lang;
141
142	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
143
144
145	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
146	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
147
148
149
150	/* User identification */
151	if (script_basename() == 'identification')
152	{
153	if (isset($_POST['login']))
154	{
155	/* User non case sensitive */
156	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
157	{
158	$new_username = NotSensibleSearchUsername($_POST['username']);
159	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
160	}
161	}
162	}
163
164
165
166	/* Admin user management */
167	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
168	{
169	if (isset($_POST['submit_add']))
170	{
171	/* User non case sensitive */
172	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
173	{
174	$new_username = NotSensibleSearchUsername($_POST['login']);
175	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
176	}
177
178
179	/* Username without forbidden keys */
180	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
181	{
182	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
183	$_POST['login'] = '';
184	}
185
186	/* Email without forbidden domains */
187	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
188	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
189	//{
190	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
191	// $_POST['login'] = '';
192	//}
193	/* This work with a code copy of ValidateEmailProvider() function */
194	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
195	$ncsemail = strtolower($_POST['email']);
196	{
197	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
198	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
199	{
200	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
201	{
202	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
203	$_POST['login'] = '';
204	}
205	}
206	}
207	}
208	}
209
210	/* User creation */
211	if (script_basename() == 'register')
212	{
213	if (isset($_POST['submit']))
214	{
215	/* Username non case sensitive */
216	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
217	{
218	$new_username = NotSensibleSearchUsername($_POST['login']);
219	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
220	}
221
222
223	/* Username without forbidden keys */
224	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
225	{
226	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
227	$_POST['login'] = '';
228	}
229
230
231	/* Email without forbidden domains */
232	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
233	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
234	//{
235	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
236	// $_POST['mail_address'] = '';
237	//}
238	/* This work with a code copy of ValidateEmailProvider() function */
239	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
240	$ncsemail = strtolower($_POST['mail_address']);
241	{
242	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
243	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
244	{
245	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
246	{
247	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
248	$_POST['login'] = '';
249	}
250	}
251	}
252	}
253	}
254
255	/* User profile update */
256	if (script_basename() == 'profile')
257	{
258	if (isset($_POST['validate']))
259	{
260	/* Sending email to user */
261	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
262	{
263	global $conf, $user ;
264	$errors = array();
265
266	$int_pattern = '/^\d+$/';
267	if (empty($_POST['nb_image_line'])
268	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
269	{
270	$errors[] = l10n('nb_image_line_error');
271	}
272
273	if (empty($_POST['nb_line_page'])
274	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
275	{
276	$errors[] = l10n('nb_line_page_error');
277	}
278
279	if ($_POST['maxwidth'] != ''
280	and (!preg_match($int_pattern, $_POST['maxwidth'])
281	or $_POST['maxwidth'] < 50))
282	{
283	$errors[] = l10n('maxwidth_error');
284	}
285	if ($_POST['maxheight']
286	and (!preg_match($int_pattern, $_POST['maxheight'])
287	or $_POST['maxheight'] < 50))
288	{
289	$errors[] = l10n('maxheight_error');
290	}
291	// periods must be integer values, they represents number of days
292	if (!preg_match($int_pattern, $_POST['recent_period'])
293	or $_POST['recent_period'] <= 0)
294	{
295	$errors[] = l10n('periods_error') ;
296	}
297
298	if (isset($_POST['mail_address']))
299	{
300	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
301	if (!empty($mail_error))
302	{
303	$errors[] = $mail_error;
304	}
305	/* This don't work on user's profile page - Why ?? */
306	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
307	$ncsemail = strtolower($_POST['mail_address']);
308	{
309	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
310	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
311	{
312	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
313	{
314	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
315	}
316	}
317	}
318	if (!empty($mail_error))
319	{
320	$errors[] = $mail_error;
321	}
322	}
323	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
324	//if (isset($_POST['mail_address']))
325	//{
326	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
327	// if (!empty($mail_error))
328	// {
329	// $errors[] = $mail_error;
330	// }
331	//}
332
333	$typemail = 3;
334
335	if (!empty($_POST['use_new_pwd']))
336	{
337	$typemail = 2;
338
339	// password must be the same as its confirmation
340	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
341	{
342	$errors[] = l10n('New password confirmation does not correspond');
343	}
344
345	if ( !defined('IN_ADMIN') )
346	{// changing password requires old password
347	$query = '
348	SELECT '.$conf['user_fields']['password'].' AS password
349	FROM '.USERS_TABLE.'
350	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
351	;';
352	list($current_password) = mysql_fetch_row(pwg_query($query));
353
354	if ($conf['pass_convert']($_POST['password']) != $current_password)
355	{
356	$errors[] = l10n('Current password is wrong');
357	}
358	}
359	}
360
361	$confirm_mail_need = false;
362
363	if (!empty($_POST['mail_address']))
364	{
365	$query = '
366	SELECT '.$conf['user_fields']['email'].' AS email
367	FROM '.USERS_TABLE.'
368	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
369	;';
370	list($current_email) = mysql_fetch_row(pwg_query($query));
371
372	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
373	$confirm_mail_need = true;
374	}
375
376	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
377	{
378	$query = '
379	SELECT '.$conf['user_fields']['username'].'
380	FROM '.USERS_TABLE.'
381	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
382	;';
383	list($username) = mysql_fetch_row(pwg_query($query));
384
385
386	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
387	}
388	}
389	}
390	}
391	}
392
393	add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
394
395	function ChangeRegisterProfilePage()
396	{
397	global $conf, $template;
398
399	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
400
401	/* creation OU mise a jour de user */
402	// if (in_array(script_basename(), array('register', 'profile')))
403	// {
404	//if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
405	//{
406	// $template->set_filenames( array('register'=>'register.tpl') );
407
408	// $template->loadfile('register');
409
410	// $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);
411	//}
412	// }
413	}
414
415	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
416
417	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
418	{
419	load_language('plugin.lang', NBC_UserAdvManager_PATH);
420	global $infos, $conf, $template;
421
422	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
423
424	/* User creation OR update */
425	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
426	{
427	$comment_action = 'reject';
428
429	array_push($infos, l10n('UserAdvManager_Empty Author'));
430	}
431
432	return $comment_action;
433	}
434
435	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: