Context Navigation

source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 3858

Last change on this file since 3858 was 3858, checked in by Eric, 15 years ago

2.11 branch finalization :

Code cleaning
Templates improvement
Language files updates
Plugin history and version set

Property svn:eol-style set to LF

File size: 14.1 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.11.0
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41	-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43	-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45	-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46	ereg replaced by preg_match
47	eregi replace by preg_match with "i" moderator
48	split replace by preg_split
49
50	-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52	-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...)
53	Beautify plugin's main admin panel
54
55	*/
56
57	/*
58
59	*** TODO List ***
60
61	++ No validation needed for admins users comments (new trigger needed in comments.php)
62
63	++ No single email check for admins (new trigger needed in (functions_user.inc.php ?))
64
65	++ Password control and enforcement
66	-- Empty password (done in Piwigo 2.x)
67	++ Can not be the same as username
68	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
69
70	++ Security : Blocking brut-force attacks !
71
72	++ Opportunity to copy a registered user for new user creation
73	++ new copied user will (or not) belong to the same groups
74	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
75	++ new copied user will (or not) get the same properties
76	++ new copied user will (or not) get the same language
77	... and so on
78
79	*/
80
81
82	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
83
84	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
85	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
86
87	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
88	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
89
90	load_language('plugin.lang', NBC_UserAdvManager_PATH);
91
92
93	/* Plugin admin */
94	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
95
96	function nbc_UserAdvManager_admin_menu($menu)
97	{
98	array_push($menu,
99	array(
100	'NAME' => 'UserAdvManager',
101	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
102	)
103	);
104
105	return $menu;
106	}
107
108
109
110	/* User creation */
111	add_event_handler('register_user', 'UserAdvManager_Adduser');
112
113	function UserAdvManager_Adduser($register_user)
114	{
115	global $conf;
116
117	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
118
119	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
120
121	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
122	}
123
124
125
126	/* User deletion */
127	add_event_handler('delete_user', 'UserAdvManager_Deluser');
128
129	function UserAdvManager_Deluser($user_id)
130	{
131
132	DeleteConfirmMail($user_id);
133
134	}
135
136
137
138	add_event_handler('init', 'UserAdvManager_InitPage');
139
140	function UserAdvManager_InitPage()
141	{
142	load_language('plugin.lang', NBC_UserAdvManager_PATH);
143	global $conf, $template, $page, $lang;
144
145	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
146
147
148	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
149	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
150
151
152
153	/* User identification */
154	if (script_basename() == 'identification')
155	{
156	if (isset($_POST['login']))
157	{
158	/* User non case sensitive */
159	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
160	{
161	$new_username = NotSensibleSearchUsername($_POST['username']);
162	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
163	}
164	}
165	}
166
167
168
169	/* Admin user management */
170	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
171	{
172	if (isset($_POST['submit_add']))
173	{
174	/* User non case sensitive */
175	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
176	{
177	$new_username = NotSensibleSearchUsername($_POST['login']);
178	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
179	}
180
181
182	/* Username without forbidden keys */
183	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
184	{
185	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
186	$_POST['login'] = '';
187	}
188
189	/* Email without forbidden domains */
190	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
191	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
192	//{
193	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
194	// $_POST['login'] = '';
195	//}
196	/* This work with a code copy of ValidateEmailProvider() function */
197	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
198	{
199	$ncsemail = strtolower($_POST['email']);
200	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
201	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
202	{
203	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
204	if (preg_match($pattern, $ncsemail))
205	{
206	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
207	$_POST['login'] = '';
208	}
209	}
210	}
211	}
212	}
213
214	/* User creation */
215	if (script_basename() == 'register')
216	{
217	if (isset($_POST['submit']))
218	{
219	/* Username non case sensitive */
220	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
221	{
222	$new_username = NotSensibleSearchUsername($_POST['login']);
223	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
224	}
225
226
227	/* Username without forbidden keys */
228	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
229	{
230	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
231	$_POST['login'] = '';
232	}
233
234
235	/* Email without forbidden domains */
236	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
237	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
238	//{
239	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
240	// $_POST['mail_address'] = '';
241	//}
242	/* This work with a code copy of ValidateEmailProvider() function */
243	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
244	{
245	$ncsemail = strtolower($_POST['mail_address']);
246	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
247	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
248	{
249	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
250	if (preg_match($pattern, $ncsemail))
251	{
252	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
253	$_POST['login'] = '';
254	}
255	}
256	}
257	}
258	}
259
260	/* User profile update */
261	if (script_basename() == 'profile')
262	{
263	if (isset($_POST['validate']))
264	{
265	/* Sending email to user */
266	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
267	{
268	global $conf, $user ;
269	$errors = array();
270
271	$int_pattern = '/^\d+$/';
272	if (empty($_POST['nb_image_line'])
273	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
274	{
275	$errors[] = l10n('nb_image_line_error');
276	}
277
278	if (empty($_POST['nb_line_page'])
279	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
280	{
281	$errors[] = l10n('nb_line_page_error');
282	}
283
284	if ($_POST['maxwidth'] != ''
285	and (!preg_match($int_pattern, $_POST['maxwidth'])
286	or $_POST['maxwidth'] < 50))
287	{
288	$errors[] = l10n('maxwidth_error');
289	}
290	if ($_POST['maxheight']
291	and (!preg_match($int_pattern, $_POST['maxheight'])
292	or $_POST['maxheight'] < 50))
293	{
294	$errors[] = l10n('maxheight_error');
295	}
296
297	if (isset($_POST['mail_address']))
298	{
299	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
300	if (!empty($mail_error))
301	{
302	$errors[] = $mail_error;
303	}
304
305	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
306	{
307	$ncsemail = strtolower($_POST['mail_address']);
308	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
309	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
310	{
311	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
312	if (preg_match($pattern, $ncsemail))
313	{
314	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
315	}
316	}
317	}
318	if (!empty($mail_error))
319	{
320	$errors[] = $mail_error;
321	}
322	}
323
324	$typemail = 3;
325
326	if (!empty($_POST['use_new_pwd']))
327	{
328	$typemail = 2;
329
330	// password must be the same as its confirmation
331	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
332	{
333	$errors[] = l10n('New password confirmation does not correspond');
334	}
335
336	if ( !defined('IN_ADMIN') )
337	{// changing password requires old password
338	$query = '
339	SELECT '.$conf['user_fields']['password'].' AS password
340	FROM '.USERS_TABLE.'
341	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
342	;';
343	list($current_password) = mysql_fetch_row(pwg_query($query));
344
345	if ($conf['pass_convert']($_POST['password']) != $current_password)
346	{
347	$errors[] = l10n('Current password is wrong');
348	}
349	}
350	}
351
352	$confirm_mail_need = false;
353
354	if (!empty($_POST['mail_address']))
355	{
356	$query = '
357	SELECT '.$conf['user_fields']['email'].' AS email
358	FROM '.USERS_TABLE.'
359	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
360	;';
361	list($current_email) = mysql_fetch_row(pwg_query($query));
362
363	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
364	$confirm_mail_need = true;
365	}
366
367	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
368	{
369	$query = '
370	SELECT '.$conf['user_fields']['username'].'
371	FROM '.USERS_TABLE.'
372	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
373	;';
374	list($username) = mysql_fetch_row(pwg_query($query));
375
376
377	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
378	}
379	}
380	}
381	}
382	}
383
384	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
385
386	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
387	{
388	load_language('plugin.lang', NBC_UserAdvManager_PATH);
389	global $infos, $conf, $template;
390
391	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
392
393	/* User creation OR update */
394	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
395	{
396	$comment_action = 'reject';
397
398	array_push($infos, l10n('UserAdvManager_Empty Author'));
399	}
400
401	return $comment_action;
402	}
403
404	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: