Context Navigation

source: extensions/NBC_UserAdvManager/main.inc.php @ 3418

Last change on this file since 3418 was 3418, checked in by Eric, 15 years ago
Bug fixed : If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
Property svn:eol-style set to `LF`
File size: 15.4 KB

Rev	Line
[3352]	1	<?php
	2	/*
	3	Plugin Name: NBC UserAdvManager
[3418]	4	Version: 2.10.9c
[3352]	5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
	6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
	7	Author: Nicco, Eric
	8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
	9	*/
	10
	11	/*
	12	*** Plugin history (branch 2.10)***
	13
	14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
	15	-- 2.10.1-beta : Small correction on generated path
	16	-- 2.10.2-beta : Bug resolved on register validation page
	17
	18	-- 2.10.3 : Final and fully functional release
	19	Bug resolved on plugin activation
	20
	21	-- 2.10.4 : Bug fixed on profiles update
	22
	23	-- 2.10.5 : Improved code on profiles update
	24
	25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
	26
	27	-- 2.10.7 : Bug fixed on user's validation email sending
	28
	29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
	30	Improved code for checking author on guest comments
	31
[3385]	32	-- 2.10.9 : Bug fixed - Missing english translation
	33	Bug fixed - Notice on forbidden characters function use
	34	Bug fixed - Audit on forbidden characters in username didn't work
	35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
	36
[3398]	37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
[3416]	38
	39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
[3418]	40
	41	-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
[3398]	42
[3393]	43
[3352]	44	*/
	45
	46	/*
	47
	48	*** TODO List ***
	49
	50	-- No validation needed for admins users comments (new trigger needed in comments.php)
	51
	52	-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
	53
	54	-- Administration page for Confirm Mail
	55	++ Admin tabsheet for Confirm Mail to set options :
	56	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
	57	++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
	58	++ List of users with expired validation time
	59	++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
	60	++ Opportunities to take actions on database tables :
	61	++ Re-asking validation (case of non reception of validation email)
	62	++ Force expiration
	63	++ Force confirmation
	64	++ Cleanup expired user's accounts
	65	++ (...)
	66
[3385]	67	-- Password control and enforcement
[3352]	68	-- Empty password (done in Piwigo 2.x)
	69	++ Can not be the same as username
	70	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
	71
	72	-- Security : Blocking brut-force attacks !
	73
	74	-- Opportunity to copy a registered user for new user creation
	75	++ new copied user will (or not) belong to the same groups
	76	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
	77	++ new copied user will (or not) get the same properties
	78	++ new copied user will (or not) get the same language
	79	... and so on
	80
	81	*/
	82
	83
	84
	85	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
	86	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
	87	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
	88	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
	89	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
	90	load_language('plugin.lang', NBC_UserAdvManager_PATH);
	91
	92
	93	/* Plugin admin */
	94	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
	95
	96	function nbc_UserAdvManager_admin_menu($menu)
	97	{
	98	array_push($menu,
	99	array(
	100	'NAME' => 'UserAdvManager',
	101	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
	102	)
	103	);
	104
	105	return $menu;
	106	}
	107
	108
	109
	110	/* User creation */
	111	add_event_handler('register_user', 'UserAdvManager_Adduser');
	112
	113	function UserAdvManager_Adduser($register_user)
	114	{
	115	global $conf;
	116
	117	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
	118
	119	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
	120	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
	121	}
	122
	123
	124
	125	/* User deletion */
	126	add_event_handler('delete_user', 'UserAdvManager_Deluser');
	127
	128	function UserAdvManager_Deluser($user_id)
	129	{
	130
	131	DeleteConfirmMail($user_id);
	132
	133	}
	134
	135
	136
	137	add_event_handler('init', 'UserAdvManager_InitPage');
	138
	139	function UserAdvManager_InitPage()
	140	{
[3385]	141	load_language('plugin.lang', NBC_UserAdvManager_PATH);
[3352]	142	global $conf, $template, $page, $lang;
	143
	144	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
	145
	146
	147	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
	148	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
	149
	150
	151
	152	/* User identification */
	153	if (script_basename() == 'identification')
	154	{
	155	if (isset($_POST['login']))
	156	{
	157	/* User non case sensitive */
	158	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
	159	{
	160	$new_username = NotSensibleSearchUsername($_POST['username']);
	161	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
	162	}
	163	}
	164	}
	165
	166
	167
	168	/* Admin user management */
	169	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
	170	{
	171	if (isset($_POST['submit_add']))
	172	{
	173	/* User non case sensitive */
	174	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
	175	{
	176	$new_username = NotSensibleSearchUsername($_POST['login']);
	177	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
	178	}
	179
	180
	181	/* Username without forbidden keys */
	182	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
	183	{
	184	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
	185	$_POST['login'] = '';
	186	}
[3385]	187
	188	/* Email without forbidden domains */
	189	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
	190	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
	191	//{
	192	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	193	// $_POST['login'] = '';
	194	//}
	195	/* This work with a code copy of ValidateEmailProvider() function */
	196	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
	197	{
[3418]	198	$ncsemail = strtolower($_POST['email']);
[3385]	199	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
	200	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
	201	{
[3393]	202	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
[3385]	203	{
	204	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	205	$_POST['login'] = '';
	206	}
	207	}
	208	}
[3352]	209	}
	210	}
	211
	212	/* User creation */
	213	if (script_basename() == 'register')
	214	{
	215	if (isset($_POST['submit']))
	216	{
	217	/* Username non case sensitive */
	218	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
	219	{
	220	$new_username = NotSensibleSearchUsername($_POST['login']);
	221	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
	222	}
	223
	224
	225	/* Username without forbidden keys */
	226	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
	227	{
	228	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
	229	$_POST['login'] = '';
	230	}
[3385]	231
	232
	233	/* Email without forbidden domains */
	234	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
	235	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
	236	//{
	237	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	238	// $_POST['mail_address'] = '';
	239	//}
	240	/* This work with a code copy of ValidateEmailProvider() function */
	241	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
	242	{
[3418]	243	$ncsemail = strtolower($_POST['mail_address']);
[3385]	244	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
	245	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
	246	{
[3393]	247	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
[3385]	248	{
	249	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	250	$_POST['login'] = '';
	251	}
	252	}
	253	}
[3352]	254	}
	255	}
	256
	257	/* User profile update */
	258	if (script_basename() == 'profile')
	259	{
	260	if (isset($_POST['validate']))
	261	{
	262	/* Sending email to user */
	263	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
	264	{
	265	global $conf, $user ;
	266	$errors = array();
	267
	268	$int_pattern = '/^\d+$/';
	269	if (empty($_POST['nb_image_line'])
	270	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
	271	{
	272	$errors[] = l10n('nb_image_line_error');
	273	}
	274
	275	if (empty($_POST['nb_line_page'])
	276	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
	277	{
	278	$errors[] = l10n('nb_line_page_error');
	279	}
	280
	281	if ($_POST['maxwidth'] != ''
	282	and (!preg_match($int_pattern, $_POST['maxwidth'])
	283	or $_POST['maxwidth'] < 50))
	284	{
	285	$errors[] = l10n('maxwidth_error');
	286	}
	287	if ($_POST['maxheight']
	288	and (!preg_match($int_pattern, $_POST['maxheight'])
	289	or $_POST['maxheight'] < 50))
	290	{
	291	$errors[] = l10n('maxheight_error');
	292	}
	293	// periods must be integer values, they represents number of days
	294	if (!preg_match($int_pattern, $_POST['recent_period'])
	295	or $_POST['recent_period'] <= 0)
	296	{
	297	$errors[] = l10n('periods_error') ;
	298	}
	299
	300	if (isset($_POST['mail_address']))
	301	{
	302	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
	303	if (!empty($mail_error))
	304	{
	305	$errors[] = $mail_error;
	306	}
[3385]	307	/* This don't work on user's profile page - Why ?? */
	308	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
	309	{
[3418]	310	$ncsemail = strtolower($_POST['mail_address']);
[3385]	311	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
	312	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
	313	{
[3393]	314	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
[3385]	315	{
	316	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	317	}
	318	}
	319	}
	320	if (!empty($mail_error))
	321	{
	322	$errors[] = $mail_error;
	323	}
[3352]	324	}
[3385]	325	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
	326	//if (isset($_POST['mail_address']))
	327	//{
	328	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
	329	// if (!empty($mail_error))
	330	// {
	331	// $errors[] = $mail_error;
	332	// }
	333	//}
[3352]	334
	335	$typemail = 3;
	336
	337	if (!empty($_POST['use_new_pwd']))
	338	{
	339	$typemail = 2;
	340
	341	// password must be the same as its confirmation
	342	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
	343	{
	344	$errors[] = l10n('New password confirmation does not correspond');
	345	}
	346
	347	if ( !defined('IN_ADMIN') )
	348	{// changing password requires old password
	349	$query = '
	350	SELECT '.$conf['user_fields']['password'].' AS password
	351	FROM '.USERS_TABLE.'
	352	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
	353	;';
	354	list($current_password) = mysql_fetch_row(pwg_query($query));
	355
	356	if ($conf['pass_convert']($_POST['password']) != $current_password)
	357	{
	358	$errors[] = l10n('Current password is wrong');
	359	}
	360	}
	361	}
	362
	363	$confirm_mail_need = false;
	364
	365	if (!empty($_POST['mail_address']))
	366	{
	367	$query = '
	368	SELECT '.$conf['user_fields']['email'].' AS email
	369	FROM '.USERS_TABLE.'
	370	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
	371	;';
	372	list($current_email) = mysql_fetch_row(pwg_query($query));
	373
	374	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
	375	$confirm_mail_need = true;
	376	}
	377
	378	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
	379	{
	380	$query = '
	381	SELECT '.$conf['user_fields']['username'].'
	382	FROM '.USERS_TABLE.'
	383	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
	384	;';
	385	list($username) = mysql_fetch_row(pwg_query($query));
	386
	387
	388	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
	389	}
	390	}
	391	}
	392	}
	393	}
	394
	395	add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
	396
	397	function ChangeRegisterProfilePage()
	398	{
	399	global $conf, $template;
	400
	401	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
	402
	403	/* creation OU mise a jour de user */
	404	// if (in_array(script_basename(), array('register', 'profile')))
	405	// {
	406	//if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
	407	//{
	408	// $template->set_filenames( array('register'=>'register.tpl') );
	409
	410	// $template->loadfile('register');
	411
	412	// $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);
	413	//}
	414	// }
	415	}
	416
	417	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
	418
	419	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
	420	{
	421	load_language('plugin.lang', NBC_UserAdvManager_PATH);
	422	global $infos, $conf, $template;
	423
	424	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
	425
	426	/* User creation OR update */
	427	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
	428	{
	429	$comment_action = 'reject';
	430
	431	array_push($infos, l10n('UserAdvManager_Empty Author'));
	432	}
	433
	434	return $comment_action;
	435	}
	436
	437	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: