source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 4384

Last change on this file since 4384 was 4384, checked in by Eric, 14 years ago

[NBC_UserAdvManager] Pre 2.13

  • Translations improvements.
  • Bug 1260 fixed - Username case sensitivity is now fully functionnal in all users entries (user registration and admin panel)
  • Code refactory and improvements.
  • Property svn:eol-style set to LF
File size: 12.1 KB
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.13.0
5Description: Renforcer les possibilités de gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/* History:  NBC_UserAdvManager_PATH.'Changelog.txt.php' */
12
13/*
14 ***** TODO List *****
15++ Adding ASC and DESC ordering for user's lists tables (Ghost Tracker, UserList and Unvalidated)
16
17++ No validation needed for admins users comments (new trigger needed in comments.php ?)
18
19++ No single email check for admins (new trigger needed in functions_user.inc.php ?)
20
21++ Password control and enforcement
22  ?? Can not be the same as username -> Could password score control be sufficient ?
23 
24++ Security : Blocking brut-force attacks !
25              -> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin.
26              To unlock the locked account :
27               -> A new table in admin's plugin panel which would display the locked accounts.
28               -> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account.
29               -> Both of above solutions ?
30
31++ Opportunity to copy a registered user for new user creation
32  ++ new copied user will (or not) belong to the same groups
33  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
34  ++ new copied user will (or not) get the same properties
35  ++ new copied user will (or not) get the same language
36  ... and so on
37*/
38
39
40if (!defined('PHPWG_ROOT_PATH'))
41{
42  die('Hacking attempt!');
43}
44
45define('NBC_UserAdvManager_DIR' , basename(dirname(__FILE__)));
46define('NBC_UserAdvManager_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
47
48include_once (NBC_UserAdvManager_PATH.'include/constants.php');
49include_once (NBC_UserAdvManager_PATH.'include/functions_UserAdvManager.inc.php');
50
51load_language('plugin.lang', NBC_UserAdvManager_PATH);
52
53
54/* Plugin admin */
55add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
56
57function nbc_UserAdvManager_admin_menu($menu)
58{
59  array_push($menu,
60    array(
61      'NAME' => 'UserAdvManager',
62      'URL'  => get_admin_plugin_menu_link(NBC_UserAdvManager_PATH.'/admin/UserAdvManager_admin.php')
63    )
64  );
65
66  return $menu;
67}
68
69
70add_event_handler('loc_begin_index', 'UserAdvManager_GhostTracker');
71
72function UserAdvManager_GhostTracker()
73{
74  global $conf, $user;
75 
76  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
77
78  if (isset($conf_nbc_UserAdvManager[17]) and $conf_nbc_UserAdvManager[17] == 'true' and !is_admin() and !is_a_guest())
79  {
80
81    $userid = get_userid($user['username']);
82         
83    /* Looking for existing entry in last visit table */
84    $query = '
85SELECT *
86  FROM '.USER_LASTVISIT_TABLE.'
87WHERE user_id = '.$userid.'
88;';
89       
90    $count = mysql_num_rows(pwg_query($query));
91         
92    if ($count == 0)
93    {
94      /* If not, data are inserted in table */
95      $query = '
96INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
97VALUES ('.$userid.', now(), "false")
98;';
99      pwg_query($query);
100    }
101    else if ($count > 0)
102    {
103      /* If yes, data are updated in table */
104      $query = '
105UPDATE '.USER_LASTVISIT_TABLE.'
106SET lastvisit = now(), reminder = "false"
107WHERE user_id = '.$userid.'
108LIMIT 1
109;';
110      pwg_query($query);
111    }
112  }
113}
114
115
116/* User creation */
117add_event_handler('register_user', 'UserAdvManager_Adduser');
118
119function UserAdvManager_Adduser($register_user)
120{
121  global $conf;
122 
123  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
124 
125  /* Sending registration confirmation by email */
126  if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
127  {
128    $passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
129    SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
130  }
131}
132
133
134
135/* User deletion */
136add_event_handler('delete_user', 'UserAdvManager_Deluser');
137
138function UserAdvManager_Deluser($user_id)
139{
140  /* Cleanup for ConfirmMail table */
141  DeleteConfirmMail($user_id);
142  /* Cleanup for LastVisit table */
143  DeleteLastVisit($user_id);
144}
145
146
147/* Check users registration */
148add_event_handler('register_user_check', 'UserAdvManager_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
149
150function UserAdvManager_RegistrationCheck($err, $user)
151{
152  global $errors, $conf;
153
154/* *********************************************************** */
155/* We need to reset the standard Piwigo's register controls    */
156/* because the call of register_user_check trigger resets them */
157/* *********************************************************** */
158  /* ********************************** */
159  /* Standard Piwigo's username control */
160  /* ********************************** */
161  if ($_POST['login'] == '')
162  {
163    return l10n('reg_err_login1');
164  }
165  if (preg_match('/^.* $/', $_POST['login']))
166  {
167    return l10n('reg_err_login2');
168  }
169  if (preg_match('/^ .*$/', $_POST['login']))
170  {
171    return l10n('reg_err_login3');
172  }
173  if (get_userid($_POST['login']))
174  {
175    return l10n('reg_err_login5');
176  }
177/* ****************************************** */
178/* End of Piwigo's standard register controls */
179/* ****************************************** */
180
181
182/* ****************************************** */
183/* Here begins the advanced register controls */
184/* ****************************************** */
185  $PasswordCheck = 0;
186 
187  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
188
189  /* Password enforcement control */
190  if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
191  {
192    if (!empty($user['password']) and !is_admin())
193    {
194      $PasswordCheck = testpassword($user['password']);
195 
196      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
197      {
198        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
199        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
200      }
201    }
202    else if (!empty($user['password']) and is_admin() and isset($conf_nbc_UserAdvManager[16]) and $conf_nbc_UserAdvManager[16] == 'true')
203    { 
204      $PasswordCheck = testpassword($user['password']);
205 
206      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
207      {
208        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
209        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
210      }
211    }
212  }
213
214  /* Username non case sensitive */
215  if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' and NotSensibleSearchUsername($_POST['login']))
216  {
217    return($lang['reg_err_login5'] = l10n('reg_err_login5'));
218  }
219
220  /* Username without forbidden keys */
221  if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and ValidateUsername($_POST['login']))
222  {
223    $_POST['login'] = '';
224    return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'");
225  }
226
227  /* Email without forbidden domains */
228  if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']))
229  {
230    $_POST['mail_address'] = '';
231    return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
232  }
233}
234
235
236if (script_basename() == 'profile')
237{
238  add_event_handler('loc_begin_profile', 'UserAdvManager_Profile_Init');
239
240  function UserAdvManager_Profile_Init()
241  {
242    global $conf, $user, $template;
243
244    $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
245
246    if (isset($_POST['validate']))
247    {
248      /* Email without forbidden domains */
249      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
250      {
251        if (ValidateEmailProvider($_POST['mail_address']))
252        {
253          $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
254          unset($_POST['validate']);
255        }
256      }
257
258      $typemail = 3;
259     
260      if (!empty($_POST['use_new_pwd']))
261      {
262        $typemail = 2;
263       
264        /* Password enforcement control */
265        if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
266        {
267          $PasswordCheck = testpassword($_POST['use_new_pwd']);
268         
269          if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
270          {
271            $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
272            $template->append('errors', l10n_args($message).$conf_nbc_UserAdvManager[15]);
273            unset($_POST['use_new_pwd']);
274            unset($_POST['validate']);
275          }
276        }
277      }
278     
279      /* Sending registration confirmation by email */
280      if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
281      {
282        $confirm_mail_need = false;
283             
284        if (!empty($_POST['mail_address']))
285        {
286          $query = '
287SELECT '.$conf['user_fields']['email'].' AS email
288FROM '.USERS_TABLE.'
289WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
290;';
291         
292          list($current_email) = mysql_fetch_row(pwg_query($query));
293     
294          if ($_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
295       
296            $confirm_mail_need = true;
297        }
298       
299        if ((!empty($_POST['use_new_pwd']) and (isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need))
300        {
301          $query = '
302SELECT '.$conf['user_fields']['username'].'
303FROM '.USERS_TABLE.'
304WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
305;';
306       
307          list($username) = mysql_fetch_row(pwg_query($query));
308
309          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
310        }
311      }
312    }
313  }
314}
315
316
317add_event_handler('init', 'UserAdvManager_InitPage');
318/* *** Important ! This is necessary to make email exclusion work in admin's users management panel *** */
319function UserAdvManager_InitPage()
320{
321  load_language('plugin.lang', NBC_UserAdvManager_PATH);
322  global $conf, $template, $page, $lang, $errors;
323
324  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
325
326/* Admin user management */
327  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
328  {
329    if (isset($_POST['submit_add']))
330    {
331      /* Email without forbidden domains */
332      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and ValidateEmailProvider($_POST['email']))
333      {
334        $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
335        unset($_POST['submit_add']);
336      }
337    }
338  }
339}
340
341
342add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
343
344function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
345{
346  load_language('plugin.lang', NBC_UserAdvManager_PATH);
347  global $infos, $conf, $template;
348
349  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
350
351/* User creation OR update */
352  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
353  {
354    $comment_action = 'reject';
355
356    array_push($infos, l10n('UserAdvManager_Empty Author'));
357  }
358
359  return $comment_action;
360}
361?>
Note: See TracBrowser for help on using the repository browser.