Context Navigation

source: extensions/NBC_UserAdvManager/main.inc.php @ 3617

Last change on this file since 3617 was 3440, checked in by Eric, 15 years ago
V2.10.9d : code revision in ConfirmMail.tpl. We don't need any more the "template" sub-directory to enhance "back link" icon on this page.
Property svn:eol-style set to `LF`
File size: 15.5 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.10.9d
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41	-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43	-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45	*/
46
47	/*
48
49	*** TODO List ***
50
51	-- No validation needed for admins users comments (new trigger needed in comments.php)
52
53	-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
54
55	-- Administration page for Confirm Mail
56	++ Admin tabsheet for Confirm Mail to set options :
57	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
58	++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
59	++ List of users with expired validation time
60	++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
61	++ Opportunities to take actions on database tables :
62	++ Re-asking validation (case of non reception of validation email)
63	++ Force expiration
64	++ Force confirmation
65	++ Cleanup expired user's accounts
66	++ (...)
67
68	-- Password control and enforcement
69	-- Empty password (done in Piwigo 2.x)
70	++ Can not be the same as username
71	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
72
73	-- Security : Blocking brut-force attacks !
74
75	-- Opportunity to copy a registered user for new user creation
76	++ new copied user will (or not) belong to the same groups
77	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
78	++ new copied user will (or not) get the same properties
79	++ new copied user will (or not) get the same language
80	... and so on
81
82	*/
83
84
85
86	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
87	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
88	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
89	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
90	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
91	load_language('plugin.lang', NBC_UserAdvManager_PATH);
92
93
94	/* Plugin admin */
95	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
96
97	function nbc_UserAdvManager_admin_menu($menu)
98	{
99	array_push($menu,
100	array(
101	'NAME' => 'UserAdvManager',
102	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
103	)
104	);
105
106	return $menu;
107	}
108
109
110
111	/* User creation */
112	add_event_handler('register_user', 'UserAdvManager_Adduser');
113
114	function UserAdvManager_Adduser($register_user)
115	{
116	global $conf;
117
118	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
119
120	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
121	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
122	}
123
124
125
126	/* User deletion */
127	add_event_handler('delete_user', 'UserAdvManager_Deluser');
128
129	function UserAdvManager_Deluser($user_id)
130	{
131
132	DeleteConfirmMail($user_id);
133
134	}
135
136
137
138	add_event_handler('init', 'UserAdvManager_InitPage');
139
140	function UserAdvManager_InitPage()
141	{
142	load_language('plugin.lang', NBC_UserAdvManager_PATH);
143	global $conf, $template, $page, $lang;
144
145	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
146
147
148	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
149	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
150
151
152
153	/* User identification */
154	if (script_basename() == 'identification')
155	{
156	if (isset($_POST['login']))
157	{
158	/* User non case sensitive */
159	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
160	{
161	$new_username = NotSensibleSearchUsername($_POST['username']);
162	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
163	}
164	}
165	}
166
167
168
169	/* Admin user management */
170	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
171	{
172	if (isset($_POST['submit_add']))
173	{
174	/* User non case sensitive */
175	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
176	{
177	$new_username = NotSensibleSearchUsername($_POST['login']);
178	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
179	}
180
181
182	/* Username without forbidden keys */
183	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
184	{
185	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
186	$_POST['login'] = '';
187	}
188
189	/* Email without forbidden domains */
190	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
191	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
192	//{
193	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
194	// $_POST['login'] = '';
195	//}
196	/* This work with a code copy of ValidateEmailProvider() function */
197	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
198	{
199	$ncsemail = strtolower($_POST['email']);
200	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
201	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
202	{
203	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
204	{
205	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
206	$_POST['login'] = '';
207	}
208	}
209	}
210	}
211	}
212
213	/* User creation */
214	if (script_basename() == 'register')
215	{
216	if (isset($_POST['submit']))
217	{
218	/* Username non case sensitive */
219	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
220	{
221	$new_username = NotSensibleSearchUsername($_POST['login']);
222	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
223	}
224
225
226	/* Username without forbidden keys */
227	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
228	{
229	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
230	$_POST['login'] = '';
231	}
232
233
234	/* Email without forbidden domains */
235	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
236	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
237	//{
238	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
239	// $_POST['mail_address'] = '';
240	//}
241	/* This work with a code copy of ValidateEmailProvider() function */
242	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
243	{
244	$ncsemail = strtolower($_POST['mail_address']);
245	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
246	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
247	{
248	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
249	{
250	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
251	$_POST['login'] = '';
252	}
253	}
254	}
255	}
256	}
257
258	/* User profile update */
259	if (script_basename() == 'profile')
260	{
261	if (isset($_POST['validate']))
262	{
263	/* Sending email to user */
264	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
265	{
266	global $conf, $user ;
267	$errors = array();
268
269	$int_pattern = '/^\d+$/';
270	if (empty($_POST['nb_image_line'])
271	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
272	{
273	$errors[] = l10n('nb_image_line_error');
274	}
275
276	if (empty($_POST['nb_line_page'])
277	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
278	{
279	$errors[] = l10n('nb_line_page_error');
280	}
281
282	if ($_POST['maxwidth'] != ''
283	and (!preg_match($int_pattern, $_POST['maxwidth'])
284	or $_POST['maxwidth'] < 50))
285	{
286	$errors[] = l10n('maxwidth_error');
287	}
288	if ($_POST['maxheight']
289	and (!preg_match($int_pattern, $_POST['maxheight'])
290	or $_POST['maxheight'] < 50))
291	{
292	$errors[] = l10n('maxheight_error');
293	}
294	// periods must be integer values, they represents number of days
295	if (!preg_match($int_pattern, $_POST['recent_period'])
296	or $_POST['recent_period'] <= 0)
297	{
298	$errors[] = l10n('periods_error') ;
299	}
300
301	if (isset($_POST['mail_address']))
302	{
303	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
304	if (!empty($mail_error))
305	{
306	$errors[] = $mail_error;
307	}
308	/* This don't work on user's profile page - Why ?? */
309	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
310	{
311	$ncsemail = strtolower($_POST['mail_address']);
312	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
313	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
314	{
315	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
316	{
317	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
318	}
319	}
320	}
321	if (!empty($mail_error))
322	{
323	$errors[] = $mail_error;
324	}
325	}
326	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
327	//if (isset($_POST['mail_address']))
328	//{
329	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
330	// if (!empty($mail_error))
331	// {
332	// $errors[] = $mail_error;
333	// }
334	//}
335
336	$typemail = 3;
337
338	if (!empty($_POST['use_new_pwd']))
339	{
340	$typemail = 2;
341
342	// password must be the same as its confirmation
343	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
344	{
345	$errors[] = l10n('New password confirmation does not correspond');
346	}
347
348	if ( !defined('IN_ADMIN') )
349	{// changing password requires old password
350	$query = '
351	SELECT '.$conf['user_fields']['password'].' AS password
352	FROM '.USERS_TABLE.'
353	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
354	;';
355	list($current_password) = mysql_fetch_row(pwg_query($query));
356
357	if ($conf['pass_convert']($_POST['password']) != $current_password)
358	{
359	$errors[] = l10n('Current password is wrong');
360	}
361	}
362	}
363
364	$confirm_mail_need = false;
365
366	if (!empty($_POST['mail_address']))
367	{
368	$query = '
369	SELECT '.$conf['user_fields']['email'].' AS email
370	FROM '.USERS_TABLE.'
371	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
372	;';
373	list($current_email) = mysql_fetch_row(pwg_query($query));
374
375	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
376	$confirm_mail_need = true;
377	}
378
379	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
380	{
381	$query = '
382	SELECT '.$conf['user_fields']['username'].'
383	FROM '.USERS_TABLE.'
384	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
385	;';
386	list($username) = mysql_fetch_row(pwg_query($query));
387
388
389	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
390	}
391	}
392	}
393	}
394	}
395
396	add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
397
398	function ChangeRegisterProfilePage()
399	{
400	global $conf, $template;
401
402	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
403
404	/* creation OU mise a jour de user */
405	// if (in_array(script_basename(), array('register', 'profile')))
406	// {
407	//if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
408	//{
409	// $template->set_filenames( array('register'=>'register.tpl') );
410
411	// $template->loadfile('register');
412
413	// $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);
414	//}
415	// }
416	}
417
418	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
419
420	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
421	{
422	load_language('plugin.lang', NBC_UserAdvManager_PATH);
423	global $infos, $conf, $template;
424
425	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
426
427	/* User creation OR update */
428	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
429	{
430	$comment_action = 'reject';
431
432	array_push($infos, l10n('UserAdvManager_Empty Author'));
433	}
434
435	return $comment_action;
436	}
437
438	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: