source: extensions/NBC_UserAdvManager-Trunk/main.inc.php @ 3530

Last change on this file since 3530 was 3444, checked in by Eric, 15 years ago

Preview, sharing and working directory for new plugin version. !! Warning !! For coding only !! This is not a stable release nor a release candidate.

Initial coding version is 2.11.0.x. The next stable release should be committed in NBC_UserAdvManager directory under version 2.11.x.

  • Property svn:eol-style set to LF
File size: 15.3 KB
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.11.0
5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                        Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                        Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                        Bug fixed - Notice on forbidden characters function use
34                        Bug fixed - Audit on forbidden characters in username didn't work
35                        Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Force expiration, list unvalidated users,...)
40                        Beautify plugin's main admin panel
41
42*/
43
44/*
45
46 ***** TODO List *****
47
48++ No validation needed for admins users comments (new trigger needed in comments.php)
49
50++ No single email check for admins (new trigger needed in (functions_user.inc.php ?))
51
52++ Administration page for Confirm Mail
53  ++ Admin tabsheet for Confirm Mail to set options :
54                ++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
55                -- List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
56                ++ List of users with expired validation time
57                -- List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
58                ++ Opportunities to take actions on database tables :
59                ++ Re-asking validation (case of non reception of validation email)
60                ++ Force expiration
61                        ++ Force confirmation
62                ++ Cleanup expired user's accounts
63        ++ (...)
64
65++ Password control and enforcement
66  -- Empty password (done in Piwigo 2.x)
67  ++ Can not be the same as username
68  ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
69 
70++ Security : Blocking brut-force attacks !
71
72++ Opportunity to copy a registered user for new user creation
73  ++ new copied user will (or not) belong to the same groups
74  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
75  ++ new copied user will (or not) get the same properties
76  ++ new copied user will (or not) get the same language
77  ... and so on
78 
79*/
80
81
82
83if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
84define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
85define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
86include_once (NBC_UserAdvManager_PATH.'include/constants.php');
87include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
88load_language('plugin.lang', NBC_UserAdvManager_PATH);
89
90
91/* Plugin admin */
92add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
93
94function nbc_UserAdvManager_admin_menu($menu)
95{
96  array_push($menu,
97    array(
98      'NAME' => 'UserAdvManager',
99      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
100    )
101  );
102
103  return $menu;
104}
105
106
107
108/* User creation */
109add_event_handler('register_user', 'UserAdvManager_Adduser');
110
111function UserAdvManager_Adduser($register_user)
112{
113  global $conf;
114 
115  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
116
117  if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
118    SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
119}
120
121
122
123/* User deletion */
124add_event_handler('delete_user', 'UserAdvManager_Deluser');
125
126function UserAdvManager_Deluser($user_id)
127{
128
129  DeleteConfirmMail($user_id);
130
131}
132
133
134
135add_event_handler('init', 'UserAdvManager_InitPage');
136 
137function UserAdvManager_InitPage()
138{
139  load_language('plugin.lang', NBC_UserAdvManager_PATH);
140  global $conf, $template, $page, $lang;
141
142  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
143 
144
145  if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
146    $lang['reg_err_login5'] = l10n('new_reg_err_login5');
147 
148
149 
150/* User identification */
151  if (script_basename() == 'identification')
152  {
153    if (isset($_POST['login']))
154    {
155      /* User non case sensitive */
156      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
157      {
158        $new_username =  NotSensibleSearchUsername($_POST['username']);
159        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
160      }
161    }
162  }
163
164
165
166/* Admin user management */
167  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
168  {
169    if (isset($_POST['submit_add']))
170    {
171      /* User non case sensitive */
172      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
173      {
174        $new_username =  NotSensibleSearchUsername($_POST['login']);
175        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
176      }
177
178
179      /* Username without forbidden keys */
180      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
181      {
182        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
183        $_POST['login'] = '';
184      }
185
186      /* Email without forbidden domains */
187      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
188      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
189      //{
190      //  $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
191          //  $_POST['login'] = '';
192          //}
193      /* This work with a code copy of ValidateEmailProvider() function */
194          if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
195                {
196                  $ncsemail = strtolower($_POST['email']);
197                  $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
198                  for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
199                    {
200                          if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
201                            {
202                          $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
203                          $_POST['login'] = '';
204                                }
205                        }
206                }
207    }
208  }
209
210/* User creation */
211  if (script_basename() == 'register')
212  {
213    if (isset($_POST['submit']))
214    {
215      /* Username non case sensitive */
216      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
217      {
218        $new_username =  NotSensibleSearchUsername($_POST['login']);
219        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
220      }
221
222
223      /* Username without forbidden keys */
224      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
225      {
226        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
227        $_POST['login'] = '';
228      }
229
230
231      /* Email without forbidden domains */
232      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
233      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
234      //{
235      //  $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
236      //  $_POST['mail_address'] = '';
237      //}
238      /* This work with a code copy of ValidateEmailProvider() function */
239                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
240                  {
241                        $ncsemail = strtolower($_POST['mail_address']);
242                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
243                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
244                          {
245                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
246                                  {
247                                    $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
248                                        $_POST['login'] = '';
249                                  }
250                          }
251                  }
252    }
253  }
254
255/* User profile update */
256  if (script_basename() == 'profile')
257  {
258    if (isset($_POST['validate']))
259    {
260      /* Sending email to user */
261      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
262      {
263        global $conf, $user ;
264        $errors = array();
265 
266        $int_pattern = '/^\d+$/';
267        if (empty($_POST['nb_image_line'])
268            or (!preg_match($int_pattern, $_POST['nb_image_line'])))
269        {
270          $errors[] = l10n('nb_image_line_error');
271        }
272     
273        if (empty($_POST['nb_line_page'])
274            or (!preg_match($int_pattern, $_POST['nb_line_page'])))
275        {
276          $errors[] = l10n('nb_line_page_error');
277        }
278     
279        if ($_POST['maxwidth'] != ''
280            and (!preg_match($int_pattern, $_POST['maxwidth'])
281                 or $_POST['maxwidth'] < 50))
282        {
283          $errors[] = l10n('maxwidth_error');
284        }
285        if ($_POST['maxheight']
286             and (!preg_match($int_pattern, $_POST['maxheight'])
287                   or $_POST['maxheight'] < 50))
288        {
289          $errors[] = l10n('maxheight_error');
290        }
291        // periods must be integer values, they represents number of days
292        if (!preg_match($int_pattern, $_POST['recent_period'])
293            or $_POST['recent_period'] <= 0)
294        {
295          $errors[] = l10n('periods_error') ;
296        }
297
298        if (isset($_POST['mail_address']))
299        {
300          $mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
301          if (!empty($mail_error))
302          {
303            $errors[] = $mail_error;
304          }
305        /* This don't work on user's profile page - Why ?? */
306                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
307                  {
308                        $ncsemail = strtolower($_POST['mail_address']);
309                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
310                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
311                          {
312                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
313                                  {
314                                    $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
315                                  }
316                          }
317                  }
318              if (!empty($mail_error))
319          {
320            $errors[] = $mail_error;
321          }
322        }
323                /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
324        //if (isset($_POST['mail_address']))
325        //{
326        //  $mail_error = ValidateEmailProvider($_POST['mail_address']);
327        //  if (!empty($mail_error))
328        //  {
329        //    $errors[] = $mail_error;
330        //  }
331        //}
332
333        $typemail = 3;
334       
335        if (!empty($_POST['use_new_pwd']))
336        {
337          $typemail = 2;
338
339          // password must be the same as its confirmation
340          if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
341          {
342            $errors[] = l10n('New password confirmation does not correspond');
343          }
344     
345          if ( !defined('IN_ADMIN') )
346          {// changing password requires old password
347            $query = '
348              SELECT '.$conf['user_fields']['password'].' AS password
349              FROM '.USERS_TABLE.'
350              WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
351            ;';
352            list($current_password) = mysql_fetch_row(pwg_query($query));
353       
354            if ($conf['pass_convert']($_POST['password']) != $current_password)
355            {
356              $errors[] = l10n('Current password is wrong');
357            }
358          }
359        }
360       
361        $confirm_mail_need = false;
362             
363        if (!empty($_POST['mail_address']))
364        {
365          $query = '
366            SELECT '.$conf['user_fields']['email'].' AS email
367            FROM '.USERS_TABLE.'
368            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
369          ;';
370          list($current_email) = mysql_fetch_row(pwg_query($query));
371     
372          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
373            $confirm_mail_need = true;
374        }
375
376        if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
377        {
378          $query = '
379            SELECT '.$conf['user_fields']['username'].'
380            FROM '.USERS_TABLE.'
381            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
382          ;';
383          list($username) = mysql_fetch_row(pwg_query($query));
384
385
386          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
387        }
388      }
389    }
390  }
391}
392
393add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
394
395function ChangeRegisterProfilePage()
396{
397  global $conf, $template;
398
399  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
400
401/* creation OU mise a jour de user */
402//  if (in_array(script_basename(), array('register', 'profile')))
403//  {
404    //if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
405    //{
406    //  $template->set_filenames( array('register'=>'register.tpl') );
407
408    //  $template->loadfile('register');
409
410    //  $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);     
411    //}
412//  }
413}
414
415add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
416
417function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
418{
419  load_language('plugin.lang', NBC_UserAdvManager_PATH);
420  global $infos, $conf, $template;
421
422  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
423
424/* User creation OR update */
425  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
426  {
427    $comment_action = 'reject';
428
429    array_push($infos, l10n('UserAdvManager_Empty Author'));
430  }
431
432  return $comment_action;
433}
434
435?>
Note: See TracBrowser for help on using the repository browser.