Context Navigation

source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 4061

Last change on this file since 4061 was 4061, checked in by Eric, 15 years ago

[NBC_UserAdvManager]

Bug 1195 fixed : Registration page displays now the good title
Some code cleaning

Property svn:eol-style set to LF

File size: 16.6 KB

Rev	Line
[3742]	1	<?php
	2	/*
	3	Plugin Name: NBC UserAdvManager
[4061]	4	Version: 2.11.5
[3742]	5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
	6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
	7	Author: Nicco, Eric
	8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
	9	*/
	10
	11	/*
	12	*** Plugin history (branch 2.10)***
	13
	14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
	15	-- 2.10.1-beta : Small correction on generated path
	16	-- 2.10.2-beta : Bug resolved on register validation page
	17
	18	-- 2.10.3 : Final and fully functional release
[3982]	19	Bug resolved on plugin activation
[3742]	20
	21	-- 2.10.4 : Bug fixed on profiles update
	22
	23	-- 2.10.5 : Improved code on profiles update
	24
	25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
	26
	27	-- 2.10.7 : Bug fixed on user's validation email sending
	28
	29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
[3982]	30	Improved code for checking author on guest comments
[3742]	31
	32	-- 2.10.9 : Bug fixed - Missing english translation
[3982]	33	Bug fixed - Notice on forbidden characters function use
	34	Bug fixed - Audit on forbidden characters in username didn't work
	35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
[3742]	36
	37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
	38
[3775]	39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
	40
	41	-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
	42
	43	-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
	44
	45	-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
[3982]	46	ereg replaced by preg_match
	47	eregi replace by preg_match with "i" moderator
	48	split replace by preg_split
[3775]	49
	50	-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
	51
[3858]	52	-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Renew validation key, list unvalidated users,...)
	53	Beautify plugin's main admin panel
[3872]	54
	55	-- 2.11.1 : Bug fixed with install and upgrade functions
	56	Language files correction
[3742]	57
[3881]	58	-- 2.11.2 : Bug fixed on bad query for unvalidated users display in unvalidated users list
	59	Bug fixed : Sql syntax error on plugin activation
	60
[3982]	61	-- 2.11.3 : On Patricia's request (french forum and bug 1173), the unvalidated users management tab shows users according with the settings of unvalidated group and / or unvalidated status.
	62	Feature 1172 : Email providers exclusion list can be set with CR/LF between each entry. The comma seperator (,) is still mandatory.
	63	Bug 1175 fixed : Bad translation tag in french language file.
	64	Improvement of unvalidated users management tab (feature 1174)- Expired users are displayed in red color text.
[3896]	65
[3982]	66	-- 2.11.4 : Bug 1177 fixed : Width of excluded email providers list reset to ancient value (80 col)
	67	Bug 1179 fixed : Adding a notice in plugin inline documentation for use of validation groups and status. A default group must be set in Piwigo's groups settings and the "Guest" (or another user) must be set as default for status values.
	68	Bug 1182 fixed : Language tag missing in confirmation email generation
	69
[4061]	70	-- 2.11.5 : Bug 1195 fixed : Registration displays the good title
	71
	72	-- pre 2.12.0 : Password control and enforcement (step 1)
	73
[3742]	74	*/
	75
	76	/*
	77
	78	*** TODO List ***
	79
	80	++ No validation needed for admins users comments (new trigger needed in comments.php)
	81
	82	++ No single email check for admins (new trigger needed in (functions_user.inc.php ?))
	83
	84	++ Password control and enforcement
	85	-- Empty password (done in Piwigo 2.x)
	86	++ Can not be the same as username
	87	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
	88
	89	++ Security : Blocking brut-force attacks !
	90
	91	++ Opportunity to copy a registered user for new user creation
	92	++ new copied user will (or not) belong to the same groups
	93	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
	94	++ new copied user will (or not) get the same properties
	95	++ new copied user will (or not) get the same language
	96	... and so on
	97
	98	*/
	99
	100
[3858]	101	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
[3742]	102
	103	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
	104	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
[3858]	105
[3742]	106	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
	107	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
[3858]	108
[3742]	109	load_language('plugin.lang', NBC_UserAdvManager_PATH);
	110
	111
	112	/* Plugin admin */
	113	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
	114
	115	function nbc_UserAdvManager_admin_menu($menu)
	116	{
	117	array_push($menu,
	118	array(
	119	'NAME' => 'UserAdvManager',
	120	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
	121	)
	122	);
	123
	124	return $menu;
	125	}
	126
	127
	128
	129	/* User creation */
	130	add_event_handler('register_user', 'UserAdvManager_Adduser');
	131
	132	function UserAdvManager_Adduser($register_user)
	133	{
	134	global $conf;
	135
	136	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
	137
	138	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
[3858]	139
	140	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
[3742]	141	}
	142
	143
	144
	145	/* User deletion */
	146	add_event_handler('delete_user', 'UserAdvManager_Deluser');
	147
	148	function UserAdvManager_Deluser($user_id)
	149	{
	150
	151	DeleteConfirmMail($user_id);
	152
	153	}
	154
	155
	156
	157	add_event_handler('init', 'UserAdvManager_InitPage');
	158
	159	function UserAdvManager_InitPage()
	160	{
	161	load_language('plugin.lang', NBC_UserAdvManager_PATH);
	162	global $conf, $template, $page, $lang;
[4061]	163
	164	$PasswordCheck = 0;
[3742]	165
	166	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
	167
	168
	169	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
[3917]	170	$lang['reg_err_login5'] = l10n('reg_err_login5');
[4061]	171
[3742]	172
[4061]	173	/* User identication */
[3742]	174	if (script_basename() == 'identification')
	175	{
	176	if (isset($_POST['login']))
	177	{
	178	/* User non case sensitive */
	179	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
	180	{
	181	$new_username = NotSensibleSearchUsername($_POST['username']);
	182	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
	183	}
	184	}
	185	}
	186
	187
	188
	189	/* Admin user management */
	190	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
	191	{
	192	if (isset($_POST['submit_add']))
	193	{
	194	/* User non case sensitive */
	195	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
	196	{
	197	$new_username = NotSensibleSearchUsername($_POST['login']);
	198	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
	199	}
	200
	201
	202	/* Username without forbidden keys */
	203	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
	204	{
	205	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
	206	$_POST['login'] = '';
	207	}
	208
	209	/* Email without forbidden domains */
	210	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
	211	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
	212	//{
	213	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	214	// $_POST['login'] = '';
	215	//}
	216	/* This work with a code copy of ValidateEmailProvider() function */
[3858]	217	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
	218	{
	219	$ncsemail = strtolower($_POST['email']);
[3918]	220	$conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
[3858]	221	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
[3742]	222	{
	223	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
[3858]	224	if (preg_match($pattern, $ncsemail))
	225	{
	226	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	227	$_POST['login'] = '';
	228	}
[3742]	229	}
	230	}
	231	}
	232	}
	233
	234	/* User creation */
	235	if (script_basename() == 'register')
	236	{
	237	if (isset($_POST['submit']))
	238	{
	239	/* Username non case sensitive */
	240	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
	241	{
	242	$new_username = NotSensibleSearchUsername($_POST['login']);
	243	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
	244	}
	245
	246
	247	/* Username without forbidden keys */
	248	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
	249	{
	250	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
	251	$_POST['login'] = '';
	252	}
	253
	254
[4061]	255	if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
	256	{
	257	//$PasswordCheck = testpassword($_POST['password']);
	258	$PasswordCheck = 10;
	259	if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
	260	{
	261	array_push($errors, l10n('reg_err_login4')."'".$conf_nbc_UserAdvManager[15]."'");
	262	//$lang['reg_err_login1'] = l10n('reg_err_login4')."'".$conf_nbc_UserAdvManager[15]."'";
	263	$_POST['password'] = "";
	264	$_POST['password_conf'] = "";
	265	$PasswordCheck = 0;
	266	}
	267	}
	268
[3742]	269	/* Email without forbidden domains */
	270	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
	271	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
	272	//{
	273	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	274	// $_POST['mail_address'] = '';
	275	//}
	276	/* This work with a code copy of ValidateEmailProvider() function */
[3858]	277	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
[3742]	278	{
	279	$ncsemail = strtolower($_POST['mail_address']);
[3918]	280	$conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
[3858]	281	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
[3742]	282	{
[3858]	283	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
[3742]	284	if (preg_match($pattern, $ncsemail))
	285	{
[3858]	286	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	287	$_POST['login'] = '';
[3742]	288	}
	289	}
	290	}
	291	}
	292	}
	293
	294	/* User profile update */
	295	if (script_basename() == 'profile')
	296	{
	297	if (isset($_POST['validate']))
	298	{
	299	/* Sending email to user */
	300	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
	301	{
	302	global $conf, $user ;
	303	$errors = array();
	304
	305	$int_pattern = '/^\d+$/';
	306	if (empty($_POST['nb_image_line'])
	307	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
	308	{
	309	$errors[] = l10n('nb_image_line_error');
	310	}
	311
	312	if (empty($_POST['nb_line_page'])
	313	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
	314	{
	315	$errors[] = l10n('nb_line_page_error');
	316	}
	317
	318	if ($_POST['maxwidth'] != ''
	319	and (!preg_match($int_pattern, $_POST['maxwidth'])
	320	or $_POST['maxwidth'] < 50))
	321	{
	322	$errors[] = l10n('maxwidth_error');
	323	}
	324	if ($_POST['maxheight']
	325	and (!preg_match($int_pattern, $_POST['maxheight'])
	326	or $_POST['maxheight'] < 50))
	327	{
	328	$errors[] = l10n('maxheight_error');
	329	}
	330
	331	if (isset($_POST['mail_address']))
	332	{
	333	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
	334	if (!empty($mail_error))
	335	{
	336	$errors[] = $mail_error;
	337	}
[3858]	338
	339	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
	340	{
	341	$ncsemail = strtolower($_POST['mail_address']);
[3920]	342	$conf_nbc_MailExclusion = preg_split("/[\s,]+/",$conf_nbc_UserAdvManager[13]);
[3858]	343	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
	344	{
	345	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
	346	if (preg_match($pattern, $ncsemail))
	347	{
	348	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
	349	}
	350	}
	351	}
	352	if (!empty($mail_error))
[3742]	353	{
	354	$errors[] = $mail_error;
	355	}
	356	}
	357
	358	$typemail = 3;
	359
	360	if (!empty($_POST['use_new_pwd']))
	361	{
	362	$typemail = 2;
	363
	364	// password must be the same as its confirmation
	365	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
	366	{
	367	$errors[] = l10n('New password confirmation does not correspond');
	368	}
[4061]	369
	370	if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
	371	{
	372	//$PasswordCheck = testpassword($_POST['password']);
	373	$PasswordCheck = 10;
	374	if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
	375	{
	376	$lang['reg_err_login1'] = l10n('reg_err_login4')."'".$conf_nbc_UserAdvManager[15]."'";
	377	}
	378	}
	379	else if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true')
	380	{
	381	$lang['reg_err_login1'] = l10n('reg_err_login3');
	382	}
	383
[3742]	384	if ( !defined('IN_ADMIN') )
	385	{// changing password requires old password
	386	$query = '
	387	SELECT '.$conf['user_fields']['password'].' AS password
	388	FROM '.USERS_TABLE.'
	389	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
	390	;';
	391	list($current_password) = mysql_fetch_row(pwg_query($query));
	392
	393	if ($conf['pass_convert']($_POST['password']) != $current_password)
	394	{
	395	$errors[] = l10n('Current password is wrong');
	396	}
	397	}
	398	}
	399
	400	$confirm_mail_need = false;
	401
	402	if (!empty($_POST['mail_address']))
	403	{
	404	$query = '
	405	SELECT '.$conf['user_fields']['email'].' AS email
	406	FROM '.USERS_TABLE.'
	407	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
	408	;';
	409	list($current_email) = mysql_fetch_row(pwg_query($query));
	410
	411	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
	412	$confirm_mail_need = true;
	413	}
	414
	415	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
	416	{
	417	$query = '
	418	SELECT '.$conf['user_fields']['username'].'
	419	FROM '.USERS_TABLE.'
	420	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
	421	;';
	422	list($username) = mysql_fetch_row(pwg_query($query));
	423
	424
	425	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
	426	}
	427	}
	428	}
	429	}
	430	}
	431
	432	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
	433
	434	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
	435	{
	436	load_language('plugin.lang', NBC_UserAdvManager_PATH);
	437	global $infos, $conf, $template;
	438
	439	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
	440
	441	/* User creation OR update */
	442	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
	443	{
	444	$comment_action = 'reject';
	445
	446	array_push($infos, l10n('UserAdvManager_Empty Author'));
	447	}
	448
	449	return $comment_action;
	450	}
	451
	452	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: