Context Navigation

source: extensions/NBC_UserAdvManager/main.inc.php @ 3398

Last change on this file since 3398 was 3398, checked in by Eric, 15 years ago
Changing plugin directory name to match with original name from PEM
Property svn:eol-style set to `LF`
File size: 15.1 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.10.9a
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39
40	*/
41
42	/*
43
44	*** TODO List ***
45
46	-- No validation needed for admins users comments (new trigger needed in comments.php)
47
48	-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
49
50	-- Administration page for Confirm Mail
51	++ Admin tabsheet for Confirm Mail to set options :
52	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
53	++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
54	++ List of users with expired validation time
55	++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
56	++ Opportunities to take actions on database tables :
57	++ Re-asking validation (case of non reception of validation email)
58	++ Force expiration
59	++ Force confirmation
60	++ Cleanup expired user's accounts
61	++ (...)
62
63	-- Password control and enforcement
64	-- Empty password (done in Piwigo 2.x)
65	++ Can not be the same as username
66	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
67
68	-- Security : Blocking brut-force attacks !
69
70	-- Opportunity to copy a registered user for new user creation
71	++ new copied user will (or not) belong to the same groups
72	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
73	++ new copied user will (or not) get the same properties
74	++ new copied user will (or not) get the same language
75	... and so on
76
77	*/
78
79
80
81	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
82	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
83	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
84	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
85	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
86	load_language('plugin.lang', NBC_UserAdvManager_PATH);
87
88
89	/* Plugin admin */
90	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
91
92	function nbc_UserAdvManager_admin_menu($menu)
93	{
94	array_push($menu,
95	array(
96	'NAME' => 'UserAdvManager',
97	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
98	)
99	);
100
101	return $menu;
102	}
103
104
105
106	/* User creation */
107	add_event_handler('register_user', 'UserAdvManager_Adduser');
108
109	function UserAdvManager_Adduser($register_user)
110	{
111	global $conf;
112
113	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
114
115	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
116	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
117	}
118
119
120
121	/* User deletion */
122	add_event_handler('delete_user', 'UserAdvManager_Deluser');
123
124	function UserAdvManager_Deluser($user_id)
125	{
126
127	DeleteConfirmMail($user_id);
128
129	}
130
131
132
133	add_event_handler('init', 'UserAdvManager_InitPage');
134
135	function UserAdvManager_InitPage()
136	{
137	load_language('plugin.lang', NBC_UserAdvManager_PATH);
138	global $conf, $template, $page, $lang;
139
140	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
141
142
143	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
144	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
145
146
147
148	/* User identification */
149	if (script_basename() == 'identification')
150	{
151	if (isset($_POST['login']))
152	{
153	/* User non case sensitive */
154	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
155	{
156	$new_username = NotSensibleSearchUsername($_POST['username']);
157	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
158	}
159	}
160	}
161
162
163
164	/* Admin user management */
165	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
166	{
167	if (isset($_POST['submit_add']))
168	{
169	/* User non case sensitive */
170	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
171	{
172	$new_username = NotSensibleSearchUsername($_POST['login']);
173	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
174	}
175
176
177	/* Username without forbidden keys */
178	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
179	{
180	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
181	$_POST['login'] = '';
182	}
183
184	/* Email without forbidden domains */
185	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
186	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
187	//{
188	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
189	// $_POST['login'] = '';
190	//}
191	/* This work with a code copy of ValidateEmailProvider() function */
192	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
193	$ncsemail = strtolower($_POST['email']);
194	{
195	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
196	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
197	{
198	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
199	{
200	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
201	$_POST['login'] = '';
202	}
203	}
204	}
205	}
206	}
207
208	/* User creation */
209	if (script_basename() == 'register')
210	{
211	if (isset($_POST['submit']))
212	{
213	/* Username non case sensitive */
214	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
215	{
216	$new_username = NotSensibleSearchUsername($_POST['login']);
217	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
218	}
219
220
221	/* Username without forbidden keys */
222	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
223	{
224	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
225	$_POST['login'] = '';
226	}
227
228
229	/* Email without forbidden domains */
230	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
231	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
232	//{
233	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
234	// $_POST['mail_address'] = '';
235	//}
236	/* This work with a code copy of ValidateEmailProvider() function */
237	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
238	$ncsemail = strtolower($_POST['mail_address']);
239	{
240	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
241	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
242	{
243	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
244	{
245	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
246	$_POST['login'] = '';
247	}
248	}
249	}
250	}
251	}
252
253	/* User profile update */
254	if (script_basename() == 'profile')
255	{
256	if (isset($_POST['validate']))
257	{
258	/* Sending email to user */
259	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
260	{
261	global $conf, $user ;
262	$errors = array();
263
264	$int_pattern = '/^\d+$/';
265	if (empty($_POST['nb_image_line'])
266	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
267	{
268	$errors[] = l10n('nb_image_line_error');
269	}
270
271	if (empty($_POST['nb_line_page'])
272	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
273	{
274	$errors[] = l10n('nb_line_page_error');
275	}
276
277	if ($_POST['maxwidth'] != ''
278	and (!preg_match($int_pattern, $_POST['maxwidth'])
279	or $_POST['maxwidth'] < 50))
280	{
281	$errors[] = l10n('maxwidth_error');
282	}
283	if ($_POST['maxheight']
284	and (!preg_match($int_pattern, $_POST['maxheight'])
285	or $_POST['maxheight'] < 50))
286	{
287	$errors[] = l10n('maxheight_error');
288	}
289	// periods must be integer values, they represents number of days
290	if (!preg_match($int_pattern, $_POST['recent_period'])
291	or $_POST['recent_period'] <= 0)
292	{
293	$errors[] = l10n('periods_error') ;
294	}
295
296	if (isset($_POST['mail_address']))
297	{
298	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
299	if (!empty($mail_error))
300	{
301	$errors[] = $mail_error;
302	}
303	/* This don't work on user's profile page - Why ?? */
304	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
305	$ncsemail = strtolower($_POST['mail_address']);
306	{
307	$conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
308	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
309	{
310	if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
311	{
312	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
313	}
314	}
315	}
316	if (!empty($mail_error))
317	{
318	$errors[] = $mail_error;
319	}
320	}
321	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
322	//if (isset($_POST['mail_address']))
323	//{
324	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
325	// if (!empty($mail_error))
326	// {
327	// $errors[] = $mail_error;
328	// }
329	//}
330
331	$typemail = 3;
332
333	if (!empty($_POST['use_new_pwd']))
334	{
335	$typemail = 2;
336
337	// password must be the same as its confirmation
338	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
339	{
340	$errors[] = l10n('New password confirmation does not correspond');
341	}
342
343	if ( !defined('IN_ADMIN') )
344	{// changing password requires old password
345	$query = '
346	SELECT '.$conf['user_fields']['password'].' AS password
347	FROM '.USERS_TABLE.'
348	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
349	;';
350	list($current_password) = mysql_fetch_row(pwg_query($query));
351
352	if ($conf['pass_convert']($_POST['password']) != $current_password)
353	{
354	$errors[] = l10n('Current password is wrong');
355	}
356	}
357	}
358
359	$confirm_mail_need = false;
360
361	if (!empty($_POST['mail_address']))
362	{
363	$query = '
364	SELECT '.$conf['user_fields']['email'].' AS email
365	FROM '.USERS_TABLE.'
366	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
367	;';
368	list($current_email) = mysql_fetch_row(pwg_query($query));
369
370	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
371	$confirm_mail_need = true;
372	}
373
374	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
375	{
376	$query = '
377	SELECT '.$conf['user_fields']['username'].'
378	FROM '.USERS_TABLE.'
379	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
380	;';
381	list($username) = mysql_fetch_row(pwg_query($query));
382
383
384	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
385	}
386	}
387	}
388	}
389	}
390
391	add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
392
393	function ChangeRegisterProfilePage()
394	{
395	global $conf, $template;
396
397	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
398
399	/* creation OU mise a jour de user */
400	// if (in_array(script_basename(), array('register', 'profile')))
401	// {
402	//if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
403	//{
404	// $template->set_filenames( array('register'=>'register.tpl') );
405
406	// $template->loadfile('register');
407
408	// $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);
409	//}
410	// }
411	}
412
413	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
414
415	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
416	{
417	load_language('plugin.lang', NBC_UserAdvManager_PATH);
418	global $infos, $conf, $template;
419
420	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
421
422	/* User creation OR update */
423	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
424	{
425	$comment_action = 'reject';
426
427	array_push($infos, l10n('UserAdvManager_Empty Author'));
428	}
429
430	return $comment_action;
431	}
432
433	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: