1 | <?php |
---|
2 | /* |
---|
3 | Plugin Name: NBC UserAdvManager |
---|
4 | Version: 2.12.1 |
---|
5 | Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management |
---|
6 | Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216 |
---|
7 | Author: Nicco, Eric |
---|
8 | Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net |
---|
9 | */ |
---|
10 | |
---|
11 | /* |
---|
12 | ***** Plugin history (branch 2.10)***** |
---|
13 | |
---|
14 | -- 2.10.0-beta : Initial beta release for Piwigo compatibility |
---|
15 | -- 2.10.1-beta : Small correction on generated path |
---|
16 | -- 2.10.2-beta : Bug resolved on register validation page |
---|
17 | |
---|
18 | -- 2.10.3 : Final and fully functional release |
---|
19 | Bug resolved on plugin activation |
---|
20 | |
---|
21 | -- 2.10.4 : Bug fixed on profiles update |
---|
22 | |
---|
23 | -- 2.10.5 : Improved code on profiles update |
---|
24 | |
---|
25 | -- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version) |
---|
26 | |
---|
27 | -- 2.10.7 : Bug fixed on user's validation email sending |
---|
28 | |
---|
29 | -- 2.10.8 : ConfirmMail page looks better (Sylvia theme only) |
---|
30 | Improved code for checking author on guest comments |
---|
31 | |
---|
32 | -- 2.10.9 : Bug fixed - Missing english translation |
---|
33 | Bug fixed - Notice on forbidden characters function use |
---|
34 | Bug fixed - Audit on forbidden characters in username didn't work |
---|
35 | Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one. |
---|
36 | |
---|
37 | -- 2.10.9a : Email provider exclusion is no longer case sensitive |
---|
38 | |
---|
39 | -- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path. |
---|
40 | |
---|
41 | -- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail" |
---|
42 | |
---|
43 | -- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl |
---|
44 | |
---|
45 | -- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like : |
---|
46 | ereg replaced by preg_match |
---|
47 | eregi replace by preg_match with "i" moderator |
---|
48 | split replace by preg_split |
---|
49 | |
---|
50 | -- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin |
---|
51 | |
---|
52 | -- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...) |
---|
53 | Beautify plugin's main admin panel |
---|
54 | |
---|
55 | -- 2.11.1 : Bug fixed with install and upgrade functions |
---|
56 | Language files correction |
---|
57 | |
---|
58 | -- 2.11.2 : Bug fixed on bad query for unvalidated users display in unvalidated users list |
---|
59 | Bug fixed : Sql syntax error on plugin activation |
---|
60 | |
---|
61 | -- 2.11.3 : On Patricia's request (french forum and bug 1173), the unvalidated users management tab shows users according with the settings of unvalidated group and / or unvalidated status. |
---|
62 | Feature 1172 added : Email providers exclusion list can be set with CR/LF between each entry. The comma seperator (,) is still mandatory. |
---|
63 | Bug 1175 fixed : Bad translation tag in french language file. |
---|
64 | Improvement of unvalidated users management tab (feature 1174)- Expired users are displayed in red color text. |
---|
65 | |
---|
66 | -- 2.11.4 : Bug 1177 fixed : Width of excluded email providers list reset to ancient value (80 col) |
---|
67 | Bug 1179 fixed : Adding a notice in plugin inline documentation for use of validation groups and status. A default group must be set in Piwigo's groups settings and the "Guest" (or another user) must be set as default for status values. |
---|
68 | Bug 1182 fixed : Language tag missing in confirmation email generation |
---|
69 | |
---|
70 | -- 2.11.5 : Bug 1195 fixed : Registration displays the good title |
---|
71 | |
---|
72 | -- 2.12.0 : Bug 1206 fixed : All plugin functionnalities work in user's profile page |
---|
73 | Plugin's core code and admin panel refactoring |
---|
74 | Password control and enforcement : A complexity score is computed on user registration. If this score is less than the goal set by admin, the password choosen is rejected. |
---|
75 | Feature 1194 "Ghost Tracker" added : New plugin tab displays users who don't comes back to the gallery since x days. Ability to send email reminders and to delete reminded but "dead" users. It's the reason why this feature is called "Ghost Tracker". |
---|
76 | |
---|
77 | -- 2.12.1 : Rollback on admin panel improvement (it was a bad idea) |
---|
78 | */ |
---|
79 | |
---|
80 | /* |
---|
81 | |
---|
82 | ***** TODO List ***** |
---|
83 | |
---|
84 | ++ !! Function to populate the #_user_lastvisit_check table from existing users |
---|
85 | |
---|
86 | ++ No validation needed for admins users comments (new trigger needed in comments.php ?) |
---|
87 | |
---|
88 | ++ No single email check for admins (new trigger needed in functions_user.inc.php ?) |
---|
89 | |
---|
90 | ++ Password control and enforcement |
---|
91 | ?? Can not be the same as username -> Could password score control be sufficient ? |
---|
92 | |
---|
93 | ++ Security : Blocking brut-force attacks ! |
---|
94 | |
---|
95 | ++ Opportunity to copy a registered user for new user creation |
---|
96 | ++ new copied user will (or not) belong to the same groups |
---|
97 | ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??)) |
---|
98 | ++ new copied user will (or not) get the same properties |
---|
99 | ++ new copied user will (or not) get the same language |
---|
100 | ... and so on |
---|
101 | |
---|
102 | */ |
---|
103 | |
---|
104 | |
---|
105 | if (!defined('PHPWG_ROOT_PATH')) |
---|
106 | { |
---|
107 | die('Hacking attempt!'); |
---|
108 | } |
---|
109 | |
---|
110 | define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__))); |
---|
111 | define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/'); |
---|
112 | |
---|
113 | include_once (NBC_UserAdvManager_PATH.'include/constants.php'); |
---|
114 | include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php'); |
---|
115 | |
---|
116 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
117 | |
---|
118 | |
---|
119 | /* Plugin admin */ |
---|
120 | add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu'); |
---|
121 | |
---|
122 | function nbc_UserAdvManager_admin_menu($menu) |
---|
123 | { |
---|
124 | array_push($menu, |
---|
125 | array( |
---|
126 | 'NAME' => 'UserAdvManager', |
---|
127 | 'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php') |
---|
128 | ) |
---|
129 | ); |
---|
130 | |
---|
131 | return $menu; |
---|
132 | } |
---|
133 | |
---|
134 | |
---|
135 | add_event_handler('loc_begin_index', 'UserAdvManager_GhostTracker'); |
---|
136 | |
---|
137 | function UserAdvManager_GhostTracker() |
---|
138 | { |
---|
139 | global $conf, $user; |
---|
140 | |
---|
141 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
142 | |
---|
143 | if (isset($conf_nbc_UserAdvManager[17]) and $conf_nbc_UserAdvManager[17] == 'true' and !is_admin() and !is_a_guest()) |
---|
144 | { |
---|
145 | |
---|
146 | $userid = get_userid($user['username']); |
---|
147 | |
---|
148 | /* Looking for existing entry in last visit table */ |
---|
149 | $query = ' |
---|
150 | SELECT * |
---|
151 | FROM '.USER_LASTVISIT_TABLE.' |
---|
152 | WHERE user_id = '.$userid.' |
---|
153 | ;'; |
---|
154 | |
---|
155 | $count = mysql_num_rows(pwg_query($query)); |
---|
156 | |
---|
157 | if ($count == 0) |
---|
158 | { |
---|
159 | /* If not, data are inserted in table */ |
---|
160 | $query = ' |
---|
161 | INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder) |
---|
162 | VALUES ('.$userid.', now(), "false") |
---|
163 | ;'; |
---|
164 | pwg_query($query); |
---|
165 | } |
---|
166 | else if ($count > 0) |
---|
167 | { |
---|
168 | /* If yes, data are updated in table */ |
---|
169 | $query = ' |
---|
170 | UPDATE '.USER_LASTVISIT_TABLE.' |
---|
171 | SET lastvisit = now(), reminder = "false" |
---|
172 | WHERE user_id = '.$userid.' |
---|
173 | LIMIT 1 |
---|
174 | ;'; |
---|
175 | pwg_query($query); |
---|
176 | } |
---|
177 | } |
---|
178 | } |
---|
179 | |
---|
180 | |
---|
181 | /* User creation */ |
---|
182 | add_event_handler('register_user', 'UserAdvManager_Adduser'); |
---|
183 | |
---|
184 | function UserAdvManager_Adduser($register_user) |
---|
185 | { |
---|
186 | global $conf; |
---|
187 | |
---|
188 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
189 | |
---|
190 | /* Sending registration confirmation by email */ |
---|
191 | if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true')) |
---|
192 | { |
---|
193 | SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true); |
---|
194 | } |
---|
195 | } |
---|
196 | |
---|
197 | |
---|
198 | |
---|
199 | /* User deletion */ |
---|
200 | add_event_handler('delete_user', 'UserAdvManager_Deluser'); |
---|
201 | |
---|
202 | function UserAdvManager_Deluser($user_id) |
---|
203 | { |
---|
204 | DeleteConfirmMail($user_id); |
---|
205 | } |
---|
206 | |
---|
207 | |
---|
208 | /* Check users registration */ |
---|
209 | add_event_handler('register_user_check', 'UserAdvManager_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2); |
---|
210 | |
---|
211 | function UserAdvManager_RegistrationCheck($err, $user) |
---|
212 | { |
---|
213 | global $errors, $conf; |
---|
214 | |
---|
215 | $PasswordCheck = 0; |
---|
216 | |
---|
217 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
218 | |
---|
219 | /* Password enforcement control */ |
---|
220 | if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15])) |
---|
221 | { |
---|
222 | if (!empty($user['password']) and !is_admin()) |
---|
223 | { |
---|
224 | $PasswordCheck = testpassword($user['password']); |
---|
225 | |
---|
226 | if ($PasswordCheck < $conf_nbc_UserAdvManager[15]) |
---|
227 | { |
---|
228 | $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck); |
---|
229 | return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]); |
---|
230 | } |
---|
231 | } |
---|
232 | else if (!empty($user['password']) and is_admin() and isset($conf_nbc_UserAdvManager[16]) and $conf_nbc_UserAdvManager[16] == 'true') |
---|
233 | { |
---|
234 | $PasswordCheck = testpassword($user['password']); |
---|
235 | |
---|
236 | if ($PasswordCheck < $conf_nbc_UserAdvManager[15]) |
---|
237 | { |
---|
238 | $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck); |
---|
239 | return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]); |
---|
240 | } |
---|
241 | } |
---|
242 | } |
---|
243 | |
---|
244 | /* Username non case sensitive */ |
---|
245 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true') |
---|
246 | { |
---|
247 | $new_username = NotSensibleSearchUsername($_POST['login']); |
---|
248 | $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username; |
---|
249 | } |
---|
250 | |
---|
251 | /* Username without forbidden keys */ |
---|
252 | if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login'])) |
---|
253 | { |
---|
254 | $_POST['login'] = ''; |
---|
255 | return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'"); |
---|
256 | } |
---|
257 | |
---|
258 | /* Email without forbidden domains */ |
---|
259 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address'])) |
---|
260 | { |
---|
261 | $_POST['login'] = ''; |
---|
262 | return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"); |
---|
263 | } |
---|
264 | } |
---|
265 | |
---|
266 | |
---|
267 | if (script_basename() == 'profile') |
---|
268 | { |
---|
269 | add_event_handler('loc_begin_profile', 'UserAdvManager_Profile_Init'); |
---|
270 | |
---|
271 | function UserAdvManager_Profile_Init() |
---|
272 | { |
---|
273 | global $conf, $user, $template; |
---|
274 | |
---|
275 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
276 | |
---|
277 | if (isset($_POST['validate'])) |
---|
278 | { |
---|
279 | /* Email without forbidden domains */ |
---|
280 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address'])) |
---|
281 | { |
---|
282 | if (!ValidateEmailProvider($_POST['mail_address'])) |
---|
283 | { |
---|
284 | $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"); |
---|
285 | unset($_POST['validate']); |
---|
286 | } |
---|
287 | } |
---|
288 | |
---|
289 | $typemail = 3; |
---|
290 | |
---|
291 | if (!empty($_POST['use_new_pwd'])) |
---|
292 | { |
---|
293 | $typemail = 2; |
---|
294 | |
---|
295 | /* Password enforcement control */ |
---|
296 | if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15])) |
---|
297 | { |
---|
298 | $PasswordCheck = testpassword($_POST['use_new_pwd']); |
---|
299 | |
---|
300 | if ($PasswordCheck < $conf_nbc_UserAdvManager[15]) |
---|
301 | { |
---|
302 | $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck); |
---|
303 | $template->append('errors', l10n_args($message).$conf_nbc_UserAdvManager[15]); |
---|
304 | unset($_POST['use_new_pwd']); |
---|
305 | unset($_POST['validate']); |
---|
306 | } |
---|
307 | } |
---|
308 | } |
---|
309 | |
---|
310 | /* Sending registration confirmation by email */ |
---|
311 | if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true')) |
---|
312 | { |
---|
313 | $confirm_mail_need = false; |
---|
314 | |
---|
315 | if (!empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address'])) |
---|
316 | { |
---|
317 | $query = ' |
---|
318 | SELECT '.$conf['user_fields']['email'].' AS email |
---|
319 | FROM '.USERS_TABLE.' |
---|
320 | WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\' |
---|
321 | ;'; |
---|
322 | |
---|
323 | list($current_email) = mysql_fetch_row(pwg_query($query)); |
---|
324 | |
---|
325 | if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') ) |
---|
326 | |
---|
327 | $confirm_mail_need = true; |
---|
328 | } |
---|
329 | |
---|
330 | if ((!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) ) |
---|
331 | { |
---|
332 | $query = ' |
---|
333 | SELECT '.$conf['user_fields']['username'].' |
---|
334 | FROM '.USERS_TABLE.' |
---|
335 | WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\' |
---|
336 | ;'; |
---|
337 | |
---|
338 | list($username) = mysql_fetch_row(pwg_query($query)); |
---|
339 | |
---|
340 | SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need); |
---|
341 | } |
---|
342 | } |
---|
343 | } |
---|
344 | } |
---|
345 | } |
---|
346 | |
---|
347 | |
---|
348 | add_event_handler('init', 'UserAdvManager_InitPage'); |
---|
349 | |
---|
350 | function UserAdvManager_InitPage() |
---|
351 | { |
---|
352 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
353 | global $conf, $template, $page, $lang, $errors; |
---|
354 | |
---|
355 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
356 | |
---|
357 | /* Username non case sensitive */ |
---|
358 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true') |
---|
359 | { |
---|
360 | $lang['reg_err_login5'] = l10n('reg_err_login5'); |
---|
361 | } |
---|
362 | |
---|
363 | |
---|
364 | |
---|
365 | /* User identification */ |
---|
366 | if (script_basename() == 'identification') |
---|
367 | { |
---|
368 | if (isset($_POST['login'])) |
---|
369 | { |
---|
370 | /* User non case sensitive */ |
---|
371 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' ) |
---|
372 | { |
---|
373 | $new_username = NotSensibleSearchUsername($_POST['username']); |
---|
374 | $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username; |
---|
375 | } |
---|
376 | } |
---|
377 | } |
---|
378 | |
---|
379 | |
---|
380 | /* Admin user management */ |
---|
381 | if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') |
---|
382 | { |
---|
383 | if (isset($_POST['submit_add'])) |
---|
384 | { |
---|
385 | /* User non case sensitive */ |
---|
386 | if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' ) |
---|
387 | { |
---|
388 | $new_username = NotSensibleSearchUsername($_POST['login']); |
---|
389 | $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username; |
---|
390 | } |
---|
391 | |
---|
392 | /* Username without forbidden keys */ |
---|
393 | if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login'])) |
---|
394 | { |
---|
395 | $template->append('errors', l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'"); |
---|
396 | unset($_POST['submit_add']); |
---|
397 | } |
---|
398 | |
---|
399 | /* Email without forbidden domains */ |
---|
400 | if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email'])) |
---|
401 | { |
---|
402 | $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'"); |
---|
403 | unset($_POST['submit_add']); |
---|
404 | } |
---|
405 | } |
---|
406 | } |
---|
407 | } |
---|
408 | |
---|
409 | |
---|
410 | add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2); |
---|
411 | |
---|
412 | function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm) |
---|
413 | { |
---|
414 | load_language('plugin.lang', NBC_UserAdvManager_PATH); |
---|
415 | global $infos, $conf, $template; |
---|
416 | |
---|
417 | $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); |
---|
418 | |
---|
419 | /* User creation OR update */ |
---|
420 | if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest') |
---|
421 | { |
---|
422 | $comment_action = 'reject'; |
---|
423 | |
---|
424 | array_push($infos, l10n('UserAdvManager_Empty Author')); |
---|
425 | } |
---|
426 | |
---|
427 | return $comment_action; |
---|
428 | } |
---|
429 | |
---|
430 | ?> |
---|