Context Navigation

source: extensions/NBC_UserAdvManager-Trunk/main.inc.php @ 3444

Last change on this file since 3444 was 3444, checked in by Eric, 15 years ago

Preview, sharing and working directory for new plugin version. !! Warning !! For coding only !! This is not a stable release nor a release candidate.

Initial coding version is 2.11.0.x. The next stable release should be committed in NBC_UserAdvManager directory under version 2.11.x.

Property svn:eol-style set to LF

File size: 15.3 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.11.0
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Force expiration, list unvalidated users,...)
40	Beautify plugin's main admin panel
41
42	*/
43
44	/*
45
46	*** TODO List ***
47
48	++ No validation needed for admins users comments (new trigger needed in comments.php)
49
50	++ No single email check for admins (new trigger needed in (functions_user.inc.php ?))
51
52	++ Administration page for Confirm Mail
53	++ Admin tabsheet for Confirm Mail to set options :
54	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
55	-- List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
56	++ List of users with expired validation time
57	-- List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
58	++ Opportunities to take actions on database tables :
59	++ Re-asking validation (case of non reception of validation email)
60	++ Force expiration
61	++ Force confirmation
62	++ Cleanup expired user's accounts
63	++ (...)
64
65	++ Password control and enforcement
66	-- Empty password (done in Piwigo 2.x)
67	++ Can not be the same as username
68	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
69
70	++ Security : Blocking brut-force attacks !
71
72	++ Opportunity to copy a registered user for new user creation
73	++ new copied user will (or not) belong to the same groups
74	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
75	++ new copied user will (or not) get the same properties
76	++ new copied user will (or not) get the same language
77	... and so on
78
79	*/
80
81
82
83	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
84	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
85	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
86	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
87	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
88	load_language('plugin.lang', NBC_UserAdvManager_PATH);
89
90
91	/* Plugin admin */
92	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
93
94	function nbc_UserAdvManager_admin_menu($menu)
95	{
96	array_push($menu,
97	array(
98	'NAME' => 'UserAdvManager',
99	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
100	)
101	);
102
103	return $menu;
104	}
105
106
107
108	/* User creation */
109	add_event_handler('register_user', 'UserAdvManager_Adduser');
110
111	function UserAdvManager_Adduser($register_user)
112	{
113	global $conf;
114
115	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
116
117	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
118	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
119	}
120
121
122
123	/* User deletion */
124	add_event_handler('delete_user', 'UserAdvManager_Deluser');
125
126	function UserAdvManager_Deluser($user_id)
127	{
128
129	DeleteConfirmMail($user_id);
130
131	}
132
133
134
135	add_event_handler('init', 'UserAdvManager_InitPage');
136
137	function UserAdvManager_InitPage()
138	{
139	load_language('plugin.lang', NBC_UserAdvManager_PATH);
140	global $conf, $template, $page, $lang;
141
142	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
143
144
145	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
146	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
147
148
149
150	/* User identification */
151	if (script_basename() == 'identification')
152	{
153	if (isset($_POST['login']))
154	{
155	/* User non case sensitive */
156	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
157	{
158	$new_username = NotSensibleSearchUsername($_POST['username']);
159	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
160	}
161	}
162	}
163
164
165
166	/* Admin user management */
167	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
168	{
169	if (isset($_POST['submit_add']))
170	{
171	/* User non case sensitive */
172	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
173	{
174	$new_username = NotSensibleSearchUsername($_POST['login']);
175	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
176	}
177
178
179	/* Username without forbidden keys */
180	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
181	{
182	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
183	$_POST['login'] = '';
184	}
185
186	/* Email without forbidden domains */
187	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
188	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
189	//{
190	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
191	// $_POST['login'] = '';
192	//}
193	/* This work with a code copy of ValidateEmailProvider() function */
194	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
195	{
196	$ncsemail = strtolower($_POST['email']);
197	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
198	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
199	{
200	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
201	{
202	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
203	$_POST['login'] = '';
204	}
205	}
206	}
207	}
208	}
209
210	/* User creation */
211	if (script_basename() == 'register')
212	{
213	if (isset($_POST['submit']))
214	{
215	/* Username non case sensitive */
216	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
217	{
218	$new_username = NotSensibleSearchUsername($_POST['login']);
219	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
220	}
221
222
223	/* Username without forbidden keys */
224	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
225	{
226	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
227	$_POST['login'] = '';
228	}
229
230
231	/* Email without forbidden domains */
232	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
233	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
234	//{
235	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
236	// $_POST['mail_address'] = '';
237	//}
238	/* This work with a code copy of ValidateEmailProvider() function */
239	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
240	{
241	$ncsemail = strtolower($_POST['mail_address']);
242	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
243	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
244	{
245	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
246	{
247	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
248	$_POST['login'] = '';
249	}
250	}
251	}
252	}
253	}
254
255	/* User profile update */
256	if (script_basename() == 'profile')
257	{
258	if (isset($_POST['validate']))
259	{
260	/* Sending email to user */
261	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
262	{
263	global $conf, $user ;
264	$errors = array();
265
266	$int_pattern = '/^\d+$/';
267	if (empty($_POST['nb_image_line'])
268	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
269	{
270	$errors[] = l10n('nb_image_line_error');
271	}
272
273	if (empty($_POST['nb_line_page'])
274	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
275	{
276	$errors[] = l10n('nb_line_page_error');
277	}
278
279	if ($_POST['maxwidth'] != ''
280	and (!preg_match($int_pattern, $_POST['maxwidth'])
281	or $_POST['maxwidth'] < 50))
282	{
283	$errors[] = l10n('maxwidth_error');
284	}
285	if ($_POST['maxheight']
286	and (!preg_match($int_pattern, $_POST['maxheight'])
287	or $_POST['maxheight'] < 50))
288	{
289	$errors[] = l10n('maxheight_error');
290	}
291	// periods must be integer values, they represents number of days
292	if (!preg_match($int_pattern, $_POST['recent_period'])
293	or $_POST['recent_period'] <= 0)
294	{
295	$errors[] = l10n('periods_error') ;
296	}
297
298	if (isset($_POST['mail_address']))
299	{
300	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
301	if (!empty($mail_error))
302	{
303	$errors[] = $mail_error;
304	}
305	/* This don't work on user's profile page - Why ?? */
306	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
307	{
308	$ncsemail = strtolower($_POST['mail_address']);
309	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
310	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
311	{
312	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
313	{
314	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
315	}
316	}
317	}
318	if (!empty($mail_error))
319	{
320	$errors[] = $mail_error;
321	}
322	}
323	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
324	//if (isset($_POST['mail_address']))
325	//{
326	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
327	// if (!empty($mail_error))
328	// {
329	// $errors[] = $mail_error;
330	// }
331	//}
332
333	$typemail = 3;
334
335	if (!empty($_POST['use_new_pwd']))
336	{
337	$typemail = 2;
338
339	// password must be the same as its confirmation
340	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
341	{
342	$errors[] = l10n('New password confirmation does not correspond');
343	}
344
345	if ( !defined('IN_ADMIN') )
346	{// changing password requires old password
347	$query = '
348	SELECT '.$conf['user_fields']['password'].' AS password
349	FROM '.USERS_TABLE.'
350	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
351	;';
352	list($current_password) = mysql_fetch_row(pwg_query($query));
353
354	if ($conf['pass_convert']($_POST['password']) != $current_password)
355	{
356	$errors[] = l10n('Current password is wrong');
357	}
358	}
359	}
360
361	$confirm_mail_need = false;
362
363	if (!empty($_POST['mail_address']))
364	{
365	$query = '
366	SELECT '.$conf['user_fields']['email'].' AS email
367	FROM '.USERS_TABLE.'
368	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
369	;';
370	list($current_email) = mysql_fetch_row(pwg_query($query));
371
372	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
373	$confirm_mail_need = true;
374	}
375
376	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
377	{
378	$query = '
379	SELECT '.$conf['user_fields']['username'].'
380	FROM '.USERS_TABLE.'
381	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
382	;';
383	list($username) = mysql_fetch_row(pwg_query($query));
384
385
386	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
387	}
388	}
389	}
390	}
391	}
392
393	add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
394
395	function ChangeRegisterProfilePage()
396	{
397	global $conf, $template;
398
399	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
400
401	/* creation OU mise a jour de user */
402	// if (in_array(script_basename(), array('register', 'profile')))
403	// {
404	//if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
405	//{
406	// $template->set_filenames( array('register'=>'register.tpl') );
407
408	// $template->loadfile('register');
409
410	// $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);
411	//}
412	// }
413	}
414
415	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
416
417	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
418	{
419	load_language('plugin.lang', NBC_UserAdvManager_PATH);
420	global $infos, $conf, $template;
421
422	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
423
424	/* User creation OR update */
425	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
426	{
427	$comment_action = 'reject';
428
429	array_push($infos, l10n('UserAdvManager_Empty Author'));
430	}
431
432	return $comment_action;
433	}
434
435	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: