source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 4234

Revision 4234, 19.0 KB checked in by Eric, 10 years ago (diff)

[NBC_UserAdvManager]

  • Bug 1233 fixed : "duplicate key error" when a user wants to register with an existing username. In fact, all standard Piwigo's register controls didn't work when plugin was activated. That fixes this too.
  • Property svn:eol-style set to LF
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.12.5
5Description: Renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                                                Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                                                Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                                                Bug fixed - Notice on forbidden characters function use
34                                                Bug fixed - Audit on forbidden characters in username didn't work
35                                                Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46                                                        ereg replaced by preg_match
47                                                        eregi replace by preg_match with "i" moderator
48                                                        split replace by preg_split
49                               
50-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52
53 ***** Plugin history (branch 2.11)*****
54
55-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...)
56                                                Beautify plugin's main admin panel
57                                               
58-- 2.11.1 : Bug fixed with install and upgrade functions
59                                                Language files correction
60
61-- 2.11.2 : Bug fixed on bad query for unvalidated users display in unvalidated users list
62                                                Bug fixed : Sql syntax error on plugin activation
63
64-- 2.11.3 : On Patricia's request (french forum and bug 1173), the unvalidated users management tab shows users according with the settings of unvalidated group and / or unvalidated status.
65                                                Feature 1172 added : Email providers exclusion list can be set with CR/LF between each entry. The comma seperator (,) is still mandatory.
66                                                Bug 1175 fixed : Bad translation tag in french language file.
67                                                Improvement of unvalidated users management tab (feature 1174)- Expired users are displayed in red color text.
68
69-- 2.11.4 : Bug 1177 fixed : Width of excluded email providers list reset to ancient value (80 col)
70                                                Bug 1179 fixed : Adding a notice in plugin inline documentation for use of validation groups and status. A default group must be set in Piwigo's groups settings and the "Guest" (or another user) must be set as default for status values.
71                                                Bug 1182 fixed : Language tag missing in confirmation email generation
72
73-- 2.11.5 : Bug 1195 fixed : Registration displays the good title
74
75
76 ***** Plugin history (branch 2.12)*****
77
78-- 2.12.0 : Bug 1206 fixed : All plugin functionnalities work in user's profile page
79                Plugin's core code and admin panel refactoring
80                Password control and enforcement : A complexity score is computed on user registration. If this score is less than the goal set by admin, the password choosen is rejected.
81                Feature 1194 "Ghost Tracker" added : New plugin tab displays users who don't comes back to the gallery since x days. Ability to send email reminders and to delete reminded but "dead" users. It's the reason why this feature is called "Ghost Tracker".
82
83-- 2.12.1 : Rollback on admin panel improvement (it was a bad idea)
84
85-- 2.12.2 : Bug 1221 fixed - Adding of a new funtion to populate the lastvisit table on Ghost Tracker activation
86            Bug 1224 fixed - Error in database after plugin activation
87            Bug 1225 fixed - "Reminder" status don't change from "false" to "true" after the sent of a reminder email
88            Some code beautify (SQL requests and HTML 4 strict for tpl)
89
90-- 2.12.3 : Bug 1226 fixed - "duplicate key error" when lastvisit table is not empty and on using Ghost Tracker init function
91
92-- 2.12.4 : Adding a password field control for SendMail2User - Neighborhood plugin compatibility improvement
93            Bug 1229 fixed - Email was no longer mandatory when plugin was active, even if Piwigo's email madatory option was set.
94
95-- 2.12.5 : Bug 1233 fixed -  "duplicate key error" when a user wants to register with an existing username. In fact, all standard Piwigo's register controls didn't work when plugin was activated. That fixes this too.
96            Adding DE, ES and IT languages. All translations are not finalized and could be improved.
97            Adding of description.txt file in language directories.
98*/
99
100/*
101
102 ***** TODO List *****
103++ No validation needed for admins users comments (new trigger needed in comments.php ?)
104
105++ No single email check for admins (new trigger needed in functions_user.inc.php ?)
106
107++ Password control and enforcement
108  ?? Can not be the same as username -> Could password score control be sufficient ?
109 
110++ Security : Blocking brut-force attacks !
111              -> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin.
112              To unlock the locked account :
113               -> A new table in admin's plugin panel which would display the locked accounts.
114               -> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account.
115               -> Both of above solutions ?
116
117++ Opportunity to copy a registered user for new user creation
118  ++ new copied user will (or not) belong to the same groups
119  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
120  ++ new copied user will (or not) get the same properties
121  ++ new copied user will (or not) get the same language
122  ... and so on
123 
124*/
125
126
127if (!defined('PHPWG_ROOT_PATH'))
128{
129  die('Hacking attempt!');
130}
131
132define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
133define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
134
135include_once (NBC_UserAdvManager_PATH.'include/constants.php');
136include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
137
138load_language('plugin.lang', NBC_UserAdvManager_PATH);
139
140
141/* Plugin admin */
142add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
143
144function nbc_UserAdvManager_admin_menu($menu)
145{
146  array_push($menu,
147    array(
148      'NAME' => 'UserAdvManager',
149      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
150    )
151  );
152
153  return $menu;
154}
155
156
157add_event_handler('loc_begin_index', 'UserAdvManager_GhostTracker');
158
159function UserAdvManager_GhostTracker()
160{
161  global $conf, $user;
162 
163  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
164
165  if (isset($conf_nbc_UserAdvManager[17]) and $conf_nbc_UserAdvManager[17] == 'true' and !is_admin() and !is_a_guest())
166  {
167
168    $userid = get_userid($user['username']);
169         
170    /* Looking for existing entry in last visit table */
171    $query = '
172SELECT *
173  FROM '.USER_LASTVISIT_TABLE.'
174WHERE user_id = '.$userid.'
175;';
176       
177    $count = mysql_num_rows(pwg_query($query));
178         
179    if ($count == 0)
180    {
181      /* If not, data are inserted in table */
182      $query = '
183INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
184VALUES ('.$userid.', now(), "false")
185;';
186      pwg_query($query);
187    }
188    else if ($count > 0)
189    {
190      /* If yes, data are updated in table */
191      $query = '
192UPDATE '.USER_LASTVISIT_TABLE.'
193SET lastvisit = now(), reminder = "false"
194WHERE user_id = '.$userid.'
195LIMIT 1
196;';
197      pwg_query($query);
198    }
199  }
200}
201
202
203/* User creation */
204add_event_handler('register_user', 'UserAdvManager_Adduser');
205
206function UserAdvManager_Adduser($register_user)
207{
208  global $conf;
209 
210  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
211 
212  /* Sending registration confirmation by email */
213  if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
214  {
215    $passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
216    SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
217  }
218}
219
220
221
222/* User deletion */
223add_event_handler('delete_user', 'UserAdvManager_Deluser');
224
225function UserAdvManager_Deluser($user_id)
226{
227  /* Cleanup for ConfirmMail table */
228  DeleteConfirmMail($user_id);
229  /* Cleanup for LastVisit table */
230  DeleteLastVisit($user_id);
231}
232
233
234/* Check users registration */
235add_event_handler('register_user_check', 'UserAdvManager_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
236
237function UserAdvManager_RegistrationCheck($err, $user)
238{
239  global $errors, $conf;
240
241/* *********************************************************** */
242/* We need to reset the standard Piwigo's register controls    */
243/* because the call of register_user_check trigger resets them */
244/* *********************************************************** */
245  /* ********************************** */
246  /* Standard Piwigo's username control */
247  /* ********************************** */
248  if ($_POST['login'] == '')
249  {
250    return l10n('reg_err_login1');
251  }
252  if (preg_match('/^.* $/', $_POST['login']))
253  {
254    return l10n('reg_err_login2');
255  }
256  if (preg_match('/^ .*$/', $_POST['login']))
257  {
258    return l10n('reg_err_login3');
259  }
260  if (get_userid($_POST['login']))
261  {
262    return l10n('reg_err_login5');
263  }
264 
265  /* ***************************** */
266  /* Standard Piwigo's email check */
267  /* ***************************** */
268  $atom   = '[-a-z0-9!#$%&\'*+\\/=?^_`{|}~]';   // before  arobase
269  $domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
270  $regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
271
272  if (!preg_match($regex, $_POST['mail_address']))
273  {
274    return l10n('reg_err_mail_address');
275  }
276
277  if (!empty($_POST['mail_address']))
278  {
279    $query = '
280select count(*)
281from '.USERS_TABLE.'
282where upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\');';
283    list($count) = mysql_fetch_array(pwg_query($query));
284    if ($count != 0)
285    {
286      return l10n('reg_err_mail_address_dbl');
287    }
288  }
289/* ****************************************** */
290/* End of Piwigo's standard register controls */
291/* ****************************************** */
292
293
294/* ****************************************** */
295/* Here begins the advanced register controls */
296/* ****************************************** */
297  $PasswordCheck = 0;
298 
299  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
300
301  /* Password enforcement control */
302  if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
303  {
304    if (!empty($user['password']) and !is_admin())
305    {
306      $PasswordCheck = testpassword($user['password']);
307 
308      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
309      {
310        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
311        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
312      }
313    }
314    else if (!empty($user['password']) and is_admin() and isset($conf_nbc_UserAdvManager[16]) and $conf_nbc_UserAdvManager[16] == 'true')
315    { 
316      $PasswordCheck = testpassword($user['password']);
317 
318      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
319      {
320        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
321        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
322      }
323    }
324  }
325
326  /* Username non case sensitive */
327  if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
328  {
329    $new_username =  NotSensibleSearchUsername($_POST['login']);
330    $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
331  }
332
333  /* Username without forbidden keys */
334  if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
335  {
336    $_POST['login'] = '';
337    return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'");
338  }
339
340  /* Email without forbidden domains */
341  if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
342  {
343    //$_POST['mail_address'] = '';
344    return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
345  }
346}
347
348
349if (script_basename() == 'profile')
350{
351  add_event_handler('loc_begin_profile', 'UserAdvManager_Profile_Init');
352
353  function UserAdvManager_Profile_Init()
354  {
355    global $conf, $user, $template;
356
357    $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
358
359    if (isset($_POST['validate']))
360    {
361      /* Email without forbidden domains */
362      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
363      {
364        if (!ValidateEmailProvider($_POST['mail_address']))
365        {
366          $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
367          unset($_POST['validate']);
368        }
369      }
370
371      $typemail = 3;
372     
373      if (!empty($_POST['use_new_pwd']))
374      {
375        $typemail = 2;
376       
377        /* Password enforcement control */
378        if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
379        {
380          $PasswordCheck = testpassword($_POST['use_new_pwd']);
381         
382          if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
383          {
384            $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
385            $template->append('errors', l10n_args($message).$conf_nbc_UserAdvManager[15]);
386            unset($_POST['use_new_pwd']);
387            unset($_POST['validate']);
388          }
389        }
390      }
391     
392      /* Sending registration confirmation by email */
393      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
394      {
395        $confirm_mail_need = false;
396             
397        if (!empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']))
398        {
399          $query = '
400SELECT '.$conf['user_fields']['email'].' AS email
401FROM '.USERS_TABLE.'
402WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
403;';
404         
405          list($current_email) = mysql_fetch_row(pwg_query($query));
406     
407          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
408       
409            $confirm_mail_need = true;
410        }
411       
412        if ((!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
413        {
414          $query = '
415SELECT '.$conf['user_fields']['username'].'
416FROM '.USERS_TABLE.'
417WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
418;';
419       
420          list($username) = mysql_fetch_row(pwg_query($query));
421
422          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
423        }
424      }
425    }
426  }
427}
428
429
430add_event_handler('init', 'UserAdvManager_InitPage');
431 
432function UserAdvManager_InitPage()
433{
434  load_language('plugin.lang', NBC_UserAdvManager_PATH);
435  global $conf, $template, $page, $lang, $errors;
436
437  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
438 
439  /* Username non case sensitive */
440  if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
441  {
442    $lang['reg_err_login5'] = l10n('reg_err_login5');
443  }
444 
445
446 
447/* User identification */
448  if (script_basename() == 'identification')
449  {
450    if (isset($_POST['login']))
451    {
452      /* User non case sensitive */
453      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
454      {
455        $new_username =  NotSensibleSearchUsername($_POST['username']);
456        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
457      }
458    }
459  }
460
461
462/* Admin user management */
463  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
464  {
465    if (isset($_POST['submit_add']))
466    {
467      /* User non case sensitive */
468      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
469      {
470        $new_username =  NotSensibleSearchUsername($_POST['login']);
471        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
472      }
473
474      /* Username without forbidden keys */
475      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
476      {
477        $template->append('errors', l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'");
478        unset($_POST['submit_add']);
479      }
480
481      /* Email without forbidden domains */
482      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
483      {
484        $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
485        unset($_POST['submit_add']);
486      }
487    }
488  }
489}
490
491
492add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
493
494function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
495{
496  load_language('plugin.lang', NBC_UserAdvManager_PATH);
497  global $infos, $conf, $template;
498
499  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
500
501/* User creation OR update */
502  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
503  {
504    $comment_action = 'reject';
505
506    array_push($infos, l10n('UserAdvManager_Empty Author'));
507  }
508
509  return $comment_action;
510}
511
512?>
Note: See TracBrowser for help on using the repository browser.