Context Navigation

source: extensions/NBC_UserAdvManager/trunk/main.inc.php @ 6796

Last change on this file since 6796 was 6796, checked in by Eric, 14 years ago
Bug 1819 fixed - Wrong help text for redirection function
Property svn:eol-style set to `LF`
File size: 14.9 KB

Line
1	<?php
2	/*
3	Plugin Name: UserAdvManager
4	Version: 2.15.6b
5	Description: Renforcer la gestion des utilisateurs - Enforce users management
6	Plugin URI: http://fr.piwigo.org/ext/extension_view.php?eid=216
7	Author: Nicco, Eric
8	Author URI: http://gallery-nicco.no-ip.org, http://www.infernoweb.net
9	*/
10
11	/* History: UAM_PATH.'Changelog.txt.php' */
12
13	/*
14	*** TODO List ***
15	See project bugtracker: http://piwigo.org/bugs/my_view_page.php
16	*/
17
18	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
19	if (!defined('UAM_DIR')) define('UAM_DIR' , basename(dirname(__FILE__)));
20	if (!defined('UAM_PATH')) define('UAM_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
21
22	include_once (UAM_PATH.'include/constants.php');
23	include_once (UAM_PATH.'include/functions.inc.php');
24
25	load_language('plugin.lang', UAM_PATH);
26
27
28	/* Plugin admin */
29	add_event_handler('get_admin_plugin_menu_links', 'UAM_admin_menu');
30
31	function UAM_admin_menu($menu)
32	{
33	// +-----------------------------------------------------------------------+
34	// \| Getting plugin name \|
35	// +-----------------------------------------------------------------------+
36	$plugin = PluginInfos(UAM_PATH);
37	$name = $plugin['name'];
38
39	array_push($menu,
40	array(
41	'NAME' => $name,
42	'URL' => get_admin_plugin_menu_link(UAM_PATH.'/admin/UAM_admin.php')
43	)
44	);
45
46	return $menu;
47	}
48
49	/* Lastvisit table feed for Ghost Tracker */
50	add_event_handler('loc_begin_index', 'UAM_GhostTracker');
51
52	function UAM_GhostTracker()
53	{
54	global $conf, $user;
55
56	$conf_UAM = unserialize($conf['UserAdvManager']);
57
58	/* Admins and Guests are not tracked for Ghost Tracker or Users Tracker */
59	if (!is_admin() and !is_a_guest())
60	{
61	if ((isset($conf_UAM[16]) and $conf_UAM[16] == 'true') or (isset($conf_UAM[19]) and $conf_UAM[19] == 'true'))
62	{
63
64	$userid = get_userid($user['username']);
65
66	/* Looking for existing entry in last visit table */
67	$query = '
68	SELECT *
69	FROM '.USER_LASTVISIT_TABLE.'
70	WHERE user_id = '.$userid.'
71	;';
72
73	$count = pwg_db_num_rows(pwg_query($query));
74
75	if ($count == 0)
76	{
77	/* If not, data are inserted in table */
78	$query = '
79	INSERT INTO '.USER_LASTVISIT_TABLE.' (user_id, lastvisit, reminder)
80	VALUES ('.$userid.', now(), "false")
81	;';
82	pwg_query($query);
83	}
84	else if ($count > 0)
85	{
86	/* If yes, data are updated in table */
87	$query = '
88	UPDATE '.USER_LASTVISIT_TABLE.'
89	SET lastvisit = now(), reminder = "false"
90	WHERE user_id = '.$userid.'
91	LIMIT 1
92	;';
93	pwg_query($query);
94	}
95	}
96	}
97	}
98
99
100	/* User creation */
101	add_event_handler('register_user', 'UAM_Adduser');
102
103	function UAM_Adduser($register_user)
104	{
105	global $conf;
106
107	$conf_UAM = unserialize($conf['UserAdvManager']);
108
109	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
110	{
111	/* This is to send an information email and set user to "waiting" group or status until admin validation */
112	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
113	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
114	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
115	}
116	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'false') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
117	{
118	/* This is to set user to "wainting" group or status until admin validation */
119	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
120	}
121	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'false'))
122	{
123	/* This is to send an information email without validation key */
124	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
125	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
126	}
127	/* Sending registration confirmation by email */
128	elseif ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') and (isset($conf_UAM[1]) and $conf_UAM[1] == 'true'))
129	{
130	if (is_admin() and isset($conf_UAM[20]) and $conf_UAM[20] == 'true')
131	{
132	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
133	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
134	}
135	elseif (is_admin() and isset($conf_UAM[20]) and $conf_UAM[20] == 'false')
136	{
137	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
138	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], false);
139	}
140	elseif (!is_admin())
141	{
142	$passwd = (isset($_POST['password'])) ? $_POST['password'] : '';
143	SendMail2User(1, $register_user['id'], $register_user['username'], $passwd, $register_user['email'], true);
144	}
145	}
146	}
147
148
149	/* User deletion */
150	add_event_handler('delete_user', 'UAM_Deluser');
151
152	function UAM_Deluser($user_id)
153	{
154	/* Cleanup for ConfirmMail table */
155	DeleteConfirmMail($user_id);
156	/* Cleanup for LastVisit table */
157	DeleteLastVisit($user_id);
158	/* Cleanup Redirection settings */
159	DeleteRedir($user_id);
160	}
161
162
163	/* Check users registration */
164	add_event_handler('register_user_check', 'UAM_RegistrationCheck', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
165
166	function UAM_RegistrationCheck($err, $user)
167	{
168	global $errors, $conf;
169
170	/* *********************************************************** */
171	/* We need to reset the standard Piwigo's register controls */
172	/* because the call of register_user_check trigger resets them */
173	/* *********************************************************** */
174	/* ********************************** */
175	/* Standard Piwigo's username control */
176	/* ********************************** */
177	if ($_POST['login'] == '')
178	{
179	return l10n('reg_err_login1');
180	}
181	if (preg_match('/^.* $/', $_POST['login']))
182	{
183	return l10n('reg_err_login2');
184	}
185	if (preg_match('/^ .*$/', $_POST['login']))
186	{
187	return l10n('reg_err_login3');
188	}
189	if (get_userid($_POST['login']))
190	{
191	return l10n('reg_err_login5');
192	}
193
194	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list') /* not the same email variable if we are on users registration page or on admin's user registration page*/
195	{
196	/* Email doblons check */
197	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
198	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
199	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
200
201	if (!preg_match($regex, $_POST['email']))
202	{
203	return l10n('reg_err_mail_address');
204	}
205
206	$query = '
207	SELECT count(*)
208	FROM '.USERS_TABLE.'
209	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['email'].'\')
210	;';
211	list($count) = pwg_db_fetch_row(pwg_query($query));
212	if ($count != 0)
213	{
214	return l10n('reg_err_mail_address_dbl');
215	}
216	}
217
218	if (script_basename() == 'register') /* not the same email variable if we are on users registration page or on admin's user registration page*/
219	{
220	/* Email doblons check */
221	$atom = '[-a-z0-9!#$%&\'*+\\/=?^_`{\|}~]'; // before arobase
222	$domain = '([a-z0-9]([-a-z0-9]*[a-z0-9]+)?)'; // domain name
223	$regex = '/^' . $atom . '+' . '(\.' . $atom . '+)*' . '@' . '(' . $domain . '{1,63}\.)+' . $domain . '{2,63}$/i';
224
225	if (!preg_match($regex, $_POST['mail_address']))
226	{
227	return l10n('reg_err_mail_address');
228	}
229
230	$query = '
231	SELECT count(*)
232	FROM '.USERS_TABLE.'
233	WHERE upper('.$conf['user_fields']['email'].') = upper(\''.$_POST['mail_address'].'\')
234	;';
235	list($count) = pwg_db_fetch_row(pwg_query($query));
236	if ($count != 0)
237	{
238	return l10n('reg_err_mail_address_dbl');
239	}
240	}
241	/* ****************************************** */
242	/* End of Piwigo's standard register controls */
243	/* ****************************************** */
244
245
246	/* ****************************************** */
247	/* Here begins the advanced register controls */
248	/* ****************************************** */
249	$PasswordCheck = 0;
250
251	$conf_UAM = unserialize($conf['UserAdvManager']);
252
253	/* Password enforcement control */
254	if (isset($conf_UAM[13]) and $conf_UAM[13] == 'true' and !empty($conf_UAM[14]))
255	{
256	if (!empty($user['password']) and !is_admin())
257	{
258	$PasswordCheck = testpassword($user['password']);
259
260	if ($PasswordCheck < $conf_UAM[14])
261	{
262	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
263	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[14]);
264	}
265	}
266	else if (!empty($user['password']) and is_admin() and isset($conf_UAM[15]) and $conf_UAM[15] == 'true')
267	{
268	$PasswordCheck = testpassword($user['password']);
269
270	if ($PasswordCheck < $conf_UAM[14])
271	{
272	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
273	return($lang['reg_err_pass'] = l10n_args($message).$conf_UAM[14]);
274	}
275	}
276	}
277
278	/* Username without forbidden keys */
279	if (isset($conf_UAM[6]) and $conf_UAM[6] == 'true' and !empty($_POST['login']) and ValidateUsername($_POST['login']) and !is_admin())
280	{
281	$_POST['login'] = '';
282	return($lang['reg_err_login1'] = l10n('reg_err_login6')."'".$conf_UAM[7]."'");
283	}
284
285	/* Email without forbidden domains */
286	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['mail_address']) and ValidateEmailProvider($_POST['mail_address']) and !is_admin())
287	{
288	$_POST['mail_address'] = '';
289	return($lang['reg_err_login1'] = l10n('reg_err_login7')."'".$conf_UAM[12]."'");
290	}
291	}
292
293
294	if (script_basename() == 'profile')
295	{
296	add_event_handler('loc_begin_profile', 'UAM_Profile_Init');
297
298	function UAM_Profile_Init()
299	{
300	global $conf, $user, $template;
301
302	$conf_UAM = unserialize($conf['UserAdvManager']);
303
304	if ((isset($conf_UAM[21]) and $conf_UAM[21] == 'true'))
305	{
306	$user_idsOK = array();
307	if (!check_consult($user['id'], $user_idsOK))
308	{
309	$user_idsOK[] = $user['id'];
310
311	$query = "
312	UPDATE ".CONFIG_TABLE."
313	SET value = \"".implode(',', $user_idsOK)."\"
314	WHERE param = 'UserAdvManager_Redir';";
315
316	pwg_query($query);
317	}
318	}
319
320	if (isset($_POST['validate']) and !is_admin())
321	{
322	/* Email without forbidden domains */
323	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['mail_address']))
324	{
325	if (ValidateEmailProvider($_POST['mail_address']))
326	{
327	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[12]."'");
328	unset($_POST['validate']);
329	}
330	}
331
332	$typemail = 3;
333
334	if (!empty($_POST['use_new_pwd']))
335	{
336	$typemail = 2;
337
338	/* Password enforcement control */
339	if (isset($conf_UAM[13]) and $conf_UAM[13] == 'true' and !empty($conf_UAM[14]))
340	{
341	$PasswordCheck = testpassword($_POST['use_new_pwd']);
342
343	if ($PasswordCheck < $conf_UAM[14])
344	{
345	$message = get_l10n_args('reg_err_login4_%s', $PasswordCheck);
346	$template->append('errors', l10n_args($message).$conf_UAM[14]);
347	unset($_POST['use_new_pwd']);
348	unset($_POST['validate']);
349	}
350	}
351	}
352
353	/* Sending registration confirmation by email */
354	if ((isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or (isset($conf_UAM[1]) and $conf_UAM[1] == 'true') or (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
355	{
356	$confirm_mail_need = false;
357
358	if (!empty($_POST['mail_address']))
359	{
360	$query = '
361	SELECT '.$conf['user_fields']['email'].' AS email
362	FROM '.USERS_TABLE.'
363	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
364	;';
365
366	list($current_email) = pwg_db_fetch_row(pwg_query($query));
367
368	/* This is to send a new validation key */
369	if ($_POST['mail_address'] != $current_email and (isset($conf_UAM[1]) and $conf_UAM[1] == 'true'))
370
371	$confirm_mail_need = true;
372
373	/* This is to set the user to "waiting" group or status until admin validation */
374	if ($_POST['mail_address'] != $current_email and (isset($conf_UAM[1]) and $conf_UAM[1] == 'local'))
375
376	setgroup($register_user['id']);// Set to "waiting" group or status until admin validation
377	$confirm_mail_need = false;
378	}
379
380	if ((!empty($_POST['use_new_pwd']) and (isset($conf_UAM[0]) and $conf_UAM[0] == 'true') or $confirm_mail_need))
381	{
382	$query = '
383	SELECT '.$conf['user_fields']['username'].'
384	FROM '.USERS_TABLE.'
385	WHERE '.$conf['user_fields']['id'].' = \''.$user['id'].'\'
386	;';
387
388	list($username) = pwg_db_fetch_row(pwg_query($query));
389
390	SendMail2User($typemail, $user['id'], $username, $_POST['use_new_pwd'], $_POST['mail_address'], $confirm_mail_need);
391	}
392	}
393	}
394	}
395	}
396
397
398	// RedirectToProfile - Thx to LucMorizur
399	// redirects a visitor (except for admins, webmasters and generic statuses) to his
400	// profile.php page
401	//
402	// no variable, no return
403	add_event_handler('login_success', 'RedirectToProfile');
404
405	function RedirectToProfile()
406	{
407	global $conf, $user;
408
409	$conf_UAM = unserialize($conf['UserAdvManager']);
410
411	$query ='
412	SELECT user_id, status
413	FROM '.USER_INFOS_TABLE.'
414	WHERE user_id = '.$user['id'].'
415	;';
416	$data = pwg_db_fetch_assoc(pwg_query($query));
417
418	if ($data['status'] <> "admin" and $data['status'] <> "webmaster" and $data['status'] <> "generic")
419	{
420	if ((isset($conf_UAM[21]) and $conf_UAM[21] == 'true'))
421	{
422	$user_idsOK = array();
423	if (!check_consult($user['id'], $user_idsOK))
424	redirect(PHPWG_ROOT_PATH.'profile.php');
425	}
426	}
427	}
428
429
430	add_event_handler('init', 'UAM_InitPage');
431	/* * Important ! This is necessary to make email exclusion work in admin's users management panel * */
432	function UAM_InitPage()
433	{
434	load_language('plugin.lang', UAM_PATH);
435	global $conf, $template, $page, $lang, $errors;
436
437	$conf_UAM = unserialize($conf['UserAdvManager']);
438
439	/* Admin user management */
440	if (script_basename() == 'admin' and isset($_GET['page']) and $_GET['page'] == 'user_list')
441	{
442	if (isset($_POST['submit_add']))
443	{
444	/* Email without forbidden domains */
445	if (isset($conf_UAM[11]) and $conf_UAM[11] == 'true' and !empty($_POST['email']) and ValidateEmailProvider($_POST['email']))
446	{
447	$template->append('errors', l10n('reg_err_login7')."'".$conf_UAM[12]."'");
448	unset($_POST['submit_add']);
449	}
450	}
451	}
452	}
453
454
455	add_event_handler('user_comment_check', 'UAM_CheckEmptyCommentAuthor', 50, 2);
456
457	function UAM_CheckEmptyCommentAuthor($comment_action, $comm)
458	{
459	load_language('plugin.lang', UAM_PATH);
460	global $infos, $conf, $template;
461
462	$conf_UAM = unserialize($conf['UserAdvManager']);
463
464	/* User creation OR update */
465	if (isset($conf_UAM[5]) and $conf_UAM[5] == 'true' and $conf['comments_forall'] == 'true' and $comm['author'] == 'guest')
466	{
467	$comment_action = 'reject';
468
469	array_push($infos, l10n('UAM_Empty Author'));
470	}
471
472	return $comment_action;
473	}
474	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: