source: extensions/NBC_UserAdvManager/main.inc.php @ 3418

Last change on this file since 3418 was 3418, checked in by Eric, 11 years ago

Bug fixed : If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"

  • Property svn:eol-style set to LF
File size: 15.4 KB
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.10.9c
5Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/*
12 ***** Plugin history (branch 2.10)*****
13
14-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15-- 2.10.1-beta : Small correction on generated path
16-- 2.10.2-beta : Bug resolved on register validation page
17
18-- 2.10.3 : Final and fully functional release
19                        Bug resolved on plugin activation
20
21-- 2.10.4 : Bug fixed on profiles update
22
23-- 2.10.5 : Improved code on profiles update
24
25-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27-- 2.10.7 : Bug fixed on user's validation email sending
28
29-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30                        Improved code for checking author on guest comments
31
32-- 2.10.9 : Bug fixed - Missing english translation
33                        Bug fixed - Notice on forbidden characters function use
34                        Bug fixed - Audit on forbidden characters in username didn't work
35                        Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42 
43
44*/
45
46/*
47
48 ***** TODO List *****
49
50-- No validation needed for admins users comments (new trigger needed in comments.php)
51
52-- No single email check for admins (new trigger needed in (functions_user.inc.php ?))
53
54-- Administration page for Confirm Mail
55  ++ Admin tabsheet for Confirm Mail to set options :
56                ++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
57                ++ List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
58                ++ List of users with expired validation time
59                ++ List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
60                ++ Opportunities to take actions on database tables :
61                ++ Re-asking validation (case of non reception of validation email)
62                ++ Force expiration
63                        ++ Force confirmation
64                ++ Cleanup expired user's accounts
65        ++ (...)
66
67-- Password control and enforcement
68  -- Empty password (done in Piwigo 2.x)
69  ++ Can not be the same as username
70  ++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
71 
72-- Security : Blocking brut-force attacks !
73
74-- Opportunity to copy a registered user for new user creation
75  ++ new copied user will (or not) belong to the same groups
76  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
77  ++ new copied user will (or not) get the same properties
78  ++ new copied user will (or not) get the same language
79  ... and so on
80 
81*/
82
83
84
85if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
86define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
87define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
88include_once (NBC_UserAdvManager_PATH.'include/constants.php');
89include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
90load_language('plugin.lang', NBC_UserAdvManager_PATH);
91
92
93/* Plugin admin */
94add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
95
96function nbc_UserAdvManager_admin_menu($menu)
97{
98  array_push($menu,
99    array(
100      'NAME' => 'UserAdvManager',
101      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
102    )
103  );
104
105  return $menu;
106}
107
108
109
110/* User creation */
111add_event_handler('register_user', 'UserAdvManager_Adduser');
112
113function UserAdvManager_Adduser($register_user)
114{
115  global $conf;
116 
117  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
118
119  if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
120    SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
121}
122
123
124
125/* User deletion */
126add_event_handler('delete_user', 'UserAdvManager_Deluser');
127
128function UserAdvManager_Deluser($user_id)
129{
130
131  DeleteConfirmMail($user_id);
132
133}
134
135
136
137add_event_handler('init', 'UserAdvManager_InitPage');
138 
139function UserAdvManager_InitPage()
140{
141  load_language('plugin.lang', NBC_UserAdvManager_PATH);
142  global $conf, $template, $page, $lang;
143
144  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
145 
146
147  if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
148    $lang['reg_err_login5'] = l10n('new_reg_err_login5');
149 
150
151 
152/* User identification */
153  if (script_basename() == 'identification')
154  {
155    if (isset($_POST['login']))
156    {
157      /* User non case sensitive */
158      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
159      {
160        $new_username =  NotSensibleSearchUsername($_POST['username']);
161        $_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
162      }
163    }
164  }
165
166
167
168/* Admin user management */
169  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
170  {
171    if (isset($_POST['submit_add']))
172    {
173      /* User non case sensitive */
174      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
175      {
176        $new_username =  NotSensibleSearchUsername($_POST['login']);
177        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
178      }
179
180
181      /* Username without forbidden keys */
182      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
183      {
184        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
185        $_POST['login'] = '';
186      }
187
188      /* Email without forbidden domains */
189      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
190      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
191      //{
192      //  $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
193          //  $_POST['login'] = '';
194          //}
195      /* This work with a code copy of ValidateEmailProvider() function */
196          if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
197                {
198                  $ncsemail = strtolower($_POST['email']);
199                  $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
200                  for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
201                    {
202                          if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
203                            {
204                          $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
205                          $_POST['login'] = '';
206                                }
207                        }
208                }
209    }
210  }
211
212/* User creation */
213  if (script_basename() == 'register')
214  {
215    if (isset($_POST['submit']))
216    {
217      /* Username non case sensitive */
218      if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
219      {
220        $new_username =  NotSensibleSearchUsername($_POST['login']);
221        $_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
222      }
223
224
225      /* Username without forbidden keys */
226      if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
227      {
228        $lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
229        $_POST['login'] = '';
230      }
231
232
233      /* Email without forbidden domains */
234      /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
235      //if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
236      //{
237      //  $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
238      //  $_POST['mail_address'] = '';
239      //}
240      /* This work with a code copy of ValidateEmailProvider() function */
241                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
242                  {
243                        $ncsemail = strtolower($_POST['mail_address']);
244                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
245                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
246                          {
247                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
248                                  {
249                                    $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
250                                        $_POST['login'] = '';
251                                  }
252                          }
253                  }
254    }
255  }
256
257/* User profile update */
258  if (script_basename() == 'profile')
259  {
260    if (isset($_POST['validate']))
261    {
262      /* Sending email to user */
263      if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
264      {
265        global $conf, $user ;
266        $errors = array();
267 
268        $int_pattern = '/^\d+$/';
269        if (empty($_POST['nb_image_line'])
270            or (!preg_match($int_pattern, $_POST['nb_image_line'])))
271        {
272          $errors[] = l10n('nb_image_line_error');
273        }
274     
275        if (empty($_POST['nb_line_page'])
276            or (!preg_match($int_pattern, $_POST['nb_line_page'])))
277        {
278          $errors[] = l10n('nb_line_page_error');
279        }
280     
281        if ($_POST['maxwidth'] != ''
282            and (!preg_match($int_pattern, $_POST['maxwidth'])
283                 or $_POST['maxwidth'] < 50))
284        {
285          $errors[] = l10n('maxwidth_error');
286        }
287        if ($_POST['maxheight']
288             and (!preg_match($int_pattern, $_POST['maxheight'])
289                   or $_POST['maxheight'] < 50))
290        {
291          $errors[] = l10n('maxheight_error');
292        }
293        // periods must be integer values, they represents number of days
294        if (!preg_match($int_pattern, $_POST['recent_period'])
295            or $_POST['recent_period'] <= 0)
296        {
297          $errors[] = l10n('periods_error') ;
298        }
299
300        if (isset($_POST['mail_address']))
301        {
302          $mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
303          if (!empty($mail_error))
304          {
305            $errors[] = $mail_error;
306          }
307        /* This don't work on user's profile page - Why ?? */
308                if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
309                  {
310                        $ncsemail = strtolower($_POST['mail_address']);
311                    $conf_nbc_MailExclusion = split (",",$conf_nbc_UserAdvManager[13]);
312                        for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
313                          {
314                            if (ereg($conf_nbc_MailExclusion[$i], $ncsemail))
315                                  {
316                                    $mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
317                                  }
318                          }
319                  }
320              if (!empty($mail_error))
321          {
322            $errors[] = $mail_error;
323          }
324        }
325                /* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false|true" in function ?*/
326        //if (isset($_POST['mail_address']))
327        //{
328        //  $mail_error = ValidateEmailProvider($_POST['mail_address']);
329        //  if (!empty($mail_error))
330        //  {
331        //    $errors[] = $mail_error;
332        //  }
333        //}
334
335        $typemail = 3;
336       
337        if (!empty($_POST['use_new_pwd']))
338        {
339          $typemail = 2;
340
341          // password must be the same as its confirmation
342          if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
343          {
344            $errors[] = l10n('New password confirmation does not correspond');
345          }
346     
347          if ( !defined('IN_ADMIN') )
348          {// changing password requires old password
349            $query = '
350              SELECT '.$conf['user_fields']['password'].' AS password
351              FROM '.USERS_TABLE.'
352              WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
353            ;';
354            list($current_password) = mysql_fetch_row(pwg_query($query));
355       
356            if ($conf['pass_convert']($_POST['password']) != $current_password)
357            {
358              $errors[] = l10n('Current password is wrong');
359            }
360          }
361        }
362       
363        $confirm_mail_need = false;
364             
365        if (!empty($_POST['mail_address']))
366        {
367          $query = '
368            SELECT '.$conf['user_fields']['email'].' AS email
369            FROM '.USERS_TABLE.'
370            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
371          ;';
372          list($current_email) = mysql_fetch_row(pwg_query($query));
373     
374          if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
375            $confirm_mail_need = true;
376        }
377
378        if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
379        {
380          $query = '
381            SELECT '.$conf['user_fields']['username'].'
382            FROM '.USERS_TABLE.'
383            WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
384          ;';
385          list($username) = mysql_fetch_row(pwg_query($query));
386
387
388          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
389        }
390      }
391    }
392  }
393}
394
395add_event_handler('loc_begin_tpl_parse', 'ChangeRegisterProfilePage');
396
397function ChangeRegisterProfilePage()
398{
399  global $conf, $template;
400
401  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
402
403/* creation OU mise a jour de user */
404//  if (in_array(script_basename(), array('register', 'profile')))
405//  {
406    //if (isset($conf_UserAdvManager[1]) and $conf_UserAdvManager[1] == 'true' )
407    //{
408    //  $template->set_filenames( array('register'=>'register.tpl') );
409
410    //  $template->loadfile('register');
411
412    //  $template->uncompiled_code['register'] = str_replace('{lang:Mail address}', '* {lang:Mail address}', $template->uncompiled_code['register']);     
413    //}
414//  }
415}
416
417add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
418
419function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
420{
421  load_language('plugin.lang', NBC_UserAdvManager_PATH);
422  global $infos, $conf, $template;
423
424  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
425
426/* User creation OR update */
427  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
428  {
429    $comment_action = 'reject';
430
431    array_push($infos, l10n('UserAdvManager_Empty Author'));
432  }
433
434  return $comment_action;
435}
436
437?>
Note: See TracBrowser for help on using the repository browser.