source: extensions/NBC_UserAdvManager/tags/2.12.6/main.inc.php @ 4251

Revision 4251, 20.2 KB checked in by Eric, 10 years ago (diff)

[NBC_UserAdvManager] Creating 2.12.6 release - Merged from Branch 2.12 to Tag 2.12.6 :

  • Bug 1236 fixed : Admins couldn't add new users accounts in admin panel.
  • Beginning of IT translation
  • Some language files corrections
  • Property svn:eol-style set to LF
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.12.6
5Description: Renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                                                Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                                                Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                                                Bug fixed - Notice on forbidden characters function use
34                                                Bug fixed - Audit on forbidden characters in username didn't work
35                                                Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46                                                        ereg replaced by preg_match
47                                                        eregi replace by preg_match with "i" moderator
48                                                        split replace by preg_split
49                               
50-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52
53 ***** Plugin history (branch 2.11)*****
54
55-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...)
56                                                Beautify plugin's main admin panel
57                                               
58-- 2.11.1 : Bug fixed with install and upgrade functions
59                                                Language files correction
60
61-- 2.11.2 : Bug fixed on bad query for unvalidated users display in unvalidated users list
62                                                Bug fixed : Sql syntax error on plugin activation
63
64-- 2.11.3 : On Patricia's request (french forum and bug 1173), the unvalidated users management tab shows users according with the settings of unvalidated group and / or unvalidated status.
65                                                Feature 1172 added : Email providers exclusion list can be set with CR/LF between each entry. The comma seperator (,) is still mandatory.
66                                                Bug 1175 fixed : Bad translation tag in french language file.
67                                                Improvement of unvalidated users management tab (feature 1174)- Expired users are displayed in red color text.
68
69-- 2.11.4 : Bug 1177 fixed : Width of excluded email providers list reset to ancient value (80 col)
70                                                Bug 1179 fixed : Adding a notice in plugin inline documentation for use of validation groups and status. A default group must be set in Piwigo's groups settings and the "Guest" (or another user) must be set as default for status values.
71                                                Bug 1182 fixed : Language tag missing in confirmation email generation
72
73-- 2.11.5 : Bug 1195 fixed : Registration displays the good title
74
75
76 ***** Plugin history (branch 2.12)*****
77
78-- 2.12.0 : Bug 1206 fixed : All plugin functionnalities work in user's profile page
79                Plugin's core code and admin panel refactoring
80                Password control and enforcement : A complexity score is computed on user registration. If this score is less than the goal set by admin, the password choosen is rejected.
81                Feature 1194 "Ghost Tracker" added : New plugin tab displays users who don't comes back to the gallery since x days. Ability to send email reminders and to delete reminded but "dead" users. It's the reason why this feature is called "Ghost Tracker".
82
83-- 2.12.1 : Rollback on admin panel improvement (it was a bad idea)
84
85-- 2.12.2 : Bug 1221 fixed - Adding of a new funtion to populate the lastvisit table on Ghost Tracker activation
86            Bug 1224 fixed - Error in database after plugin activation
87            Bug 1225 fixed - "Reminder" status don't change from "false" to "true" after the sent of a reminder email
88            Some code beautify (SQL requests and HTML 4 strict for tpl)
89
90-- 2.12.3 : Bug 1226 fixed - "duplicate key error" when lastvisit table is not empty and on using Ghost Tracker init function
91
92-- 2.12.4 : Adding a password field control for SendMail2User - Neighborhood plugin compatibility improvement
93            Bug 1229 fixed - Email was no longer mandatory when plugin was active, even if Piwigo's email madatory option was set.
94
95-- 2.12.5 : Bug 1233 fixed -  "duplicate key error" when a user wants to register with an existing username. In fact, all standard Piwigo's register controls didn't work when plugin was activated. That fixes this too.
96            Adding DE, ES and IT languages. All translations are not finalized and could be improved.
97            Adding of description.txt file in language directories.
98
99-- 2.12.6 : Bug 1236 fixed -  Admins was unable to add a new user in the user_list page.
100            Beginning of IT translations
101*/
102
103/*
104
105 ***** TODO List *****
106++ No validation needed for admins users comments (new trigger needed in comments.php ?)
107
108++ No single email check for admins (new trigger needed in functions_user.inc.php ?)
109
110++ Password control and enforcement
111  ?? Can not be the same as username -> Could password score control be sufficient ?
112 
113++ Security : Blocking brut-force attacks !
114              -> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin.
115              To unlock the locked account :
116               -> A new table in admin's plugin panel which would display the locked accounts.
117               -> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account.
118               -> Both of above solutions ?
119
120++ Opportunity to copy a registered user for new user creation
121  ++ new copied user will (or not) belong to the same groups
122  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
123  ++ new copied user will (or not) get the same properties
124  ++ new copied user will (or not) get the same language
125  ... and so on
126 
127*/
128
129
130if (!defined('PHPWG_ROOT_PATH'))
131{
132  die('Hacking attempt!');
133}
134
135define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
136define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
137
138include_once (NBC_UserAdvManager_PATH.'include/constants.php');
139include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
140
141load_language('plugin.lang', NBC_UserAdvManager_PATH);
142
143
144/* Plugin admin */
145add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
146
147function nbc_UserAdvManager_admin_menu($menu)
148{
149  array_push($menu,
150    array(
151      'NAME' => 'UserAdvManager',
152      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
153    )
154  );
155
156  return $menu;
157}
158
159
160add_event_handler('loc_begin_index', 'UserAdvManager_GhostTracker');
161
162function UserAdvManager_GhostTracker()
163{
164  global $conf, $user;
165 
166  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
167
168  if (isset($conf_nbc_UserAdvManager[17]) and $conf_nbc_UserAdvManager[17] == 'true' and !is_admin() and !is_a_guest())
169  {
170
171    $userid = get_userid($user['username']);
172         
173    /* Looking for existing entry in last visit table */
174    $query = '
175SELECT *
176  FROM '.USER_LASTVISIT_TABLE.'
177WHERE user_id = '.$userid.'
178;';
179       
180    $count = mysql_num_rows(pwg_query($query));
181         
182    if ($count == 0)
183    {
184      /* If not, data are inserted in table */
185      $query = '
186INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
187VALUES ('.$userid.', now(), "false")
188;';
189      pwg_query($query);
190    }
191    else if ($count > 0)
192    {
193      /* If yes, data are updated in table */
194      $query = '
195UPDATE '.USER_LASTVISIT_TABLE.'
196SET lastvisit = now(), reminder = "false"
197WHERE user_id = '.$userid.'
198LIMIT 1
199;';
200      pwg_query($query);
201    }
202  }
203}
204
205
206/* User creation */
207add_event_handler('register_user', 'UserAdvManager_Adduser');
208
209function UserAdvManager_Adduser($register_user)
210{
211  global $conf;
212 
213  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
214 
215  /* Sending registration confirmation by email */
216  if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
217  {
218    $passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
219    SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
220  }
221}
222
223
224
225/* User deletion */
226add_event_handler('delete_user', 'UserAdvManager_Deluser');
227
228function UserAdvManager_Deluser($user_id)
229{
230  /* Cleanup for ConfirmMail table */
231  DeleteConfirmMail($user_id);
232  /* Cleanup for LastVisit table */
233  DeleteLastVisit($user_id);
234}
235
236
237/* Check users registration */
238add_event_handler('register_user_check', 'UserAdvManager_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
239
240function UserAdvManager_RegistrationCheck($err, $user)
241{
242  global $errors, $conf;
243
244/* *********************************************************** */
245/* We need to reset the standard Piwigo's register controls    */
246/* because the call of register_user_check trigger resets them */
247/* *********************************************************** */
248  /* ********************************** */
249  /* Standard Piwigo's username control */
250  /* ********************************** */
251  if ($_POST['login'] == '')
252  {
253    return l10n('reg_err_login1');
254  }
255  if (preg_match('/^.* $/', $_POST['login']))
256  {
257    return l10n('reg_err_login2');
258  }
259  if (preg_match('/^ .*$/', $_POST['login']))
260  {
261    return l10n('reg_err_login3');
262  }
263  if (get_userid($_POST['login']))
264  {
265    return l10n('reg_err_login5');
266  }
267
268  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') /* not the same email variable if we are on users registration page or on admin's user registration page*/
269  {
270    /* ***************************** */
271    /* Standard Piwigo's email check */
272    /* ***************************** */
273    $atom   = '[-a-z0-9!#$%&\'*+\\/=?^_`{|}~]';   // before  arobase
274    $domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
275    $regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
276 
277    if (!preg_match($regex, $_POST['email']))
278    {
279      return l10n('reg_err_mail_address');
280    }
281   
282    if (!empty($_POST['email']))
283    {
284      $query = '
285select count(*)
286from '.USERS_TABLE.'
287where upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['email'].'\');';
288      list($count) = mysql_fetch_array(pwg_query($query));
289      if ($count != 0)
290      {
291        return l10n('reg_err_mail_address_dbl');
292      }
293    }
294  }
295  else
296  {
297    /* ***************************** */
298    /* Standard Piwigo's email check */
299    /* ***************************** */
300    $atom   = '[-a-z0-9!#$%&\'*+\\/=?^_`{|}~]';   // before  arobase
301    $domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
302    $regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
303
304    if (!preg_match($regex, $_POST['mail_address']))
305    {
306      return l10n('reg_err_mail_address');
307    }
308   
309    if (!empty($_POST['mail_address']))
310    {
311      $query = '
312select count(*)
313from '.USERS_TABLE.'
314where upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\');';
315      list($count) = mysql_fetch_array(pwg_query($query));
316      if ($count != 0)
317      {
318        return l10n('reg_err_mail_address_dbl');
319      }
320    }
321  }
322/* ****************************************** */
323/* End of Piwigo's standard register controls */
324/* ****************************************** */
325
326
327/* ****************************************** */
328/* Here begins the advanced register controls */
329/* ****************************************** */
330  $PasswordCheck = 0;
331 
332  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
333
334  /* Password enforcement control */
335  if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
336  {
337    if (!empty($user['password']) and !is_admin())
338    {
339      $PasswordCheck = testpassword($user['password']);
340 
341      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
342      {
343        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
344        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
345      }
346    }
347    else if (!empty($user['password']) and is_admin() and isset($conf_nbc_UserAdvManager[16]) and $conf_nbc_UserAdvManager[16] == 'true')
348    { 
349      $PasswordCheck = testpassword($user['password']);
350 
351      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
352      {
353        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
354        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
355      }
356    }
357  }
358
359  /* Username non case sensitive */
360  if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
361  {
362    $new_username =  NotSensibleSearchUsername($_POST['login']);
363    $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
364  }
365
366  /* Username without forbidden keys */
367  if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
368  {
369    $_POST['login'] = '';
370    return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'");
371  }
372
373  /* Email without forbidden domains */
374  if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
375  {
376    //$_POST['mail_address'] = '';
377    return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
378  }
379}
380
381
382if (script_basename() == 'profile')
383{
384  add_event_handler('loc_begin_profile', 'UserAdvManager_Profile_Init');
385
386  function UserAdvManager_Profile_Init()
387  {
388    global $conf, $user, $template;
389
390    $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
391
392    if (isset($_POST['validate']))
393    {
394      /* Email without forbidden domains */
395      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
396      {
397        if (!ValidateEmailProvider($_POST['mail_address']))
398        {
399          $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
400          unset($_POST['validate']);
401        }
402      }
403
404      $typemail = 3;
405     
406      if (!empty($_POST['use_new_pwd']))
407      {
408        $typemail = 2;
409       
410        /* Password enforcement control */
411        if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
412        {
413          $PasswordCheck = testpassword($_POST['use_new_pwd']);
414         
415          if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
416          {
417            $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
418            $template->append('errors', l10n_args($message).$conf_nbc_UserAdvManager[15]);
419            unset($_POST['use_new_pwd']);
420            unset($_POST['validate']);
421          }
422        }
423      }
424     
425      /* Sending registration confirmation by email */
426      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
427      {
428        $confirm_mail_need = false;
429             
430        if (!empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']))
431        {
432          $query = '
433SELECT '.$conf['user_fields']['email'].' AS email
434FROM '.USERS_TABLE.'
435WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
436;';
437         
438          list($current_email) = mysql_fetch_row(pwg_query($query));
439     
440          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
441       
442            $confirm_mail_need = true;
443        }
444       
445        if ((!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
446        {
447          $query = '
448SELECT '.$conf['user_fields']['username'].'
449FROM '.USERS_TABLE.'
450WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
451;';
452       
453          list($username) = mysql_fetch_row(pwg_query($query));
454
455          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
456        }
457      }
458    }
459  }
460}
461
462
463add_event_handler('init', 'UserAdvManager_InitPage');
464 
465function UserAdvManager_InitPage()
466{
467  load_language('plugin.lang', NBC_UserAdvManager_PATH);
468  global $conf, $template, $page, $lang, $errors;
469
470  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
471 
472  /* Username non case sensitive */
473  if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
474  {
475    $lang['reg_err_login5'] = l10n('reg_err_login5');
476  }
477 
478
479 
480/* User identification */
481  if (script_basename() == 'identification')
482  {
483    if (isset($_POST['login']))
484    {
485      /* User non case sensitive */
486      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
487      {
488        $new_username =  NotSensibleSearchUsername($_POST['username']);
489        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
490      }
491    }
492  }
493
494
495/* Admin user management */
496  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
497  {
498    if (isset($_POST['submit_add']))
499    {
500      /* User non case sensitive */
501      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
502      {
503        $new_username =  NotSensibleSearchUsername($_POST['login']);
504        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
505      }
506
507      /* Username without forbidden keys */
508      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
509      {
510        $template->append('errors', l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'");
511        unset($_POST['submit_add']);
512      }
513
514      /* Email without forbidden domains */
515      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
516      {
517        $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
518        unset($_POST['submit_add']);
519      }
520    }
521  }
522}
523
524
525add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
526
527function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
528{
529  load_language('plugin.lang', NBC_UserAdvManager_PATH);
530  global $infos, $conf, $template;
531
532  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
533
534/* User creation OR update */
535  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
536  {
537    $comment_action = 'reject';
538
539    array_push($infos, l10n('UserAdvManager_Empty Author'));
540  }
541
542  return $comment_action;
543}
544
545?>
Note: See TracBrowser for help on using the repository browser.