source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 4957

Last change on this file since 4957 was 4957, checked in by Eric, 14 years ago

[NBC_UserAdvManager] Pre-2.13.4 for testing only:

  • Bug 1445 pre-fixed : Improving FR language files, add of EN help/plugin.lang.php file, update of EN language files.
  • Property svn:eol-style set to LF
File size: 13.8 KB
Line 
1<?php
2/*
3Plugin Name: NBC UserAdvManager
4Version: 2.13.4
5Description: Renforcer la gestion des utilisateurs - Enforce users management
6Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7Author: Nicco, Eric
8Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9*/
10
11/* History:  NBC_UAM_PATH.'Changelog.txt.php' */
12
13/*
14 ***** TODO List *****
15++ Adding ASC and DESC ordering for user's lists tables (Ghost Tracker, UserList and Unvalidated) ?
16
17++ No validation needed for admins users comments (new trigger needed in comments.php ?)
18
19++ No single email check for admins (new trigger needed in functions_user.inc.php ?)
20
21++ Password control and enforcement
22  ?? Can not be the same as username -> Could password score control be sufficient ?
23 
24++ Security : Blocking brut-force attacks !
25              -> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin.
26              To unlock the locked account :
27               -> A new table in admin's plugin panel which would display the locked accounts.
28               -> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account.
29               -> Both of above solutions ?
30
31++ Opportunity to copy a registered user for new user creation
32  ++ new copied user will (or not) belong to the same groups
33  ++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
34  ++ new copied user will (or not) get the same properties
35  ++ new copied user will (or not) get the same language
36  ... and so on
37*/
38
39if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
40if (!defined('NBC_UAM_DIR')) define('NBC_UAM_DIR' , basename(dirname(__FILE__)));
41if (!defined('NBC_UAM_PATH')) define('NBC_UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
42
43include_once (NBC_UAM_PATH.'include/constants.php');
44include_once (NBC_UAM_PATH.'include/functions_UserAdvManager.inc.php');
45
46load_language('plugin.lang', NBC_UAM_PATH);
47
48
49/* Plugin admin */
50add_event_handler('get_admin_plugin_menu_links', 'nbc_UserAdvManager_admin_menu');
51
52function nbc_UserAdvManager_admin_menu($menu)
53{
54  array_push($menu,
55    array(
56      'NAME' => 'UserAdvManager',
57      'URL'  => get_admin_plugin_menu_link(NBC_UAM_PATH.'/admin/UserAdvManager_admin.php')
58    )
59  );
60
61  return $menu;
62}
63
64/* Lastvisit table feed for Ghost Tracker */
65add_event_handler('loc_begin_index', 'UserAdvManager_GhostTracker');
66
67function UserAdvManager_GhostTracker()
68{
69  global $conf, $user;
70 
71  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
72
73  if (isset($conf_nbc_UserAdvManager[17]) and $conf_nbc_UserAdvManager[17] == 'true' and !is_admin() and !is_a_guest())
74  {
75
76    $userid = get_userid($user['username']);
77         
78    /* Looking for existing entry in last visit table */
79    $query = '
80SELECT *
81  FROM '.USER_LASTVISIT_TABLE.'
82WHERE user_id = '.$userid.'
83;';
84       
85    $count = mysql_num_rows(pwg_query($query));
86         
87    if ($count == 0)
88    {
89      /* If not, data are inserted in table */
90      $query = '
91INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
92VALUES ('.$userid.', now(), "false")
93;';
94      pwg_query($query);
95    }
96    else if ($count > 0)
97    {
98      /* If yes, data are updated in table */
99      $query = '
100UPDATE '.USER_LASTVISIT_TABLE.'
101SET lastvisit = now(), reminder = "false"
102WHERE user_id = '.$userid.'
103LIMIT 1
104;';
105      pwg_query($query);
106    }
107  }
108}
109
110
111/* User creation */
112add_event_handler('register_user', 'UserAdvManager_Adduser');
113
114function UserAdvManager_Adduser($register_user)
115{
116  global $conf;
117 
118  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
119 
120  /* Sending registration confirmation by email */
121  if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true' and !is_admin()) or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true' and !is_admin()))
122  {
123    $passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
124    SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
125  }
126}
127
128
129
130/* User deletion */
131add_event_handler('delete_user', 'UserAdvManager_Deluser');
132
133function UserAdvManager_Deluser($user_id)
134{
135  /* Cleanup for ConfirmMail table */
136  DeleteConfirmMail($user_id);
137  /* Cleanup for LastVisit table */
138  DeleteLastVisit($user_id);
139}
140
141
142/* Check users registration */
143add_event_handler('register_user_check', 'UserAdvManager_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
144
145function UserAdvManager_RegistrationCheck($err, $user)
146{
147  global $errors, $conf;
148
149/* *********************************************************** */
150/* We need to reset the standard Piwigo's register controls    */
151/* because the call of register_user_check trigger resets them */
152/* *********************************************************** */
153  /* ********************************** */
154  /* Standard Piwigo's username control */
155  /* ********************************** */
156  if ($_POST['login'] == '')
157  {
158    return l10n('reg_err_login1');
159  }
160  if (preg_match('/^.* $/', $_POST['login']))
161  {
162    return l10n('reg_err_login2');
163  }
164  if (preg_match('/^ .*$/', $_POST['login']))
165  {
166    return l10n('reg_err_login3');
167  }
168  if (get_userid($_POST['login']))
169  {
170    return l10n('reg_err_login5');
171  }
172 
173  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') /* not the same email variable if we are on users registration page or on admin's user registration page*/
174  {
175  /* Email doblons check */
176    $atom   = '[-a-z0-9!#$%&\'*+\\/=?^_`{|}~]';   // before  arobase
177    $domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
178    $regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
179 
180    if (!preg_match($regex, $_POST['email']))
181    {
182      return l10n('reg_err_mail_address');
183    }
184   
185    $query = '
186SELECT count(*)
187FROM '.USERS_TABLE.'
188WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['email'].'\')
189;';
190    list($count) = mysql_fetch_array(pwg_query($query));
191    if ($count != 0)
192    {
193      return l10n('reg_err_mail_address_dbl');
194    }
195  }
196
197  if (script_basename() == 'register') /* not the same email variable if we are on users registration page or on admin's user registration page*/
198  {
199  /* Email doblons check */
200    $atom   = '[-a-z0-9!#$%&\'*+\\/=?^_`{|}~]';   // before  arobase
201    $domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
202    $regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
203 
204    if (!preg_match($regex, $_POST['mail_address']))
205    {
206      return l10n('reg_err_mail_address');
207    }
208   
209    $query = '
210SELECT count(*)
211FROM '.USERS_TABLE.'
212WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\')
213;';
214    list($count) = mysql_fetch_array(pwg_query($query));
215    if ($count != 0)
216    {
217      return l10n('reg_err_mail_address_dbl');
218    }
219  }
220/* ****************************************** */
221/* End of Piwigo's standard register controls */
222/* ****************************************** */
223
224
225/* ****************************************** */
226/* Here begins the advanced register controls */
227/* ****************************************** */
228  $PasswordCheck = 0;
229 
230  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
231
232  /* Password enforcement control */
233  if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
234  {
235    if (!empty($user['password']) and !is_admin())
236    {
237      $PasswordCheck = testpassword($user['password']);
238 
239      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
240      {
241        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
242        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
243      }
244    }
245    else if (!empty($user['password']) and is_admin() and isset($conf_nbc_UserAdvManager[16]) and $conf_nbc_UserAdvManager[16] == 'true')
246    { 
247      $PasswordCheck = testpassword($user['password']);
248 
249      if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
250      {
251        $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
252        return($lang['reg_err_pass'] = l10n_args($message).$conf_nbc_UserAdvManager[15]);
253      }
254    }
255  }
256
257  /* Username non case sensitive */
258  if (isset($conf_nbc_UserAdvManager[1]) and $conf_nbc_UserAdvManager[1] == 'true' and NotSensibleSearchUsername($_POST['login']))
259  {
260    return($lang['reg_err_login5'] = l10n('reg_err_login5'));
261  }
262
263  /* Username without forbidden keys */
264  if (isset($conf_nbc_UserAdvManager[7]) and $conf_nbc_UserAdvManager[7] == 'true' and !empty($_POST['login']) and ValidateUsername($_POST['login']) and !is_admin())
265  {
266    $_POST['login'] = '';
267    return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_nbc_UserAdvManager[8]."'");
268  }
269
270  /* Email without forbidden domains */
271  if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']) and !is_admin())
272  {
273    $_POST['mail_address'] = '';
274    return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
275  }
276}
277
278
279if (script_basename() == 'profile')
280{
281  add_event_handler('loc_begin_profile', 'UserAdvManager_Profile_Init');
282
283  function UserAdvManager_Profile_Init()
284  {
285    global $conf, $user, $template;
286
287    $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
288
289    if (isset($_POST['validate']) and !is_admin())
290    {
291      /* Email without forbidden domains */
292      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['mail_address']))
293      {
294        if (ValidateEmailProvider($_POST['mail_address']))
295        {
296          $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
297          unset($_POST['validate']);
298        }
299      }
300
301      $typemail = 3;
302     
303      if (!empty($_POST['use_new_pwd']))
304      {
305        $typemail = 2;
306       
307        /* Password enforcement control */
308        if (isset($conf_nbc_UserAdvManager[14]) and $conf_nbc_UserAdvManager[14] == 'true' and !empty($conf_nbc_UserAdvManager[15]))
309        {
310          $PasswordCheck = testpassword($_POST['use_new_pwd']);
311         
312          if ($PasswordCheck < $conf_nbc_UserAdvManager[15])
313          {
314            $message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
315            $template->append('errors', l10n_args($message).$conf_nbc_UserAdvManager[15]);
316            unset($_POST['use_new_pwd']);
317            unset($_POST['validate']);
318          }
319        }
320      }
321     
322      /* Sending registration confirmation by email */
323      if ((isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or (isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
324      {
325        $confirm_mail_need = false;
326             
327        if (!empty($_POST['mail_address']))
328        {
329          $query = '
330SELECT '.$conf['user_fields']['email'].' AS email
331FROM '.USERS_TABLE.'
332WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
333;';
334         
335          list($current_email) = mysql_fetch_row(pwg_query($query));
336     
337          if ($_POST['mail_address'] != $current_email and ( isset($conf_nbc_UserAdvManager[2]) and $conf_nbc_UserAdvManager[2] == 'true'))
338       
339            $confirm_mail_need = true;
340        }
341       
342        if ((!empty($_POST['use_new_pwd']) and (isset($conf_nbc_UserAdvManager[0]) and $conf_nbc_UserAdvManager[0] == 'true') or $confirm_mail_need))
343        {
344          $query = '
345SELECT '.$conf['user_fields']['username'].'
346FROM '.USERS_TABLE.'
347WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
348;';
349       
350          list($username) = mysql_fetch_row(pwg_query($query));
351
352          SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
353        }
354      }
355    }
356  }
357}
358
359
360add_event_handler('init', 'UserAdvManager_InitPage');
361/* *** Important ! This is necessary to make email exclusion work in admin's users management panel *** */
362function UserAdvManager_InitPage()
363{
364  load_language('plugin.lang', NBC_UAM_PATH);
365  global $conf, $template, $page, $lang, $errors;
366
367  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
368
369/* Admin user management */
370  if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
371  {
372    if (isset($_POST['submit_add']))
373    {
374      /* Email without forbidden domains */
375      if (isset($conf_nbc_UserAdvManager[12]) and $conf_nbc_UserAdvManager[12] == 'true' and !empty($_POST['email']) and ValidateEmailProvider($_POST['email']))
376      {
377        $template->append('errors', l10n('reg_err_login7')."'".$conf_nbc_UserAdvManager[13]."'");
378        unset($_POST['submit_add']);
379      }
380    }
381  }
382}
383
384
385add_event_handler('user_comment_check', 'UserAdvManager_CheckEmptyCommentAuthor', 50, 2);
386
387function UserAdvManager_CheckEmptyCommentAuthor($comment_action, $comm)
388{
389  load_language('plugin.lang', NBC_UAM_PATH);
390  global $infos, $conf, $template;
391
392  $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
393
394/* User creation OR update */
395  if (isset($conf_nbc_UserAdvManager[6]) and $conf_nbc_UserAdvManager[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
396  {
397    $comment_action = 'reject';
398
399    array_push($infos, l10n('UserAdvManager_Empty Author'));
400  }
401
402  return $comment_action;
403}
404?>
Note: See TracBrowser for help on using the repository browser.