source: extensions/NBC_UserAdvManager/main.inc.php @ 3733

Last change on this file since 3733 was 3440, checked in by Eric, 15 years ago

V2.10.9d : code revision in ConfirmMail.tpl. We don't need any more the "template" sub-directory to enhance "back link" icon on this page.

  • Property svn:eol-style set to LF
File size: 15.5 KB
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.10.9d
5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                        Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                        Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                        Bug fixed - Notice on forbidden characters function use
34                        Bug fixed - Audit on forbidden characters in username didn't work
35                        Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45*/
46
47/*
48
49 ***** TODO List *****
50
51-- No validation needed for admins users comments (new trigger needed in comments.php)
52
53-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
54
55-- Administration page for Confirm Mail
56  ++ Admin tabsheet for Confirm Mail to set options :
57                ++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
58                ++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
59                ++ List of users with expired validation time
60                ++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
61                ++ Opportunities to take actions on database tables :
62                ++ Re-asking validation (case of non reception of validation email)
63                ++ Force expiration
64                        ++ Force confirmation
65                ++ Cleanup expired user's accounts
66        ++ (...)
67
68-- Password control and enforcement
69  -- Empty password (done in Piwigo 2.x)
70  ++ Can not be the same as username
71  ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
72 
73-- Security : Blocking brut-force attacks !
74
75-- Opportunity to copy a registered user for new user creation
76  ++ new copied user will (or not) belong to the same groups
77  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
78  ++ new copied user will (or not) get the same properties
79  ++ new copied user will (or not) get the same language
80  ... and so on
81 
82*/
83
84
85
86if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
87define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
88define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
89include_once (NBC_UserAdvManager_PATH.'include/constants.php');
90include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
91load_language('plugin.lang', NBC_UserAdvManager_PATH);
92
93
94/* Plugin admin */
95add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
96
97function nbc_UserAdvManager_admin_menu($menu)
98{
99  array_push($menu,
100    array(
101      'NAME' => 'UserAdvManager',
102      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
103    )
104  );
105
106  return $menu;
107}
108
109
110
111/* User creation */
112add_event_handler('register_user', 'UserAdvManager_Adduser');
113
114function UserAdvManager_Adduser($register_user)
115{
116  global $conf;
117 
118  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
119
120  if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
121    SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
122}
123
124
125
126/* User deletion */
127add_event_handler('delete_user', 'UserAdvManager_Deluser');
128
129function UserAdvManager_Deluser($user_id)
130{
131
132  DeleteConfirmMail($user_id);
133
134}
135
136
137
138add_event_handler('init', 'UserAdvManager_InitPage');
139 
140function UserAdvManager_InitPage()
141{
142  load_language('plugin.lang', NBC_UserAdvManager_PATH);
143  global $conf, $template, $page, $lang;
144
145  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
146 
147
148  if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
149    $lang['reg_err_login5'] = l10n('new_reg_err_login5');
150 
151
152 
153/* User identification */
154  if (script_basename() == 'identification')
155  {
156    if (isset($_POST['login']))
157    {
158      /* User non case sensitive */
159      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
160      {
161        $new_username =  NotSensibleSearchUsername($_POST['username']);
162        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
163      }
164    }
165  }
166
167
168
169/* Admin user management */
170  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
171  {
172    if (isset($_POST['submit_add']))
173    {
174      /* User non case sensitive */
175      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
176      {
177        $new_username =  NotSensibleSearchUsername($_POST['login']);
178        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
179      }
180
181
182      /* Username without forbidden keys */
183      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
184      {
185        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
186        $_POST['login'] = '';
187      }
188
189      /* Email without forbidden domains */
190      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
191      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
192      //{
193      //  $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
194          //  $_POST['login'] = '';
195          //}
196      /* This work with a code copy of ValidateEmailProvider() function */
197          if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
198                {
199                  $ncsemail = strtolower($_POST['email']);
200                  $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
201                  for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
202                    {
203                          if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
204                            {
205                          $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
206                          $_POST['login'] = '';
207                                }
208                        }
209                }
210    }
211  }
212
213/* User creation */
214  if (script_basename() == 'register')
215  {
216    if (isset($_POST['submit']))
217    {
218      /* Username non case sensitive */
219      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
220      {
221        $new_username =  NotSensibleSearchUsername($_POST['login']);
222        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
223      }
224
225
226      /* Username without forbidden keys */
227      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
228      {
229        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
230        $_POST['login'] = '';
231      }
232
233
234      /* Email without forbidden domains */
235      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
236      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
237      //{
238      //  $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
239      //  $_POST['mail_address'] = '';
240      //}
241      /* This work with a code copy of ValidateEmailProvider() function */
242                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
243                  {
244                        $ncsemail = strtolower($_POST['mail_address']);
245                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
246                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
247                          {
248                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
249                                  {
250                                    $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
251                                        $_POST['login'] = '';
252                                  }
253                          }
254                  }
255    }
256  }
257
258/* User profile update */
259  if (script_basename() == 'profile')
260  {
261    if (isset($_POST['validate']))
262    {
263      /* Sending email to user */
264      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
265      {
266        global $conf, $user ;
267        $errors = array();
268 
269        $int_pattern = '/^\d+$/';
270        if (empty($_POST['nb_image_line'])
271            or (!preg_match($int_pattern, $_POST['nb_image_line'])))
272        {
273          $errors[] = l10n('nb_image_line_error');
274        }
275     
276        if (empty($_POST['nb_line_page'])
277            or (!preg_match($int_pattern, $_POST['nb_line_page'])))
278        {
279          $errors[] = l10n('nb_line_page_error');
280        }
281     
282        if ($_POST['maxwidth'] != ''
283            and (!preg_match($int_pattern, $_POST['maxwidth'])
284                 or $_POST['maxwidth'] < 50))
285        {
286          $errors[] = l10n('maxwidth_error');
287        }
288        if ($_POST['maxheight']
289             and (!preg_match($int_pattern, $_POST['maxheight'])
290                   or $_POST['maxheight'] < 50))
291        {
292          $errors[] = l10n('maxheight_error');
293        }
294        // periods must be integer values, they represents number of days
295        if (!preg_match($int_pattern, $_POST['recent_period'])
296            or $_POST['recent_period'] <= 0)
297        {
298          $errors[] = l10n('periods_error') ;
299        }
300
301        if (isset($_POST['mail_address']))
302        {
303          $mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
304          if (!empty($mail_error))
305          {
306            $errors[] = $mail_error;
307          }
308        /* This don't work on user's profile page - Why ?? */
309                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
310                  {
311                        $ncsemail = strtolower($_POST['mail_address']);
312                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
313                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
314                          {
315                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
316                                  {
317                                    $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
318                                  }
319                          }
320                  }
321              if (!empty($mail_error))
322          {
323            $errors[] = $mail_error;
324          }
325        }
326                /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
327        //if (isset($_POST['mail_address']))
328        //{
329        //  $mail_error = ValidateEmailProvider($_POST['mail_address']);
330        //  if (!empty($mail_error))
331        //  {
332        //    $errors[] = $mail_error;
333        //  }
334        //}
335
336        $typemail = 3;
337       
338        if (!empty($_POST['use_new_pwd']))
339        {
340          $typemail = 2;
341
342          // password must be the same as its confirmation
343          if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
344          {
345            $errors[] = l10n('New password confirmation does not correspond');
346          }
347     
348          if ( !defined('IN_ADMIN') )
349          {// changing password requires old password
350            $query = '
351              SELECT '.$conf['user_fields']['password'].' AS password
352              FROM '.USERS_TABLE.'
353              WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
354            ;';
355            list($current_password) = mysql_fetch_row(pwg_query($query));
356       
357            if ($conf['pass_convert']($_POST['password']) != $current_password)
358            {
359              $errors[] = l10n('Current password is wrong');
360            }
361          }
362        }
363       
364        $confirm_mail_need = false;
365             
366        if (!empty($_POST['mail_address']))
367        {
368          $query = '
369            SELECT '.$conf['user_fields']['email'].' AS email
370            FROM '.USERS_TABLE.'
371            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
372          ;';
373          list($current_email) = mysql_fetch_row(pwg_query($query));
374     
375          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
376            $confirm_mail_need = true;
377        }
378
379        if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
380        {
381          $query = '
382            SELECT '.$conf['user_fields']['username'].'
383            FROM '.USERS_TABLE.'
384            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
385          ;';
386          list($username) = mysql_fetch_row(pwg_query($query));
387
388
389          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
390        }
391      }
392    }
393  }
394}
395
396add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
397
398function ChangeRegisterProfilePage()
399{
400  global $conf, $template;
401
402  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
403
404/* creation OU mise a jour de user */
405//  if (in_array(script_basename(), array('register', 'profile')))
406//  {
407    //if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
408    //{
409    //  $template->set_filenames( array('register'=>'register.tpl') );
410
411    //  $template->loadfile('register');
412
413    //  $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);     
414    //}
415//  }
416}
417
418add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
419
420function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
421{
422  load_language('plugin.lang', NBC_UserAdvManager_PATH);
423  global $infos, $conf, $template;
424
425  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
426
427/* User creation OR update */
428  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
429  {
430    $comment_action = 'reject';
431
432    array_push($infos, l10n('UserAdvManager_Empty Author'));
433  }
434
435  return $comment_action;
436}
437
438?>
Note: See TracBrowser for help on using the repository browser.