Changeset 25089 for extensions/Password_Policy/include
- Timestamp:
- Oct 23, 2013, 5:24:35 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Password_Policy/include/functions.inc.php
r25050 r25089 30 30 * Triggered on loc_begin_index 31 31 * 32 * Initiating GhostTracker - Perform user logout after registration if not validated32 * Initiating GhostTracker - Perform user logout after registration if account locked 33 33 */ 34 34 function PP_Init() … … 45 45 { 46 46 // Perform user logout if user account is locked 47 if ((isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true') 48 and PP_UsrBlock_Verif($user['id']) 49 and !is_admin() 50 and !is_webmaster()) 47 if ( 48 (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true') 49 and PP_UsrBlock_Verif($user['username']) 50 and !is_admin() 51 and !is_webmaster() 52 ) 51 53 { 52 54 invalidate_user_cache(); 53 55 logout_user(); 54 if ( $conf['guest_access'])55 { 56 redirect( 56 if ($conf['guest_access']) 57 { 58 redirect(make_index_url().'?PP_msg=locked', 0); 57 59 } 58 60 else 59 61 { 60 redirect( get_root_url().'identification.php?PP_msg=locked' , 0); 61 } 62 redirect(get_root_url().'identification.php?PP_msg=locked' , 0); 63 } 64 } 65 } 66 } 67 68 69 /** 70 * Triggered on init 71 * 72 * Displays messages on index page 73 */ 74 function PP_InitPage() 75 { 76 global $conf, $template, $page, $lang, $errors; 77 78 load_language('plugin.lang', PP_PATH); 79 80 if( isset($_GET['PP_msg'])) 81 { 82 PP_DisplayMsg(); 83 } 84 } 85 86 87 /** 88 * Triggered on init 89 * 90 * Display a message according to $_GET['PP_msg'] 91 */ 92 function PP_DisplayMsg() 93 { 94 if (isset($_GET['PP_msg'])) 95 { 96 global $user, $lang, $conf, $page; 97 $conf_PP = unserialize($conf['PasswordPolicy']); 98 99 // User account locked after x failed attempts 100 if (isset($conf_PP['USRLOCKEDTXT']) and !empty($conf_PP['USRLOCKEDTXT']) and $_GET['PP_msg']=="locked") 101 { 102 if (function_exists('get_user_language_desc'))// Extended Description [lang] feature 103 { 104 $custom_text = get_user_language_desc($conf_PP['USRLOCKEDTXT']); 105 } 106 else $custom_text = l10n($conf_PP['USRLOCKEDTXT']); 107 108 $page["errors"][]=$custom_text; 62 109 } 63 110 } … … 70 117 * 71 118 */ 72 function PP_log_fail( )119 function PP_log_fail($username) 73 120 { 74 121 global $conf, $user; 122 123 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 75 124 76 125 $conf_PP = unserialize($conf['PasswordPolicy']); … … 87 136 UPDATE '.USERS_TABLE.' 88 137 SET PP_loginfailcount = PP_loginfailcount+1 89 WHERE user _id = '.$userid.'138 WHERE username = "'.stripslashes($username).'" 90 139 LIMIT 1 91 140 ;'; … … 95 144 SELECT PP_loginfailcount 96 145 FROM '.USERS_TABLE.' 97 WHERE user _id = '.$userid.'98 ;'; 99 100 $datas = pwg_ query($query);101 102 // If number of failed logon exeeds 3, set the account as locked103 if (isset($datas['PP_loginfailcount']) and $datas['PP_loginfailcount'] > $conf_PP['NBLOGFAIL'])146 WHERE username = "'.stripslashes($username).'" 147 ;'; 148 149 $datas = pwg_db_fetch_assoc(pwg_query($query)); 150 151 // If number of failed logon exeeds $conf_PP['NBLOGFAIL'], set the account as locked 152 if (isset($datas['PP_loginfailcount']) and $datas['PP_loginfailcount'] >= $conf_PP['NBLOGFAIL']) 104 153 { 105 154 $query = ' 106 155 UPDATE '.USERS_TABLE.' 107 156 SET PP_lock = "true" 108 WHERE user _id = '.$userid.'157 WHERE username = "'.stripslashes($username).'" 109 158 LIMIT 1 110 159 ;'; 111 160 pwg_query($query); 112 } 113 } 114 } 115 116 117 /** 118 * PP_loc_visible_user_list 161 162 } 163 } 164 } 165 166 167 /** 168 * PP_user_list_pwdreset 119 169 * Adds a new feature in user_list to allow password reset for selected users by admin 120 170 * 121 171 */ 122 function PP_ loc_visible_user_list($visible_user_list)172 function PP_user_list_pwdreset($visible_user_list) 123 173 { 124 174 global $template; 175 176 load_language('plugin.lang', PP_PATH); 125 177 126 178 $template->append('plugin_user_list_column_titles', l10n('PP_PwdReset')); … … 166 218 167 219 /** 220 * PP_user_list_locked 221 * Adds a new feature in user_list to allow password reset for selected users by admin 222 * 223 */ 224 function PP_user_list_locked($visible_user_list) 225 { 226 global $template; 227 228 load_language('plugin.lang', PP_PATH); 229 230 $template->append('plugin_user_list_column_titles', l10n('PP_LockedUsers')); 231 232 $user_ids = array(); 233 234 foreach ($visible_user_list as $i => $user) 235 { 236 $user_ids[$i] = $user['id']; 237 } 238 239 $user_nums = array_flip($user_ids); 240 241 // Query to get information in database 242 // ------------------------------------ 243 if (!empty($user_ids)) 244 { 245 $query = ' 246 SELECT DISTINCT id, PP_lock 247 FROM '.USERS_TABLE.' 248 WHERE id IN ('.implode(',', $user_ids).') 249 ;'; 250 $result = pwg_query($query); 251 252 while ($row = pwg_db_fetch_assoc($result)) 253 { 254 if ($row['PP_lock'] == 'false') 255 { 256 $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/nolock.png" title="'.l10n('PP_User Not Locked').'" alt="'.l10n('PP_User Not Locked').'"/>'; 257 } 258 else if ($row['PP_lock'] == 'true') 259 { 260 $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/lock.png" title="'.l10n('PP_User Locked').'" alt="'.l10n('PP_User Locked').'"/>'; 261 } 262 else $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/nolock.png" title="'.l10n('PP_User Not Locked').'" alt="'.l10n('PP_User Not Locked').'"/>'; 263 264 $visible_user_list[$user_nums[$row['id']]]['plugin_columns'][] = $LockedUser; // Shows users account state in user_list 265 } 266 } 267 return $visible_user_list; 268 } 269 270 271 /** 168 272 * Triggered on login_success 169 273 * … … 178 282 179 283 $conf_PP = unserialize($conf['PasswordPolicy']); 284 285 // Perfoming redirection for locked accounts 286 // ----------------------------------------- 287 if (!is_admin() and !is_a_guest() and $user['username'] != "16" and $user['username'] != "18") 288 { 289 // Perform user logout if user account is locked 290 if ((isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true') 291 and PP_UsrBlock_Verif($user['username']) 292 and !is_admin() 293 and !is_webmaster()) 294 { 295 invalidate_user_cache(); 296 logout_user(); 297 if ($conf['guest_access']) 298 { 299 redirect(make_index_url().'?PP_msg=locked', 0); 300 } 301 else 302 { 303 redirect(get_root_url().'identification.php?PP_msg=locked' , 0); 304 } 305 } 306 } 180 307 181 308 // Performing redirection to profile page for password reset … … 227 354 { 228 355 $PasswordCheck = PP_testpassword($user['password']); 229 356 230 357 if ($PasswordCheck < $conf_PP['PASSWORD_SCORE']) 231 358 { … … 238 365 { 239 366 $PasswordCheck = PP_testpassword($user['password']); 240 367 241 368 if ($PasswordCheck < $conf_PP['PASSWORD_SCORE']) 242 369 { … … 247 374 } 248 375 } 376 return $errors; 249 377 } 250 378 } … … 257 385 { 258 386 global $conf, $user, $template; 387 388 load_language('plugin.lang', PP_PATH); 259 389 260 390 $conf_PP = unserialize($conf['PasswordPolicy']); … … 458 588 * @returns : True if account is locked else False 459 589 */ 460 function PP_UsrBlock_Verif($user _id)590 function PP_UsrBlock_Verif($username) 461 591 { 462 592 global $conf; … … 465 595 SELECT PP_Lock 466 596 FROM '.USERS_TABLE.' 467 WHERE id='.$user_id.'597 WHERE username = "'.stripslashes($username).'" 468 598 ;'; 469 599 … … 475 605 } 476 606 else return false; 607 } 608 609 610 /** 611 * PP_unlock_user 612 * Action in user_list to unlock a user 613 */ 614 function PP_unlock_user($uid) 615 { 616 // Reset PP_loginfailcount value to 0 617 $query =' 618 UPDATE '.USERS_TABLE.' 619 SET PP_loginfailcount = 0 620 WHERE id = '.$uid.' 621 LIMIT 1 622 ;'; 623 624 pwg_query($query); 625 626 // Set account as unlocked 627 $query =' 628 UPDATE '.USERS_TABLE.' 629 SET PP_lock = "false" 630 WHERE id = '.$uid.' 631 LIMIT 1 632 ;'; 633 634 pwg_query($query); 477 635 } 478 636 … … 530 688 return $plugin ; 531 689 } 690 691 692 /** 693 * Useful for debugging - 4 vars can be set 694 * Output result to log.txt file 695 * 696 */ 697 function PPLog($var1, $var2, $var3, $var4) 698 { 699 $fo=fopen (PP_PATH.'log.txt','a') ; 700 fwrite($fo,"======================\n") ; 701 fwrite($fo,'le ' . date('D, d M Y H:i:s') . "\r\n"); 702 fwrite($fo,$var1 ."\r\n") ; 703 fwrite($fo,$var2 ."\r\n") ; 704 fwrite($fo,$var3 ."\r\n") ; 705 fwrite($fo,$var4 ."\r\n") ; 706 fclose($fo) ; 707 } 532 708 ?>
Note: See TracChangeset
for help on using the changeset viewer.