source: extensions/UserAdvManager/trunk/main.inc.php @ 12314

Last change on this file since 12314 was 12314, checked in by Eric, 13 years ago

Bug 2455 fixed - Exclusion of specific users (généric and admins users) for password reset function.
Bug 2451 fixed - Unable to handle Sql errors but control of backup file validity have been enforced.
  • Property svn:eol-style set to LF
File size: 7.9 KB
RevLine 
[3742]1<?php
2/*
[5181]3Plugin Name: UserAdvManager
[12247]4Version: 2.30.0
[4957]5Description: Renforcer la gestion des utilisateurs - Enforce users management
[9295]6Plugin URI: http://piwigo.org/ext/extension_view.php?eid=216
[3742]7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
[5181]11/* History:  UAM_PATH.'Changelog.txt.php' */
[3742]12
13/*
14 ***** TODO List *****
[6783]15See project bugtracker: http://piwigo.org/bugs/my_view_page.php
[3742]16*/
17
[4927]18if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
[5181]19if (!defined('UAM_PATH')) define('UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
[3742]20
[9908]21global $conf;
22
[5181]23include_once (UAM_PATH.'include/constants.php');
24include_once (UAM_PATH.'include/functions.inc.php');
[3742]25
[5181]26load_language('plugin.lang', UAM_PATH);
[9908]27$conf_UAM = unserialize($conf['UserAdvManager']);
[3858]28
29
[7955]30// Plugin administration panel
[12271]31// ---------------------------
[5056]32add_event_handler('get_admin_plugin_menu_links', 'UAM_admin_menu');
[3742]33
[12271]34// Lastvisit table feed for Ghost Tracker
35// --------------------------------------
[5056]36add_event_handler('loc_begin_index', 'UAM_GhostTracker');
[3742]37
[7955]38// User creation
[12271]39// -------------
[5056]40add_event_handler('register_user', 'UAM_Adduser');
[3742]41
[7955]42// User deletion
[12271]43// -------------
[5056]44add_event_handler('delete_user', 'UAM_Deluser');
[3742]45
[6990]46// Check users registration
[12271]47// ------------------------
[5056]48add_event_handler('register_user_check', 'UAM_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
[3742]49
[4124]50if (script_basename() == 'profile')
51{
[5056]52  add_event_handler('loc_begin_profile', 'UAM_Profile_Init');
[3742]53}
54
[7955]55// Redirection to profile page
[12271]56// ---------------------------
[8065]57add_event_handler('login_success', 'UAM_LoginTasks');
[6775]58
[9135]59// Adding customized text to lost password email
[12271]60// ---------------------------------------------
[9135]61add_event_handler('render_lost_password_mail_content', 'UAM_lost_password_mail_content');
[8065]62
[7955]63// *** Important ! This is necessary to make email exclusion work in admin's users management panel ***
[12271]64// ----------------------------------------------------------------------------------------------------
[5056]65add_event_handler('init', 'UAM_InitPage');
[4124]66
[9908]67// PWG_Stuffs module
[12271]68// -----------------
[11018]69if ((isset($conf_UAM[33]) and $conf_UAM[33] == 'true'))
[9908]70{
71  add_event_handler('get_stuffs_modules', 'register_UAM_stuffs_module');
72}
[12239]73
74// Add new feature in user_list - Password Reset
[12271]75// ---------------------------------------------
[12239]76if ((isset($conf_UAM[38]) and $conf_UAM[38] == 'true'))
77{
[12271]78  // Add new column on user_list
79  // ---------------------------
[12239]80  add_event_handler('loc_visible_user_list', 'UAM_loc_visible_user_list');
81
[12271]82  // Add prefilter on user_list
83  // --------------------------
[12239]84  add_event_handler('loc_begin_admin', 'UAM_PwdReset_Action',60);
[12271]85
86  /**
87   * UAM_PwdReset_Action - Triggered on UAM_PwdReset_Action
88   * Handle passord reset action in user_list.php
89   */
[12239]90  function UAM_PwdReset_Action()
91  {
92    global $conf, $user, $template, $lang, $errors;
93
94    $page['errors'] = array();
95    $page['infos'] = array();
96    $page['filtered_users'] = array();
97
98    if (isset($_POST['pwdreset']))
99    {
100      $collection = array();
101
102      switch ($_POST['target'])
103      {
104        case 'all' :
105        {
106          foreach($page['filtered_users'] as $local_user)
107          {
108            array_push($collection, $local_user['id']);
109          }
110          break;
111        }
112        case 'selection' :
113        {
114          if (isset($_POST['selection']))
115          {
116            $collection = $_POST['selection'];
117          }
118          break;
119        }
120      }
121
122      if (count($collection) == 0)
123      {
124        array_push($page['errors'], l10n('Select at least one user'));
125      }
126    }
127
128    if (isset($_POST['pwdreset']) and count($collection) > 0)
129    {
130      if (in_array($conf['guest_id'], $collection))
131      {
132        array_push($page['errors'], l10n('UAM_Guest cannot be pwdreset'));
[12314]133        $errors = l10n('UAM_Guest cannot be pwdreset');
[12239]134      }
135      if (($conf['guest_id'] != $conf['default_user_id']) and
136        in_array($conf['default_user_id'], $collection))
137      {
138        array_push($page['errors'], l10n('UAM_Default user cannot be pwgreset'));
[12314]139        $errors = l10n('UAM_Default user cannot be pwgreset');
[12239]140      }
141      if (in_array($conf['webmaster_id'], $collection))
142      {
143        array_push($page['errors'], l10n('UAM_Webmaster cannot be pwdreset'));
[12314]144        $errors = l10n('UAM_Webmaster cannot be pwdreset');
[12239]145      }
146      if (in_array($user['id'], $collection))
147      {
148        array_push($page['errors'], l10n('UAM_You cannot pwdreset your account'));
[12314]149        $errors = l10n('UAM_You cannot pwdreset your account');
[12239]150      }
151
[12314]152      // Generic accounts exclusion (including Adult_Content generic users)
153      // ------------------------------------------------------------------
154      $query ='
155SELECT u.id
156FROM '.USERS_TABLE.' AS u
157INNER JOIN '.USER_INFOS_TABLE.' AS ui
158  ON u.id = ui.user_id
159WHERE ui.status = "generic"
160;';
161
162            $result = pwg_query($query);
163
164      while ($row = pwg_db_fetch_assoc($result))
165      {
166        if (in_array($row['id'], $collection))
167        {
168          array_push($page['errors'], l10n('UAM_Generic cannot be pwdreset'));
169          $errors = l10n('UAM_Generic cannot be pwdreset');
170        }
171      }
172
173      // Admins accounts exclusion
174      // --------------------------
175      $query ='
176SELECT u.id
177FROM '.USERS_TABLE.' AS u
178INNER JOIN '.USER_INFOS_TABLE.' AS ui
179  ON u.id = ui.user_id
180WHERE ui.status = "admin"
181;';
182
183            $result = pwg_query($query);
184
185      while ($row = pwg_db_fetch_assoc($result))
186      {
187        if (in_array($row['id'], $collection))
188        {
189          array_push($page['errors'], l10n('UAM_Admins cannot be pwdreset'));
190          $errors = l10n('UAM_Admins cannot be pwdreset');
191        }
192      }
193
194      $template->append('errors', $errors);
195
[12239]196      if (count($page['errors']) == 0)
[12314]197      {
[12239]198        if (isset($_POST['confirm_pwdreset']) and 1 == $_POST['confirm_pwdreset'])
199        {
200          foreach ($collection as $user_id)
201          {
202            UAM_Set_PwdReset($user_id);
203          }
204          array_push(
205            $page['infos'],
206            l10n_dec(
207              'UAM %d user pwdreseted', 'UAM %d users pwdreseted',
208              count($collection)
209              )
210            );
211          $template->append('infos', l10n_dec(
212              'UAM %d user pwdreseted', 'UAM %d users pwdreseted',
213              count($collection)));
214          foreach ($page['filtered_users'] as $filter_key => $filter_user)
215          {
216            if (in_array($filter_user['id'], $collection))
217            {
218              unset($page['filtered_users'][$filter_key]);
219            }
220          }
221        }
222        else
223        {
224          array_push($page['errors'], l10n('UAM_You need to confirm pwdreset'));
225          $template->append('errors', l10n('UAM_You need to confirm pwdreset'));
226        }
227      }
[12314]228    }
229
230$page['order_by_items'] = array(
231  'id' => l10n('registration date'),
232  'username' => l10n('Username'),
233  'level' => l10n('Privacy level'),
234  'Language' => l10n('Language'),
235  'UAM_pwdreset' => l10n('UAM_PwdReset'),
236  );
237
238// Filter order options
239$template->assign('order_options', $page['order_by_items']);
240$template->assign('order_selected',
241    isset($_GET['order_by']) ? $_GET['order_by'] : '');
242
[12239]243    $template->set_prefilter('user_list', 'UAM_PwdReset_Prefilter');
244  }
245
[12271]246  /**
247   * UAM_PwdReset_Prefilter
248   * Adds action field for password reset in user_list.tpl
249   */
[12239]250  function UAM_PwdReset_Prefilter($content, &$smarty)
251  {
252    $search = '
253<fieldset>
254  <legend>{\'Deletions\'|@translate}</legend>
255  <label><input type="checkbox" name="confirm_deletion" value="1"> {\'confirm\'|@translate}</label>
256  <input class="submit" type="submit" value="{\'Delete selected users\'|@translate}" name="delete">
257</fieldset>
258';
259 
260    $addon = '
261<fieldset>
262  <legend>{\'UAM_PwdReset\'|@translate}</legend>
263  <label><input type="checkbox" name="confirm_pwdreset" value="1"> {\'confirm\'|@translate}</label>
264  <input class="submit" type="submit" value="{\'UAM_Password reset selected users\'|@translate}" name="pwdreset">
265</fieldset>
266';
267
268    $replacement = $addon.$search;
269
270    return str_replace($search, $replacement, $content);
271  }
272}
[3742]273?>
Note: See TracBrowser for help on using the repository browser.