source: extensions/NBC_UserAdvManager/main.inc.php @ 3416

Last change on this file since 3416 was 3416, checked in by Eric, 11 years ago

ConfirmMail.tpl : $U_HOME replaced by $GALLERY_URL only if $GALLERY_URL is empty.
ConfirmMail.php : $GALLERY_URL set.
main.inc.php : Plugin version (2.10.9b) and history update.

  • Property svn:eol-style set to LF
File size: 15.2 KB
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.10.9b
5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                        Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                        Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                        Bug fixed - Notice on forbidden characters function use
34                        Bug fixed - Audit on forbidden characters in username didn't work
35                        Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40 
41
42*/
43
44/*
45
46 ***** TODO List *****
47
48-- No validation needed for admins users comments (new trigger needed in comments.php)
49
50-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
51
52-- Administration page for Confirm Mail
53  ++ Admin tabsheet for Confirm Mail to set options :
54                ++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
55                ++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
56                ++ List of users with expired validation time
57                ++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
58                ++ Opportunities to take actions on database tables :
59                ++ Re-asking validation (case of non reception of validation email)
60                ++ Force expiration
61                        ++ Force confirmation
62                ++ Cleanup expired user's accounts
63        ++ (...)
64
65-- Password control and enforcement
66  -- Empty password (done in Piwigo 2.x)
67  ++ Can not be the same as username
68  ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
69 
70-- Security : Blocking brut-force attacks !
71
72-- Opportunity to copy a registered user for new user creation
73  ++ new copied user will (or not) belong to the same groups
74  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
75  ++ new copied user will (or not) get the same properties
76  ++ new copied user will (or not) get the same language
77  ... and so on
78 
79*/
80
81
82
83if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
84define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
85define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
86include_once (NBC_UserAdvManager_PATH.'include/constants.php');
87include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
88load_language('plugin.lang', NBC_UserAdvManager_PATH);
89
90
91/* Plugin admin */
92add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
93
94function nbc_UserAdvManager_admin_menu($menu)
95{
96  array_push($menu,
97    array(
98      'NAME' => 'UserAdvManager',
99      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
100    )
101  );
102
103  return $menu;
104}
105
106
107
108/* User creation */
109add_event_handler('register_user', 'UserAdvManager_Adduser');
110
111function UserAdvManager_Adduser($register_user)
112{
113  global $conf;
114 
115  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
116
117  if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
118    SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
119}
120
121
122
123/* User deletion */
124add_event_handler('delete_user', 'UserAdvManager_Deluser');
125
126function UserAdvManager_Deluser($user_id)
127{
128
129  DeleteConfirmMail($user_id);
130
131}
132
133
134
135add_event_handler('init', 'UserAdvManager_InitPage');
136 
137function UserAdvManager_InitPage()
138{
139  load_language('plugin.lang', NBC_UserAdvManager_PATH);
140  global $conf, $template, $page, $lang;
141
142  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
143 
144
145  if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
146    $lang['reg_err_login5'] = l10n('new_reg_err_login5');
147 
148
149 
150/* User identification */
151  if (script_basename() == 'identification')
152  {
153    if (isset($_POST['login']))
154    {
155      /* User non case sensitive */
156      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
157      {
158        $new_username =  NotSensibleSearchUsername($_POST['username']);
159        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
160      }
161    }
162  }
163
164
165
166/* Admin user management */
167  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
168  {
169    if (isset($_POST['submit_add']))
170    {
171      /* User non case sensitive */
172      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
173      {
174        $new_username =  NotSensibleSearchUsername($_POST['login']);
175        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
176      }
177
178
179      /* Username without forbidden keys */
180      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
181      {
182        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
183        $_POST['login'] = '';
184      }
185
186      /* Email without forbidden domains */
187      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
188      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
189      //{
190      //  $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
191          //  $_POST['login'] = '';
192          //}
193      /* This work with a code copy of ValidateEmailProvider() function */
194          if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
195          $ncsemail = strtolower($_POST['email']);
196                {
197                  $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
198                  for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
199                    {
200                          if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
201                            {
202                          $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
203                          $_POST['login'] = '';
204                                }
205                        }
206                }
207    }
208  }
209
210/* User creation */
211  if (script_basename() == 'register')
212  {
213    if (isset($_POST['submit']))
214    {
215      /* Username non case sensitive */
216      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
217      {
218        $new_username =  NotSensibleSearchUsername($_POST['login']);
219        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
220      }
221
222
223      /* Username without forbidden keys */
224      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
225      {
226        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
227        $_POST['login'] = '';
228      }
229
230
231      /* Email without forbidden domains */
232      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
233      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
234      //{
235      //  $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
236      //  $_POST['mail_address'] = '';
237      //}
238      /* This work with a code copy of ValidateEmailProvider() function */
239                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
240                $ncsemail = strtolower($_POST['mail_address']);
241                  {
242                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
243                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
244                          {
245                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
246                                  {
247                                    $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
248                                        $_POST['login'] = '';
249                                  }
250                          }
251                  }
252    }
253  }
254
255/* User profile update */
256  if (script_basename() == 'profile')
257  {
258    if (isset($_POST['validate']))
259    {
260      /* Sending email to user */
261      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
262      {
263        global $conf, $user ;
264        $errors = array();
265 
266        $int_pattern = '/^\d+$/';
267        if (empty($_POST['nb_image_line'])
268            or (!preg_match($int_pattern, $_POST['nb_image_line'])))
269        {
270          $errors[] = l10n('nb_image_line_error');
271        }
272     
273        if (empty($_POST['nb_line_page'])
274            or (!preg_match($int_pattern, $_POST['nb_line_page'])))
275        {
276          $errors[] = l10n('nb_line_page_error');
277        }
278     
279        if ($_POST['maxwidth'] != ''
280            and (!preg_match($int_pattern, $_POST['maxwidth'])
281                 or $_POST['maxwidth'] < 50))
282        {
283          $errors[] = l10n('maxwidth_error');
284        }
285        if ($_POST['maxheight']
286             and (!preg_match($int_pattern, $_POST['maxheight'])
287                   or $_POST['maxheight'] < 50))
288        {
289          $errors[] = l10n('maxheight_error');
290        }
291        // periods must be integer values, they represents number of days
292        if (!preg_match($int_pattern, $_POST['recent_period'])
293            or $_POST['recent_period'] <= 0)
294        {
295          $errors[] = l10n('periods_error') ;
296        }
297
298        if (isset($_POST['mail_address']))
299        {
300          $mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
301          if (!empty($mail_error))
302          {
303            $errors[] = $mail_error;
304          }
305        /* This don't work on user's profile page - Why ?? */
306                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
307                $ncsemail = strtolower($_POST['mail_address']);
308                  {
309                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
310                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
311                          {
312                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
313                                  {
314                                    $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
315                                  }
316                          }
317                  }
318              if (!empty($mail_error))
319          {
320            $errors[] = $mail_error;
321          }
322        }
323                /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
324        //if (isset($_POST['mail_address']))
325        //{
326        //  $mail_error = ValidateEmailProvider($_POST['mail_address']);
327        //  if (!empty($mail_error))
328        //  {
329        //    $errors[] = $mail_error;
330        //  }
331        //}
332
333        $typemail = 3;
334       
335        if (!empty($_POST['use_new_pwd']))
336        {
337          $typemail = 2;
338
339          // password must be the same as its confirmation
340          if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
341          {
342            $errors[] = l10n('New password confirmation does not correspond');
343          }
344     
345          if ( !defined('IN_ADMIN') )
346          {// changing password requires old password
347            $query = '
348              SELECT '.$conf['user_fields']['password'].' AS password
349              FROM '.USERS_TABLE.'
350              WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
351            ;';
352            list($current_password) = mysql_fetch_row(pwg_query($query));
353       
354            if ($conf['pass_convert']($_POST['password']) != $current_password)
355            {
356              $errors[] = l10n('Current password is wrong');
357            }
358          }
359        }
360       
361        $confirm_mail_need = false;
362             
363        if (!empty($_POST['mail_address']))
364        {
365          $query = '
366            SELECT '.$conf['user_fields']['email'].' AS email
367            FROM '.USERS_TABLE.'
368            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
369          ;';
370          list($current_email) = mysql_fetch_row(pwg_query($query));
371     
372          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
373            $confirm_mail_need = true;
374        }
375
376        if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
377        {
378          $query = '
379            SELECT '.$conf['user_fields']['username'].'
380            FROM '.USERS_TABLE.'
381            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
382          ;';
383          list($username) = mysql_fetch_row(pwg_query($query));
384
385
386          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
387        }
388      }
389    }
390  }
391}
392
393add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
394
395function ChangeRegisterProfilePage()
396{
397  global $conf, $template;
398
399  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
400
401/* creation OU mise a jour de user */
402//  if (in_array(script_basename(), array('register', 'profile')))
403//  {
404    //if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
405    //{
406    //  $template->set_filenames( array('register'=>'register.tpl') );
407
408    //  $template->loadfile('register');
409
410    //  $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);     
411    //}
412//  }
413}
414
415add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
416
417function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
418{
419  load_language('plugin.lang', NBC_UserAdvManager_PATH);
420  global $infos, $conf, $template;
421
422  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
423
424/* User creation OR update */
425  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
426  {
427    $comment_action = 'reject';
428
429    array_push($infos, l10n('UserAdvManager_Empty Author'));
430  }
431
432  return $comment_action;
433}
434
435?>
Note: See TracBrowser for help on using the repository browser.