Context Navigation

source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 3826

Last change on this file since 3826 was 3826, checked in by Eric, 15 years ago
Code cleaning : Deletion of old commented parts, PHP 5.3 improvement, HTML compliant for tpl files Implementing a monitoring system for using the mail() function (spy log file) Finalization of listing table of unvalidated registered Preview of upcoming features (coding of management panel)
Property svn:eol-style set to `LF`
File size: 15.2 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.11.0
5	Description: Permet de renforcer les possibilités de gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/*
12	*** Plugin history (branch 2.10)***
13
14	-- 2.10.0-beta : Initial beta release for Piwigo compatibility
15	-- 2.10.1-beta : Small correction on generated path
16	-- 2.10.2-beta : Bug resolved on register validation page
17
18	-- 2.10.3 : Final and fully functional release
19	Bug resolved on plugin activation
20
21	-- 2.10.4 : Bug fixed on profiles update
22
23	-- 2.10.5 : Improved code on profiles update
24
25	-- 2.10.6 : Old language packs (iso) deleted (forget from PWG 1.7.x version)
26
27	-- 2.10.7 : Bug fixed on user's validation email sending
28
29	-- 2.10.8 : ConfirmMail page looks better (Sylvia theme only)
30	Improved code for checking author on guest comments
31
32	-- 2.10.9 : Bug fixed - Missing english translation
33	Bug fixed - Notice on forbidden characters function use
34	Bug fixed - Audit on forbidden characters in username didn't work
35	Adding of email provider exclusion (like *@hotmail.com) - Warning ! -> Known bug : This feature doesn't work on user profile page. So, already registered users can change their email address to a forbiden one.
36
37	-- 2.10.9a : Email provider exclusion is no longer case sensitive
38
39	-- 2.10.9b : Bug fixed - Home icon wasn't linked to gallery url in ConfirmMail page. If GALLERY_URL is not set, Home icon gets the pwg root path.
40
41	-- 2.10.9c : Bug fixed - If Email provider exclusion is set off, new registered user will have a PHP notice on "Undefined variable: ncsemail"
42
43	-- 2.10.9d : Code simplification - need no more ""template"" sub-directory in plugin directory for enhance "back link" icon in ConfirMail.tpl
44
45	-- 2.10.9e : Compatibility improvement with PHP 5.3 - Some old functions will be deprecated like :
46	ereg replaced by preg_match
47	eregi replace by preg_match with "i" moderator
48	split replace by preg_split
49
50	-- 2.10.9f : Compatibility bug fixed when used with DynamicRecentPeriod plugin
51
52	-- 2.11.0 : New tabsheet menu to manage ConfirMail functions (setting a timeout without validation, Cleanup expired user's accounts, Force confirmation, Force expiration, list unvalidated users,...)
53	Beautify plugin's main admin panel
54
55	*/
56
57	/*
58
59	*** TODO List ***
60
61	++ No validation needed for admins users comments (new trigger needed in comments.php)
62
63	++ No single email check for admins (new trigger needed in (functions_user.inc.php ?))
64
65	++ Administration page for Confirm Mail
66	++ Admin tabsheet for Confirm Mail to set options :
67	++ Setting a delay time with timeout for email confirmation (Timeout = CurrentDate - RegistrationDate)
68	-- List of users who haven't validated - could be easy to set with groups options : Unvalidated users are in a "Unvalidated" group.
69	++ List of users with expired validation time
70	-- List of validates users ? -> Same as "List of users who haven't validated" : They could belong to a "validated" group.
71	++ Opportunities to take actions on database tables :
72	++ Re-asking validation (case of non reception of validation email)
73	++ Force expiration
74	++ Force confirmation
75	++ Cleanup expired user's accounts
76	++ (...)
77
78	++ Password control and enforcement
79	-- Empty password (done in Piwigo 2.x)
80	++ Can not be the same as username
81	++ complexity of the password (Numbers+Lettrers+Low and high case+Special+minimal length)
82
83	++ Security : Blocking brut-force attacks !
84
85	++ Opportunity to copy a registered user for new user creation
86	++ new copied user will (or not) belong to the same groups
87	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
88	++ new copied user will (or not) get the same properties
89	++ new copied user will (or not) get the same language
90	... and so on
91
92	*/
93
94
95
96	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
97	define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
98	define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
99	include_once (NBC_UserAdvManager_PATH.'include/constants.php');
100	include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
101	load_language('plugin.lang', NBC_UserAdvManager_PATH);
102
103
104	/* Plugin admin */
105	add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
106
107	function nbc_UserAdvManager_admin_menu($menu)
108	{
109	array_push($menu,
110	array(
111	'NAME' => 'UserAdvManager',
112	'URL' => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
113	)
114	);
115
116	return $menu;
117	}
118
119
120
121	/* User creation */
122	add_event_handler('register_user', 'UserAdvManager_Adduser');
123
124	function UserAdvManager_Adduser($register_user)
125	{
126	global $conf;
127
128	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
129
130	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
131	SendMail2User(1, $register_user['id'], $register_user['username'], $_POST['password'], $register_user['email'], true);
132	}
133
134
135
136	/* User deletion */
137	add_event_handler('delete_user', 'UserAdvManager_Deluser');
138
139	function UserAdvManager_Deluser($user_id)
140	{
141
142	DeleteConfirmMail($user_id);
143
144	}
145
146
147
148	add_event_handler('init', 'UserAdvManager_InitPage');
149
150	function UserAdvManager_InitPage()
151	{
152	load_language('plugin.lang', NBC_UserAdvManager_PATH);
153	global $conf, $template, $page, $lang;
154
155	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
156
157
158	if ( isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
159	$lang['reg_err_login5'] = l10n('new_reg_err_login5');
160
161
162
163	/* User identification */
164	if (script_basename() == 'identification')
165	{
166	if (isset($_POST['login']))
167	{
168	/* User non case sensitive */
169	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
170	{
171	$new_username = NotSensibleSearchUsername($_POST['username']);
172	$_POST['username'] = $new_username == '' ? $_POST['username'] : $new_username;
173	}
174	}
175	}
176
177
178
179	/* Admin user management */
180	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
181	{
182	if (isset($_POST['submit_add']))
183	{
184	/* User non case sensitive */
185	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' )
186	{
187	$new_username = NotSensibleSearchUsername($_POST['login']);
188	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
189	}
190
191
192	/* Username without forbidden keys */
193	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
194	{
195	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
196	$_POST['login'] = '';
197	}
198
199	/* Email without forbidden domains */
200	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
201	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and !ValidateEmailProvider($_POST['email']))
202	//{
203	// $lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
204	// $_POST['login'] = '';
205	//}
206	/* This work with a code copy of ValidateEmailProvider() function */
207	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']))
208	{
209	$ncsemail = strtolower($_POST['email']);
210	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
211	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
212	{
213	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
214	if (preg_match($pattern, $ncsemail))
215	{
216	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
217	$_POST['login'] = '';
218	}
219	}
220	}
221	}
222	}
223
224	/* User creation */
225	if (script_basename() == 'register')
226	{
227	if (isset($_POST['submit']))
228	{
229	/* Username non case sensitive */
230	if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true')
231	{
232	$new_username = NotSensibleSearchUsername($_POST['login']);
233	$_POST['login'] = $new_username == '' ? $_POST['login'] : $new_username;
234	}
235
236
237	/* Username without forbidden keys */
238	if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and !ValidateUsername($_POST['login']))
239	{
240	$lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'";
241	$_POST['login'] = '';
242	}
243
244
245	/* Email without forbidden domains */
246	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
247	//if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and !ValidateEmailProvider($_POST['mail_address']))
248	//{
249	// $lang['reg_err_mail_address'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
250	// $_POST['mail_address'] = '';
251	//}
252	/* This work with a code copy of ValidateEmailProvider() function */
253	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
254	{
255	$ncsemail = strtolower($_POST['mail_address']);
256	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
257	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
258	{
259	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
260	if (preg_match($pattern, $ncsemail))
261	{
262	$lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
263	$_POST['login'] = '';
264	}
265	}
266	}
267	}
268	}
269
270	/* User profile update */
271	if (script_basename() == 'profile')
272	{
273	if (isset($_POST['validate']))
274	{
275	/* Sending email to user */
276	if (( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
277	{
278	global $conf, $user ;
279	$errors = array();
280
281	$int_pattern = '/^\d+$/';
282	if (empty($_POST['nb_image_line'])
283	or (!preg_match($int_pattern, $_POST['nb_image_line'])))
284	{
285	$errors[] = l10n('nb_image_line_error');
286	}
287
288	if (empty($_POST['nb_line_page'])
289	or (!preg_match($int_pattern, $_POST['nb_line_page'])))
290	{
291	$errors[] = l10n('nb_line_page_error');
292	}
293
294	if ($_POST['maxwidth'] != ''
295	and (!preg_match($int_pattern, $_POST['maxwidth'])
296	or $_POST['maxwidth'] < 50))
297	{
298	$errors[] = l10n('maxwidth_error');
299	}
300	if ($_POST['maxheight']
301	and (!preg_match($int_pattern, $_POST['maxheight'])
302	or $_POST['maxheight'] < 50))
303	{
304	$errors[] = l10n('maxheight_error');
305	}
306
307	if (isset($_POST['mail_address']))
308	{
309	$mail_error = validate_mail_address($user['id'], $_POST['mail_address']);
310	if (!empty($mail_error))
311	{
312	$errors[] = $mail_error;
313	}
314	/* This don't work on user's profile page - Why ?? */
315	if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
316	{
317	$ncsemail = strtolower($_POST['mail_address']);
318	$conf_nbc_MailExclusion = preg_split('/,/',$conf_nbc_UserAdvManager[13]);
319	for ($i = 0 ; $i < count($conf_nbc_MailExclusion) ; $i++)
320	{
321	$pattern = '/'.$conf_nbc_MailExclusion[$i].'/';
322	if (preg_match($pattern, $ncsemail))
323	{
324	$mail_error = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'";
325	}
326	}
327	}
328	if (!empty($mail_error))
329	{
330	$errors[] = $mail_error;
331	}
332	}
333	/* This don't work on call of ValidateEmailProvider() function - Why ?? -> Due to the "return = false\|true" in function ?*/
334	//if (isset($_POST['mail_address']))
335	//{
336	// $mail_error = ValidateEmailProvider($_POST['mail_address']);
337	// if (!empty($mail_error))
338	// {
339	// $errors[] = $mail_error;
340	// }
341	//}
342
343	$typemail = 3;
344
345	if (!empty($_POST['use_new_pwd']))
346	{
347	$typemail = 2;
348
349	// password must be the same as its confirmation
350	if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
351	{
352	$errors[] = l10n('New password confirmation does not correspond');
353	}
354
355	if ( !defined('IN_ADMIN') )
356	{// changing password requires old password
357	$query = '
358	SELECT '.$conf['user_fields']['password'].' AS password
359	FROM '.USERS_TABLE.'
360	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
361	;';
362	list($current_password) = mysql_fetch_row(pwg_query($query));
363
364	if ($conf['pass_convert']($_POST['password']) != $current_password)
365	{
366	$errors[] = l10n('Current password is wrong');
367	}
368	}
369	}
370
371	$confirm_mail_need = false;
372
373	if (!empty($_POST['mail_address']))
374	{
375	$query = '
376	SELECT '.$conf['user_fields']['email'].' AS email
377	FROM '.USERS_TABLE.'
378	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
379	;';
380	list($current_email) = mysql_fetch_row(pwg_query($query));
381
382	if ( $_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true') )
383	$confirm_mail_need = true;
384	}
385
386	if (count($errors) == 0 and (!empty($_POST['use_new_pwd']) and ( isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need) )
387	{
388	$query = '
389	SELECT '.$conf['user_fields']['username'].'
390	FROM '.USERS_TABLE.'
391	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
392	;';
393	list($username) = mysql_fetch_row(pwg_query($query));
394
395
396	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
397	}
398	}
399	}
400	}
401	}
402
403	add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
404
405	function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
406	{
407	load_language('plugin.lang', NBC_UserAdvManager_PATH);
408	global $infos, $conf, $template;
409
410	$conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
411
412	/* User creation OR update */
413	if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
414	{
415	$comment_action = 'reject';
416
417	array_push($infos, l10n('UserAdvManager_Empty Author'));
418	}
419
420	return $comment_action;
421	}
422
423	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: