Context Navigation

source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 6757

Last change on this file since 6757 was 6757, checked in by Eric, 14 years ago
Bug 1795 fixed: Fixes rules using email information and/or email of validation Language files fixed
Property svn:eol-style set to `LF`
File size: 14.9 KB

Line
1	<?php
2	/*
3	Plugin Name: UserAdvManager
4	Version: 2.15.4b
5	Description: Renforcer la gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/* History: UAM_PATH.'Changelog.txt.php' */
12
13	/*
14	*** TODO List ***
15	++ Adding ASC and DESC ordering for user's lists tables (Ghost Tracker, UserList and Unvalidated) ?
16
17	++ No validation needed for admins users comments (new trigger needed in comments.php ?)
18
19	++ No single email check for admins (new trigger needed in functions_user.inc.php ?)
20
21	++ Password control and enforcement
22	?? Can not be the same as username -> Could password score control be sufficient ?
23
24	++ Security : Blocking brut-force attacks !
25	-> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin.
26	To unlock the locked account :
27	-> A new table in admin's plugin panel which would display the locked accounts.
28	-> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account.
29	-> Both of above solutions ?
30
31	++ Opportunity to copy a registered user for new user creation
32	++ new copied user will (or not) belong to the same groups
33	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
34	++ new copied user will (or not) get the same properties
35	++ new copied user will (or not) get the same language
36	... and so on
37	*/
38
39	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
40	if (!defined('UAM_DIR')) define('UAM_DIR' , basename(dirname(__FILE__)));
41	if (!defined('UAM_PATH')) define('UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
42
43	include_once (UAM_PATH.'include/constants.php');
44	include_once (UAM_PATH.'include/functions.inc.php');
45
46	load_language('plugin.lang', UAM_PATH);
47
48
49	/* Plugin admin */
50	add_event_handler('get_admin_plugin_menu_links', 'UAM_admin_menu');
51
52	function UAM_admin_menu($menu)
53	{
54	// +-----------------------------------------------------------------------+
55	// \| Getting plugin name \|
56	// +-----------------------------------------------------------------------+
57	$plugin = PluginInfos(UAM_PATH);
58	$name = $plugin['name'];
59
60	array_push($menu,
61	array(
62	'NAME' => $name,
63	'URL' => get_admin_plugin_menu_link(UAM_PATH.'/admin/UAM_admin.php')
64	)
65	);
66
67	return $menu;
68	}
69
70	/* Lastvisit table feed for Ghost Tracker */
71	add_event_handler('loc_begin_index', 'UAM_GhostTracker');
72
73	function UAM_GhostTracker()
74	{
75	global $conf, $user;
76
77	$conf_UAM = unserialize($conf['UserAdvManager']);
78
79	/* Admins and Guests are not tracked for Ghost Tracker or Users Tracker */
80	if (!is_admin() and !is_a_guest())
81	{
82	if ((isset($conf_UAM[16]) and $conf_UAM[16] == 'true') or (isset($conf_UAM[19]) and $conf_UAM[19] == 'true'))
83	{
84
85	$userid = get_userid($user['username']);
86
87	/* Looking for existing entry in last visit table */
88	$query = '
89	SELECT *
90	FROM '.USER_LASTVISIT_TABLE.'
91	WHERE user_id = '.$userid.'
92	;';
93
94	$count = pwg_db_num_rows(pwg_query($query));
95
96	if ($count == 0)
97	{
98	/* If not, data are inserted in table */
99	$query = '
100	INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
101	VALUES ('.$userid.', now(), "false")
102	;';
103	pwg_query($query);
104	}
105	else if ($count > 0)
106	{
107	/* If yes, data are updated in table */
108	$query = '
109	UPDATE '.USER_LASTVISIT_TABLE.'
110	SET lastvisit = now(), reminder = "false"
111	WHERE user_id = '.$userid.'
112	LIMIT 1
113	;';
114	pwg_query($query);
115	}
116	}
117	}
118	}
119
120
121	/* User creation */
122	add_event_handler('register_user', 'UAM_Adduser');
123
124	function UAM_Adduser($register_user)
125	{
126	global $conf;
127
128	$conf_UAM = unserialize($conf['UserAdvManager']);
129
130	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
131	{
132	/* This is to send an information email and set user to "waiting" group or status until admin validation */
133	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
134	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
135	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
136	}
137	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'false') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
138	{
139	/* This is to set user to "wainting" group or status until admin validation */
140	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
141	}
142	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'false'))
143	{
144	/* This is to send an information email without validation key */
145	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
146	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
147	}
148	/* Sending registration confirmation by email */
149	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'true'))
150	{
151	if (is_admin() and isset($conf_UAM[20]) and $conf_UAM[20] == 'true')
152	{
153	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
154	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
155	}
156	elseif (is_admin() and isset($conf_UAM[20]) and $conf_UAM[20] == 'false')
157	{
158	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
159	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
160	}
161	elseif (!is_admin())
162	{
163	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
164	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
165	}
166	}
167	}
168
169
170	/* User deletion */
171	add_event_handler('delete_user', 'UAM_Deluser');
172
173	function UAM_Deluser($user_id)
174	{
175	/* Cleanup for ConfirmMail table */
176	DeleteConfirmMail($user_id);
177	/* Cleanup for LastVisit table */
178	DeleteLastVisit($user_id);
179	}
180
181
182	/* Check users registration */
183	add_event_handler('register_user_check', 'UAM_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
184
185	function UAM_RegistrationCheck($err, $user)
186	{
187	global $errors, $conf;
188
189	/* *********************************************************** */
190	/* We need to reset the standard Piwigo's register controls */
191	/* because the call of register_user_check trigger resets them */
192	/* *********************************************************** */
193	/* ********************************** */
194	/* Standard Piwigo's username control */
195	/* ********************************** */
196	if ($_POST['login'] == '')
197	{
198	return l10n('reg_err_login1');
199	}
200	if (preg_match('/^.* $/', $_POST['login']))
201	{
202	return l10n('reg_err_login2');
203	}
204	if (preg_match('/^ .*$/', $_POST['login']))
205	{
206	return l10n('reg_err_login3');
207	}
208	if (get_userid($_POST['login']))
209	{
210	return l10n('reg_err_login5');
211	}
212
213	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') /* not the same email variable if we are on users registration page or on admin's user registration page*/
214	{
215	/* Email doblons check */
216	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
217	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
218	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
219
220	if (!preg_match($regex, $_POST['email']))
221	{
222	return l10n('reg_err_mail_address');
223	}
224
225	$query = '
226	SELECT count(*)
227	FROM '.USERS_TABLE.'
228	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['email'].'\')
229	;';
230	list($count) = pwg_db_fetch_row(pwg_query($query));
231	if ($count != 0)
232	{
233	return l10n('reg_err_mail_address_dbl');
234	}
235	}
236
237	if (script_basename() == 'register') /* not the same email variable if we are on users registration page or on admin's user registration page*/
238	{
239	/* Email doblons check */
240	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
241	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
242	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
243
244	if (!preg_match($regex, $_POST['mail_address']))
245	{
246	return l10n('reg_err_mail_address');
247	}
248
249	$query = '
250	SELECT count(*)
251	FROM '.USERS_TABLE.'
252	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\')
253	;';
254	list($count) = pwg_db_fetch_row(pwg_query($query));
255	if ($count != 0)
256	{
257	return l10n('reg_err_mail_address_dbl');
258	}
259	}
260	/* ****************************************** */
261	/* End of Piwigo's standard register controls */
262	/* ****************************************** */
263
264
265	/* ****************************************** */
266	/* Here begins the advanced register controls */
267	/* ****************************************** */
268	$PasswordCheck = 0;
269
270	$conf_UAM = unserialize($conf['UserAdvManager']);
271
272	/* Password enforcement control */
273	if (isset($conf_UAM[13]) and $conf_UAM[13] == 'true' and !empty($conf_UAM[14]))
274	{
275	if (!empty($user['password']) and !is_admin())
276	{
277	$PasswordCheck = testpassword($user['password']);
278
279	if ($PasswordCheck < $conf_UAM[14])
280	{
281	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
282	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[14]);
283	}
284	}
285	else if (!empty($user['password']) and is_admin() and isset($conf_UAM[15]) and $conf_UAM[15] == 'true')
286	{
287	$PasswordCheck = testpassword($user['password']);
288
289	if ($PasswordCheck < $conf_UAM[14])
290	{
291	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
292	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[14]);
293	}
294	}
295	}
296
297	/* Username without forbidden keys */
298	if (isset($conf_UAM[6]) and $conf_UAM[6] == 'true' and !empty($_POST['login']) and ValidateUsername($_POST['login']) and !is_admin())
299	{
300	$_POST['login'] = '';
301	return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_UAM[7]."'");
302	}
303
304	/* Email without forbidden domains */
305	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']) and !is_admin())
306	{
307	$_POST['mail_address'] = '';
308	return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_UAM[12]."'");
309	}
310	}
311
312
313	if (script_basename() == 'profile')
314	{
315	add_event_handler('loc_begin_profile', 'UAM_Profile_Init');
316
317	function UAM_Profile_Init()
318	{
319	global $conf, $user, $template;
320
321	$conf_UAM = unserialize($conf['UserAdvManager']);
322
323	if (isset($_POST['validate']) and !is_admin())
324	{
325	/* Email without forbidden domains */
326	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['mail_address']))
327	{
328	if (ValidateEmailProvider($_POST['mail_address']))
329	{
330	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[12]."'");
331	unset($_POST['validate']);
332	}
333	}
334
335	$typemail = 3;
336
337	if (!empty($_POST['use_new_pwd']))
338	{
339	$typemail = 2;
340
341	/* Password enforcement control */
342	if (isset($conf_UAM[13]) and $conf_UAM[13] == 'true' and !empty($conf_UAM[14]))
343	{
344	$PasswordCheck = testpassword($_POST['use_new_pwd']);
345
346	if ($PasswordCheck < $conf_UAM[14])
347	{
348	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
349	$template->append('errors', l10n_args($message).$conf_UAM[14]);
350	unset($_POST['use_new_pwd']);
351	unset($_POST['validate']);
352	}
353	}
354	}
355
356	/* Sending registration confirmation by email */
357	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or (isset($conf_UAM[1]) and $conf_UAM[1] == 'true') or (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
358	{
359	$confirm_mail_need = false;
360
361	if (!empty($_POST['mail_address']))
362	{
363	$query = '
364	SELECT '.$conf['user_fields']['email'].' AS email
365	FROM '.USERS_TABLE.'
366	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
367	;';
368
369	list($current_email) = pwg_db_fetch_row(pwg_query($query));
370
371	/* This is to send a new validation key */
372	if ($_POST['mail_address'] != $current_email and (isset($conf_UAM[1]) and $conf_UAM[1] == 'true'))
373
374	$confirm_mail_need = true;
375
376	/* This is to set the user to "waiting" group or status until admin validation */
377	if ($_POST['mail_address'] != $current_email and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
378
379	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
380	$confirm_mail_need = false;
381	}
382
383	if ((!empty($_POST['use_new_pwd']) and (isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or $confirm_mail_need))
384	{
385	$query = '
386	SELECT '.$conf['user_fields']['username'].'
387	FROM '.USERS_TABLE.'
388	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
389	;';
390
391	list($username) = pwg_db_fetch_row(pwg_query($query));
392
393	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
394	}
395	}
396	}
397	}
398	}
399
400
401	add_event_handler('init', 'UAM_InitPage');
402	/* * Important ! This is necessary to make email exclusion work in admin's users management panel * */
403	function UAM_InitPage()
404	{
405	load_language('plugin.lang', UAM_PATH);
406	global $conf, $template, $page, $lang, $errors;
407
408	$conf_UAM = unserialize($conf['UserAdvManager']);
409
410	/* Admin user management */
411	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
412	{
413	if (isset($_POST['submit_add']))
414	{
415	/* Email without forbidden domains */
416	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['email']) and ValidateEmailProvider($_POST['email']))
417	{
418	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[12]."'");
419	unset($_POST['submit_add']);
420	}
421	}
422	}
423	}
424
425
426	add_event_handler('user_comment_check', 'UAM_CheckEmptyCommentAuthor', 50, 2);
427
428	function UAM_CheckEmptyCommentAuthor($comment_action, $comm)
429	{
430	load_language('plugin.lang', UAM_PATH);
431	global $infos, $conf, $template;
432
433	$conf_UAM = unserialize($conf['UserAdvManager']);
434
435	/* User creation OR update */
436	if (isset($conf_UAM[5]) and $conf_UAM[5] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
437	{
438	$comment_action = 'reject';
439
440	array_push($infos, l10n('UAM_Empty Author'));
441	}
442
443	return $comment_action;
444	}
445	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: