Context Navigation

main.inc.php @ 4143

Last change on this file since 4143 was 3857, checked in by Eric, 15 years ago
Minor code cleaning. Clean base for 2.11 release.
File size: 15.8 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.10.9f
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41	-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43	-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45	-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46	ereg replaced by preg_match
47	eregi replace by preg_match with "i" moderator
48	split replace by preg_split
49
50	-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52	*/
53
54	/*
55
56	*** TODO List ***
57
58	-- No validation needed for admins users comments (new trigger needed in comments.php)
59
60	-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
61
62	-- Administration page for Confirm Mail
63	++ Admin tabsheet for Confirm Mail to set options :
64	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
65	++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
66	++ List of users with expired validation time
67	++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
68	++ Opportunities to take actions on database tables :
69	++ Re-asking validation (case of non reception of validation email)
70	++ Force expiration
71	++ Force confirmation
72	++ Cleanup expired user's accounts
73	++ (...)
74
75	-- Password control and enforcement
76	-- Empty password (done in Piwigo 2.x)
77	++ Can not be the same as username
78	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
79
80	-- Security : Blocking brut-force attacks !
81
82	-- Opportunity to copy a registered user for new user creation
83	++ new copied user will (or not) belong to the same groups
84	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
85	++ new copied user will (or not) get the same properties
86	++ new copied user will (or not) get the same language
87	... and so on
88
89	*/
90
91
92
93	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
94	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
95	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
96	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
97	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
98	load_language('plugin.lang', NBC_UserAdvManager_PATH);
99
100
101	/* Plugin admin */
102	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
103
104	function nbc_UserAdvManager_admin_menu($menu)
105	{
106	array_push($menu,
107	array(
108	'NAME' => 'UserAdvManager',
109	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
110	)
111	);
112
113	return $menu;
114	}
115
116
117
118	/* User creation */
119	add_event_handler('register_user', 'UserAdvManager_Adduser');
120
121	function UserAdvManager_Adduser($register_user)
122	{
123	global $conf;
124
125	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
126
127	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
128	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
129	}
130
131
132
133	/* User deletion */
134	add_event_handler('delete_user', 'UserAdvManager_Deluser');
135
136	function UserAdvManager_Deluser($user_id)
137	{
138
139	DeleteConfirmMail($user_id);
140
141	}
142
143
144
145	add_event_handler('init', 'UserAdvManager_InitPage');
146
147	function UserAdvManager_InitPage()
148	{
149	load_language('plugin.lang', NBC_UserAdvManager_PATH);
150	global $conf, $template, $page, $lang;
151
152	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
153
154
155	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
156	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
157
158
159
160	/* User identification */
161	if (script_basename() == 'identification')
162	{
163	if (isset($_POST['login']))
164	{
165	/* User non case sensitive */
166	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
167	{
168	$new_username = NotSensibleSearchUsername($_POST['username']);
169	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
170	}
171	}
172	}
173
174
175
176	/* Admin user management */
177	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
178	{
179	if (isset($_POST['submit_add']))
180	{
181	/* User non case sensitive */
182	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
183	{
184	$new_username = NotSensibleSearchUsername($_POST['login']);
185	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
186	}
187
188
189	/* Username without forbidden keys */
190	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
191	{
192	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
193	$_POST['login'] = '';
194	}
195
196	/* Email without forbidden domains */
197	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
198	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
199	//{
200	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
201	// $_POST['login'] = '';
202	//}
203	/* This work with a code copy of ValidateEmailProvider() function */
204	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
205	{
206	$ncsemail = strtolower($_POST['email']);
207	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
208	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
209	{
210	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
211	if (preg_match($pattern, $ncsemail))
212	{
213	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
214	$_POST['login'] = '';
215	}
216	}
217	}
218	}
219	}
220
221	/* User creation */
222	if (script_basename() == 'register')
223	{
224	if (isset($_POST['submit']))
225	{
226	/* Username non case sensitive */
227	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
228	{
229	$new_username = NotSensibleSearchUsername($_POST['login']);
230	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
231	}
232
233
234	/* Username without forbidden keys */
235	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
236	{
237	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
238	$_POST['login'] = '';
239	}
240
241
242	/* Email without forbidden domains */
243	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
244	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
245	//{
246	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
247	// $_POST['mail_address'] = '';
248	//}
249	/* This work with a code copy of ValidateEmailProvider() function */
250	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
251	{
252	$ncsemail = strtolower($_POST['mail_address']);
253	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
254	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
255	{
256	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
257	if (preg_match($pattern, $ncsemail))
258	{
259	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
260	$_POST['login'] = '';
261	}
262	}
263	}
264	}
265	}
266
267	/* User profile update */
268	if (script_basename() == 'profile')
269	{
270	if (isset($_POST['validate']))
271	{
272	/* Sending email to user */
273	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
274	{
275	global $conf, $user ;
276	$errors = array();
277
278	$int_pattern = '/^\d+$/';
279	if (empty($_POST['nb_image_line'])
280	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
281	{
282	$errors[] = l10n('nb_image_line_error');
283	}
284
285	if (empty($_POST['nb_line_page'])
286	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
287	{
288	$errors[] = l10n('nb_line_page_error');
289	}
290
291	if ($_POST['maxwidth'] != ''
292	and (!preg_match($int_pattern, $_POST['maxwidth'])
293	or $_POST['maxwidth'] < 50))
294	{
295	$errors[] = l10n('maxwidth_error');
296	}
297	if ($_POST['maxheight']
298	and (!preg_match($int_pattern, $_POST['maxheight'])
299	or $_POST['maxheight'] < 50))
300	{
301	$errors[] = l10n('maxheight_error');
302	}
303	// periods must be integer values, they represents number of days
304	/* Commented to fix compatibility problem with Dynamic Recent Period Plugin */
305	/* This don't impact the plugin functionnalities */
306	/*if (!preg_match($int_pattern, $_POST['recent_period'])
307	or $_POST['recent_period'] <= 0)
308	{
309	$errors[] = l10n('periods_error') ;
310	}*/
311
312	if (isset($_POST['mail_address']))
313	{
314	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
315	if (!empty($mail_error))
316	{
317	$errors[] = $mail_error;
318	}
319	/* This don't work on user's profile page - Why ?? */
320	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
321	{
322	$ncsemail = strtolower($_POST['mail_address']);
323	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
324	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
325	{
326	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
327	if (preg_match($pattern, $ncsemail))
328	{
329	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
330	}
331	}
332	}
333	if (!empty($mail_error))
334	{
335	$errors[] = $mail_error;
336	}
337	}
338	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
339	//if (isset($_POST['mail_address']))
340	//{
341	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
342	// if (!empty($mail_error))
343	// {
344	// $errors[] = $mail_error;
345	// }
346	//}
347
348	$typemail = 3;
349
350	if (!empty($_POST['use_new_pwd']))
351	{
352	$typemail = 2;
353
354	// password must be the same as its confirmation
355	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
356	{
357	$errors[] = l10n('New password confirmation does not correspond');
358	}
359
360	if ( !defined('IN_ADMIN') )
361	{// changing password requires old password
362	$query = '
363	SELECT '.$conf['user_fields']['password'].' AS password
364	FROM '.USERS_TABLE.'
365	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
366	;';
367	list($current_password) = mysql_fetch_row(pwg_query($query));
368
369	if ($conf['pass_convert']($_POST['password']) != $current_password)
370	{
371	$errors[] = l10n('Current password is wrong');
372	}
373	}
374	}
375
376	$confirm_mail_need = false;
377
378	if (!empty($_POST['mail_address']))
379	{
380	$query = '
381	SELECT '.$conf['user_fields']['email'].' AS email
382	FROM '.USERS_TABLE.'
383	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
384	;';
385	list($current_email) = mysql_fetch_row(pwg_query($query));
386
387	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
388	$confirm_mail_need = true;
389	}
390
391	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
392	{
393	$query = '
394	SELECT '.$conf['user_fields']['username'].'
395	FROM '.USERS_TABLE.'
396	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
397	;';
398	list($username) = mysql_fetch_row(pwg_query($query));
399
400
401	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
402	}
403	}
404	}
405	}
406	}
407
408	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
409
410	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
411	{
412	load_language('plugin.lang', NBC_UserAdvManager_PATH);
413	global $infos, $conf, $template;
414
415	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
416
417	/* User creation OR update */
418	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
419	{
420	$comment_action = 'reject';
421
422	array_push($infos, l10n('UserAdvManager_Empty Author'));
423	}
424
425	return $comment_action;
426	}
427
428	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: extensions/NBC_UserAdvManager/branches/2.10/main.inc.php @ 4143

Download in other formats: