Context Navigation

source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 5105

Last change on this file since 5105 was 5105, checked in by Eric, 14 years ago

[NBC_UserAdvManager]

Bug 1497 fixed
Small language files improvement

Property svn:eol-style set to LF

File size: 13.3 KB

Line
1	<?php
2	/*
3	Plugin Name: NBC UserAdvManager
4	Version: 2.14.1
5	Description: Renforcer la gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/* History: NBC_UAM_PATH.'Changelog.txt.php' */
12
13	/*
14	*** TODO List ***
15	++ Adding ASC and DESC ordering for user's lists tables (Ghost Tracker, UserList and Unvalidated) ?
16
17	++ No validation needed for admins users comments (new trigger needed in comments.php ?)
18
19	++ No single email check for admins (new trigger needed in functions_user.inc.php ?)
20
21	++ Password control and enforcement
22	?? Can not be the same as username -> Could password score control be sufficient ?
23
24	++ Security : Blocking brut-force attacks !
25	-> Way to do that : Count the number of failed attempts to connect and lock the targetted account after x attempts. Where x will be settable by admin.
26	To unlock the locked account :
27	-> A new table in admin's plugin panel which would display the locked accounts.
28	-> Sending an email to account owner to inform him his account is blocked due to multiple failed connexions attempts. This email could have a link with a security key to unlock the account.
29	-> Both of above solutions ?
30
31	++ Opportunity to copy a registered user for new user creation
32	++ new copied user will (or not) belong to the same groups
33	++ new copied user will (or not) get the same status (visitor, admin, webmaster, guest (??))
34	++ new copied user will (or not) get the same properties
35	++ new copied user will (or not) get the same language
36	... and so on
37	*/
38
39	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
40	if (!defined('NBC_UAM_DIR')) define('NBC_UAM_DIR' , basename(dirname(__FILE__)));
41	if (!defined('NBC_UAM_PATH')) define('NBC_UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
42
43	include_once (NBC_UAM_PATH.'include/constants.php');
44	include_once (NBC_UAM_PATH.'include/functions.inc.php');
45
46	load_language('plugin.lang', NBC_UAM_PATH);
47
48
49	/* Plugin admin */
50	add_event_handler('get_admin_plugin_menu_links', 'UAM_admin_menu');
51
52	function UAM_admin_menu($menu)
53	{
54	array_push($menu,
55	array(
56	'NAME' => 'UserAdvManager',
57	'URL' => get_admin_plugin_menu_link(NBC_UAM_PATH.'/admin/UAM_admin.php')
58	)
59	);
60
61	return $menu;
62	}
63
64	/* Lastvisit table feed for Ghost Tracker */
65	add_event_handler('loc_begin_index', 'UAM_GhostTracker');
66
67	function UAM_GhostTracker()
68	{
69	global $conf, $user;
70
71	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
72
73	/* Admins and Guests are not tracked for Ghost Tracker or Users Tracker */
74	if (!is_admin() and !is_a_guest())
75	{
76	if ((isset($conf_UAM[17]) and $conf_UAM[17] == 'true') or (isset($conf_UAM[20]) and $conf_UAM[20] == 'true'))
77	{
78
79	$userid = get_userid($user['username']);
80
81	/* Looking for existing entry in last visit table */
82	$query = '
83	SELECT *
84	FROM '.USER_LASTVISIT_TABLE.'
85	WHERE user_id = '.$userid.'
86	;';
87
88	$count = mysql_num_rows(pwg_query($query));
89
90	if ($count == 0)
91	{
92	/* If not, data are inserted in table */
93	$query = '
94	INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
95	VALUES ('.$userid.', now(), "false")
96	;';
97	pwg_query($query);
98	}
99	else if ($count > 0)
100	{
101	/* If yes, data are updated in table */
102	$query = '
103	UPDATE '.USER_LASTVISIT_TABLE.'
104	SET lastvisit = now(), reminder = "false"
105	WHERE user_id = '.$userid.'
106	LIMIT 1
107	;';
108	pwg_query($query);
109	}
110	}
111	}
112	}
113
114
115	/* User creation */
116	add_event_handler('register_user', 'UAM_Adduser');
117
118	function UAM_Adduser($register_user)
119	{
120	global $conf;
121
122	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
123
124	/* Sending registration confirmation by email */
125	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or (isset($conf_UAM[2]) and $conf_UAM[2] == 'true'))
126	{
127	if (is_admin() and isset($conf_UAM[21]) and $conf_UAM[21] == 'true')
128	{
129	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
130	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
131	}
132	elseif (is_admin() and isset($conf_UAM[21]) and $conf_UAM[21] == 'false')
133	{
134	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
135	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
136	}
137	elseif (!is_admin())
138	{
139	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
140	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
141	}
142	}
143	}
144
145
146	/* User deletion */
147	add_event_handler('delete_user', 'UAM_Deluser');
148
149	function UAM_Deluser($user_id)
150	{
151	/* Cleanup for ConfirmMail table */
152	DeleteConfirmMail($user_id);
153	/* Cleanup for LastVisit table */
154	DeleteLastVisit($user_id);
155	}
156
157
158	/* Check users registration */
159	add_event_handler('register_user_check', 'UAM_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
160
161	function UAM_RegistrationCheck($err, $user)
162	{
163	global $errors, $conf;
164
165	/* *********************************************************** */
166	/* We need to reset the standard Piwigo's register controls */
167	/* because the call of register_user_check trigger resets them */
168	/* *********************************************************** */
169	/* ********************************** */
170	/* Standard Piwigo's username control */
171	/* ********************************** */
172	if ($_POST['login'] == '')
173	{
174	return l10n('reg_err_login1');
175	}
176	if (preg_match('/^.* $/', $_POST['login']))
177	{
178	return l10n('reg_err_login2');
179	}
180	if (preg_match('/^ .*$/', $_POST['login']))
181	{
182	return l10n('reg_err_login3');
183	}
184	if (get_userid($_POST['login']))
185	{
186	return l10n('reg_err_login5');
187	}
188
189	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') /* not the same email variable if we are on users registration page or on admin's user registration page*/
190	{
191	/* Email doblons check */
192	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
193	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
194	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
195
196	if (!preg_match($regex, $_POST['email']))
197	{
198	return l10n('reg_err_mail_address');
199	}
200
201	$query = '
202	SELECT count(*)
203	FROM '.USERS_TABLE.'
204	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['email'].'\')
205	;';
206	list($count) = mysql_fetch_array(pwg_query($query));
207	if ($count != 0)
208	{
209	return l10n('reg_err_mail_address_dbl');
210	}
211	}
212
213	if (script_basename() == 'register') /* not the same email variable if we are on users registration page or on admin's user registration page*/
214	{
215	/* Email doblons check */
216	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
217	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
218	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
219
220	if (!preg_match($regex, $_POST['mail_address']))
221	{
222	return l10n('reg_err_mail_address');
223	}
224
225	$query = '
226	SELECT count(*)
227	FROM '.USERS_TABLE.'
228	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\')
229	;';
230	list($count) = mysql_fetch_array(pwg_query($query));
231	if ($count != 0)
232	{
233	return l10n('reg_err_mail_address_dbl');
234	}
235	}
236	/* ****************************************** */
237	/* End of Piwigo's standard register controls */
238	/* ****************************************** */
239
240
241	/* ****************************************** */
242	/* Here begins the advanced register controls */
243	/* ****************************************** */
244	$PasswordCheck = 0;
245
246	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
247
248	/* Password enforcement control */
249	if (isset($conf_UAM[14]) and $conf_UAM[14] == 'true' and !empty($conf_UAM[15]))
250	{
251	if (!empty($user['password']) and !is_admin())
252	{
253	$PasswordCheck = testpassword($user['password']);
254
255	if ($PasswordCheck < $conf_UAM[15])
256	{
257	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
258	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[15]);
259	}
260	}
261	else if (!empty($user['password']) and is_admin() and isset($conf_UAM[16]) and $conf_UAM[16] == 'true')
262	{
263	$PasswordCheck = testpassword($user['password']);
264
265	if ($PasswordCheck < $conf_UAM[15])
266	{
267	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
268	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[15]);
269	}
270	}
271	}
272
273	/* Username non case sensitive */
274	if (isset($conf_UAM[1]) and $conf_UAM[1] == 'true' and NotSensibleSearchUsername($_POST['login']))
275	{
276	return($lang['reg_err_login5'] = l10n('reg_err_login5'));
277	}
278
279	/* Username without forbidden keys */
280	if (isset($conf_UAM[7]) and $conf_UAM[7] == 'true' and !empty($_POST['login']) and ValidateUsername($_POST['login']) and !is_admin())
281	{
282	$_POST['login'] = '';
283	return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_UAM[8]."'");
284	}
285
286	/* Email without forbidden domains */
287	if (isset($conf_UAM[12]) and $conf_UAM[12] == 'true' and !empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']) and !is_admin())
288	{
289	$_POST['mail_address'] = '';
290	return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_UAM[13]."'");
291	}
292	}
293
294
295	if (script_basename() == 'profile')
296	{
297	add_event_handler('loc_begin_profile', 'UAM_Profile_Init');
298
299	function UAM_Profile_Init()
300	{
301	global $conf, $user, $template;
302
303	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
304
305	if (isset($_POST['validate']) and !is_admin())
306	{
307	/* Email without forbidden domains */
308	if (isset($conf_UAM[12]) and $conf_UAM[12] == 'true' and !empty($_POST['mail_address']))
309	{
310	if (ValidateEmailProvider($_POST['mail_address']))
311	{
312	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[13]."'");
313	unset($_POST['validate']);
314	}
315	}
316
317	$typemail = 3;
318
319	if (!empty($_POST['use_new_pwd']))
320	{
321	$typemail = 2;
322
323	/* Password enforcement control */
324	if (isset($conf_UAM[14]) and $conf_UAM[14] == 'true' and !empty($conf_UAM[15]))
325	{
326	$PasswordCheck = testpassword($_POST['use_new_pwd']);
327
328	if ($PasswordCheck < $conf_UAM[15])
329	{
330	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
331	$template->append('errors', l10n_args($message).$conf_UAM[15]);
332	unset($_POST['use_new_pwd']);
333	unset($_POST['validate']);
334	}
335	}
336	}
337
338	/* Sending registration confirmation by email */
339	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or (isset($conf_UAM[2]) and $conf_UAM[2] == 'true'))
340	{
341	$confirm_mail_need = false;
342
343	if (!empty($_POST['mail_address']))
344	{
345	$query = '
346	SELECT '.$conf['user_fields']['email'].' AS email
347	FROM '.USERS_TABLE.'
348	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
349	;';
350
351	list($current_email) = mysql_fetch_row(pwg_query($query));
352
353	if ($_POST['mail_address'] != $current_email and ( isset($conf_UAM[2]) and $conf_UAM[2] == 'true'))
354
355	$confirm_mail_need = true;
356	}
357
358	if ((!empty($_POST['use_new_pwd']) and (isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or $confirm_mail_need))
359	{
360	$query = '
361	SELECT '.$conf['user_fields']['username'].'
362	FROM '.USERS_TABLE.'
363	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
364	;';
365
366	list($username) = mysql_fetch_row(pwg_query($query));
367
368	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
369	}
370	}
371	}
372	}
373	}
374
375
376	add_event_handler('init', 'UAM_InitPage');
377	/* * Important ! This is necessary to make email exclusion work in admin's users management panel * */
378	function UAM_InitPage()
379	{
380	load_language('plugin.lang', NBC_UAM_PATH);
381	global $conf, $template, $page, $lang, $errors;
382
383	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
384
385	/* Admin user management */
386	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
387	{
388	if (isset($_POST['submit_add']))
389	{
390	/* Email without forbidden domains */
391	if (isset($conf_UAM[12]) and $conf_UAM[12] == 'true' and !empty($_POST['email']) and ValidateEmailProvider($_POST['email']))
392	{
393	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[13]."'");
394	unset($_POST['submit_add']);
395	}
396	}
397	}
398	}
399
400
401	add_event_handler('user_comment_check', 'UAM_CheckEmptyCommentAuthor', 50, 2);
402
403	function UAM_CheckEmptyCommentAuthor($comment_action, $comm)
404	{
405	load_language('plugin.lang', NBC_UAM_PATH);
406	global $infos, $conf, $template;
407
408	$conf_UAM = unserialize($conf['nbc_UserAdvManager']);
409
410	/* User creation OR update */
411	if (isset($conf_UAM[6]) and $conf_UAM[6] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
412	{
413	$comment_action = 'reject';
414
415	array_push($infos, l10n('UAM_Empty Author'));
416	}
417
418	return $comment_action;
419	}
420	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: