[3742] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | Plugin Name: NBC UserAdvManager |
---|
[4234] | 4 | Version: 2.12.5 |
---|
[4226] | 5 | Description: Renforcer les possibilités de gestion des utilisateurs - Enforce users management |
---|
[3742] | 6 | Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216 |
---|
| 7 | Author: Nicco, Eric |
---|
| 8 | Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net |
---|
| 9 | */ |
---|
| 10 | |
---|
| 11 | /* |
---|
| 12 | ***** Plugin history (branch 2.10)***** |
---|
| 13 | |
---|
| 14 | -- 2.10.0-beta : Initial beta release for Piwigo compatibility |
---|
| 15 | -- 2.10.1-beta : Small correction on generated path |
---|
| 16 | -- 2.10.2-beta : Bug resolved on register validation page |
---|
| 17 | |
---|
| 18 | -- 2.10.3 : Final and fully functional release |
---|
[3982] | 19 | Bug resolved on plugin activation |
---|
[3742] | 20 | |
---|
| 21 | -- 2.10.4 : Bug fixed on profiles update |
---|
| 22 | |
---|
| 23 | -- 2.10.5 : Improved code on profiles update |
---|
| 24 | |
---|
| 25 | -- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version) |
---|
| 26 | |
---|
| 27 | -- 2.10.7 : Bug fixed on user's validation email sending |
---|
| 28 | |
---|
| 29 | -- 2.10.8 : ConfirmMail page looks better (Sylvia theme only) |
---|
[3982] | 30 | Improved code for checking author on guest comments |
---|
[3742] | 31 | |
---|
| 32 | -- 2.10.9 : Bug fixed - Missing english translation |
---|
[3982] | 33 | Bug fixed - Notice on forbidden characters function use |
---|
| 34 | Bug fixed - Audit on forbidden characters in username didn't work |
---|
| 35 | Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one. |
---|
[3742] | 36 | |
---|
| 37 | -- 2.10.9a : Email provider exclusion is no longer case sensitive |
---|
| 38 | |
---|
[3775] | 39 | -- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path. |
---|
| 40 | |
---|
| 41 | -- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail" |
---|
| 42 | |
---|
| 43 | -- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl |
---|
| 44 | |
---|
| 45 | -- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like : |
---|
[3982] | 46 | ereg replaced by preg_match |
---|
| 47 | eregi replace by preg_match with "i" moderator |
---|
| 48 | split replace by preg_split |
---|
[3775] | 49 | |
---|
[4185] | 50 | -- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin |
---|
[3775] | 51 | |
---|
[4185] | 52 | |
---|
| 53 | ***** Plugin history (branch 2.11)***** |
---|
| 54 | |
---|
[3858] | 55 | -- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...) |
---|
| 56 | Beautify plugin's main admin panel |
---|
[3872] | 57 | |
---|
| 58 | -- 2.11.1 : Bug fixed with install and upgrade functions |
---|
| 59 | Language files correction |
---|
[3742] | 60 | |
---|
[3881] | 61 | -- 2.11.2 : Bug fixed on bad query for unvalidated users display in unvalidated users list |
---|
| 62 | Bug fixed : Sql syntax error on plugin activation |
---|
| 63 | |
---|
[3982] | 64 | -- 2.11.3 : On Patricia's request (french forum and bug 1173), the unvalidated users management tab shows users according with the settings of unvalidated group and / or unvalidated status. |
---|
[4135] | 65 | Feature 1172 added : Email providers exclusion list can be set with CR/LF between each entry. The comma seperator (,) is still mandatory. |
---|
[3982] | 66 | Bug 1175 fixed : Bad translation tag in french language file. |
---|
| 67 | Improvement of unvalidated users management tab (feature 1174)- Expired users are displayed in red color text. |
---|
[3896] | 68 | |
---|
[3982] | 69 | -- 2.11.4 : Bug 1177 fixed : Width of excluded email providers list reset to ancient value (80 col) |
---|
| 70 | Bug 1179 fixed : Adding a notice in plugin inline documentation for use of validation groups and status. A default group must be set in Piwigo's groups settings and the "Guest" (or another user) must be set as default for status values. |
---|
| 71 | Bug 1182 fixed : Language tag missing in confirmation email generation |
---|
| 72 | |
---|
[4061] | 73 | -- 2.11.5 : Bug 1195 fixed : Registration displays the good title |
---|
| 74 | |
---|
[4185] | 75 | |
---|
| 76 | ***** Plugin history (branch 2.12)***** |
---|
| 77 | |
---|
[4153] | 78 | -- 2.12.0 : Bug 1206 fixed : All plugin functionnalities work in user's profile page |
---|
[4135] | 79 | Plugin's core code and admin panel refactoring |
---|
| 80 | Password control and enforcement : A complexity score is computed on user registration. If this score is less than the goal set by admin, the password choosen is rejected. |
---|
| 81 | Feature 1194 "Ghost Tracker" added : New plugin tab displays users who don't comes back to the gallery since x days. Ability to send email reminders and to delete reminded but "dead" users. It's the reason why this feature is called "Ghost Tracker". |
---|
[4153] | 82 | |
---|
| 83 | -- 2.12.1 : Rollback on admin panel improvement (it was a bad idea) |
---|
[4159] | 84 | |
---|
| 85 | -- 2.12.2 : Bug 1221 fixed - Adding of a new funtion to populate the lastvisit table on Ghost Tracker activation |
---|
| 86 | Bug 1224 fixed - Error in database after plugin activation |
---|
| 87 | Bug 1225 fixed - "Reminder" status don't change from "false" to "true" after the sent of a reminder email |
---|
| 88 | Some code beautify (SQL requests and HTML 4 strict for tpl) |
---|
[4164] | 89 | |
---|
[4185] | 90 | -- 2.12.3 : Bug 1226 fixed - "duplicate key error" when lastvisit table is not empty and on using Ghost Tracker init function |
---|
| 91 | |
---|
| 92 | -- 2.12.4 : Adding a password field control for SendMail2User - Neighborhood plugin compatibility improvement |
---|
| 93 | Bug 1229 fixed - Email was no longer mandatory when plugin was active, even if Piwigo's email madatory option was set. |
---|
[4234] | 94 | |
---|
| 95 | -- 2.12.5 : Bug 1233 fixed - "duplicate key error" when a user wants to register with an existing username. In fact, all standard Piwigo's register controls didn't work when plugin was activated. That fixes this too. |
---|
| 96 | Adding DE, ES and IT languages. All translations are not finalized and could be improved. |
---|
| 97 | Adding of description.txt file in language directories. |
---|
[3742] | 98 | */ |
---|
| 99 | |
---|
| 100 | /* |
---|
| 101 | |
---|
| 102 | ***** TODO List ***** |
---|
[4135] | 103 | ++ No validation needed for admins users comments (new trigger needed in comments.php ?) |
---|
[3742] | 104 | |
---|
[4135] | 105 | ++ No single email check for admins (new trigger needed in functions_user.inc.php ?) |
---|
[3742] | 106 | |
---|
| 107 | ++ Password control and enforcement |
---|
[4124] | 108 | ?? Can not be the same as username -> Could password score control be sufficient ? |
---|
[3742] | 109 | |
---|
| 110 | ++ Security : Blocking brut-force attacks ! |
---|
[4159] | 111 | -> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin. |
---|
| 112 | To unlock the locked account : |
---|
| 113 | -> A new table in admin's plugin panel which would display the locked accounts. |
---|
| 114 | -> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account. |
---|
| 115 | -> Both of above solutions ? |
---|
[3742] | 116 | |
---|
| 117 | ++ Opportunity to copy a registered user for new user creation |
---|
| 118 | ++ new copied user will (or not) belong to the same groups |
---|
| 119 | ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??)) |
---|
| 120 | ++ new copied user will (or not) get the same properties |
---|
| 121 | ++ new copied user will (or not) get the same language |
---|
| 122 | ... and so on |
---|
| 123 | |
---|
| 124 | */ |
---|
| 125 | |
---|
| 126 | |
---|
[4124] | 127 | if (!defined('PHPWG_ROOT_PATH')) |
---|
| 128 | { |
---|
| 129 | die('Hacking attempt!'); |
---|
| 130 | } |
---|
[3742] | 131 | |
---|
| 132 | define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__))); |
---|
| 133 | define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/'); |
---|
[3858] | 134 | |
---|
[3742] | 135 | include_once (NBC_UserAdvManager_PATH.'include/constants.php'); |
---|
| 136 | include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php'); |
---|
[3858] | 137 | |
---|
[3742] | 138 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
| 139 | |
---|
| 140 | |
---|
| 141 | /* Plugin admin */ |
---|
| 142 | add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu'); |
---|
| 143 | |
---|
| 144 | function nbc_UserAdvManager_admin_menu($menu) |
---|
| 145 | { |
---|
| 146 | array_push($menu, |
---|
| 147 | array( |
---|
| 148 | 'NAME' => 'UserAdvManager', |
---|
| 149 | 'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php') |
---|
| 150 | ) |
---|
| 151 | ); |
---|
| 152 | |
---|
| 153 | return $menu; |
---|
| 154 | } |
---|
| 155 | |
---|
| 156 | |
---|
[4143] | 157 | add_event_handler('loc_begin_index', 'UserAdvManager_GhostTracker'); |
---|
[3742] | 158 | |
---|
[4143] | 159 | function UserAdvManager_GhostTracker() |
---|
| 160 | { |
---|
| 161 | global $conf, $user; |
---|
| 162 | |
---|
| 163 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
| 164 | |
---|
| 165 | if (isset($conf_nbc_UserAdvManager[17]) and $conf_nbc_UserAdvManager[17] == 'true' and !is_admin() and !is_a_guest()) |
---|
| 166 | { |
---|
| 167 | |
---|
| 168 | $userid = get_userid($user['username']); |
---|
| 169 | |
---|
| 170 | /* Looking for existing entry in last visit table */ |
---|
| 171 | $query = ' |
---|
| 172 | SELECT * |
---|
[4159] | 173 | FROM '.USER_LASTVISIT_TABLE.' |
---|
[4143] | 174 | WHERE user_id = '.$userid.' |
---|
| 175 | ;'; |
---|
| 176 | |
---|
| 177 | $count = mysql_num_rows(pwg_query($query)); |
---|
| 178 | |
---|
| 179 | if ($count == 0) |
---|
| 180 | { |
---|
| 181 | /* If not, data are inserted in table */ |
---|
| 182 | $query = ' |
---|
| 183 | INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder) |
---|
| 184 | VALUES ('.$userid.', now(), "false") |
---|
| 185 | ;'; |
---|
| 186 | pwg_query($query); |
---|
| 187 | } |
---|
| 188 | else if ($count > 0) |
---|
| 189 | { |
---|
| 190 | /* If yes, data are updated in table */ |
---|
| 191 | $query = ' |
---|
| 192 | UPDATE '.USER_LASTVISIT_TABLE.' |
---|
| 193 | SET lastvisit = now(), reminder = "false" |
---|
| 194 | WHERE user_id = '.$userid.' |
---|
| 195 | LIMIT 1 |
---|
| 196 | ;'; |
---|
| 197 | pwg_query($query); |
---|
| 198 | } |
---|
| 199 | } |
---|
| 200 | } |
---|
| 201 | |
---|
| 202 | |
---|
[3742] | 203 | /* User creation */ |
---|
| 204 | add_event_handler('register_user', 'UserAdvManager_Adduser'); |
---|
| 205 | |
---|
| 206 | function UserAdvManager_Adduser($register_user) |
---|
| 207 | { |
---|
| 208 | global $conf; |
---|
| 209 | |
---|
| 210 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
[4124] | 211 | |
---|
| 212 | /* Sending registration confirmation by email */ |
---|
| 213 | if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true')) |
---|
| 214 | { |
---|
[4185] | 215 | $passwd = (isset($_POST['password'])) ? $_POST['password'] : ''; |
---|
| 216 | SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true); |
---|
[4124] | 217 | } |
---|
[3742] | 218 | } |
---|
| 219 | |
---|
| 220 | |
---|
| 221 | |
---|
| 222 | /* User deletion */ |
---|
| 223 | add_event_handler('delete_user', 'UserAdvManager_Deluser'); |
---|
| 224 | |
---|
| 225 | function UserAdvManager_Deluser($user_id) |
---|
| 226 | { |
---|
[4159] | 227 | /* Cleanup for ConfirmMail table */ |
---|
[3742] | 228 | DeleteConfirmMail($user_id); |
---|
[4159] | 229 | /* Cleanup for LastVisit table */ |
---|
| 230 | DeleteLastVisit($user_id); |
---|
[3742] | 231 | } |
---|
| 232 | |
---|
| 233 | |
---|
[4124] | 234 | /* Check users registration */ |
---|
| 235 | add_event_handler('register_user_check', 'UserAdvManager_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2); |
---|
[3742] | 236 | |
---|
[4124] | 237 | function UserAdvManager_RegistrationCheck($err, $user) |
---|
[3742] | 238 | { |
---|
[4124] | 239 | global $errors, $conf; |
---|
| 240 | |
---|
[4234] | 241 | /* *********************************************************** */ |
---|
| 242 | /* We need to reset the standard Piwigo's register controls */ |
---|
| 243 | /* because the call of register_user_check trigger resets them */ |
---|
| 244 | /* *********************************************************** */ |
---|
| 245 | /* ********************************** */ |
---|
| 246 | /* Standard Piwigo's username control */ |
---|
| 247 | /* ********************************** */ |
---|
| 248 | if ($_POST['login'] == '') |
---|
| 249 | { |
---|
| 250 | return l10n('reg_err_login1'); |
---|
| 251 | } |
---|
| 252 | if (preg_match('/^.* $/', $_POST['login'])) |
---|
| 253 | { |
---|
| 254 | return l10n('reg_err_login2'); |
---|
| 255 | } |
---|
| 256 | if (preg_match('/^ .*$/', $_POST['login'])) |
---|
| 257 | { |
---|
| 258 | return l10n('reg_err_login3'); |
---|
| 259 | } |
---|
| 260 | if (get_userid($_POST['login'])) |
---|
| 261 | { |
---|
| 262 | return l10n('reg_err_login5'); |
---|
| 263 | } |
---|
| 264 | |
---|
| 265 | /* ***************************** */ |
---|
| 266 | /* Standard Piwigo's email check */ |
---|
| 267 | /* ***************************** */ |
---|
| 268 | $atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{|}~]'; // before arobase |
---|
| 269 | $domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name |
---|
| 270 | $regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i'; |
---|
| 271 | |
---|
| 272 | if (!preg_match($regex, $_POST['mail_address'])) |
---|
| 273 | { |
---|
| 274 | return l10n('reg_err_mail_address'); |
---|
| 275 | } |
---|
| 276 | |
---|
| 277 | if (!empty($_POST['mail_address'])) |
---|
| 278 | { |
---|
| 279 | $query = ' |
---|
| 280 | select count(*) |
---|
| 281 | from '.USERS_TABLE.' |
---|
| 282 | where upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\');'; |
---|
| 283 | list($count) = mysql_fetch_array(pwg_query($query)); |
---|
| 284 | if ($count != 0) |
---|
| 285 | { |
---|
| 286 | return l10n('reg_err_mail_address_dbl'); |
---|
| 287 | } |
---|
| 288 | } |
---|
| 289 | /* ****************************************** */ |
---|
| 290 | /* End of Piwigo's standard register controls */ |
---|
| 291 | /* ****************************************** */ |
---|
| 292 | |
---|
| 293 | |
---|
| 294 | /* ****************************************** */ |
---|
| 295 | /* Here begins the advanced register controls */ |
---|
| 296 | /* ****************************************** */ |
---|
[4124] | 297 | $PasswordCheck = 0; |
---|
[4061] | 298 | |
---|
[3742] | 299 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
| 300 | |
---|
[4124] | 301 | /* Password enforcement control */ |
---|
| 302 | if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15])) |
---|
[3742] | 303 | { |
---|
[4124] | 304 | if (!empty($user['password']) and !is_admin()) |
---|
[3742] | 305 | { |
---|
[4124] | 306 | $PasswordCheck = testpassword($user['password']); |
---|
| 307 | |
---|
| 308 | if ($PasswordCheck < $conf_nbc_UserAdvManager[15]) |
---|
[3742] | 309 | { |
---|
[4124] | 310 | $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck); |
---|
| 311 | return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]); |
---|
[3742] | 312 | } |
---|
| 313 | } |
---|
[4124] | 314 | else if (!empty($user['password']) and is_admin() and isset($conf_nbc_UserAdvManager[16]) and $conf_nbc_UserAdvManager[16] == 'true') |
---|
| 315 | { |
---|
| 316 | $PasswordCheck = testpassword($user['password']); |
---|
| 317 | |
---|
| 318 | if ($PasswordCheck < $conf_nbc_UserAdvManager[15]) |
---|
| 319 | { |
---|
| 320 | $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck); |
---|
| 321 | return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]); |
---|
| 322 | } |
---|
| 323 | } |
---|
[3742] | 324 | } |
---|
| 325 | |
---|
[4124] | 326 | /* Username non case sensitive */ |
---|
| 327 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true') |
---|
| 328 | { |
---|
| 329 | $new_username = NotSensibleSearchUsername($_POST['login']); |
---|
| 330 | $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username; |
---|
| 331 | } |
---|
[3742] | 332 | |
---|
[4124] | 333 | /* Username without forbidden keys */ |
---|
| 334 | if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login'])) |
---|
[3742] | 335 | { |
---|
[4124] | 336 | $_POST['login'] = ''; |
---|
| 337 | return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'"); |
---|
[3742] | 338 | } |
---|
| 339 | |
---|
[4124] | 340 | /* Email without forbidden domains */ |
---|
| 341 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address'])) |
---|
[3742] | 342 | { |
---|
[4185] | 343 | //$_POST['mail_address'] = ''; |
---|
[4124] | 344 | return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"); |
---|
| 345 | } |
---|
| 346 | } |
---|
[3742] | 347 | |
---|
| 348 | |
---|
[4124] | 349 | if (script_basename() == 'profile') |
---|
| 350 | { |
---|
| 351 | add_event_handler('loc_begin_profile', 'UserAdvManager_Profile_Init'); |
---|
[3742] | 352 | |
---|
[4124] | 353 | function UserAdvManager_Profile_Init() |
---|
| 354 | { |
---|
| 355 | global $conf, $user, $template; |
---|
[3742] | 356 | |
---|
[4124] | 357 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
[4061] | 358 | |
---|
[3742] | 359 | if (isset($_POST['validate'])) |
---|
| 360 | { |
---|
[4124] | 361 | /* Email without forbidden domains */ |
---|
| 362 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address'])) |
---|
[3742] | 363 | { |
---|
[4124] | 364 | if (!ValidateEmailProvider($_POST['mail_address'])) |
---|
[3742] | 365 | { |
---|
[4124] | 366 | $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"); |
---|
| 367 | unset($_POST['validate']); |
---|
[3742] | 368 | } |
---|
[4124] | 369 | } |
---|
| 370 | |
---|
| 371 | $typemail = 3; |
---|
[3742] | 372 | |
---|
[4124] | 373 | if (!empty($_POST['use_new_pwd'])) |
---|
| 374 | { |
---|
| 375 | $typemail = 2; |
---|
[3742] | 376 | |
---|
[4124] | 377 | /* Password enforcement control */ |
---|
| 378 | if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15])) |
---|
[3742] | 379 | { |
---|
[4124] | 380 | $PasswordCheck = testpassword($_POST['use_new_pwd']); |
---|
| 381 | |
---|
| 382 | if ($PasswordCheck < $conf_nbc_UserAdvManager[15]) |
---|
[3742] | 383 | { |
---|
[4124] | 384 | $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck); |
---|
| 385 | $template->append('errors', l10n_args($message).$conf_nbc_UserAdvManager[15]); |
---|
| 386 | unset($_POST['use_new_pwd']); |
---|
| 387 | unset($_POST['validate']); |
---|
[3742] | 388 | } |
---|
| 389 | } |
---|
[4124] | 390 | } |
---|
| 391 | |
---|
| 392 | /* Sending registration confirmation by email */ |
---|
| 393 | if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true')) |
---|
| 394 | { |
---|
[3742] | 395 | $confirm_mail_need = false; |
---|
| 396 | |
---|
[4124] | 397 | if (!empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address'])) |
---|
[3742] | 398 | { |
---|
| 399 | $query = ' |
---|
[4143] | 400 | SELECT '.$conf['user_fields']['email'].' AS email |
---|
| 401 | FROM '.USERS_TABLE.' |
---|
| 402 | WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\' |
---|
| 403 | ;'; |
---|
[4124] | 404 | |
---|
[3742] | 405 | list($current_email) = mysql_fetch_row(pwg_query($query)); |
---|
| 406 | |
---|
| 407 | if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') ) |
---|
[4124] | 408 | |
---|
[3742] | 409 | $confirm_mail_need = true; |
---|
| 410 | } |
---|
[4124] | 411 | |
---|
| 412 | if ((!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) ) |
---|
[3742] | 413 | { |
---|
| 414 | $query = ' |
---|
[4143] | 415 | SELECT '.$conf['user_fields']['username'].' |
---|
| 416 | FROM '.USERS_TABLE.' |
---|
| 417 | WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\' |
---|
| 418 | ;'; |
---|
[4124] | 419 | |
---|
[3742] | 420 | list($username) = mysql_fetch_row(pwg_query($query)); |
---|
| 421 | |
---|
| 422 | SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need); |
---|
| 423 | } |
---|
| 424 | } |
---|
| 425 | } |
---|
| 426 | } |
---|
| 427 | } |
---|
| 428 | |
---|
[4124] | 429 | |
---|
| 430 | add_event_handler('init', 'UserAdvManager_InitPage'); |
---|
| 431 | |
---|
| 432 | function UserAdvManager_InitPage() |
---|
| 433 | { |
---|
| 434 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
| 435 | global $conf, $template, $page, $lang, $errors; |
---|
| 436 | |
---|
| 437 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
| 438 | |
---|
| 439 | /* Username non case sensitive */ |
---|
| 440 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true') |
---|
| 441 | { |
---|
| 442 | $lang['reg_err_login5'] = l10n('reg_err_login5'); |
---|
| 443 | } |
---|
| 444 | |
---|
| 445 | |
---|
| 446 | |
---|
| 447 | /* User identification */ |
---|
| 448 | if (script_basename() == 'identification') |
---|
| 449 | { |
---|
| 450 | if (isset($_POST['login'])) |
---|
| 451 | { |
---|
| 452 | /* User non case sensitive */ |
---|
| 453 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' ) |
---|
| 454 | { |
---|
| 455 | $new_username = NotSensibleSearchUsername($_POST['username']); |
---|
| 456 | $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username; |
---|
| 457 | } |
---|
| 458 | } |
---|
| 459 | } |
---|
| 460 | |
---|
| 461 | |
---|
| 462 | /* Admin user management */ |
---|
| 463 | if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') |
---|
| 464 | { |
---|
| 465 | if (isset($_POST['submit_add'])) |
---|
| 466 | { |
---|
| 467 | /* User non case sensitive */ |
---|
| 468 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' ) |
---|
| 469 | { |
---|
| 470 | $new_username = NotSensibleSearchUsername($_POST['login']); |
---|
| 471 | $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username; |
---|
| 472 | } |
---|
| 473 | |
---|
| 474 | /* Username without forbidden keys */ |
---|
| 475 | if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login'])) |
---|
| 476 | { |
---|
| 477 | $template->append('errors', l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'"); |
---|
| 478 | unset($_POST['submit_add']); |
---|
| 479 | } |
---|
| 480 | |
---|
| 481 | /* Email without forbidden domains */ |
---|
| 482 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email'])) |
---|
| 483 | { |
---|
| 484 | $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"); |
---|
| 485 | unset($_POST['submit_add']); |
---|
| 486 | } |
---|
| 487 | } |
---|
| 488 | } |
---|
| 489 | } |
---|
| 490 | |
---|
[4135] | 491 | |
---|
[3742] | 492 | add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2); |
---|
| 493 | |
---|
| 494 | function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm) |
---|
| 495 | { |
---|
| 496 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
| 497 | global $infos, $conf, $template; |
---|
| 498 | |
---|
| 499 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
| 500 | |
---|
| 501 | /* User creation OR update */ |
---|
| 502 | if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest') |
---|
| 503 | { |
---|
| 504 | $comment_action = 'reject'; |
---|
| 505 | |
---|
| 506 | array_push($infos, l10n('UserAdvManager_Empty Author')); |
---|
| 507 | } |
---|
| 508 | |
---|
| 509 | return $comment_action; |
---|
| 510 | } |
---|
| 511 | |
---|
| 512 | ?> |
---|