source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 3826

Revision 3826, 15.2 KB checked in by Eric, 11 years ago (diff)
  • Code cleaning : Deletion of old commented parts, PHP 5.3 improvement, HTML compliant for tpl files
  • Implementing a monitoring system for using the mail() function (spy log file)
  • Finalization of listing table of unvalidated registered
  • Preview of upcoming features (coding of management panel)
  • Property svn:eol-style set to LF
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.11.0
5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                        Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                        Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                        Bug fixed - Notice on forbidden characters function use
34                        Bug fixed - Audit on forbidden characters in username didn't work
35                        Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46                                ereg replaced by preg_match
47                                eregi replace by preg_match with "i" moderator
48                                split replace by preg_split
49                               
50-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Force expiration, list unvalidated users,...)
53                        Beautify plugin's main admin panel
54
55*/
56
57/*
58
59 ***** TODO List *****
60
61++ No validation needed for admins users comments (new trigger needed in comments.php)
62
63++ No single email check for admins (new trigger needed in (functions_user.inc.php ?))
64
65++ Administration page for Confirm Mail
66  ++ Admin tabsheet for Confirm Mail to set options :
67                ++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
68                -- List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
69                ++ List of users with expired validation time
70                -- List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
71                ++ Opportunities to take actions on database tables :
72                ++ Re-asking validation (case of non reception of validation email)
73                ++ Force expiration
74                        ++ Force confirmation
75                ++ Cleanup expired user's accounts
76        ++ (...)
77
78++ Password control and enforcement
79  -- Empty password (done in Piwigo 2.x)
80  ++ Can not be the same as username
81  ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
82 
83++ Security : Blocking brut-force attacks !
84
85++ Opportunity to copy a registered user for new user creation
86  ++ new copied user will (or not) belong to the same groups
87  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
88  ++ new copied user will (or not) get the same properties
89  ++ new copied user will (or not) get the same language
90  ... and so on
91 
92*/
93
94
95
96if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
97define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
98define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
99include_once (NBC_UserAdvManager_PATH.'include/constants.php');
100include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
101load_language('plugin.lang', NBC_UserAdvManager_PATH);
102
103
104/* Plugin admin */
105add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
106
107function nbc_UserAdvManager_admin_menu($menu)
108{
109  array_push($menu,
110    array(
111      'NAME' => 'UserAdvManager',
112      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
113    )
114  );
115
116  return $menu;
117}
118
119
120
121/* User creation */
122add_event_handler('register_user', 'UserAdvManager_Adduser');
123
124function UserAdvManager_Adduser($register_user)
125{
126  global $conf;
127 
128  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
129
130  if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
131    SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
132}
133
134
135
136/* User deletion */
137add_event_handler('delete_user', 'UserAdvManager_Deluser');
138
139function UserAdvManager_Deluser($user_id)
140{
141
142  DeleteConfirmMail($user_id);
143
144}
145
146
147
148add_event_handler('init', 'UserAdvManager_InitPage');
149 
150function UserAdvManager_InitPage()
151{
152  load_language('plugin.lang', NBC_UserAdvManager_PATH);
153  global $conf, $template, $page, $lang;
154
155  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
156 
157
158  if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
159    $lang['reg_err_login5'] = l10n('new_reg_err_login5');
160 
161
162 
163/* User identification */
164  if (script_basename() == 'identification')
165  {
166    if (isset($_POST['login']))
167    {
168      /* User non case sensitive */
169      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
170      {
171        $new_username =  NotSensibleSearchUsername($_POST['username']);
172        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
173      }
174    }
175  }
176
177
178
179/* Admin user management */
180  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
181  {
182    if (isset($_POST['submit_add']))
183    {
184      /* User non case sensitive */
185      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
186      {
187        $new_username =  NotSensibleSearchUsername($_POST['login']);
188        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
189      }
190
191
192      /* Username without forbidden keys */
193      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
194      {
195        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
196        $_POST['login'] = '';
197      }
198
199      /* Email without forbidden domains */
200      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
201      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
202      //{
203      //  $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
204          //  $_POST['login'] = '';
205          //}
206      /* This work with a code copy of ValidateEmailProvider() function */
207          if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
208                {
209                  $ncsemail = strtolower($_POST['email']);
210                  $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
211                  for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
212                    {
213                  $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
214                          if (preg_match($pattern, $ncsemail))
215                            {
216                          $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
217                          $_POST['login'] = '';
218                                }
219                        }
220                }
221    }
222  }
223
224/* User creation */
225  if (script_basename() == 'register')
226  {
227    if (isset($_POST['submit']))
228    {
229      /* Username non case sensitive */
230      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
231      {
232        $new_username =  NotSensibleSearchUsername($_POST['login']);
233        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
234      }
235
236
237      /* Username without forbidden keys */
238      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
239      {
240        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
241        $_POST['login'] = '';
242      }
243
244
245      /* Email without forbidden domains */
246      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
247      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
248      //{
249      //  $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
250      //  $_POST['mail_address'] = '';
251      //}
252      /* This work with a code copy of ValidateEmailProvider() function */
253                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
254                  {
255                        $ncsemail = strtolower($_POST['mail_address']);
256                    $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
257                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
258                          {
259                        $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
260                                if (preg_match($pattern, $ncsemail))
261                                  {
262                                    $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
263                                        $_POST['login'] = '';
264                                  }
265                          }
266                  }
267    }
268  }
269
270/* User profile update */
271  if (script_basename() == 'profile')
272  {
273    if (isset($_POST['validate']))
274    {
275      /* Sending email to user */
276      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
277      {
278        global $conf, $user ;
279        $errors = array();
280 
281        $int_pattern = '/^\d+$/';
282        if (empty($_POST['nb_image_line'])
283            or (!preg_match($int_pattern, $_POST['nb_image_line'])))
284        {
285          $errors[] = l10n('nb_image_line_error');
286        }
287     
288        if (empty($_POST['nb_line_page'])
289            or (!preg_match($int_pattern, $_POST['nb_line_page'])))
290        {
291          $errors[] = l10n('nb_line_page_error');
292        }
293     
294        if ($_POST['maxwidth'] != ''
295            and (!preg_match($int_pattern, $_POST['maxwidth'])
296                 or $_POST['maxwidth'] < 50))
297        {
298          $errors[] = l10n('maxwidth_error');
299        }
300        if ($_POST['maxheight']
301             and (!preg_match($int_pattern, $_POST['maxheight'])
302                   or $_POST['maxheight'] < 50))
303        {
304          $errors[] = l10n('maxheight_error');
305        }
306
307        if (isset($_POST['mail_address']))
308        {
309          $mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
310          if (!empty($mail_error))
311          {
312            $errors[] = $mail_error;
313          }
314        /* This don't work on user's profile page - Why ?? */
315                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
316                  {
317                        $ncsemail = strtolower($_POST['mail_address']);
318                    $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
319                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
320                          {
321                        $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
322                                if (preg_match($pattern, $ncsemail))
323                                  {
324                                    $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
325                                  }
326                          }
327                  }
328              if (!empty($mail_error))
329          {
330            $errors[] = $mail_error;
331          }
332        }
333                /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
334        //if (isset($_POST['mail_address']))
335        //{
336        //  $mail_error = ValidateEmailProvider($_POST['mail_address']);
337        //  if (!empty($mail_error))
338        //  {
339        //    $errors[] = $mail_error;
340        //  }
341        //}
342
343        $typemail = 3;
344       
345        if (!empty($_POST['use_new_pwd']))
346        {
347          $typemail = 2;
348
349          // password must be the same as its confirmation
350          if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
351          {
352            $errors[] = l10n('New password confirmation does not correspond');
353          }
354     
355          if ( !defined('IN_ADMIN') )
356          {// changing password requires old password
357            $query = '
358              SELECT '.$conf['user_fields']['password'].' AS password
359              FROM '.USERS_TABLE.'
360              WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
361            ;';
362            list($current_password) = mysql_fetch_row(pwg_query($query));
363       
364            if ($conf['pass_convert']($_POST['password']) != $current_password)
365            {
366              $errors[] = l10n('Current password is wrong');
367            }
368          }
369        }
370       
371        $confirm_mail_need = false;
372             
373        if (!empty($_POST['mail_address']))
374        {
375          $query = '
376            SELECT '.$conf['user_fields']['email'].' AS email
377            FROM '.USERS_TABLE.'
378            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
379          ;';
380          list($current_email) = mysql_fetch_row(pwg_query($query));
381     
382          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
383            $confirm_mail_need = true;
384        }
385
386        if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
387        {
388          $query = '
389            SELECT '.$conf['user_fields']['username'].'
390            FROM '.USERS_TABLE.'
391            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
392          ;';
393          list($username) = mysql_fetch_row(pwg_query($query));
394
395
396          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
397        }
398      }
399    }
400  }
401}
402
403add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
404
405function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
406{
407  load_language('plugin.lang', NBC_UserAdvManager_PATH);
408  global $infos, $conf, $template;
409
410  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
411
412/* User creation OR update */
413  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
414  {
415    $comment_action = 'reject';
416
417    array_push($infos, l10n('UserAdvManager_Empty Author'));
418  }
419
420  return $comment_action;
421}
422
423?>
Note: See TracBrowser for help on using the repository browser.