source: extensions/NBC_UserAdvManager/main.inc.php @ 3398

Last change on this file since 3398 was 3398, checked in by Eric, 11 years ago

Changing plugin directory name to match with original name from PEM

  • Property svn:eol-style set to LF
File size: 15.1 KB
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.10.9a
5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                        Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                        Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                        Bug fixed - Notice on forbidden characters function use
34                        Bug fixed - Audit on forbidden characters in username didn't work
35                        Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38 
39
40*/
41
42/*
43
44 ***** TODO List *****
45
46-- No validation needed for admins users comments (new trigger needed in comments.php)
47
48-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
49
50-- Administration page for Confirm Mail
51  ++ Admin tabsheet for Confirm Mail to set options :
52                ++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
53                ++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
54                ++ List of users with expired validation time
55                ++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
56                ++ Opportunities to take actions on database tables :
57                ++ Re-asking validation (case of non reception of validation email)
58                ++ Force expiration
59                        ++ Force confirmation
60                ++ Cleanup expired user's accounts
61        ++ (...)
62
63-- Password control and enforcement
64  -- Empty password (done in Piwigo 2.x)
65  ++ Can not be the same as username
66  ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
67 
68-- Security : Blocking brut-force attacks !
69
70-- Opportunity to copy a registered user for new user creation
71  ++ new copied user will (or not) belong to the same groups
72  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
73  ++ new copied user will (or not) get the same properties
74  ++ new copied user will (or not) get the same language
75  ... and so on
76 
77*/
78
79
80
81if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
82define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
83define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
84include_once (NBC_UserAdvManager_PATH.'include/constants.php');
85include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
86load_language('plugin.lang', NBC_UserAdvManager_PATH);
87
88
89/* Plugin admin */
90add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
91
92function nbc_UserAdvManager_admin_menu($menu)
93{
94  array_push($menu,
95    array(
96      'NAME' => 'UserAdvManager',
97      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
98    )
99  );
100
101  return $menu;
102}
103
104
105
106/* User creation */
107add_event_handler('register_user', 'UserAdvManager_Adduser');
108
109function UserAdvManager_Adduser($register_user)
110{
111  global $conf;
112 
113  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
114
115  if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
116    SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
117}
118
119
120
121/* User deletion */
122add_event_handler('delete_user', 'UserAdvManager_Deluser');
123
124function UserAdvManager_Deluser($user_id)
125{
126
127  DeleteConfirmMail($user_id);
128
129}
130
131
132
133add_event_handler('init', 'UserAdvManager_InitPage');
134 
135function UserAdvManager_InitPage()
136{
137  load_language('plugin.lang', NBC_UserAdvManager_PATH);
138  global $conf, $template, $page, $lang;
139
140  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
141 
142
143  if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
144    $lang['reg_err_login5'] = l10n('new_reg_err_login5');
145 
146
147 
148/* User identification */
149  if (script_basename() == 'identification')
150  {
151    if (isset($_POST['login']))
152    {
153      /* User non case sensitive */
154      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
155      {
156        $new_username =  NotSensibleSearchUsername($_POST['username']);
157        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
158      }
159    }
160  }
161
162
163
164/* Admin user management */
165  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
166  {
167    if (isset($_POST['submit_add']))
168    {
169      /* User non case sensitive */
170      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
171      {
172        $new_username =  NotSensibleSearchUsername($_POST['login']);
173        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
174      }
175
176
177      /* Username without forbidden keys */
178      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
179      {
180        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
181        $_POST['login'] = '';
182      }
183
184      /* Email without forbidden domains */
185      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
186      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
187      //{
188      //  $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
189          //  $_POST['login'] = '';
190          //}
191      /* This work with a code copy of ValidateEmailProvider() function */
192          if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
193          $ncsemail = strtolower($_POST['email']);
194                {
195                  $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
196                  for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
197                    {
198                          if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
199                            {
200                          $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
201                          $_POST['login'] = '';
202                                }
203                        }
204                }
205    }
206  }
207
208/* User creation */
209  if (script_basename() == 'register')
210  {
211    if (isset($_POST['submit']))
212    {
213      /* Username non case sensitive */
214      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
215      {
216        $new_username =  NotSensibleSearchUsername($_POST['login']);
217        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
218      }
219
220
221      /* Username without forbidden keys */
222      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
223      {
224        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
225        $_POST['login'] = '';
226      }
227
228
229      /* Email without forbidden domains */
230      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
231      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
232      //{
233      //  $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
234      //  $_POST['mail_address'] = '';
235      //}
236      /* This work with a code copy of ValidateEmailProvider() function */
237                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
238                $ncsemail = strtolower($_POST['mail_address']);
239                  {
240                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
241                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
242                          {
243                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
244                                  {
245                                    $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
246                                        $_POST['login'] = '';
247                                  }
248                          }
249                  }
250    }
251  }
252
253/* User profile update */
254  if (script_basename() == 'profile')
255  {
256    if (isset($_POST['validate']))
257    {
258      /* Sending email to user */
259      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
260      {
261        global $conf, $user ;
262        $errors = array();
263 
264        $int_pattern = '/^\d+$/';
265        if (empty($_POST['nb_image_line'])
266            or (!preg_match($int_pattern, $_POST['nb_image_line'])))
267        {
268          $errors[] = l10n('nb_image_line_error');
269        }
270     
271        if (empty($_POST['nb_line_page'])
272            or (!preg_match($int_pattern, $_POST['nb_line_page'])))
273        {
274          $errors[] = l10n('nb_line_page_error');
275        }
276     
277        if ($_POST['maxwidth'] != ''
278            and (!preg_match($int_pattern, $_POST['maxwidth'])
279                 or $_POST['maxwidth'] < 50))
280        {
281          $errors[] = l10n('maxwidth_error');
282        }
283        if ($_POST['maxheight']
284             and (!preg_match($int_pattern, $_POST['maxheight'])
285                   or $_POST['maxheight'] < 50))
286        {
287          $errors[] = l10n('maxheight_error');
288        }
289        // periods must be integer values, they represents number of days
290        if (!preg_match($int_pattern, $_POST['recent_period'])
291            or $_POST['recent_period'] <= 0)
292        {
293          $errors[] = l10n('periods_error') ;
294        }
295
296        if (isset($_POST['mail_address']))
297        {
298          $mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
299          if (!empty($mail_error))
300          {
301            $errors[] = $mail_error;
302          }
303        /* This don't work on user's profile page - Why ?? */
304                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
305                $ncsemail = strtolower($_POST['mail_address']);
306                  {
307                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
308                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
309                          {
310                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
311                                  {
312                                    $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
313                                  }
314                          }
315                  }
316              if (!empty($mail_error))
317          {
318            $errors[] = $mail_error;
319          }
320        }
321                /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
322        //if (isset($_POST['mail_address']))
323        //{
324        //  $mail_error = ValidateEmailProvider($_POST['mail_address']);
325        //  if (!empty($mail_error))
326        //  {
327        //    $errors[] = $mail_error;
328        //  }
329        //}
330
331        $typemail = 3;
332       
333        if (!empty($_POST['use_new_pwd']))
334        {
335          $typemail = 2;
336
337          // password must be the same as its confirmation
338          if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
339          {
340            $errors[] = l10n('New password confirmation does not correspond');
341          }
342     
343          if ( !defined('IN_ADMIN') )
344          {// changing password requires old password
345            $query = '
346              SELECT '.$conf['user_fields']['password'].' AS password
347              FROM '.USERS_TABLE.'
348              WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
349            ;';
350            list($current_password) = mysql_fetch_row(pwg_query($query));
351       
352            if ($conf['pass_convert']($_POST['password']) != $current_password)
353            {
354              $errors[] = l10n('Current password is wrong');
355            }
356          }
357        }
358       
359        $confirm_mail_need = false;
360             
361        if (!empty($_POST['mail_address']))
362        {
363          $query = '
364            SELECT '.$conf['user_fields']['email'].' AS email
365            FROM '.USERS_TABLE.'
366            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
367          ;';
368          list($current_email) = mysql_fetch_row(pwg_query($query));
369     
370          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
371            $confirm_mail_need = true;
372        }
373
374        if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
375        {
376          $query = '
377            SELECT '.$conf['user_fields']['username'].'
378            FROM '.USERS_TABLE.'
379            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
380          ;';
381          list($username) = mysql_fetch_row(pwg_query($query));
382
383
384          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
385        }
386      }
387    }
388  }
389}
390
391add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
392
393function ChangeRegisterProfilePage()
394{
395  global $conf, $template;
396
397  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
398
399/* creation OU mise a jour de user */
400//  if (in_array(script_basename(), array('register', 'profile')))
401//  {
402    //if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
403    //{
404    //  $template->set_filenames( array('register'=>'register.tpl') );
405
406    //  $template->loadfile('register');
407
408    //  $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);     
409    //}
410//  }
411}
412
413add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
414
415function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
416{
417  load_language('plugin.lang', NBC_UserAdvManager_PATH);
418  global $infos, $conf, $template;
419
420  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
421
422/* User creation OR update */
423  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
424  {
425    $comment_action = 'reject';
426
427    array_push($infos, l10n('UserAdvManager_Empty Author'));
428  }
429
430  return $comment_action;
431}
432
433?>
Note: See TracBrowser for help on using the repository browser.