root/extensions/UserAdvManager/trunk/main.inc.php @ 12314

Revision 12314, 7.9 KB (checked in by Eric, 20 months ago)

Bug 2455 fixed - Exclusion of specific users (généric and admins users) for password reset function.
Bug 2451 fixed - Unable to handle Sql errors but control of backup file validity have been enforced.
  • Property svn:eol-style set to LF
Line 
1<?php
2/*
3Plugin Name: UserAdvManager
4Version: 2.30.0
5Description: Renforcer la gestion des utilisateurs - Enforce users management
6Plugin URI: http://piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/* History:  UAM_PATH.'Changelog.txt.php' */
12
13/*
14 ***** TODO List *****
15See project bugtracker: http://piwigo.org/bugs/my_view_page.php
16*/
17
18if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
19if (!defined('UAM_PATH')) define('UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
20
21global $conf;
22
23include_once (UAM_PATH.'include/constants.php');
24include_once (UAM_PATH.'include/functions.inc.php');
25
26load_language('plugin.lang', UAM_PATH);
27$conf_UAM = unserialize($conf['UserAdvManager']);
28
29
30// Plugin administration panel
31// ---------------------------
32add_event_handler('get_admin_plugin_menu_links', 'UAM_admin_menu');
33
34// Lastvisit table feed for Ghost Tracker
35// --------------------------------------
36add_event_handler('loc_begin_index', 'UAM_GhostTracker');
37
38// User creation
39// -------------
40add_event_handler('register_user', 'UAM_Adduser');
41
42// User deletion
43// -------------
44add_event_handler('delete_user', 'UAM_Deluser');
45
46// Check users registration
47// ------------------------
48add_event_handler('register_user_check', 'UAM_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
49
50if (script_basename() == 'profile')
51{
52  add_event_handler('loc_begin_profile', 'UAM_Profile_Init');
53}
54
55// Redirection to profile page
56// ---------------------------
57add_event_handler('login_success', 'UAM_LoginTasks');
58
59// Adding customized text to lost password email
60// ---------------------------------------------
61add_event_handler('render_lost_password_mail_content', 'UAM_lost_password_mail_content');
62
63// *** Important ! This is necessary to make email exclusion work in admin's users management panel ***
64// ----------------------------------------------------------------------------------------------------
65add_event_handler('init', 'UAM_InitPage');
66
67// PWG_Stuffs module
68// -----------------
69if ((isset($conf_UAM[33]) and $conf_UAM[33] == 'true'))
70{
71  add_event_handler('get_stuffs_modules', 'register_UAM_stuffs_module');
72}
73
74// Add new feature in user_list - Password Reset
75// ---------------------------------------------
76if ((isset($conf_UAM[38]) and $conf_UAM[38] == 'true'))
77{
78  // Add new column on user_list
79  // ---------------------------
80  add_event_handler('loc_visible_user_list', 'UAM_loc_visible_user_list');
81
82  // Add prefilter on user_list
83  // --------------------------
84  add_event_handler('loc_begin_admin', 'UAM_PwdReset_Action',60);
85
86  /**
87   * UAM_PwdReset_Action - Triggered on UAM_PwdReset_Action
88   * Handle passord reset action in user_list.php
89   */
90  function UAM_PwdReset_Action()
91  {
92    global $conf, $user, $template, $lang, $errors;
93
94    $page['errors'] = array();
95    $page['infos'] = array();
96    $page['filtered_users'] = array();
97
98    if (isset($_POST['pwdreset']))
99    {
100      $collection = array();
101
102      switch ($_POST['target'])
103      {
104        case 'all' :
105        {
106          foreach($page['filtered_users'] as $local_user)
107          {
108            array_push($collection, $local_user['id']);
109          }
110          break;
111        }
112        case 'selection' :
113        {
114          if (isset($_POST['selection']))
115          {
116            $collection = $_POST['selection'];
117          }
118          break;
119        }
120      }
121
122      if (count($collection) == 0)
123      {
124        array_push($page['errors'], l10n('Select at least one user'));
125      }
126    }
127
128    if (isset($_POST['pwdreset']) and count($collection) > 0)
129    {
130      if (in_array($conf['guest_id'], $collection))
131      {
132        array_push($page['errors'], l10n('UAM_Guest cannot be pwdreset'));
133        $errors = l10n('UAM_Guest cannot be pwdreset');
134      }
135      if (($conf['guest_id'] != $conf['default_user_id']) and
136        in_array($conf['default_user_id'], $collection))
137      {
138        array_push($page['errors'], l10n('UAM_Default user cannot be pwgreset'));
139        $errors = l10n('UAM_Default user cannot be pwgreset');
140      }
141      if (in_array($conf['webmaster_id'], $collection))
142      {
143        array_push($page['errors'], l10n('UAM_Webmaster cannot be pwdreset'));
144        $errors = l10n('UAM_Webmaster cannot be pwdreset');
145      }
146      if (in_array($user['id'], $collection))
147      {
148        array_push($page['errors'], l10n('UAM_You cannot pwdreset your account'));
149        $errors = l10n('UAM_You cannot pwdreset your account');
150      }
151
152      // Generic accounts exclusion (including Adult_Content generic users)
153      // ------------------------------------------------------------------
154      $query ='
155SELECT u.id
156FROM '.USERS_TABLE.' AS u
157INNER JOIN '.USER_INFOS_TABLE.' AS ui
158  ON u.id = ui.user_id
159WHERE ui.status = "generic"
160;';
161
162            $result = pwg_query($query);
163
164      while ($row = pwg_db_fetch_assoc($result))
165      {
166        if (in_array($row['id'], $collection))
167        {
168          array_push($page['errors'], l10n('UAM_Generic cannot be pwdreset'));
169          $errors = l10n('UAM_Generic cannot be pwdreset');
170        }
171      }
172
173      // Admins accounts exclusion
174      // --------------------------
175      $query ='
176SELECT u.id
177FROM '.USERS_TABLE.' AS u
178INNER JOIN '.USER_INFOS_TABLE.' AS ui
179  ON u.id = ui.user_id
180WHERE ui.status = "admin"
181;';
182
183            $result = pwg_query($query);
184
185      while ($row = pwg_db_fetch_assoc($result))
186      {
187        if (in_array($row['id'], $collection))
188        {
189          array_push($page['errors'], l10n('UAM_Admins cannot be pwdreset'));
190          $errors = l10n('UAM_Admins cannot be pwdreset');
191        }
192      }
193
194      $template->append('errors', $errors);
195
196      if (count($page['errors']) == 0)
197      {
198        if (isset($_POST['confirm_pwdreset']) and 1 == $_POST['confirm_pwdreset'])
199        {
200          foreach ($collection as $user_id)
201          {
202            UAM_Set_PwdReset($user_id);
203          }
204          array_push(
205            $page['infos'],
206            l10n_dec(
207              'UAM %d user pwdreseted', 'UAM %d users pwdreseted',
208              count($collection)
209              )
210            );
211          $template->append('infos', l10n_dec(
212              'UAM %d user pwdreseted', 'UAM %d users pwdreseted',
213              count($collection)));
214          foreach ($page['filtered_users'] as $filter_key => $filter_user)
215          {
216            if (in_array($filter_user['id'], $collection))
217            {
218              unset($page['filtered_users'][$filter_key]);
219            }
220          }
221        }
222        else
223        {
224          array_push($page['errors'], l10n('UAM_You need to confirm pwdreset'));
225          $template->append('errors', l10n('UAM_You need to confirm pwdreset'));
226        }
227      }
228    }
229
230$page['order_by_items'] = array(
231  'id' => l10n('registration date'),
232  'username' => l10n('Username'),
233  'level' => l10n('Privacy level'),
234  'Language' => l10n('Language'),
235  'UAM_pwdreset' => l10n('UAM_PwdReset'),
236  );
237
238// Filter order options
239$template->assign('order_options', $page['order_by_items']);
240$template->assign('order_selected',
241    isset($_GET['order_by']) ? $_GET['order_by'] : '');
242
243    $template->set_prefilter('user_list', 'UAM_PwdReset_Prefilter');
244  }
245
246  /**
247   * UAM_PwdReset_Prefilter
248   * Adds action field for password reset in user_list.tpl
249   */
250  function UAM_PwdReset_Prefilter($content, &$smarty)
251  {
252    $search = '
253<fieldset>
254  <legend>{\'Deletions\'|@translate}</legend>
255  <label><input type="checkbox" name="confirm_deletion" value="1"> {\'confirm\'|@translate}</label>
256  <input class="submit" type="submit" value="{\'Delete selected users\'|@translate}" name="delete">
257</fieldset>
258';
259 
260    $addon = '
261<fieldset>
262  <legend>{\'UAM_PwdReset\'|@translate}</legend>
263  <label><input type="checkbox" name="confirm_pwdreset" value="1"> {\'confirm\'|@translate}</label>
264  <input class="submit" type="submit" value="{\'UAM_Password reset selected users\'|@translate}" name="pwdreset">
265</fieldset>
266';
267
268    $replacement = $addon.$search;
269
270    return str_replace($search, $replacement, $content);
271  }
272}
273?>
Note: See TracBrowser for help on using the browser.