Context Navigation

source: extensions/NBC_UserAdvManager/main.inc.php @ 3385

Last change on this file since 3385 was 3385, checked in by Eric, 15 years ago
V2.10.9 : Bug fixed - Missing english translation Bug fixed - Notice on forbidden characters function use Bug fixed - Audit on forbidden characters in username didn't work Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbidden one. If someone has a solution...
Property svn:eol-style set to `LF`
File size: 14.9 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.10.9
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	*/
38
39	/*
40
41	*** TODO List ***
42
43	-- No validation needed for admins users comments (new trigger needed in comments.php)
44
45	-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
46
47	-- Administration page for Confirm Mail
48	++ Admin tabsheet for Confirm Mail to set options :
49	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
50	++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
51	++ List of users with expired validation time
52	++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
53	++ Opportunities to take actions on database tables :
54	++ Re-asking validation (case of non reception of validation email)
55	++ Force expiration
56	++ Force confirmation
57	++ Cleanup expired user's accounts
58	++ (...)
59
60	-- Password control and enforcement
61	-- Empty password (done in Piwigo 2.x)
62	++ Can not be the same as username
63	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
64
65	-- Security : Blocking brut-force attacks !
66
67	-- Opportunity to copy a registered user for new user creation
68	++ new copied user will (or not) belong to the same groups
69	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
70	++ new copied user will (or not) get the same properties
71	++ new copied user will (or not) get the same language
72	... and so on
73
74	*/
75
76
77
78	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
79	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
80	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
81	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
82	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
83	load_language('plugin.lang', NBC_UserAdvManager_PATH);
84
85
86	/* Plugin admin */
87	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
88
89	function nbc_UserAdvManager_admin_menu($menu)
90	{
91	array_push($menu,
92	array(
93	'NAME' => 'UserAdvManager',
94	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
95	)
96	);
97
98	return $menu;
99	}
100
101
102
103	/* User creation */
104	add_event_handler('register_user', 'UserAdvManager_Adduser');
105
106	function UserAdvManager_Adduser($register_user)
107	{
108	global $conf;
109
110	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
111
112	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
113	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
114	}
115
116
117
118	/* User deletion */
119	add_event_handler('delete_user', 'UserAdvManager_Deluser');
120
121	function UserAdvManager_Deluser($user_id)
122	{
123
124	DeleteConfirmMail($user_id);
125
126	}
127
128
129
130	add_event_handler('init', 'UserAdvManager_InitPage');
131
132	function UserAdvManager_InitPage()
133	{
134	load_language('plugin.lang', NBC_UserAdvManager_PATH);
135	global $conf, $template, $page, $lang;
136
137	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
138
139
140	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
141	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
142
143
144
145	/* User identification */
146	if (script_basename() == 'identification')
147	{
148	if (isset($_POST['login']))
149	{
150	/* User non case sensitive */
151	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
152	{
153	$new_username = NotSensibleSearchUsername($_POST['username']);
154	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
155	}
156	}
157	}
158
159
160
161	/* Admin user management */
162	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
163	{
164	if (isset($_POST['submit_add']))
165	{
166	/* User non case sensitive */
167	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
168	{
169	$new_username = NotSensibleSearchUsername($_POST['login']);
170	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
171	}
172
173
174	/* Username without forbidden keys */
175	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
176	{
177	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
178	$_POST['login'] = '';
179	}
180
181	/* Email without forbidden domains */
182	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
183	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
184	//{
185	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
186	// $_POST['login'] = '';
187	//}
188	/* This work with a code copy of ValidateEmailProvider() function */
189	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
190	{
191	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
192	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
193	{
194	if (ereg($conf_nbc_MailExclusion[$i], $_POST['email']))
195	{
196	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
197	$_POST['login'] = '';
198	}
199	}
200	}
201	}
202	}
203
204	/* User creation */
205	if (script_basename() == 'register')
206	{
207	if (isset($_POST['submit']))
208	{
209	/* Username non case sensitive */
210	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
211	{
212	$new_username = NotSensibleSearchUsername($_POST['login']);
213	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
214	}
215
216
217	/* Username without forbidden keys */
218	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
219	{
220	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
221	$_POST['login'] = '';
222	}
223
224
225	/* Email without forbidden domains */
226	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
227	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
228	//{
229	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
230	// $_POST['mail_address'] = '';
231	//}
232	/* This work with a code copy of ValidateEmailProvider() function */
233	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
234	{
235	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
236	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
237	{
238	if (ereg($conf_nbc_MailExclusion[$i], $_POST['mail_address']))
239	{
240	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
241	$_POST['login'] = '';
242	}
243	}
244	}
245	}
246	}
247
248	/* User profile update */
249	if (script_basename() == 'profile')
250	{
251	if (isset($_POST['validate']))
252	{
253	/* Sending email to user */
254	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
255	{
256	global $conf, $user ;
257	$errors = array();
258
259	$int_pattern = '/^\d+$/';
260	if (empty($_POST['nb_image_line'])
261	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
262	{
263	$errors[] = l10n('nb_image_line_error');
264	}
265
266	if (empty($_POST['nb_line_page'])
267	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
268	{
269	$errors[] = l10n('nb_line_page_error');
270	}
271
272	if ($_POST['maxwidth'] != ''
273	and (!preg_match($int_pattern, $_POST['maxwidth'])
274	or $_POST['maxwidth'] < 50))
275	{
276	$errors[] = l10n('maxwidth_error');
277	}
278	if ($_POST['maxheight']
279	and (!preg_match($int_pattern, $_POST['maxheight'])
280	or $_POST['maxheight'] < 50))
281	{
282	$errors[] = l10n('maxheight_error');
283	}
284	// periods must be integer values, they represents number of days
285	if (!preg_match($int_pattern, $_POST['recent_period'])
286	or $_POST['recent_period'] <= 0)
287	{
288	$errors[] = l10n('periods_error') ;
289	}
290
291	if (isset($_POST['mail_address']))
292	{
293	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
294	if (!empty($mail_error))
295	{
296	$errors[] = $mail_error;
297	}
298	/* This don't work on user's profile page - Why ?? */
299	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
300	{
301	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
302	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
303	{
304	if (ereg($conf_nbc_MailExclusion[$i], $_POST['mail_address']))
305	{
306	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
307	}
308	}
309	}
310	if (!empty($mail_error))
311	{
312	$errors[] = $mail_error;
313	}
314	}
315	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
316	//if (isset($_POST['mail_address']))
317	//{
318	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
319	// if (!empty($mail_error))
320	// {
321	// $errors[] = $mail_error;
322	// }
323	//}
324
325	$typemail = 3;
326
327	if (!empty($_POST['use_new_pwd']))
328	{
329	$typemail = 2;
330
331	// password must be the same as its confirmation
332	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
333	{
334	$errors[] = l10n('New password confirmation does not correspond');
335	}
336
337	if ( !defined('IN_ADMIN') )
338	{// changing password requires old password
339	$query = '
340	SELECT '.$conf['user_fields']['password'].' AS password
341	FROM '.USERS_TABLE.'
342	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
343	;';
344	list($current_password) = mysql_fetch_row(pwg_query($query));
345
346	if ($conf['pass_convert']($_POST['password']) != $current_password)
347	{
348	$errors[] = l10n('Current password is wrong');
349	}
350	}
351	}
352
353	$confirm_mail_need = false;
354
355	if (!empty($_POST['mail_address']))
356	{
357	$query = '
358	SELECT '.$conf['user_fields']['email'].' AS email
359	FROM '.USERS_TABLE.'
360	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
361	;';
362	list($current_email) = mysql_fetch_row(pwg_query($query));
363
364	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
365	$confirm_mail_need = true;
366	}
367
368	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
369	{
370	$query = '
371	SELECT '.$conf['user_fields']['username'].'
372	FROM '.USERS_TABLE.'
373	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
374	;';
375	list($username) = mysql_fetch_row(pwg_query($query));
376
377
378	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
379	}
380	}
381	}
382	}
383	}
384
385	add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
386
387	function ChangeRegisterProfilePage()
388	{
389	global $conf, $template;
390
391	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
392
393	/* creation OU mise a jour de user */
394	// if (in_array(script_basename(), array('register', 'profile')))
395	// {
396	//if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
397	//{
398	// $template->set_filenames( array('register'=>'register.tpl') );
399
400	// $template->loadfile('register');
401
402	// $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);
403	//}
404	// }
405	}
406
407	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
408
409	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
410	{
411	load_language('plugin.lang', NBC_UserAdvManager_PATH);
412	global $infos, $conf, $template;
413
414	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
415
416	/* User creation OR update */
417	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
418	{
419	$comment_action = 'reject';
420
421	array_push($infos, l10n('UserAdvManager_Empty Author'));
422	}
423
424	return $comment_action;
425	}
426
427	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: