Context Navigation

source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 5064

Last change on this file since 5064 was 5064, checked in by Eric, 14 years ago

[NBC_UserAdvManager] Pre-2.14.0

Changing next version. It'll be a full version upgrade
Improving database upgrade process
Bug 1308 re-fixed
Bug 1392 fixed
Bug 1466 fixed
Bug 1485 fixed
Update of language files

Property svn:eol-style set to LF

File size: 13.1 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.14.0
5	Description: Renforcer la gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/* History: NBC_UAM_PATH.'Changelog.txt.php' */
12
13	/*
14	*** TODO List ***
15	++ Adding ASC and DESC ordering for user's lists tables (Ghost Tracker, UserList and Unvalidated) ?
16
17	++ No validation needed for admins users comments (new trigger needed in comments.php ?)
18
19	++ No single email check for admins (new trigger needed in functions_user.inc.php ?)
20
21	++ Password control and enforcement
22	?? Can not be the same as username -> Could password score control be sufficient ?
23
24	++ Security : Blocking brut-force attacks !
25	-> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin.
26	To unlock the locked account :
27	-> A new table in admin's plugin panel which would display the locked accounts.
28	-> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account.
29	-> Both of above solutions ?
30
31	++ Opportunity to copy a registered user for new user creation
32	++ new copied user will (or not) belong to the same groups
33	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
34	++ new copied user will (or not) get the same properties
35	++ new copied user will (or not) get the same language
36	... and so on
37	*/
38
39	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
40	if (!defined('NBC_UAM_DIR')) define('NBC_UAM_DIR' , basename(dirname(__FILE__)));
41	if (!defined('NBC_UAM_PATH')) define('NBC_UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
42
43	include_once (NBC_UAM_PATH.'include/constants.php');
44	include_once (NBC_UAM_PATH.'include/functions.inc.php');
45
46	load_language('plugin.lang', NBC_UAM_PATH);
47
48
49	/* Plugin admin */
50	add_event_handler('get_admin_plugin_menu_links', 'UAM_admin_menu');
51
52	function UAM_admin_menu($menu)
53	{
54	array_push($menu,
55	array(
56	'NAME' => 'UserAdvManager',
57	'URL' => get_admin_plugin_menu_link(NBC_UAM_PATH.'/admin/UAM_admin.php')
58	)
59	);
60
61	return $menu;
62	}
63
64	/* Lastvisit table feed for Ghost Tracker */
65	add_event_handler('loc_begin_index', 'UAM_GhostTracker');
66
67	function UAM_GhostTracker()
68	{
69	global $conf, $user;
70
71	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
72
73	if (isset($conf_UAM[17]) and $conf_UAM[17] == 'true' and !is_admin() and !is_a_guest())
74	{
75
76	$userid = get_userid($user['username']);
77
78	/* Looking for existing entry in last visit table */
79	$query = '
80	SELECT *
81	FROM '.USER_LASTVISIT_TABLE.'
82	WHERE user_id = '.$userid.'
83	;';
84
85	$count = mysql_num_rows(pwg_query($query));
86
87	if ($count == 0)
88	{
89	/* If not, data are inserted in table */
90	$query = '
91	INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
92	VALUES ('.$userid.', now(), "false")
93	;';
94	pwg_query($query);
95	}
96	else if ($count > 0)
97	{
98	/* If yes, data are updated in table */
99	$query = '
100	UPDATE '.USER_LASTVISIT_TABLE.'
101	SET lastvisit = now(), reminder = "false"
102	WHERE user_id = '.$userid.'
103	LIMIT 1
104	;';
105	pwg_query($query);
106	}
107	}
108	}
109
110
111	/* User creation */
112	add_event_handler('register_user', 'UAM_Adduser');
113
114	function UAM_Adduser($register_user)
115	{
116	global $conf;
117
118	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
119
120	/* Sending registration confirmation by email */
121	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or (isset($conf_UAM[2]) and $conf_UAM[2] == 'true'))
122	{
123	if (is_admin() and isset($conf_UAM[21]) and $conf_UAM[21] == 'true')
124	{
125	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
126	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
127	}
128	elseif (is_admin() and isset($conf_UAM[21]) and $conf_UAM[21] == 'false')
129	{
130	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
131	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
132	}
133	elseif (!is_admin())
134	{
135	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
136	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
137	}
138	}
139	}
140
141
142	/* User deletion */
143	add_event_handler('delete_user', 'UAM_Deluser');
144
145	function UAM_Deluser($user_id)
146	{
147	/* Cleanup for ConfirmMail table */
148	DeleteConfirmMail($user_id);
149	/* Cleanup for LastVisit table */
150	DeleteLastVisit($user_id);
151	}
152
153
154	/* Check users registration */
155	add_event_handler('register_user_check', 'UAM_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
156
157	function UAM_RegistrationCheck($err, $user)
158	{
159	global $errors, $conf;
160
161	/* *********************************************************** */
162	/* We need to reset the standard Piwigo's register controls */
163	/* because the call of register_user_check trigger resets them */
164	/* *********************************************************** */
165	/* ********************************** */
166	/* Standard Piwigo's username control */
167	/* ********************************** */
168	if ($_POST['login'] == '')
169	{
170	return l10n('reg_err_login1');
171	}
172	if (preg_match('/^.* $/', $_POST['login']))
173	{
174	return l10n('reg_err_login2');
175	}
176	if (preg_match('/^ .*$/', $_POST['login']))
177	{
178	return l10n('reg_err_login3');
179	}
180	if (get_userid($_POST['login']))
181	{
182	return l10n('reg_err_login5');
183	}
184
185	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') /* not the same email variable if we are on users registration page or on admin's user registration page*/
186	{
187	/* Email doblons check */
188	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
189	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
190	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
191
192	if (!preg_match($regex, $_POST['email']))
193	{
194	return l10n('reg_err_mail_address');
195	}
196
197	$query = '
198	SELECT count(*)
199	FROM '.USERS_TABLE.'
200	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['email'].'\')
201	;';
202	list($count) = mysql_fetch_array(pwg_query($query));
203	if ($count != 0)
204	{
205	return l10n('reg_err_mail_address_dbl');
206	}
207	}
208
209	if (script_basename() == 'register') /* not the same email variable if we are on users registration page or on admin's user registration page*/
210	{
211	/* Email doblons check */
212	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
213	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
214	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
215
216	if (!preg_match($regex, $_POST['mail_address']))
217	{
218	return l10n('reg_err_mail_address');
219	}
220
221	$query = '
222	SELECT count(*)
223	FROM '.USERS_TABLE.'
224	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\')
225	;';
226	list($count) = mysql_fetch_array(pwg_query($query));
227	if ($count != 0)
228	{
229	return l10n('reg_err_mail_address_dbl');
230	}
231	}
232	/* ****************************************** */
233	/* End of Piwigo's standard register controls */
234	/* ****************************************** */
235
236
237	/* ****************************************** */
238	/* Here begins the advanced register controls */
239	/* ****************************************** */
240	$PasswordCheck = 0;
241
242	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
243
244	/* Password enforcement control */
245	if (isset($conf_UAM[14]) and $conf_UAM[14] == 'true' and !empty($conf_UAM[15]))
246	{
247	if (!empty($user['password']) and !is_admin())
248	{
249	$PasswordCheck = testpassword($user['password']);
250
251	if ($PasswordCheck < $conf_UAM[15])
252	{
253	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
254	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[15]);
255	}
256	}
257	else if (!empty($user['password']) and is_admin() and isset($conf_UAM[16]) and $conf_UAM[16] == 'true')
258	{
259	$PasswordCheck = testpassword($user['password']);
260
261	if ($PasswordCheck < $conf_UAM[15])
262	{
263	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
264	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[15]);
265	}
266	}
267	}
268
269	/* Username non case sensitive */
270	if (isset($conf_UAM[1]) and $conf_UAM[1] == 'true' and NotSensibleSearchUsername($_POST['login']))
271	{
272	return($lang['reg_err_login5'] = l10n('reg_err_login5'));
273	}
274
275	/* Username without forbidden keys */
276	if (isset($conf_UAM[7]) and $conf_UAM[7] == 'true' and !empty($_POST['login']) and ValidateUsername($_POST['login']) and !is_admin())
277	{
278	$_POST['login'] = '';
279	return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_UAM[8]."'");
280	}
281
282	/* Email without forbidden domains */
283	if (isset($conf_UAM[12]) and $conf_UAM[12] == 'true' and !empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']) and !is_admin())
284	{
285	$_POST['mail_address'] = '';
286	return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_UAM[13]."'");
287	}
288	}
289
290
291	if (script_basename() == 'profile')
292	{
293	add_event_handler('loc_begin_profile', 'UAM_Profile_Init');
294
295	function UAM_Profile_Init()
296	{
297	global $conf, $user, $template;
298
299	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
300
301	if (isset($_POST['validate']) and !is_admin())
302	{
303	/* Email without forbidden domains */
304	if (isset($conf_UAM[12]) and $conf_UAM[12] == 'true' and !empty($_POST['mail_address']))
305	{
306	if (ValidateEmailProvider($_POST['mail_address']))
307	{
308	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[13]."'");
309	unset($_POST['validate']);
310	}
311	}
312
313	$typemail = 3;
314
315	if (!empty($_POST['use_new_pwd']))
316	{
317	$typemail = 2;
318
319	/* Password enforcement control */
320	if (isset($conf_UAM[14]) and $conf_UAM[14] == 'true' and !empty($conf_UAM[15]))
321	{
322	$PasswordCheck = testpassword($_POST['use_new_pwd']);
323
324	if ($PasswordCheck < $conf_UAM[15])
325	{
326	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
327	$template->append('errors', l10n_args($message).$conf_UAM[15]);
328	unset($_POST['use_new_pwd']);
329	unset($_POST['validate']);
330	}
331	}
332	}
333
334	/* Sending registration confirmation by email */
335	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or (isset($conf_UAM[2]) and $conf_UAM[2] == 'true'))
336	{
337	$confirm_mail_need = false;
338
339	if (!empty($_POST['mail_address']))
340	{
341	$query = '
342	SELECT '.$conf['user_fields']['email'].' AS email
343	FROM '.USERS_TABLE.'
344	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
345	;';
346
347	list($current_email) = mysql_fetch_row(pwg_query($query));
348
349	if ($_POST['mail_address'] != $current_email and ( isset($conf_UAM[2]) and $conf_UAM[2] == 'true'))
350
351	$confirm_mail_need = true;
352	}
353
354	if ((!empty($_POST['use_new_pwd']) and (isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or $confirm_mail_need))
355	{
356	$query = '
357	SELECT '.$conf['user_fields']['username'].'
358	FROM '.USERS_TABLE.'
359	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
360	;';
361
362	list($username) = mysql_fetch_row(pwg_query($query));
363
364	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
365	}
366	}
367	}
368	}
369	}
370
371
372	add_event_handler('init', 'UAM_InitPage');
373	/* * Important ! This is necessary to make email exclusion work in admin's users management panel * */
374	function UAM_InitPage()
375	{
376	load_language('plugin.lang', NBC_UAM_PATH);
377	global $conf, $template, $page, $lang, $errors;
378
379	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
380
381	/* Admin user management */
382	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
383	{
384	if (isset($_POST['submit_add']))
385	{
386	/* Email without forbidden domains */
387	if (isset($conf_UAM[12]) and $conf_UAM[12] == 'true' and !empty($_POST['email']) and ValidateEmailProvider($_POST['email']))
388	{
389	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[13]."'");
390	unset($_POST['submit_add']);
391	}
392	}
393	}
394	}
395
396
397	add_event_handler('user_comment_check', 'UAM_CheckEmptyCommentAuthor', 50, 2);
398
399	function UAM_CheckEmptyCommentAuthor($comment_action, $comm)
400	{
401	load_language('plugin.lang', NBC_UAM_PATH);
402	global $infos, $conf, $template;
403
404	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
405
406	/* User creation OR update */
407	if (isset($conf_UAM[6]) and $conf_UAM[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
408	{
409	$comment_action = 'reject';
410
411	array_push($infos, l10n('UAM_Empty Author'));
412	}
413
414	return $comment_action;
415	}
416	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: