Context Navigation

source: extensions/NBC_UserAdvManager/main.inc.php @ 3393

Last change on this file since 3393 was 3393, checked in by Eric, 15 years ago

Property svn:eol-style set to `LF`
File size: 15.1 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.10.9a
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	*/
40
41	/*
42
43	*** TODO List ***
44
45	-- No validation needed for admins users comments (new trigger needed in comments.php)
46
47	-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
48
49	-- Administration page for Confirm Mail
50	++ Admin tabsheet for Confirm Mail to set options :
51	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
52	++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
53	++ List of users with expired validation time
54	++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
55	++ Opportunities to take actions on database tables :
56	++ Re-asking validation (case of non reception of validation email)
57	++ Force expiration
58	++ Force confirmation
59	++ Cleanup expired user's accounts
60	++ (...)
61
62	-- Password control and enforcement
63	-- Empty password (done in Piwigo 2.x)
64	++ Can not be the same as username
65	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
66
67	-- Security : Blocking brut-force attacks !
68
69	-- Opportunity to copy a registered user for new user creation
70	++ new copied user will (or not) belong to the same groups
71	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
72	++ new copied user will (or not) get the same properties
73	++ new copied user will (or not) get the same language
74	... and so on
75
76	*/
77
78
79
80	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
81	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
82	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
83	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
84	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
85	load_language('plugin.lang', NBC_UserAdvManager_PATH);
86
87
88	/* Plugin admin */
89	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
90
91	function nbc_UserAdvManager_admin_menu($menu)
92	{
93	array_push($menu,
94	array(
95	'NAME' => 'UserAdvManager',
96	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
97	)
98	);
99
100	return $menu;
101	}
102
103
104
105	/* User creation */
106	add_event_handler('register_user', 'UserAdvManager_Adduser');
107
108	function UserAdvManager_Adduser($register_user)
109	{
110	global $conf;
111
112	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
113
114	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
115	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
116	}
117
118
119
120	/* User deletion */
121	add_event_handler('delete_user', 'UserAdvManager_Deluser');
122
123	function UserAdvManager_Deluser($user_id)
124	{
125
126	DeleteConfirmMail($user_id);
127
128	}
129
130
131
132	add_event_handler('init', 'UserAdvManager_InitPage');
133
134	function UserAdvManager_InitPage()
135	{
136	load_language('plugin.lang', NBC_UserAdvManager_PATH);
137	global $conf, $template, $page, $lang;
138
139	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
140
141
142	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
143	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
144
145
146
147	/* User identification */
148	if (script_basename() == 'identification')
149	{
150	if (isset($_POST['login']))
151	{
152	/* User non case sensitive */
153	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
154	{
155	$new_username = NotSensibleSearchUsername($_POST['username']);
156	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
157	}
158	}
159	}
160
161
162
163	/* Admin user management */
164	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
165	{
166	if (isset($_POST['submit_add']))
167	{
168	/* User non case sensitive */
169	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
170	{
171	$new_username = NotSensibleSearchUsername($_POST['login']);
172	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
173	}
174
175
176	/* Username without forbidden keys */
177	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
178	{
179	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
180	$_POST['login'] = '';
181	}
182
183	/* Email without forbidden domains */
184	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
185	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
186	//{
187	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
188	// $_POST['login'] = '';
189	//}
190	/* This work with a code copy of ValidateEmailProvider() function */
191	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
192	$ncsemail = strtolower($_POST['email']);
193	{
194	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
195	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
196	{
197	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
198	{
199	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
200	$_POST['login'] = '';
201	}
202	}
203	}
204	}
205	}
206
207	/* User creation */
208	if (script_basename() == 'register')
209	{
210	if (isset($_POST['submit']))
211	{
212	/* Username non case sensitive */
213	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
214	{
215	$new_username = NotSensibleSearchUsername($_POST['login']);
216	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
217	}
218
219
220	/* Username without forbidden keys */
221	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
222	{
223	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
224	$_POST['login'] = '';
225	}
226
227
228	/* Email without forbidden domains */
229	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
230	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
231	//{
232	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
233	// $_POST['mail_address'] = '';
234	//}
235	/* This work with a code copy of ValidateEmailProvider() function */
236	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
237	$ncsemail = strtolower($_POST['mail_address']);
238	{
239	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
240	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
241	{
242	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
243	{
244	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
245	$_POST['login'] = '';
246	}
247	}
248	}
249	}
250	}
251
252	/* User profile update */
253	if (script_basename() == 'profile')
254	{
255	if (isset($_POST['validate']))
256	{
257	/* Sending email to user */
258	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
259	{
260	global $conf, $user ;
261	$errors = array();
262
263	$int_pattern = '/^\d+$/';
264	if (empty($_POST['nb_image_line'])
265	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
266	{
267	$errors[] = l10n('nb_image_line_error');
268	}
269
270	if (empty($_POST['nb_line_page'])
271	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
272	{
273	$errors[] = l10n('nb_line_page_error');
274	}
275
276	if ($_POST['maxwidth'] != ''
277	and (!preg_match($int_pattern, $_POST['maxwidth'])
278	or $_POST['maxwidth'] < 50))
279	{
280	$errors[] = l10n('maxwidth_error');
281	}
282	if ($_POST['maxheight']
283	and (!preg_match($int_pattern, $_POST['maxheight'])
284	or $_POST['maxheight'] < 50))
285	{
286	$errors[] = l10n('maxheight_error');
287	}
288	// periods must be integer values, they represents number of days
289	if (!preg_match($int_pattern, $_POST['recent_period'])
290	or $_POST['recent_period'] <= 0)
291	{
292	$errors[] = l10n('periods_error') ;
293	}
294
295	if (isset($_POST['mail_address']))
296	{
297	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
298	if (!empty($mail_error))
299	{
300	$errors[] = $mail_error;
301	}
302	/* This don't work on user's profile page - Why ?? */
303	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
304	$ncsemail = strtolower($_POST['mail_address']);
305	{
306	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
307	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
308	{
309	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
310	{
311	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
312	}
313	}
314	}
315	if (!empty($mail_error))
316	{
317	$errors[] = $mail_error;
318	}
319	}
320	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
321	//if (isset($_POST['mail_address']))
322	//{
323	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
324	// if (!empty($mail_error))
325	// {
326	// $errors[] = $mail_error;
327	// }
328	//}
329
330	$typemail = 3;
331
332	if (!empty($_POST['use_new_pwd']))
333	{
334	$typemail = 2;
335
336	// password must be the same as its confirmation
337	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
338	{
339	$errors[] = l10n('New password confirmation does not correspond');
340	}
341
342	if ( !defined('IN_ADMIN') )
343	{// changing password requires old password
344	$query = '
345	SELECT '.$conf['user_fields']['password'].' AS password
346	FROM '.USERS_TABLE.'
347	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
348	;';
349	list($current_password) = mysql_fetch_row(pwg_query($query));
350
351	if ($conf['pass_convert']($_POST['password']) != $current_password)
352	{
353	$errors[] = l10n('Current password is wrong');
354	}
355	}
356	}
357
358	$confirm_mail_need = false;
359
360	if (!empty($_POST['mail_address']))
361	{
362	$query = '
363	SELECT '.$conf['user_fields']['email'].' AS email
364	FROM '.USERS_TABLE.'
365	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
366	;';
367	list($current_email) = mysql_fetch_row(pwg_query($query));
368
369	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
370	$confirm_mail_need = true;
371	}
372
373	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
374	{
375	$query = '
376	SELECT '.$conf['user_fields']['username'].'
377	FROM '.USERS_TABLE.'
378	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
379	;';
380	list($username) = mysql_fetch_row(pwg_query($query));
381
382
383	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
384	}
385	}
386	}
387	}
388	}
389
390	add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
391
392	function ChangeRegisterProfilePage()
393	{
394	global $conf, $template;
395
396	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
397
398	/* creation OU mise a jour de user */
399	// if (in_array(script_basename(), array('register', 'profile')))
400	// {
401	//if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
402	//{
403	// $template->set_filenames( array('register'=>'register.tpl') );
404
405	// $template->loadfile('register');
406
407	// $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);
408	//}
409	// }
410	}
411
412	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
413
414	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
415	{
416	load_language('plugin.lang', NBC_UserAdvManager_PATH);
417	global $infos, $conf, $template;
418
419	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
420
421	/* User creation OR update */
422	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
423	{
424	$comment_action = 'reject';
425
426	array_push($infos, l10n('UserAdvManager_Empty Author'));
427	}
428
429	return $comment_action;
430	}
431
432	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: