Context Navigation

source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 6990

Last change on this file since 6990 was 6990, checked in by Eric, 14 years ago
Bug 1869 fixed : Compatibility with Adult_Content users enhanced
Property svn:eol-style set to `LF`
File size: 15.7 KB

Rev	Line
[3742]	1	<?php
	2	/*
[5181]	3	Plugin Name: UserAdvManager
[6990]	4	Version: 2.15.7b
[4957]	5	Description: Renforcer la gestion des utilisateurs - Enforce users management
[3742]	6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
	7	Author: Nicco, Eric
	8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
	9	*/
	10
[5181]	11	/* History: UAM_PATH.'Changelog.txt.php' */
[3742]	12
	13	/*
	14	*** TODO List ***
[6783]	15	See project bugtracker: http://piwigo.org/bugs/my_view_page.php
[3742]	16	*/
	17
[4927]	18	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
[5181]	19	if (!defined('UAM_DIR')) define('UAM_DIR' , basename(dirname(__FILE__)));
	20	if (!defined('UAM_PATH')) define('UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
[3742]	21
[5181]	22	include_once (UAM_PATH.'include/constants.php');
	23	include_once (UAM_PATH.'include/functions.inc.php');
[3742]	24
[5181]	25	load_language('plugin.lang', UAM_PATH);
[3858]	26
	27
[3742]	28	/* Plugin admin */
[5056]	29	add_event_handler('get_admin_plugin_menu_links', 'UAM_admin_menu');
[3742]	30
[5056]	31	function UAM_admin_menu($menu)
[3742]	32	{
[5181]	33	// +-----------------------------------------------------------------------+
	34	// \| Getting plugin name \|
	35	// +-----------------------------------------------------------------------+
	36	$plugin = PluginInfos(UAM_PATH);
	37	$name = $plugin['name'];
	38
[3742]	39	array_push($menu,
	40	array(
[5181]	41	'NAME' => $name,
	42	'URL' => get_admin_plugin_menu_link(UAM_PATH.'/admin/UAM_admin.php')
[3742]	43	)
	44	);
	45
	46	return $menu;
	47	}
	48
[4927]	49	/* Lastvisit table feed for Ghost Tracker */
[5056]	50	add_event_handler('loc_begin_index', 'UAM_GhostTracker');
[3742]	51
[5056]	52	function UAM_GhostTracker()
[4143]	53	{
	54	global $conf, $user;
	55
[5181]	56	$conf_UAM = unserialize($conf['UserAdvManager']);
[5056]	57
[6990]	58	/* Admins, Guests and Adult_Content users are not tracked for Ghost Tracker or Users Tracker */
	59	if (!is_admin() and !is_a_guest() and $user['username'] != "16" and $user['username'] != "18")
[4143]	60	{
[6354]	61	if ((isset($conf_UAM[16]) and $conf_UAM[16] == 'true') or (isset($conf_UAM[19]) and $conf_UAM[19] == 'true'))
[5105]	62	{
[4143]	63
[5105]	64	$userid = get_userid($user['username']);
[4143]	65
[5105]	66	/* Looking for existing entry in last visit table */
	67	$query = '
[4143]	68	SELECT *
[4159]	69	FROM '.USER_LASTVISIT_TABLE.'
[4143]	70	WHERE user_id = '.$userid.'
	71	;';
	72
[5633]	73	$count = pwg_db_num_rows(pwg_query($query));
[4143]	74
[5105]	75	if ($count == 0)
	76	{
	77	/* If not, data are inserted in table */
	78	$query = '
[4143]	79	INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
	80	VALUES ('.$userid.', now(), "false")
	81	;';
[5105]	82	pwg_query($query);
	83	}
	84	else if ($count > 0)
	85	{
	86	/* If yes, data are updated in table */
	87	$query = '
[4143]	88	UPDATE '.USER_LASTVISIT_TABLE.'
	89	SET lastvisit = now(), reminder = "false"
	90	WHERE user_id = '.$userid.'
	91	LIMIT 1
	92	;';
[5105]	93	pwg_query($query);
	94	}
[4143]	95	}
	96	}
	97	}
	98
	99
[3742]	100	/* User creation */
[5056]	101	add_event_handler('register_user', 'UAM_Adduser');
[3742]	102
[5056]	103	function UAM_Adduser($register_user)
[3742]	104	{
	105	global $conf;
[5056]	106
[5181]	107	$conf_UAM = unserialize($conf['UserAdvManager']);
[6990]	108
	109	// Exclusion of Adult_Content users
	110	if ($register_user['username'] != "16" and $register_user['username'] != "18")
[6757]	111	{
[6990]	112	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local') and ($register_user['username'] != "16" and $register_user['username'] != "18"))
[5064]	113	{
[6990]	114	/* This is to send an information email and set user to "waiting" group or status until admin validation */
[6757]	115	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
[6990]	116	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
	117	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
[5064]	118	}
[6990]	119	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'false') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local') and ($register_user['username'] != "16" and $register_user['username'] != "18"))
[5064]	120	{
[6990]	121	/* This is to set user to "waiting" group or status until admin validation */
	122	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
	123	}
	124	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'false') and ($register_user['username'] != "16" and $register_user['username'] != "18"))
	125	{
	126	/* This is to send an information email without validation key */
[6757]	127	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
	128	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
[5064]	129	}
[6990]	130	/* Sending registration confirmation by email */
	131	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'true') and ($register_user['username'] != "16" and $register_user['username'] != "18"))
[5064]	132	{
[6990]	133	if (is_admin() and isset($conf_UAM[20]) and $conf_UAM[20] == 'true')
	134	{
	135	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
	136	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
	137	}
	138	elseif (is_admin() and isset($conf_UAM[20]) and $conf_UAM[20] == 'false')
	139	{
	140	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
	141	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
	142	}
	143	elseif (!is_admin())
	144	{
	145	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
	146	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
	147	}
[5064]	148	}
[4124]	149	}
[3742]	150	}
	151
	152
	153	/* User deletion */
[5056]	154	add_event_handler('delete_user', 'UAM_Deluser');
[3742]	155
[5056]	156	function UAM_Deluser($user_id)
[3742]	157	{
[4159]	158	/* Cleanup for ConfirmMail table */
[3742]	159	DeleteConfirmMail($user_id);
[4159]	160	/* Cleanup for LastVisit table */
	161	DeleteLastVisit($user_id);
[6775]	162	/* Cleanup Redirection settings */
	163	DeleteRedir($user_id);
[3742]	164	}
	165
	166
[6990]	167	// Check users registration
[5056]	168	add_event_handler('register_user_check', 'UAM_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
[3742]	169
[5056]	170	function UAM_RegistrationCheck($err, $user)
[3742]	171	{
[4124]	172	global $errors, $conf;
	173
[6990]	174	// Exclusion of Adult_Content users
	175	if ($user['username'] != "16" and $user['username'] != "18")
[4234]	176	{
[6990]	177	// ***********************************************************
	178	// We need to reset the standard Piwigo's register controls
	179	// because the call of register_user_check trigger resets them
	180	// ***********************************************************
	181	// **********************************
	182	// Standard Piwigo's username control
	183	// **********************************
	184	if ($_POST['login'] == '')
	185	{
	186	return l10n('reg_err_login1');
	187	}
	188	if (preg_match('/^.* $/', $_POST['login']))
	189	{
	190	return l10n('reg_err_login2');
	191	}
	192	if (preg_match('/^ .*$/', $_POST['login']))
	193	{
	194	return l10n('reg_err_login3');
	195	}
	196	if (get_userid($_POST['login']))
	197	{
	198	return l10n('reg_err_login5');
	199	}
[4415]	200
[6990]	201	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') // not the same email variable if we are on users registration page or on admin's user registration page
	202	{
	203	// Email doblons check
	204	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
	205	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
	206	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
[4415]	207
[6990]	208	if (!preg_match($regex, $_POST['email']))
	209	{
	210	return l10n('reg_err_mail_address');
	211	}
[4415]	212
[6990]	213	$query = '
[4415]	214	SELECT count(*)
	215	FROM '.USERS_TABLE.'
	216	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['email'].'\')
	217	;';
[6990]	218	list($count) = pwg_db_fetch_row(pwg_query($query));
	219	if ($count != 0)
	220	{
	221	return l10n('reg_err_mail_address_dbl');
	222	}
[4415]	223	}
	224
[6990]	225	if (script_basename() == 'register') // not the same email variable if we are on users registration page or on admin's user registration page
	226	{
	227	// Email doblons check
	228	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
	229	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
	230	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
[4415]	231
[6990]	232	if (!preg_match($regex, $_POST['mail_address']))
	233	{
	234	return l10n('reg_err_mail_address');
	235	}
[4415]	236
[6990]	237	$query = '
[4415]	238	SELECT count(*)
	239	FROM '.USERS_TABLE.'
	240	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\')
	241	;';
[6990]	242	list($count) = pwg_db_fetch_row(pwg_query($query));
	243	if ($count != 0)
	244	{
	245	return l10n('reg_err_mail_address_dbl');
	246	}
[4415]	247	}
[6990]	248	// ******************************************
	249	// End of Piwigo's standard register controls
	250	// ******************************************
[4234]	251
	252
[6990]	253	// ******************************************
	254	// Here begins the advanced register controls
	255	// ******************************************
	256	$PasswordCheck = 0;
[3742]	257
[6990]	258	$conf_UAM = unserialize($conf['UserAdvManager']);
[5056]	259
[6990]	260	// Password enforcement control
	261	if (isset($conf_UAM[13]) and $conf_UAM[13] == 'true' and !empty($conf_UAM[14]))
[3742]	262	{
[6990]	263	if (!empty($user['password']) and !is_admin())
	264	{
	265	$PasswordCheck = testpassword($user['password']);
[4124]	266
[6990]	267	if ($PasswordCheck < $conf_UAM[14])
	268	{
	269	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
	270	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[14]);
	271	}
	272	}
	273	else if (!empty($user['password']) and is_admin() and isset($conf_UAM[15]) and $conf_UAM[15] == 'true')
[3742]	274	{
[6990]	275	$PasswordCheck = testpassword($user['password']);
[4124]	276
[6990]	277	if ($PasswordCheck < $conf_UAM[14])
	278	{
	279	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
	280	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[14]);
	281	}
[4124]	282	}
	283	}
[3742]	284
[6990]	285	// Username without forbidden keys
	286	if (isset($conf_UAM[6]) and $conf_UAM[6] == 'true' and !empty($_POST['login']) and ValidateUsername($_POST['login']) and !is_admin())
	287	{
	288	$_POST['login'] = '';
	289	return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_UAM[7]."'");
	290	}
[3742]	291
[6990]	292	// Email without forbidden domains
	293	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']) and !is_admin())
	294	{
	295	$_POST['mail_address'] = '';
	296	return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_UAM[12]."'");
	297	}
[4384]	298	}
[4124]	299	}
[3742]	300
	301
[4124]	302	if (script_basename() == 'profile')
	303	{
[5056]	304	add_event_handler('loc_begin_profile', 'UAM_Profile_Init');
[3742]	305
[5056]	306	function UAM_Profile_Init()
[4124]	307	{
	308	global $conf, $user, $template;
[3742]	309
[5181]	310	$conf_UAM = unserialize($conf['UserAdvManager']);
[6990]	311
[6775]	312	if ((isset($conf_UAM[21]) and $conf_UAM[21] == 'true'))
	313	{
	314	$user_idsOK = array();
	315	if (!check_consult($user['id'], $user_idsOK))
	316	{
	317	$user_idsOK[] = $user['id'];
	318
	319	$query = "
	320	UPDATE ".CONFIG_TABLE."
	321	SET value = \"".implode(',', $user_idsOK)."\"
	322	WHERE param = 'UserAdvManager_Redir';";
	323
	324	pwg_query($query);
	325	}
	326	}
	327
[4927]	328	if (isset($_POST['validate']) and !is_admin())
[3742]	329	{
[4124]	330	/* Email without forbidden domains */
[6354]	331	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['mail_address']))
[4384]	332	{
	333	if (ValidateEmailProvider($_POST['mail_address']))
[3742]	334	{
[6354]	335	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[12]."'");
[4384]	336	unset($_POST['validate']);
[3742]	337	}
[4384]	338	}
[4124]	339
	340	$typemail = 3;
[3742]	341
[4124]	342	if (!empty($_POST['use_new_pwd']))
	343	{
	344	$typemail = 2;
[3742]	345
[4124]	346	/* Password enforcement control */
[6354]	347	if (isset($conf_UAM[13]) and $conf_UAM[13] == 'true' and !empty($conf_UAM[14]))
[3742]	348	{
[4124]	349	$PasswordCheck = testpassword($_POST['use_new_pwd']);
	350
[6354]	351	if ($PasswordCheck < $conf_UAM[14])
[3742]	352	{
[4124]	353	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
[6354]	354	$template->append('errors', l10n_args($message).$conf_UAM[14]);
[4124]	355	unset($_POST['use_new_pwd']);
	356	unset($_POST['validate']);
[3742]	357	}
	358	}
[4124]	359	}
	360
	361	/* Sending registration confirmation by email */
[6757]	362	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or (isset($conf_UAM[1]) and $conf_UAM[1] == 'true') or (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
[4124]	363	{
[3742]	364	$confirm_mail_need = false;
	365
[4316]	366	if (!empty($_POST['mail_address']))
[3742]	367	{
	368	$query = '
[4143]	369	SELECT '.$conf['user_fields']['email'].' AS email
	370	FROM '.USERS_TABLE.'
	371	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
	372	;';
[4124]	373
[5633]	374	list($current_email) = pwg_db_fetch_row(pwg_query($query));
[6757]	375
	376	/* This is to send a new validation key */
	377	if ($_POST['mail_address'] != $current_email and (isset($conf_UAM[1]) and $conf_UAM[1] == 'true'))
[4124]	378
[3742]	379	$confirm_mail_need = true;
[6757]	380
	381	/* This is to set the user to "waiting" group or status until admin validation */
	382	if ($_POST['mail_address'] != $current_email and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
	383
	384	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
	385	$confirm_mail_need = false;
[3742]	386	}
[4124]	387
[5056]	388	if ((!empty($_POST['use_new_pwd']) and (isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or $confirm_mail_need))
[3742]	389	{
	390	$query = '
[4143]	391	SELECT '.$conf['user_fields']['username'].'
	392	FROM '.USERS_TABLE.'
	393	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
	394	;';
[4124]	395
[5633]	396	list($username) = pwg_db_fetch_row(pwg_query($query));
[3742]	397
	398	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
	399	}
	400	}
	401	}
	402	}
	403	}
	404
[4124]	405
[6775]	406	// RedirectToProfile - Thx to LucMorizur
[6784]	407	// redirects a visitor (except for admins, webmasters and generic statuses) to his
[6775]	408	// profile.php page
	409	//
	410	// no variable, no return
	411	add_event_handler('login_success', 'RedirectToProfile');
	412
	413	function RedirectToProfile()
	414	{
	415	global $conf, $user;
	416
	417	$conf_UAM = unserialize($conf['UserAdvManager']);
[6784]	418
	419	$query ='
	420	SELECT user_id, status
	421	FROM '.USER_INFOS_TABLE.'
	422	WHERE user_id = '.$user['id'].'
	423	;';
	424	$data = pwg_db_fetch_assoc(pwg_query($query));
	425
	426	if ($data['status'] <> "admin" and $data['status'] <> "webmaster" and $data['status'] <> "generic")
[6775]	427	{
[6784]	428	if ((isset($conf_UAM[21]) and $conf_UAM[21] == 'true'))
	429	{
	430	$user_idsOK = array();
	431	if (!check_consult($user['id'], $user_idsOK))
	432	redirect(PHPWG_ROOT_PATH.'profile.php');
	433	}
[6775]	434	}
	435	}
	436
	437
[5056]	438	add_event_handler('init', 'UAM_InitPage');
[4384]	439	/* * Important ! This is necessary to make email exclusion work in admin's users management panel * */
[5056]	440	function UAM_InitPage()
[4124]	441	{
[5181]	442	load_language('plugin.lang', UAM_PATH);
[4124]	443	global $conf, $template, $page, $lang, $errors;
	444
[5181]	445	$conf_UAM = unserialize($conf['UserAdvManager']);
[4124]	446
	447	/* Admin user management */
	448	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
	449	{
	450	if (isset($_POST['submit_add']))
	451	{
[4384]	452	/* Email without forbidden domains */
[6354]	453	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['email']) and ValidateEmailProvider($_POST['email']))
[4124]	454	{
[6354]	455	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[12]."'");
[4124]	456	unset($_POST['submit_add']);
	457	}
	458	}
	459	}
	460	}
	461
[4135]	462
[5056]	463	add_event_handler('user_comment_check', 'UAM_CheckEmptyCommentAuthor', 50, 2);
[3742]	464
[5056]	465	function UAM_CheckEmptyCommentAuthor($comment_action, $comm)
[3742]	466	{
[5181]	467	load_language('plugin.lang', UAM_PATH);
[3742]	468	global $infos, $conf, $template;
	469
[5181]	470	$conf_UAM = unserialize($conf['UserAdvManager']);
[3742]	471
	472	/* User creation OR update */
[6354]	473	if (isset($conf_UAM[5]) and $conf_UAM[5] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
[3742]	474	{
	475	$comment_action = 'reject';
	476
[5056]	477	array_push($infos, l10n('UAM_Empty Author'));
[3742]	478	}
	479
	480	return $comment_action;
	481	}
	482	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: