[25028] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | Plugin Name: Password Policy |
---|
[25089] | 4 | Version: auto |
---|
[25028] | 5 | Description: Renforcer la sécurité des mots de passe - Enforce password security |
---|
[25090] | 6 | Plugin URI: http://piwigo.org/ext/extension_view.php?eid=718 |
---|
[25028] | 7 | Author: Eric |
---|
| 8 | Author URI: http://www.infernoweb.net |
---|
| 9 | */ |
---|
| 10 | |
---|
| 11 | /* History: PP_PATH.'Changelog.txt.php' */ |
---|
| 12 | |
---|
| 13 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
| 14 | if (!defined('PP_PATH')) define('PP_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/'); |
---|
| 15 | |
---|
| 16 | global $conf; |
---|
| 17 | |
---|
| 18 | include_once (PP_PATH.'include/functions.inc.php'); |
---|
| 19 | |
---|
| 20 | load_language('plugin.lang', PP_PATH); |
---|
[25089] | 21 | |
---|
[25028] | 22 | $conf_PP = unserialize($conf['PasswordPolicy']); |
---|
| 23 | |
---|
| 24 | |
---|
| 25 | // Plugin administration panel |
---|
| 26 | // --------------------------- |
---|
| 27 | add_event_handler('get_admin_plugin_menu_links', 'PP_admin_menu'); |
---|
| 28 | |
---|
[25104] | 29 | // Display messages on index page |
---|
| 30 | // ------------------------------ |
---|
| 31 | add_event_handler('init', 'PP_InitPage'); |
---|
| 32 | |
---|
[25028] | 33 | // Features and controls on user connexion |
---|
| 34 | // --------------------------------------- |
---|
| 35 | add_event_handler('loc_begin_index', 'PP_Init'); |
---|
| 36 | |
---|
| 37 | // Check users registration |
---|
| 38 | // ------------------------ |
---|
| 39 | add_event_handler('register_user_check', 'PP_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2); |
---|
| 40 | |
---|
| 41 | if (script_basename() == 'profile') |
---|
| 42 | { |
---|
| 43 | add_event_handler('loc_begin_profile', 'PP_Profile_Init'); |
---|
| 44 | } |
---|
| 45 | |
---|
[25089] | 46 | // Security option : Count of login failure and lock account after x attempt |
---|
| 47 | // ------------------------------------------------------------------------- |
---|
| 48 | add_event_handler('login_failure', 'PP_log_fail'); |
---|
| 49 | |
---|
[25028] | 50 | // Add new feature in user_list - Password Reset |
---|
| 51 | // --------------------------------------------- |
---|
| 52 | if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') |
---|
| 53 | { |
---|
| 54 | // Add new column on user_list |
---|
| 55 | // --------------------------- |
---|
[25089] | 56 | add_event_handler('loc_visible_user_list', 'PP_user_list_pwdreset'); |
---|
[25028] | 57 | |
---|
| 58 | // Add prefilter on user_list |
---|
| 59 | // -------------------------- |
---|
| 60 | add_event_handler('loc_begin_admin', 'PP_PwdReset_Action',60); |
---|
| 61 | |
---|
| 62 | /** |
---|
| 63 | * PP_PwdReset_Action - Triggered on PP_PwdReset_Action |
---|
| 64 | * Handle password reset action in user_list.php |
---|
| 65 | */ |
---|
| 66 | function PP_PwdReset_Action() |
---|
| 67 | { |
---|
| 68 | global $conf, $user, $template, $lang, $errors; |
---|
| 69 | |
---|
| 70 | $page['errors'] = array(); |
---|
| 71 | $page['infos'] = array(); |
---|
| 72 | $page['filtered_users'] = array(); |
---|
| 73 | |
---|
[25089] | 74 | load_language('plugin.lang', PP_PATH); |
---|
| 75 | |
---|
[25028] | 76 | if (isset($_POST['pwdreset'])) |
---|
| 77 | { |
---|
| 78 | $collection = array(); |
---|
| 79 | |
---|
| 80 | switch ($_POST['target']) |
---|
| 81 | { |
---|
| 82 | case 'all' : |
---|
| 83 | { |
---|
| 84 | foreach($page['filtered_users'] as $local_user) |
---|
| 85 | { |
---|
| 86 | array_push($collection, $local_user['id']); |
---|
| 87 | } |
---|
| 88 | break; |
---|
| 89 | } |
---|
| 90 | case 'selection' : |
---|
| 91 | { |
---|
| 92 | if (isset($_POST['selection'])) |
---|
| 93 | { |
---|
| 94 | $collection = $_POST['selection']; |
---|
| 95 | } |
---|
| 96 | break; |
---|
| 97 | } |
---|
| 98 | } |
---|
| 99 | |
---|
| 100 | if (count($collection) == 0) |
---|
| 101 | { |
---|
| 102 | array_push($page['errors'], l10n('Select at least one user')); |
---|
| 103 | } |
---|
| 104 | } |
---|
| 105 | |
---|
| 106 | if (isset($_POST['pwdreset']) and count($collection) > 0) |
---|
| 107 | { |
---|
| 108 | if (in_array($conf['guest_id'], $collection)) |
---|
| 109 | { |
---|
| 110 | array_push($page['errors'], l10n('PP_Guest cannot be pwdreset')); |
---|
| 111 | $template->append('errors', l10n('PP_Guest cannot be pwdreset')); |
---|
| 112 | } |
---|
| 113 | if (($conf['guest_id'] != $conf['default_user_id']) and |
---|
| 114 | in_array($conf['default_user_id'], $collection)) |
---|
| 115 | { |
---|
[25050] | 116 | array_push($page['errors'], l10n('PP_Default user cannot be pwdreset')); |
---|
| 117 | $template->append('errors', l10n('PP_Default user cannot be pwdreset')); |
---|
[25028] | 118 | } |
---|
| 119 | if (in_array($conf['webmaster_id'], $collection)) |
---|
| 120 | { |
---|
| 121 | array_push($page['errors'], l10n('PP_Webmaster cannot be pwdreset')); |
---|
| 122 | $template->append('errors', l10n('PP_Webmaster cannot be pwdreset')); |
---|
| 123 | } |
---|
| 124 | if (in_array($user['id'], $collection)) |
---|
| 125 | { |
---|
| 126 | array_push($page['errors'], l10n('PP_You cannot pwdreset your account')); |
---|
| 127 | $template->append('errors', l10n('PP_You cannot pwdreset your account')); |
---|
| 128 | } |
---|
| 129 | |
---|
| 130 | // Generic accounts exclusion (including Adult_Content generic users) |
---|
| 131 | // ------------------------------------------------------------------ |
---|
| 132 | $query =' |
---|
| 133 | SELECT u.id |
---|
| 134 | FROM '.USERS_TABLE.' AS u |
---|
| 135 | INNER JOIN '.USER_INFOS_TABLE.' AS ui |
---|
| 136 | ON u.id = ui.user_id |
---|
| 137 | WHERE ui.status = "generic" |
---|
| 138 | ;'; |
---|
| 139 | |
---|
| 140 | $result = pwg_query($query); |
---|
| 141 | |
---|
| 142 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 143 | { |
---|
| 144 | if (in_array($row['id'], $collection)) |
---|
| 145 | { |
---|
| 146 | array_push($page['errors'], l10n('PP_Generic cannot be pwdreset')); |
---|
| 147 | $errors = l10n('PP_Generic cannot be pwdreset'); |
---|
| 148 | } |
---|
| 149 | } |
---|
| 150 | |
---|
| 151 | // Admins accounts exclusion |
---|
| 152 | // -------------------------- |
---|
| 153 | $query =' |
---|
| 154 | SELECT u.id |
---|
| 155 | FROM '.USERS_TABLE.' AS u |
---|
| 156 | INNER JOIN '.USER_INFOS_TABLE.' AS ui |
---|
| 157 | ON u.id = ui.user_id |
---|
| 158 | WHERE ui.status = "admin" |
---|
| 159 | ;'; |
---|
| 160 | |
---|
| 161 | $result = pwg_query($query); |
---|
| 162 | |
---|
| 163 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 164 | { |
---|
| 165 | if (in_array($row['id'], $collection)) |
---|
| 166 | { |
---|
| 167 | array_push($page['errors'], l10n('PP_Admins cannot be pwdreset')); |
---|
| 168 | $errors = l10n('PP_Admins cannot be pwdreset'); |
---|
| 169 | } |
---|
| 170 | } |
---|
| 171 | |
---|
| 172 | $template->append('errors', $errors); |
---|
| 173 | |
---|
| 174 | if (count($page['errors']) == 0) |
---|
| 175 | { |
---|
| 176 | if (isset($_POST['confirm_pwdreset']) and 1 == $_POST['confirm_pwdreset']) |
---|
| 177 | { |
---|
| 178 | foreach ($collection as $user_id) |
---|
| 179 | { |
---|
| 180 | PP_Set_PwdReset($user_id); |
---|
| 181 | } |
---|
| 182 | array_push( |
---|
| 183 | $page['infos'], |
---|
| 184 | l10n_dec( |
---|
| 185 | 'PP %d user pwdreseted', 'PP %d users pwdreseted', |
---|
| 186 | count($collection) |
---|
| 187 | ) |
---|
| 188 | ); |
---|
| 189 | $template->append('infos', l10n_dec( |
---|
| 190 | 'PP %d user pwdreseted', 'PP %d users pwdreseted', |
---|
| 191 | count($collection))); |
---|
| 192 | foreach ($page['filtered_users'] as $filter_key => $filter_user) |
---|
| 193 | { |
---|
| 194 | if (in_array($filter_user['id'], $collection)) |
---|
| 195 | { |
---|
| 196 | unset($page['filtered_users'][$filter_key]); |
---|
| 197 | } |
---|
| 198 | } |
---|
| 199 | } |
---|
| 200 | else |
---|
| 201 | { |
---|
| 202 | array_push($page['errors'], l10n('PP_You need to confirm pwdreset')); |
---|
| 203 | $template->append('errors', l10n('PP_You need to confirm pwdreset')); |
---|
| 204 | } |
---|
| 205 | } |
---|
| 206 | } |
---|
| 207 | $template->set_prefilter('user_list', 'PP_PwdReset_Prefilter'); |
---|
| 208 | } |
---|
| 209 | |
---|
| 210 | /** |
---|
| 211 | * PP_PwdReset_Prefilter |
---|
| 212 | * Adds action field for password reset in user_list.tpl |
---|
| 213 | */ |
---|
| 214 | function PP_PwdReset_Prefilter($content, &$smarty) |
---|
| 215 | { |
---|
| 216 | $search = ' |
---|
| 217 | <fieldset> |
---|
| 218 | <legend>{\'Deletions\'|@translate}</legend> |
---|
| 219 | <label><input type="checkbox" name="confirm_deletion" value="1"> {\'confirm\'|@translate}</label> |
---|
| 220 | <input class="submit" type="submit" value="{\'Delete selected users\'|@translate}" name="delete"> |
---|
| 221 | </fieldset> |
---|
| 222 | '; |
---|
| 223 | |
---|
| 224 | $addon = ' |
---|
| 225 | <fieldset> |
---|
| 226 | <legend>{\'PP_PwdReset\'|@translate}</legend> |
---|
| 227 | <label><input type="checkbox" name="confirm_pwdreset" value="1"> {\'confirm\'|@translate}</label> |
---|
| 228 | <input class="submit" type="submit" value="{\'PP_Password reset selected users\'|@translate}" name="pwdreset"> |
---|
| 229 | </fieldset> |
---|
| 230 | '; |
---|
| 231 | |
---|
| 232 | $replacement = $addon.$search; |
---|
| 233 | |
---|
| 234 | return str_replace($search, $replacement, $content); |
---|
| 235 | } |
---|
| 236 | } |
---|
| 237 | |
---|
| 238 | |
---|
[25089] | 239 | // Add new feature in user_list - Show locked accounts and give unlock function |
---|
| 240 | // ---------------------------------------------------------------------------- |
---|
| 241 | if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK']=='true') |
---|
| 242 | { |
---|
| 243 | // Add new column on user_list |
---|
| 244 | // --------------------------- |
---|
| 245 | add_event_handler('loc_visible_user_list', 'PP_user_list_locked'); |
---|
| 246 | |
---|
| 247 | // Add prefilter on user_list |
---|
| 248 | // -------------------------- |
---|
| 249 | add_event_handler('loc_begin_admin', 'PP_Unlock_Action',60); |
---|
| 250 | |
---|
| 251 | /** |
---|
| 252 | * PP_Unlock_Action - Triggered on PP_Unlock_Action |
---|
| 253 | * Handle unlocking action in user_list.php |
---|
| 254 | */ |
---|
| 255 | function PP_Unlock_Action() |
---|
| 256 | { |
---|
| 257 | global $conf, $user, $template, $lang, $errors; |
---|
| 258 | |
---|
| 259 | $page['errors'] = array(); |
---|
| 260 | $page['infos'] = array(); |
---|
| 261 | $page['filtered_users'] = array(); |
---|
| 262 | |
---|
| 263 | load_language('plugin.lang', PP_PATH); |
---|
| 264 | |
---|
| 265 | if (isset($_POST['unlock'])) |
---|
| 266 | { |
---|
| 267 | $collection = array(); |
---|
| 268 | |
---|
| 269 | switch ($_POST['target']) |
---|
| 270 | { |
---|
| 271 | case 'all' : |
---|
| 272 | { |
---|
| 273 | foreach($page['filtered_users'] as $local_user) |
---|
| 274 | { |
---|
| 275 | array_push($collection, $local_user['id']); |
---|
| 276 | } |
---|
| 277 | break; |
---|
| 278 | } |
---|
| 279 | case 'selection' : |
---|
| 280 | { |
---|
| 281 | if (isset($_POST['selection'])) |
---|
| 282 | { |
---|
| 283 | $collection = $_POST['selection']; |
---|
| 284 | } |
---|
| 285 | break; |
---|
| 286 | } |
---|
| 287 | } |
---|
| 288 | |
---|
| 289 | if (count($collection) == 0) |
---|
| 290 | { |
---|
| 291 | array_push($page['errors'], l10n('Select at least one user')); |
---|
| 292 | } |
---|
| 293 | } |
---|
| 294 | |
---|
| 295 | if (isset($_POST['unlock']) and count($collection) > 0) |
---|
| 296 | { |
---|
| 297 | if (in_array($conf['guest_id'], $collection)) |
---|
| 298 | { |
---|
| 299 | array_push($page['errors'], l10n('PP_Guest is not unlockable')); |
---|
| 300 | $template->append('errors', l10n('PP_Guest is not unlockable')); |
---|
| 301 | } |
---|
| 302 | if (($conf['guest_id'] != $conf['default_user_id']) and |
---|
| 303 | in_array($conf['default_user_id'], $collection)) |
---|
| 304 | { |
---|
| 305 | array_push($page['errors'], l10n('PP_Default user is not unlockable')); |
---|
| 306 | $template->append('errors', l10n('PP_Default user is not unlockable')); |
---|
| 307 | } |
---|
| 308 | if (in_array($conf['webmaster_id'], $collection)) |
---|
| 309 | { |
---|
| 310 | array_push($page['errors'], l10n('PP_Webmaster is not unlockable')); |
---|
| 311 | $template->append('errors', l10n('PP_Webmaster is not unlockable')); |
---|
| 312 | } |
---|
| 313 | if (in_array($user['id'], $collection)) |
---|
| 314 | { |
---|
| 315 | array_push($page['errors'], l10n('PP_You cannot unlock your account')); |
---|
| 316 | $template->append('errors', l10n('PP_You cannot unlock your account')); |
---|
| 317 | } |
---|
| 318 | |
---|
| 319 | // Generic accounts exclusion (including Adult_Content generic users) |
---|
| 320 | // ------------------------------------------------------------------ |
---|
| 321 | $query =' |
---|
| 322 | SELECT u.id |
---|
| 323 | FROM '.USERS_TABLE.' AS u |
---|
| 324 | INNER JOIN '.USER_INFOS_TABLE.' AS ui |
---|
| 325 | ON u.id = ui.user_id |
---|
| 326 | WHERE ui.status = "generic" |
---|
| 327 | ;'; |
---|
| 328 | |
---|
| 329 | $result = pwg_query($query); |
---|
| 330 | |
---|
| 331 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 332 | { |
---|
| 333 | if (in_array($row['id'], $collection)) |
---|
| 334 | { |
---|
| 335 | array_push($page['errors'], l10n('PP_Generic is not unlockable')); |
---|
| 336 | $errors = l10n('PP_Generic is not unlockable'); |
---|
| 337 | } |
---|
| 338 | } |
---|
| 339 | |
---|
| 340 | // Admins accounts exclusion |
---|
| 341 | // -------------------------- |
---|
| 342 | $query =' |
---|
| 343 | SELECT u.id |
---|
| 344 | FROM '.USERS_TABLE.' AS u |
---|
| 345 | INNER JOIN '.USER_INFOS_TABLE.' AS ui |
---|
| 346 | ON u.id = ui.user_id |
---|
| 347 | WHERE ui.status = "admin" |
---|
| 348 | ;'; |
---|
| 349 | |
---|
| 350 | $result = pwg_query($query); |
---|
| 351 | |
---|
| 352 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 353 | { |
---|
| 354 | if (in_array($row['id'], $collection)) |
---|
| 355 | { |
---|
| 356 | array_push($page['errors'], l10n('PP_Admins is not unlockable')); |
---|
| 357 | $errors = l10n('PP_Admins is not unlockable'); |
---|
| 358 | } |
---|
| 359 | } |
---|
| 360 | |
---|
| 361 | $template->append('errors', $errors); |
---|
| 362 | |
---|
| 363 | if (count($page['errors']) == 0) |
---|
| 364 | { |
---|
| 365 | if (isset($_POST['confirm_unlock']) and 1 == $_POST['confirm_unlock']) |
---|
| 366 | { |
---|
| 367 | foreach ($collection as $user_id) |
---|
| 368 | { |
---|
| 369 | PP_unlock_user($user_id); |
---|
| 370 | } |
---|
| 371 | array_push( |
---|
| 372 | $page['infos'], |
---|
| 373 | l10n_dec( |
---|
| 374 | 'PP %d user unlocked', 'PP %d users unlocked', |
---|
| 375 | count($collection) |
---|
| 376 | ) |
---|
| 377 | ); |
---|
| 378 | $template->append('infos', l10n_dec( |
---|
| 379 | 'PP %d user unlocked', 'PP %d users unlocked', |
---|
| 380 | count($collection))); |
---|
| 381 | foreach ($page['filtered_users'] as $filter_key => $filter_user) |
---|
| 382 | { |
---|
| 383 | if (in_array($filter_user['id'], $collection)) |
---|
| 384 | { |
---|
| 385 | unset($page['filtered_users'][$filter_key]); |
---|
| 386 | } |
---|
| 387 | } |
---|
| 388 | } |
---|
| 389 | else |
---|
| 390 | { |
---|
| 391 | array_push($page['errors'], l10n('PP_You need to confirm unlock')); |
---|
| 392 | $template->append('errors', l10n('PP_You need to confirm unlock')); |
---|
| 393 | } |
---|
| 394 | } |
---|
| 395 | } |
---|
| 396 | $template->set_prefilter('user_list', 'PP_Unlocking_Prefilter'); |
---|
| 397 | } |
---|
| 398 | |
---|
| 399 | /** |
---|
| 400 | * PP_Unlocking_Prefilter |
---|
| 401 | * Adds action field for user unlocking in user_list.tpl |
---|
| 402 | */ |
---|
| 403 | function PP_Unlocking_Prefilter($content, &$smarty) |
---|
| 404 | { |
---|
| 405 | $search = ' |
---|
| 406 | <fieldset> |
---|
| 407 | <legend>{\'Deletions\'|@translate}</legend> |
---|
| 408 | <label><input type="checkbox" name="confirm_deletion" value="1"> {\'confirm\'|@translate}</label> |
---|
| 409 | <input class="submit" type="submit" value="{\'Delete selected users\'|@translate}" name="delete"> |
---|
| 410 | </fieldset> |
---|
| 411 | '; |
---|
| 412 | |
---|
| 413 | $addon = ' |
---|
| 414 | <fieldset> |
---|
| 415 | <legend>{\'PP_Unlock\'|@translate}</legend> |
---|
| 416 | <label><input type="checkbox" name="confirm_unlock" value="1"> {\'confirm\'|@translate}</label> |
---|
| 417 | <input class="submit" type="submit" value="{\'PP_Unlock selected users\'|@translate}" name="unlock"> |
---|
| 418 | </fieldset> |
---|
| 419 | '; |
---|
| 420 | |
---|
| 421 | $replacement = $addon.$search; |
---|
| 422 | |
---|
| 423 | return str_replace($search, $replacement, $content); |
---|
| 424 | } |
---|
| 425 | } |
---|
[25028] | 426 | ?> |
---|