source: extensions/NBC_UserAdvManager/branches/2.10/main.inc.php @ 4143

Last change on this file since 4143 was 3857, checked in by Eric, 15 years ago

Minor code cleaning. Clean base for 2.11 release.
File size: 15.8 KB
RevLine 
[3740]1<?php
2/*
3Plugin Name: NBC UserAdvManager
[3777]4Version: 2.10.9f
[3740]5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                        Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                        Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                        Bug fixed - Notice on forbidden characters function use
34                        Bug fixed - Audit on forbidden characters in username didn't work
35                        Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46                                ereg replaced by preg_match
47                                eregi replace by preg_match with "i" moderator
48                                split replace by preg_split
49
[3777]50-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
[3740]52*/
53
54/*
55
56 ***** TODO List *****
57
58-- No validation needed for admins users comments (new trigger needed in comments.php)
59
60-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
61
62-- Administration page for Confirm Mail
63  ++ Admin tabsheet for Confirm Mail to set options :
64                ++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
65                ++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
66                ++ List of users with expired validation time
67                ++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
68                ++ Opportunities to take actions on database tables :
69                ++ Re-asking validation (case of non reception of validation email)
70                ++ Force expiration
71                        ++ Force confirmation
72                ++ Cleanup expired user's accounts
73        ++ (...)
74
75-- Password control and enforcement
76  -- Empty password (done in Piwigo 2.x)
77  ++ Can not be the same as username
78  ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
79 
80-- Security : Blocking brut-force attacks !
81
82-- Opportunity to copy a registered user for new user creation
83  ++ new copied user will (or not) belong to the same groups
84  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
85  ++ new copied user will (or not) get the same properties
86  ++ new copied user will (or not) get the same language
87  ... and so on
88 
89*/
90
91
92
93if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
94define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
95define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
96include_once (NBC_UserAdvManager_PATH.'include/constants.php');
97include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
98load_language('plugin.lang', NBC_UserAdvManager_PATH);
99
100
101/* Plugin admin */
102add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
103
104function nbc_UserAdvManager_admin_menu($menu)
105{
106  array_push($menu,
107    array(
108      'NAME' => 'UserAdvManager',
109      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
110    )
111  );
112
113  return $menu;
114}
115
116
117
118/* User creation */
119add_event_handler('register_user', 'UserAdvManager_Adduser');
120
121function UserAdvManager_Adduser($register_user)
122{
123  global $conf;
124 
125  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
126
127  if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
128    SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
129}
130
131
132
133/* User deletion */
134add_event_handler('delete_user', 'UserAdvManager_Deluser');
135
136function UserAdvManager_Deluser($user_id)
137{
138
139  DeleteConfirmMail($user_id);
140
141}
142
143
144
145add_event_handler('init', 'UserAdvManager_InitPage');
146 
147function UserAdvManager_InitPage()
148{
149  load_language('plugin.lang', NBC_UserAdvManager_PATH);
150  global $conf, $template, $page, $lang;
151
152  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
153 
154
155  if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
156    $lang['reg_err_login5'] = l10n('new_reg_err_login5');
157 
158
159 
160/* User identification */
161  if (script_basename() == 'identification')
162  {
163    if (isset($_POST['login']))
164    {
165      /* User non case sensitive */
166      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
167      {
168        $new_username =  NotSensibleSearchUsername($_POST['username']);
169        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
170      }
171    }
172  }
173
174
175
176/* Admin user management */
177  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
178  {
179    if (isset($_POST['submit_add']))
180    {
181      /* User non case sensitive */
182      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
183      {
184        $new_username =  NotSensibleSearchUsername($_POST['login']);
185        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
186      }
187
188
189      /* Username without forbidden keys */
190      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
191      {
192        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
193        $_POST['login'] = '';
194      }
195
196      /* Email without forbidden domains */
197      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
198      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
199      //{
200      //  $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
201          //  $_POST['login'] = '';
202          //}
203      /* This work with a code copy of ValidateEmailProvider() function */
204          if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
205                {
206                  $ncsemail = strtolower($_POST['email']);
207                  $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
208                  for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
209                    {
210                  $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
211                          if (preg_match($pattern, $ncsemail))
212                            {
213                          $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
214                          $_POST['login'] = '';
215                                }
216                        }
217                }
218    }
219  }
220
221/* User creation */
222  if (script_basename() == 'register')
223  {
224    if (isset($_POST['submit']))
225    {
226      /* Username non case sensitive */
227      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
228      {
229        $new_username =  NotSensibleSearchUsername($_POST['login']);
230        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
231      }
232
233
234      /* Username without forbidden keys */
235      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
236      {
237        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
238        $_POST['login'] = '';
239      }
240
241
242      /* Email without forbidden domains */
243      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
244      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
245      //{
246      //  $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
247      //  $_POST['mail_address'] = '';
248      //}
249      /* This work with a code copy of ValidateEmailProvider() function */
250                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
251                  {
252                        $ncsemail = strtolower($_POST['mail_address']);
253                    $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
254                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
255                          {
256                        $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
257                                if (preg_match($pattern, $ncsemail))
258                                  {
259                                    $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
260                                        $_POST['login'] = '';
261                                  }
262                          }
263                  }
264    }
265  }
266
267/* User profile update */
268  if (script_basename() == 'profile')
269  {
270    if (isset($_POST['validate']))
271    {
272      /* Sending email to user */
273      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
274      {
275        global $conf, $user ;
276        $errors = array();
277 
278        $int_pattern = '/^\d+$/';
279        if (empty($_POST['nb_image_line'])
280            or (!preg_match($int_pattern, $_POST['nb_image_line'])))
281        {
282          $errors[] = l10n('nb_image_line_error');
283        }
284     
285        if (empty($_POST['nb_line_page'])
286            or (!preg_match($int_pattern, $_POST['nb_line_page'])))
287        {
288          $errors[] = l10n('nb_line_page_error');
289        }
290     
291        if ($_POST['maxwidth'] != ''
292            and (!preg_match($int_pattern, $_POST['maxwidth'])
293                 or $_POST['maxwidth'] < 50))
294        {
295          $errors[] = l10n('maxwidth_error');
296        }
297        if ($_POST['maxheight']
298             and (!preg_match($int_pattern, $_POST['maxheight'])
299                   or $_POST['maxheight'] < 50))
300        {
301          $errors[] = l10n('maxheight_error');
302        }
303        // periods must be integer values, they represents number of days
[3777]304        /* Commented to fix compatibility problem with Dynamic Recent Period Plugin */
305        /* This don't impact the plugin functionnalities */
306        /*if (!preg_match($int_pattern, $_POST['recent_period'])
[3740]307            or $_POST['recent_period'] <= 0)
308        {
309          $errors[] = l10n('periods_error') ;
[3777]310        }*/
[3740]311
312        if (isset($_POST['mail_address']))
313        {
314          $mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
315          if (!empty($mail_error))
316          {
317            $errors[] = $mail_error;
318          }
319        /* This don't work on user's profile page - Why ?? */
320                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
321                  {
322                        $ncsemail = strtolower($_POST['mail_address']);
323                    $conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
324                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
325                          {
326                        $pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
327                                if (preg_match($pattern, $ncsemail))
328                                  {
329                                    $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
330                                  }
331                          }
332                  }
333              if (!empty($mail_error))
334          {
335            $errors[] = $mail_error;
336          }
337        }
338                /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
339        //if (isset($_POST['mail_address']))
340        //{
341        //  $mail_error = ValidateEmailProvider($_POST['mail_address']);
342        //  if (!empty($mail_error))
343        //  {
344        //    $errors[] = $mail_error;
345        //  }
346        //}
347
348        $typemail = 3;
349       
350        if (!empty($_POST['use_new_pwd']))
351        {
352          $typemail = 2;
353
354          // password must be the same as its confirmation
355          if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
356          {
357            $errors[] = l10n('New password confirmation does not correspond');
358          }
359     
360          if ( !defined('IN_ADMIN') )
361          {// changing password requires old password
362            $query = '
363              SELECT '.$conf['user_fields']['password'].' AS password
364              FROM '.USERS_TABLE.'
365              WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
366            ;';
367            list($current_password) = mysql_fetch_row(pwg_query($query));
368       
369            if ($conf['pass_convert']($_POST['password']) != $current_password)
370            {
371              $errors[] = l10n('Current password is wrong');
372            }
373          }
374        }
375       
376        $confirm_mail_need = false;
377             
378        if (!empty($_POST['mail_address']))
379        {
380          $query = '
381            SELECT '.$conf['user_fields']['email'].' AS email
382            FROM '.USERS_TABLE.'
383            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
384          ;';
385          list($current_email) = mysql_fetch_row(pwg_query($query));
386     
387          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
388            $confirm_mail_need = true;
389        }
390
391        if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
392        {
393          $query = '
394            SELECT '.$conf['user_fields']['username'].'
395            FROM '.USERS_TABLE.'
396            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
397          ;';
398          list($username) = mysql_fetch_row(pwg_query($query));
399
400
401          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
402        }
403      }
404    }
405  }
406}
407
408add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
409
410function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
411{
412  load_language('plugin.lang', NBC_UserAdvManager_PATH);
413  global $infos, $conf, $template;
414
415  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
416
417/* User creation OR update */
418  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
419  {
420    $comment_action = 'reject';
421
422    array_push($infos, l10n('UserAdvManager_Empty Author'));
423  }
424
425  return $comment_action;
426}
427
428?>
Note: See TracBrowser for help on using the repository browser.