Context Navigation

PP_admin.php @ 27179

Last change on this file since 27179 was 27179, checked in by Eric, 10 years ago
Piwigo 2.6 compatibility: Users management (users display, password renewal and unlocking accounts) recoded in plugin's admin panel
File size: 19.7 KB

Line
1	<?php
2
3	global $user, $lang, $conf, $errors;
4
5	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
6	// +-----------------------------------------------------------------------+
7	// \| Check Access and exit when user status is not ok \|
8	// +-----------------------------------------------------------------------+
9	check_status(ACCESS_ADMINISTRATOR);
10
11	if (!defined('PP_PATH')) define('PP_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
12
13	//ini_set('error_reporting', E_ALL);
14	//ini_set('display_errors', true);
15
16	include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php');
17	include_once (PHPWG_ROOT_PATH.'/include/constants.php');
18
19	load_language('plugin.lang', PP_PATH);
20
21
22	// +-----------------------------------------------------------------------+
23	// \| Variables initialization \|
24	// +-----------------------------------------------------------------------+
25	$page['global'] = array();
26	$error = array();
27
28	$my_base_url = get_admin_plugin_menu_link(__FILE__);
29
30	$PP_Password_Test_Score = 0;
31
32	// +-----------------------------------------------------------------------+
33	// \| Getting plugin version \|
34	// +-----------------------------------------------------------------------+
35	$plugin = PPInfos(PP_PATH);
36	$version = $plugin['version'];
37
38	// ------------------------------------------
39	// Template initialization for forms and data
40	// ------------------------------------------
41	$themeconf = $template->get_template_vars('themeconf');
42	$PP_theme = $themeconf['id'];
43
44	// +----------------------------------------------------------+
45	// \| FCK Editor for email text fields \|
46	// +----------------------------------------------------------+
47	$toolbar = 'Basic';
48	$width = '750px';
49	$height = '300px';
50	$areas = array();
51	array_push($areas,'PP_CustomLockMsg');
52
53	if (function_exists('set_fckeditor_instance'))
54	{
55	$fcke_config = unserialize($conf['FCKEditor']);
56	foreach($areas as $area)
57	{
58	if (!isset($fcke_config[$area]))
59	{
60	$fcke_config[$area] = false;
61	}
62	}
63	$conf['FCKEditor'] = serialize($fcke_config);
64
65	set_fckeditor_instance($areas, $toolbar, $width, $height);
66	}
67
68
69	// +-----------------------------------------------------------------------+
70	// \| Tabssheet \|
71	// +-----------------------------------------------------------------------+
72	if (!isset($_GET['tab']))
73	$page['tab'] = 'config';
74	else
75	$page['tab'] = $_GET['tab'];
76
77	$tabsheet = new tabsheet();
78	$tabsheet->add('config',
79	l10n('PP_config_tab'),
80	$my_base_url.'&tab=config');
81	$tabsheet->add('userlist',
82	l10n('PP_Users_List_Tab'),
83	$my_base_url.'&tab=userlist');
84	$tabsheet->select($page['tab']);
85	$tabsheet->assign();
86
87
88	// +-----------------------------------------------------------------------+
89	// \| Tabssheet select \|
90	// +-----------------------------------------------------------------------+
91
92	switch ($page['tab'])
93	{
94	// *************************************************************************
95	// +-----------------------------------------------------------------------+
96	// \| Config tab \|
97	// +-----------------------------------------------------------------------+
98	// *************************************************************************
99	case 'config':
100
101	if (isset($_POST['submit']) and isset($_POST['PP_Password_Enforced']) and isset($_POST['PP_AdminPassword_Enforced']) and isset($_POST['PP_PwdReset']) and isset($_POST['PP_LogFailedPassw']))
102	{
103	$_POST['PP_CustomLockMsg'] = str_replace('\"', '"', str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['PP_CustomLockMsg'])));
104	// Save global PP configuration
105	// -----------------------------
106	$newconf_PP['PPVersion'] = $version;
107	$newconf_PP['PASSWORDENF'] = (isset($_POST['PP_Password_Enforced']) ? $_POST['PP_Password_Enforced'] : 'false');
108	$newconf_PP['PASSWORD_SCORE'] = (isset($_POST['PP_Password_Score']) ? $_POST['PP_Password_Score'] : '100');
109	$newconf_PP['ADMINPASSWENF'] = (isset($_POST['PP_AdminPassword_Enforced']) ? $_POST['PP_AdminPassword_Enforced'] : 'false');
110	$newconf_PP['PWDRESET'] = (isset($_POST['PP_PwdReset']) ? $_POST['PP_PwdReset'] : 'false');
111	$newconf_PP['LOGFAILBLOCK'] = (isset($_POST['PP_LogFailedPassw']) ? $_POST['PP_LogFailedPassw'] : 'false');
112	$newconf_PP['NBLOGFAIL'] = (isset($_POST['PP_NbFailedPassw']) ? $_POST['PP_NbFailedPassw'] : '0');
113	$newconf_PP['USRLOCKEDTXT'] = (isset($_POST['PP_CustomLockMsg']) ? $_POST['PP_CustomLockMsg'] : l10n('PP_User_Account_Locked_Txt'));
114
115	$conf['PasswordPolicy'] = serialize($newconf_PP);
116
117	conf_update_param('PasswordPolicy', pwg_db_real_escape_string($conf['PasswordPolicy']));
118
119	array_push($page['infos'], l10n('PP_save_config'));
120	}
121
122	// Testing password enforcement
123	// ----------------------------
124	if (isset($_POST['PasswordTest']) and isset($_POST['PP_Password_Test']) and !empty($_POST['PP_Password_Test']))
125	{
126	$PP_Password_Test_Score = PP_testpassword($_POST['PP_Password_Test']);
127	}
128	else if (isset($_POST['PasswordTest']) and empty($_POST['PP_Password_Test']))
129	{
130	array_push($page['errors'], l10n('PP_Error_Password_Mandatory'));
131	}
132
133	$conf_PP = unserialize($conf['PasswordPolicy']);
134
135	$template->assign(
136	array(
137	'PP_VERSION' => $version,
138	'PP_PATH' => PP_PATH,
139	'PP_PASSWORDENF_TRUE' => $conf_PP['PASSWORDENF']=='true' ? 'checked="checked"' : '' ,
140	'PP_PASSWORDENF_FALSE' => $conf_PP['PASSWORDENF']=='false' ? 'checked="checked"' : '' ,
141	'PP_PASSWORD_SCORE' => $conf_PP['PASSWORD_SCORE'],
142	'PP_ADMINPASSWENF_TRUE' => $conf_PP['ADMINPASSWENF']=='true' ? 'checked="checked"' : '' ,
143	'PP_ADMINPASSWENF_FALSE' => $conf_PP['ADMINPASSWENF']=='false' ? 'checked="checked"' : '' ,
144	'PP_PWDRESET_TRUE' => $conf_PP['PWDRESET']=='true' ? 'checked="checked"' : '' ,
145	'PP_PWDRESET_FALSE' => $conf_PP['PWDRESET']=='false' ? 'checked="checked"' : '' ,
146	'PP_PASSWORD_TEST_SCORE' => $PP_Password_Test_Score,
147	'PP_LOGFAILEDPASSW_TRUE' => $conf_PP['LOGFAILBLOCK']=='true' ? 'checked="checked"' : '' ,
148	'PP_LOGFAILEDPASSW_FALSE' => $conf_PP['LOGFAILBLOCK']=='false' ? 'checked="checked"' : '' ,
149	'PP_NBLOGFAIL' => $conf_PP['NBLOGFAIL'],
150	'PP_USRLOCKEDTXT' => $conf_PP['USRLOCKEDTXT']
151	)
152	);
153
154
155	// +-----------------------------------------------------------------------+
156	// \| errors display \|
157	// +-----------------------------------------------------------------------+
158	if (isset ($errors) and count($errors) != 0)
159	{
160	$template->assign('errors',array());
161	foreach ($errors as $error)
162	{
163	array_push($page['errors'], $error);
164	}
165	}
166
167	// +-----------------------------------------------------------------------+
168	// \| templates display \|
169	// +-----------------------------------------------------------------------+
170	$template->set_filename('plugin_admin_content', dirname(__FILE__) . '/template/PP_admin.tpl');
171	$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
172
173	break;
174
175
176	// *************************************************************************
177	// +-----------------------------------------------------------------------+
178	// \| Users list page \|
179	// +-----------------------------------------------------------------------+
180	// *************************************************************************
181	case 'userlist':
182
183	$conf_PP = unserialize($conf['PasswordPolicy']);
184
185	if ((isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET']=='true') or (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK']=='true'))
186	{
187	// +-----------------------------------------------------------------------+
188	// \| initialization \|
189	// +-----------------------------------------------------------------------+
190
191	if (!defined('PHPWG_ROOT_PATH'))
192	{
193	die('Hacking attempt!');
194	}
195
196	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
197
198	// +-----------------------------------------------------------------------+
199	// \| Check Access and exit when user status is not ok \|
200	// +-----------------------------------------------------------------------+
201	check_status(ACCESS_ADMINISTRATOR);
202
203
204	// +-----------------------------------------------------------------------+
205	// \| user list \|
206	// +-----------------------------------------------------------------------+
207
208	$page['filtered_users'] = pp_get_user_list();
209
210	// +-----------------------------------------------------------------------+
211	// \| selected users \|
212	// +-----------------------------------------------------------------------+
213	if (isset($_POST['pwdreset']) or isset($_POST['unlock']))
214	{
215	$collection = array();
216
217	switch ($_POST['target'])
218	{
219	case 'all' :
220	{
221	foreach($page['filtered_users'] as $local_user)
222	{
223	array_push($collection, $local_user['id']);
224	}
225	break;
226	}
227	case 'selection' :
228	{
229	if (isset($_POST['selection']))
230	{
231	$collection = $_POST['selection'];
232	}
233	break;
234	}
235	}
236
237	if (count($collection) == 0)
238	{
239	array_push($page['errors'], l10n('Select at least one user'));
240	}
241	}
242
243	// +-----------------------------------------------------------------------+
244	// \| Reset pwd \|
245	// +-----------------------------------------------------------------------+
246	if (isset($_POST['pwdreset']) and count($collection) > 0)
247	{
248	if (in_array($conf['guest_id'], $collection))
249	{
250	array_push($page['errors'], l10n('PP_Guest cannot be pwdreset'));
251	}
252	if (($conf['guest_id'] != $conf['default_user_id']) and
253	in_array($conf['default_user_id'], $collection))
254	{
255	array_push($page['errors'], l10n('PP_Default user cannot be pwdreset'));
256	}
257	if (in_array($conf['webmaster_id'], $collection))
258	{
259	array_push($page['errors'], l10n('PP_Webmaster cannot be pwdreset'));
260	}
261	if (in_array($user['id'], $collection))
262	{
263	array_push($page['errors'], l10n('PP_You cannot pwdreset your account'));
264	}
265
266	// Generic accounts exclusion (including Adult_Content generic users)
267	// ------------------------------------------------------------------
268	$query ='
269	SELECT u.id
270	FROM '.USERS_TABLE.' AS u
271	INNER JOIN '.USER_INFOS_TABLE.' AS ui
272	ON u.id = ui.user_id
273	WHERE ui.status = "generic"
274	;';
275
276	$result = pwg_query($query);
277
278	while ($row = pwg_db_fetch_assoc($result))
279	{
280	if (in_array($row['id'], $collection))
281	{
282	array_push($page['errors'], l10n('PP_Generic cannot be pwdreset'));
283	}
284	}
285
286	// Admins accounts exclusion
287	// --------------------------
288	$query ='
289	SELECT u.id
290	FROM '.USERS_TABLE.' AS u
291	INNER JOIN '.USER_INFOS_TABLE.' AS ui
292	ON u.id = ui.user_id
293	WHERE ui.status = "admin"
294	;';
295
296	$result = pwg_query($query);
297
298	while ($row = pwg_db_fetch_assoc($result))
299	{
300	if (in_array($row['id'], $collection))
301	{
302	array_push($page['errors'], l10n('PP_Admins cannot be pwdreset'));
303	}
304	}
305
306
307	if (count($page['errors']) == 0)
308	{
309	if (isset($_POST['confirm_pwdreset']) and 1 == $_POST['confirm_pwdreset'])
310	{
311	foreach ($collection as $user_id)
312	{
313	PP_Set_PwdReset($user_id);
314	}
315	array_push(
316	$page['infos'],
317	l10n_dec(
318	'PP %d user pwdreseted', 'PP %d users pwdreseted',
319	count($collection)
320	)
321	);
322	$template->append('infos', l10n_dec(
323	'PP %d user pwdreseted', 'PP %d users pwdreseted',
324	count($collection)));
325	}
326	else
327	{
328	array_push($page['errors'], l10n('PP_You need to confirm pwdreset'));
329	}
330	}
331	}
332
333
334	// +-----------------------------------------------------------------------+
335	// \| Unlock accounts \|
336	// +-----------------------------------------------------------------------+
337	if (isset($_POST['unlock']) and count($collection) > 0)
338	{
339	if (in_array($conf['guest_id'], $collection))
340	{
341	array_push($page['errors'], l10n('PP_Guest is not unlockable'));
342	}
343	if (($conf['guest_id'] != $conf['default_user_id']) and
344	in_array($conf['default_user_id'], $collection))
345	{
346	array_push($page['errors'], l10n('PP_Default user is not unlockable'));
347	}
348	if (in_array($conf['webmaster_id'], $collection))
349	{
350	array_push($page['errors'], l10n('PP_Webmaster is not unlockable'));
351	}
352	if (in_array($user['id'], $collection))
353	{
354	array_push($page['errors'], l10n('PP_You cannot unlock your account'));
355	}
356
357	// Generic accounts exclusion (including Adult_Content generic users)
358	// ------------------------------------------------------------------
359	$query ='
360	SELECT u.id
361	FROM '.USERS_TABLE.' AS u
362	INNER JOIN '.USER_INFOS_TABLE.' AS ui
363	ON u.id = ui.user_id
364	WHERE ui.status = "generic"
365	;';
366
367	$result = pwg_query($query);
368
369	while ($row = pwg_db_fetch_assoc($result))
370	{
371	if (in_array($row['id'], $collection))
372	{
373	array_push($page['errors'], l10n('PP_Generic is not unlockable'));
374	}
375	}
376
377	// Admins accounts exclusion
378	// --------------------------
379	$query ='
380	SELECT u.id
381	FROM '.USERS_TABLE.' AS u
382	INNER JOIN '.USER_INFOS_TABLE.' AS ui
383	ON u.id = ui.user_id
384	WHERE ui.status = "admin"
385	;';
386
387	$result = pwg_query($query);
388
389	while ($row = pwg_db_fetch_assoc($result))
390	{
391	if (in_array($row['id'], $collection))
392	{
393	array_push($page['errors'], l10n('PP_Admins is not unlockable'));
394	}
395	}
396
397
398	if (count($page['errors']) == 0)
399	{
400	if (isset($_POST['confirm_unlock']) and 1 == $_POST['confirm_unlock'])
401	{
402	foreach ($collection as $user_id)
403	{
404	PP_unlock_user($user_id);
405	}
406	array_push(
407	$page['infos'],
408	l10n_dec(
409	'PP %d user unlocked', 'PP %d users unlocked',
410	count($collection)
411	)
412	);
413	$template->append('infos', l10n_dec(
414	'PP %d user unlocked', 'PP %d users unlocked',
415	count($collection)));
416	}
417	else
418	{
419	array_push($page['errors'], l10n('PP_You need to confirm unlock'));
420	}
421	}
422	}
423
424
425	// +-----------------------------------------------------------------------+
426	// \| user list \|
427	// +-----------------------------------------------------------------------+
428
429	$visible_user_list = array();
430	foreach ($page['filtered_users'] as $num => $local_user)
431	{
432	$visible_user_list[] = $local_user;
433	}
434
435	foreach ($visible_user_list as $local_user)
436	{
437	if (!empty($local_user))
438	{
439	$query = '
440	SELECT DISTINCT id, PP_pwdreset
441	FROM '.USERS_TABLE.'
442	WHERE id IN ('.$local_user['id'].')
443	;';
444	$result = pwg_query($query);
445
446	while ($row = pwg_db_fetch_assoc($result))
447	{
448	if ($row['PP_pwdreset'] == 'false')
449	{
450	$pwdreset = l10n('PP_PwdReset_Done');
451	}
452	else if ($row['PP_pwdreset'] == 'true')
453	{
454	$pwdreset = l10n('PP_PwdReset_Todo');
455	}
456	else $pwdreset = l10n('PP_PwdReset_NA');
457	}
458
459
460	$query = '
461	SELECT DISTINCT id, PP_lock
462	FROM '.USERS_TABLE.'
463	WHERE id IN ('.$local_user['id'].')
464	;';
465	$result = pwg_query($query);
466
467	while ($row = pwg_db_fetch_assoc($result))
468	{
469	if ($row['PP_lock'] == 'false')
470	{
471	$LockedUser = '<img src="'.PP_PATH.'admin/template/icons/nolock.png" title="'.l10n('PP_User Not Locked').'" alt="'.l10n('PP_User Not Locked').'"/><div style="display: none">'.l10n('PP_User Not Locked').'</div>';
472	}
473	else if ($row['PP_lock'] == 'true')
474	{
475	$LockedUser = '<img src="'.PP_PATH.'admin/template/icons/lock.png" title="'.l10n('PP_User Locked').'" alt="'.l10n('PP_User Locked').'"/><div style="display: none">'.l10n('PP_User Locked').'</div>';
476	}
477	else $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/nolock.png" title="'.l10n('PP_User Not Locked').'" alt="'.l10n('PP_User Not Locked').'"/><div style="display: none">'.l10n('PP_User Not Locked').'</div>';
478	}
479	}
480
481	// Template initialization
482	// -----------------------
483	$template->append(
484	'users',
485	array(
486	'ID' => $local_user['id'],
487	'USERNAME' => stripslashes($local_user['username'])
488	.($local_user['id'] == $conf['guest_id']
489	? '<BR>['.l10n('guest').']' : '')
490	.($local_user['id'] == $conf['default_user_id']
491	? '<BR>['.l10n('default values').']' : ''),
492	'STATUS' => l10n('user_status_'.$local_user['status']),
493	'EMAIL' => $local_user['email'],
494	'PWD_LOCKED' => $LockedUser,
495	'PWDRESET' => $pwdreset,
496	)
497	);
498	}
499
500
501	// Set extra template variables
502	// ----------------------------
503	$Conf_Pwreset = false;
504	$Conf_Logfailblock = false;
505
506	if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET']=='true')
507	{
508	$Conf_Pwreset = true;
509	}
510
511	if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK']=='true')
512	{
513	$Conf_Logfailblock = true;
514	}
515
516	// ----------------- Debugging code -----------------
517	//$converted_res1 = ($Conf_Pwreset) ? 'true' : 'false';
518	//$converted_res2 = ($Conf_Logfailblock) ? 'true' : 'false';
519	//PPLog($conf_PP['PWDRESET'],$converted_res1,$conf_PP['LOGFAILBLOCK'],$converted_res2);
520
521	// Template initialization - Extra variables
522	// -----------------------------------------
523	$template->assign(
524	array(
525	'PP_VERSION' => $version,
526	'PP_PATH' => PP_PATH,
527	'PP_THEME' => $PP_theme,
528	'PWRESET' => $Conf_Pwreset,
529	'LOGFAILBLOCK' => $Conf_Logfailblock,
530	)
531	);
532
533	// +-----------------------------------------------------------------------+
534	// \| errors display \|
535	// +-----------------------------------------------------------------------+
536	if (isset($errors) and count($errors) != 0)
537	{
538	$template->assign('errors',array());
539	foreach ($errors as $error)
540	{
541	array_push($page['errors'], $error);
542	}
543	}
544
545	// +-----------------------------------------------------------------------+
546	// \| templates display \|
547	// +-----------------------------------------------------------------------+
548	$template->set_filename('plugin_admin_content', dirname(__FILE__) . '/template/PP_userlist.tpl');
549	$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
550	}
551	else
552	{
553	array_push($page['errors'], l10n('PP_Err_Userlist_Settings'));
554	}
555
556	break;
557	}
558	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: extensions/Password_Policy/admin/PP_admin.php @ 27179

Download in other formats: