Ignore:
Timestamp:
Oct 23, 2013, 5:24:35 PM (10 years ago)
Author:
Eric
Message:

Initial release 2.5.0

File:
1 edited

Legend:

Unmodified
Added
Removed
  • extensions/Password_Policy/include/functions.inc.php

    r25050 r25089  
    3030 * Triggered on loc_begin_index
    3131 *
    32  * Initiating GhostTracker - Perform user logout after registration if not validated
     32 * Initiating GhostTracker - Perform user logout after registration if account locked
    3333 */
    3434function PP_Init()
     
    4545  {
    4646    // Perform user logout if user account is locked
    47     if ((isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true')
    48           and PP_UsrBlock_Verif($user['id'])
    49           and !is_admin()
    50           and !is_webmaster())
     47    if (
     48        (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true')
     49        and PP_UsrBlock_Verif($user['username'])
     50        and !is_admin()
     51        and !is_webmaster()
     52        )
    5153    {
    5254      invalidate_user_cache();
    5355      logout_user();
    54       if ( $conf['guest_access'] )
    55       {
    56         redirect( make_index_url().'?PP_msg=locked', 0);
     56      if ($conf['guest_access'])
     57      {
     58        redirect(make_index_url().'?PP_msg=locked', 0);
    5759      }
    5860      else
    5961      {
    60         redirect( get_root_url().'identification.php?PP_msg=locked' , 0);
    61       }
     62        redirect(get_root_url().'identification.php?PP_msg=locked' , 0);
     63      }
     64    }
     65  }
     66}
     67
     68
     69/**
     70 * Triggered on init
     71 *
     72 * Displays messages on index page
     73 */
     74function PP_InitPage()
     75{
     76  global $conf, $template, $page, $lang, $errors;
     77
     78  load_language('plugin.lang', PP_PATH);
     79
     80  if( isset($_GET['PP_msg']))
     81  {
     82    PP_DisplayMsg();
     83  }
     84}
     85
     86
     87/**
     88 * Triggered on init
     89 *
     90 * Display a message according to $_GET['PP_msg']
     91 */
     92function PP_DisplayMsg()
     93{
     94  if (isset($_GET['PP_msg']))
     95  {
     96    global $user, $lang, $conf, $page;
     97    $conf_PP = unserialize($conf['PasswordPolicy']);
     98
     99    // User account locked after x failed attempts
     100    if (isset($conf_PP['USRLOCKEDTXT']) and !empty($conf_PP['USRLOCKEDTXT']) and $_GET['PP_msg']=="locked")
     101    {
     102      if (function_exists('get_user_language_desc'))// Extended Description [lang] feature
     103      {
     104        $custom_text = get_user_language_desc($conf_PP['USRLOCKEDTXT']);
     105      }
     106      else $custom_text = l10n($conf_PP['USRLOCKEDTXT']);
     107
     108      $page["errors"][]=$custom_text;
    62109    }
    63110  }
     
    70117 *
    71118 */
    72 function PP_log_fail()
     119function PP_log_fail($username)
    73120{
    74121  global $conf, $user;
     122
     123  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
    75124
    76125  $conf_PP = unserialize($conf['PasswordPolicy']);
     
    87136UPDATE '.USERS_TABLE.'
    88137SET PP_loginfailcount = PP_loginfailcount+1
    89 WHERE user_id = '.$userid.'
     138WHERE username = "'.stripslashes($username).'"
    90139LIMIT 1
    91140;';
     
    95144SELECT PP_loginfailcount
    96145FROM '.USERS_TABLE.'
    97 WHERE user_id = '.$userid.'
    98 ;';
    99 
    100     $datas = pwg_query($query);
    101 
    102     // If number of failed logon exeeds 3, set the account as locked
    103     if (isset($datas['PP_loginfailcount']) and $datas['PP_loginfailcount'] > $conf_PP['NBLOGFAIL'])
     146WHERE username = "'.stripslashes($username).'"
     147;';
     148
     149    $datas = pwg_db_fetch_assoc(pwg_query($query));
     150
     151    // If number of failed logon exeeds $conf_PP['NBLOGFAIL'], set the account as locked
     152    if (isset($datas['PP_loginfailcount']) and $datas['PP_loginfailcount'] >= $conf_PP['NBLOGFAIL'])
    104153    {
    105154      $query = '
    106155UPDATE '.USERS_TABLE.'
    107156SET PP_lock = "true"
    108 WHERE user_id = '.$userid.'
     157WHERE username = "'.stripslashes($username).'"
    109158LIMIT 1
    110159;';
    111160      pwg_query($query);
    112     }
    113   }
    114 }
    115 
    116 
    117 /**
    118  * PP_loc_visible_user_list
     161
     162    }
     163  }
     164}
     165
     166
     167/**
     168 * PP_user_list_pwdreset
    119169 * Adds a new feature in user_list to allow password reset for selected users by admin
    120170 *
    121171 */
    122 function PP_loc_visible_user_list($visible_user_list)
     172function PP_user_list_pwdreset($visible_user_list)
    123173{
    124174  global $template;
     175 
     176  load_language('plugin.lang', PP_PATH);
    125177
    126178  $template->append('plugin_user_list_column_titles', l10n('PP_PwdReset'));
     
    166218
    167219/**
     220 * PP_user_list_locked
     221 * Adds a new feature in user_list to allow password reset for selected users by admin
     222 *
     223 */
     224function PP_user_list_locked($visible_user_list)
     225{
     226  global $template;
     227 
     228  load_language('plugin.lang', PP_PATH);
     229
     230  $template->append('plugin_user_list_column_titles', l10n('PP_LockedUsers'));
     231
     232  $user_ids = array();
     233
     234  foreach ($visible_user_list as $i => $user)
     235  {
     236    $user_ids[$i] = $user['id'];
     237  }
     238
     239  $user_nums = array_flip($user_ids);
     240
     241  // Query to get information in database
     242  // ------------------------------------
     243  if (!empty($user_ids))
     244  {
     245    $query = '
     246SELECT DISTINCT id, PP_lock
     247  FROM '.USERS_TABLE.'
     248  WHERE id IN ('.implode(',', $user_ids).')
     249;';
     250    $result = pwg_query($query);
     251
     252    while ($row = pwg_db_fetch_assoc($result))
     253    {
     254      if ($row['PP_lock'] == 'false')
     255      {
     256        $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/nolock.png" title="'.l10n('PP_User Not Locked').'" alt="'.l10n('PP_User Not Locked').'"/>';
     257      }
     258      else if ($row['PP_lock'] == 'true')
     259      {
     260        $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/lock.png" title="'.l10n('PP_User Locked').'" alt="'.l10n('PP_User Locked').'"/>';
     261      }
     262      else $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/nolock.png" title="'.l10n('PP_User Not Locked').'" alt="'.l10n('PP_User Not Locked').'"/>';
     263
     264                  $visible_user_list[$user_nums[$row['id']]]['plugin_columns'][] = $LockedUser; // Shows users account state in user_list
     265    }
     266  }
     267  return $visible_user_list;
     268}
     269
     270
     271/**
    168272 * Triggered on login_success
    169273 *
     
    178282
    179283  $conf_PP = unserialize($conf['PasswordPolicy']);
     284
     285  // Perfoming redirection for locked accounts
     286  // -----------------------------------------
     287  if (!is_admin() and !is_a_guest() and $user['username'] != "16" and $user['username'] != "18")
     288  {
     289    // Perform user logout if user account is locked
     290    if ((isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true')
     291          and PP_UsrBlock_Verif($user['username'])
     292          and !is_admin()
     293          and !is_webmaster())
     294    {
     295      invalidate_user_cache();
     296      logout_user();
     297      if ($conf['guest_access'])
     298      {
     299        redirect(make_index_url().'?PP_msg=locked', 0);
     300      }
     301      else
     302      {
     303        redirect(get_root_url().'identification.php?PP_msg=locked' , 0);
     304      }
     305    }
     306  }
    180307
    181308  // Performing redirection to profile page for password reset
     
    227354      {
    228355        $PasswordCheck = PP_testpassword($user['password']);
    229  
     356
    230357        if ($PasswordCheck < $conf_PP['PASSWORD_SCORE'])
    231358        {
     
    238365      {
    239366        $PasswordCheck = PP_testpassword($user['password']);
    240  
     367
    241368        if ($PasswordCheck < $conf_PP['PASSWORD_SCORE'])
    242369        {
     
    247374      }
    248375    }
     376    return $errors;
    249377  }
    250378}
     
    257385{
    258386  global $conf, $user, $template;
     387 
     388  load_language('plugin.lang', PP_PATH);
    259389
    260390  $conf_PP = unserialize($conf['PasswordPolicy']);
     
    458588 * @returns : True if account is locked else False
    459589 */
    460 function PP_UsrBlock_Verif($user_id)
     590function PP_UsrBlock_Verif($username)
    461591{
    462592  global $conf;
     
    465595SELECT PP_Lock
    466596FROM '.USERS_TABLE.'
    467 WHERE id='.$user_id.'
     597WHERE username = "'.stripslashes($username).'"
    468598;';
    469599
     
    475605  }
    476606  else return false;
     607}
     608
     609
     610/**
     611 * PP_unlock_user
     612 * Action in user_list to unlock a user
     613 */
     614function PP_unlock_user($uid)
     615{
     616  // Reset PP_loginfailcount value to 0
     617  $query ='
     618UPDATE '.USERS_TABLE.'
     619SET PP_loginfailcount = 0
     620WHERE id = '.$uid.'
     621LIMIT 1
     622;';
     623
     624  pwg_query($query);
     625 
     626  // Set account as unlocked
     627  $query ='
     628UPDATE '.USERS_TABLE.'
     629SET PP_lock = "false"
     630WHERE id = '.$uid.'
     631LIMIT 1
     632;';
     633
     634  pwg_query($query);
    477635}
    478636
     
    530688  return $plugin ;
    531689}
     690
     691
     692/**
     693 * Useful for debugging - 4 vars can be set
     694 * Output result to log.txt file
     695 *
     696 */
     697function PPLog($var1, $var2, $var3, $var4)
     698{
     699   $fo=fopen (PP_PATH.'log.txt','a') ;
     700   fwrite($fo,"======================\n") ;
     701   fwrite($fo,'le ' . date('D, d M Y H:i:s') . "\r\n");
     702   fwrite($fo,$var1 ."\r\n") ;
     703   fwrite($fo,$var2 ."\r\n") ;
     704   fwrite($fo,$var3 ."\r\n") ;
     705   fwrite($fo,$var4 ."\r\n") ;
     706   fclose($fo) ;
     707}
    532708?>
Note: See TracChangeset for help on using the changeset viewer.