if (isset($error_copy)) { $errors[] = $error_copy; } else { session_set_save_handler('pwg_session_open', 'pwg_session_close', 'pwg_session_read', 'pwg_session_write', 'pwg_session_destroy', 'pwg_session_gc'); if (function_exists('ini_set')) { ini_set('session.use_cookies', $conf['session_use_cookies']); ini_set('session.use_only_cookies', $conf['session_use_only_cookies']); ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid'])); ini_set('session.cookie_httponly', 1); } session_name($conf['session_name']); session_set_cookie_params(0, cookie_path()); register_shutdown_function('session_write_close'); $user = build_user(1, true); log_user($user['id'], false); // email notification if (isset($_POST['send_password_by_mail'])) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Hello %s,', $admin_name), get_l10n_args('Welcome to your new installation of Piwigo!', ''), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', $admin_name), get_l10n_args('Password: %s', $admin_pass1), get_l10n_args('Email: %s', $admin_mail), get_l10n_args('', ''), get_l10n_args('Don\'t hesitate to consult our forums for any help: %s', PHPWG_URL)); pwg_mail($admin_mail, array('subject' => l10n('Just another Piwigo gallery'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); } } } if (count($errors) != 0) { $template->assign('errors', $errors); } if (count($infos) != 0) { $template->assign('infos', $infos); } //----------------------------------------------------------- html code display $template->pparse('install');
/** * Creates a new user. * * @param string $login * @param string $password * @param string $mail_adress * @param bool $notify_admin * @param array &$errors populated with error messages * @param bool $notify_user * @return int|false user id or false */ function register_user($login, $password, $mail_address, $notify_admin = true, &$errors = array(), $notify_user = false) { global $conf; if ($login == '') { $errors[] = l10n('Please, enter a login'); } if (preg_match('/^.* $/', $login)) { $errors[] = l10n('login mustn\'t end with a space character'); } if (preg_match('/^ .*$/', $login)) { $errors[] = l10n('login mustn\'t start with a space character'); } if (get_userid($login)) { $errors[] = l10n('this login is already used'); } if ($login != strip_tags($login)) { $errors[] = l10n('html tags are not allowed in login'); } $mail_error = validate_mail_address(null, $mail_address); if ('' != $mail_error) { $errors[] = $mail_error; } if ($conf['insensitive_case_logon'] == true) { $login_error = validate_login_case($login); if ($login_error != '') { $errors[] = $login_error; } } $errors = trigger_change('register_user_check', $errors, array('username' => $login, 'password' => $password, 'email' => $mail_address)); // if no error until here, registration of the user if (count($errors) == 0) { $insert = array($conf['user_fields']['username'] => pwg_db_real_escape_string($login), $conf['user_fields']['password'] => $conf['password_hash']($password), $conf['user_fields']['email'] => $mail_address); single_insert(USERS_TABLE, $insert); $user_id = pwg_db_insert_id(); // Assign by default groups $query = ' SELECT id FROM ' . GROUPS_TABLE . ' WHERE is_default = \'' . boolean_to_string(true) . '\' ORDER BY id ASC ;'; $result = pwg_query($query); $inserts = array(); while ($row = pwg_db_fetch_assoc($result)) { $inserts[] = array('user_id' => $user_id, 'group_id' => $row['id']); } if (count($inserts) != 0) { mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts); } $override = array(); if ($language = get_browser_language()) { $override['language'] = $language; } create_user_infos($user_id, $override); if ($notify_admin and $conf['email_admin_on_new_user']) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $admin_url = get_absolute_root_url() . 'admin.php?page=user_list&username='******'User: %s', stripslashes($login)), get_l10n_args('Email: %s', $mail_address), get_l10n_args(''), get_l10n_args('Admin: %s', $admin_url)); pwg_mail_notification_admins(get_l10n_args('Registration of %s', stripslashes($login)), $keyargs_content); } if ($notify_user and email_check_format($mail_address)) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Hello %s,', stripslashes($login)), get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', stripslashes($login)), get_l10n_args('Password: %s', stripslashes($password)), get_l10n_args('Email: %s', $mail_address), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address())); pwg_mail($mail_address, array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Registration'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); } trigger_notify('register_user', array('id' => $user_id, 'username' => $login, 'email' => $mail_address)); return $user_id; } else { return false; } }
function update_user_comment_guestbook($comment, $post_key) { global $conf; $comment_action = 'validate'; if (!verify_ephemeral_key($post_key)) { $comment_action = 'reject'; } else { if (!$conf['guestbook']['comments_validation'] or is_admin()) { $comment_action = 'validate'; } else { $comment_action = 'moderate'; } } if ($comment_action != 'reject') { $user_where_clause = ''; if (!is_admin()) { $user_where_clause = ' AND author_id = \'' . $GLOBALS['user']['id'] . '\''; } $query = ' UPDATE ' . GUESTBOOK_TABLE . ' SET content = \'' . $comment['content'] . '\', validated = \'' . ($comment_action == 'validate' ? 'true' : 'false') . '\', validation_date = ' . ($comment_action == 'validate' ? 'NOW()' : 'NULL') . ' WHERE id = ' . $comment['comment_id'] . $user_where_clause . ' ;'; $result = pwg_query($query); // mail admin and ask to validate the comment if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id' => $comm['id'])); $keyargs_content = array(get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username'])), get_l10n_args('Comment: %s', stripslashes($comment['content'])), get_l10n_args('', ''), get_l10n_args('Manage this user comment: %s', $comment_url), get_l10n_args('', ''), get_l10n_args('(!) This comment requires validation', '')); pwg_mail_notification_admins(get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username'])), $keyargs_content); } } return $comment_action; }
function save_profile_from_post($userdata, &$errors) { global $conf, $page; $errors = array(); if (!isset($_POST['validate'])) { return false; } $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id'])); if ($special_user) { unset($_POST['username'], $_POST['mail_address'], $_POST['password'], $_POST['use_new_pwd'], $_POST['passwordConf'], $_POST['theme'], $_POST['language']); $_POST['theme'] = get_default_theme(); $_POST['language'] = get_default_language(); } if (!defined('IN_ADMIN')) { unset($_POST['username']); } if ($conf['allow_user_customization'] or defined('IN_ADMIN')) { $int_pattern = '/^\\d+$/'; if (empty($_POST['nb_image_page']) or !preg_match($int_pattern, $_POST['nb_image_page'])) { $errors[] = l10n('The number of photos per page must be a not null scalar'); } // periods must be integer values, they represents number of days if (!preg_match($int_pattern, $_POST['recent_period']) or $_POST['recent_period'] < 0) { $errors[] = l10n('Recent period must be a positive integer value'); } if (!in_array($_POST['language'], array_keys(get_languages()))) { die('Hacking attempt, incorrect language value'); } if (!in_array($_POST['theme'], array_keys(get_pwg_themes()))) { die('Hacking attempt, incorrect theme value'); } } if (isset($_POST['mail_address'])) { // if $_POST and $userdata have are same email // validate_mail_address allows, however, to check email $mail_error = validate_mail_address($userdata['id'], $_POST['mail_address']); if (!empty($mail_error)) { $errors[] = $mail_error; } } if (!empty($_POST['use_new_pwd'])) { // password must be the same as its confirmation if ($_POST['use_new_pwd'] != $_POST['passwordConf']) { $errors[] = l10n('The passwords do not match'); } if (!defined('IN_ADMIN')) { // changing password requires old password $query = ' SELECT ' . $conf['user_fields']['password'] . ' AS password FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['id'] . ' = \'' . $userdata['id'] . '\' ;'; list($current_password) = pwg_db_fetch_row(pwg_query($query)); if (!$conf['password_verify']($_POST['password'], $current_password)) { $errors[] = l10n('Current password is wrong'); } } } if (count($errors) == 0) { // mass_updates function include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; if (isset($_POST['mail_address'])) { // update common user informations $fields = array($conf['user_fields']['email']); $data = array(); $data[$conf['user_fields']['id']] = $userdata['id']; $data[$conf['user_fields']['email']] = $_POST['mail_address']; // password is updated only if filled if (!empty($_POST['use_new_pwd'])) { $fields[] = $conf['user_fields']['password']; // password is hashed with function $conf['password_hash'] $data[$conf['user_fields']['password']] = $conf['password_hash']($_POST['use_new_pwd']); } // username is updated only if allowed if (!empty($_POST['username'])) { if ($_POST['username'] != $userdata['username'] and get_userid($_POST['username'])) { $page['errors'][] = l10n('this login is already used'); unset($_POST['redirect']); } else { $fields[] = $conf['user_fields']['username']; $data[$conf['user_fields']['username']] = $_POST['username']; // send email to the user if ($_POST['username'] != $userdata['username']) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; switch_lang_to($userdata['language']); $keyargs_content = array(get_l10n_args('Hello', ''), get_l10n_args('Your username has been successfully changed to : %s', $_POST['username'])); pwg_mail($_POST['mail_address'], array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Username modification'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); switch_lang_back(); } } } mass_updates(USERS_TABLE, array('primary' => array($conf['user_fields']['id']), 'update' => $fields), array($data)); } if ($conf['allow_user_customization'] or defined('IN_ADMIN')) { // update user "additional" informations (specific to Piwigo) $fields = array('nb_image_page', 'language', 'expand', 'show_nb_hits', 'recent_period', 'theme'); if ($conf['activate_comments']) { $fields[] = 'show_nb_comments'; } $data = array(); $data['user_id'] = $userdata['id']; foreach ($fields as $field) { if (isset($_POST[$field])) { $data[$field] = $_POST[$field]; } } mass_updates(USER_INFOS_TABLE, array('primary' => array('user_id'), 'update' => $fields), array($data)); } trigger_notify('save_profile_from_post', $userdata['id']); if (!empty($_POST['redirect'])) { redirect($_POST['redirect']); } } return true; }
/** * Notifies admins about updated or deleted comment. * Only used when no validation is needed, otherwise pwg_mail_notification_admins() is used. * * @param string $action edit, delete * @param array $comment */ function email_admin($action, $comment) { global $conf; if (!in_array($action, array('edit', 'delete')) or $action == 'edit' and !$conf['email_admin_on_comment_edition'] or $action == 'delete' and !$conf['email_admin_on_comment_deletion']) { return; } include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Author: %s', $comment['author'])); if ($action == 'delete') { $keyargs_content[] = get_l10n_args('This author removed the comment with id %d', $comment['comment_id']); } else { $keyargs_content[] = get_l10n_args('This author modified following comment:'); $keyargs_content[] = get_l10n_args('Comment: %s', $comment['content']); } pwg_mail_notification_admins(get_l10n_args('Comment by %s', $comment['author']), $keyargs_content); }
/** * Function called from UAM_admin.php to send notification email when user registration have been manually validated by admin * * @param : user id * */ function validation_mail($id) { global $conf; $conf_UAM = unserialize($conf['UserAdvManager']); include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $custom_txt = ""; $subject = ""; // We have to get the user's language in database // ---------------------------------------------- $query = ' SELECT user_id, language FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $id . ' ;'; $data = pwg_db_fetch_assoc(pwg_query($query)); // Check if user is already registered (profile changing) - If not (new registration), language is set to current gallery language // ------------------------------------------------------------------------------------------------------------------------------- if (empty($data)) { // And switch gallery to this language before using personalized and multilangual contents // --------------------------------------------------------------------------------------- $language = pwg_get_session_var('lang_switch', $user['language']); switch_lang_to($language); } else { // And switch gallery to this language before using personalized and multilangual contents // --------------------------------------------------------------------------------------- $language = $data['language']; // Usefull for debugging switch_lang_to($data['language']); load_language('plugin.lang', UAM_PATH); } // Retreive users email and user name from id // ------------------------------------------ $query = ' SELECT id, username, mail_address FROM ' . USERS_TABLE . ' WHERE id = ' . $id . ' ;'; $result = pwg_db_fetch_assoc(pwg_query($query)); if (isset($conf_UAM['ADMINVALIDATIONMAIL_SUBJECT']) and !empty($conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) { // Management of Extension flags ([username], [mygallery]) // ------------------------------------------------------- $patterns[] = '#\\[username\\]#i'; $replacements[] = stripslashes($result['username']); $patterns[] = '#\\[mygallery\\]#i'; $replacements[] = $conf['gallery_title']; if (function_exists('get_user_language_desc')) { $subject = get_user_language_desc(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) . "\n\n"; } else { $subject = l10n(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) . "\n\n"; } } if (isset($conf_UAM['ADMINVALIDATIONMAIL']) and !empty($conf_UAM['ADMINVALIDATIONMAIL'])) { // Management of Extension flags ([username], [mygallery], [myurl]) // ---------------------------------------------------------------- $patterns[] = '#\\[username\\]#i'; $replacements[] = stripslashes($result['username']); $patterns[] = '#\\[mygallery\\]#i'; $replacements[] = $conf['gallery_title']; $patterns[] = '#\\[myurl\\]#i'; $replacements[] = get_gallery_home_url(); if (function_exists('get_user_language_desc')) { $custom_txt = get_user_language_desc(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL'])) . "\n\n"; } else { $custom_txt = l10n(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL'])) . "\n\n"; } } $infos = array(get_l10n_args('UAM_User: %s', stripslashes($result['username'])), get_l10n_args('Email: %s', $result['mail_address']), get_l10n_args('', '')); // Sending the email with subject and contents // ------------------------------------------- // Adding gallery URL at the end of the email if (isset($conf_UAM['ADD_GALLERY_URL_TO_EMAILS']) and $conf_UAM['ADD_GALLERY_URL_TO_EMAILS'] == 'true') { $content = l10n_args($infos) . "\n\n" . $custom_txt . get_absolute_root_url(); pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject)); // Send a copy to admins if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') { UAM_Copy2Admins($subject, $content); } } elseif (isset($conf_UAM['ADD_GALLERY_URL_TO_EMAILS']) and $conf_UAM['ADD_GALLERY_URL_TO_EMAILS'] == 'false') { $content = l10n_args($infos) . "\n\n" . $custom_txt; pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject)); // Send a copy to admins if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') { UAM_Copy2Admins($subject, $content); } } else { $content = l10n_args($infos) . "\n\n" . $custom_txt; pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject)); // Send a copy to admins if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') { UAM_Copy2Admins($subject, $content); } } // Switching back to default language // ---------------------------------- switch_lang_back(); }
/** * Triggered on loc_begin_profile */ function PP_Profile_Init() { global $conf, $user, $template; load_language('plugin.lang', PP_PATH); $conf_PP = unserialize($conf['PasswordPolicy']); // Special message display for password reset // ------------------------------------------ if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') { if (PP_check_pwdreset($user['id'])) { $template->append('errors', l10n('PP_Password_Reset_Msg')); } } // Controls on profile page submission // ----------------------------------- if (isset($_POST['validate']) and !is_admin()) { // Password reset control // ---------------------- if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true' and PP_check_pwdreset($user['id'])) { // if password not changed then pwdreset field = true else pwdreset field = false // ------------------------------------------------------------------------------ if (!empty($_POST['use_new_pwd'])) { $query = ' UPDATE ' . USERS_TABLE . ' SET PP_pwdreset = "false" WHERE id = ' . $user['id'] . ' LIMIT 1 ;'; pwg_query($query); } } if (!empty($_POST['use_new_pwd'])) { // Password enforcement control // ---------------------------- if (isset($conf_PP['PASSWORDENF']) and $conf_PP['PASSWORDENF'] == 'true' and !empty($conf_PP['PASSWORD_SCORE'])) { $PasswordCheck = PP_testpassword($_POST['use_new_pwd']); if ($PasswordCheck < $conf_PP['PASSWORD_SCORE']) { $message = get_l10n_args('PP_Error_Password_Need_Enforcement_%s', $PasswordCheck); $template->append('errors', l10n_args($message) . $conf_PP['PASSWORD_SCORE']); unset($_POST['use_new_pwd']); unset($_POST['validate']); } } } } }
/** * Add new registered user in Piwigo users table from audit/synch action * To solve password synch problem, passwords are reset to NULL to force users to get a new password on their profile page * * Based on user_mass_register plugin (thx to plg!) * * @return : $errors */ function Synch_Piwigo_Adduser($fluxbb_id, $username, $password, $email) { global $conf; load_language('plugin.lang', REGFLUXBB_PATH); $errors = register_user($username, $password, $email, false); if (empty($errors)) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Hello %s,', $username), get_l10n_args('To synchronize your forum access with the gallery you have been registered at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('Username: %s', $username), get_l10n_args('Password: %s', $password), get_l10n_args('Email: %s', $email), get_l10n_args('', ''), get_l10n_args('Please change your password at your first connexion on the gallery', ''), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address())); pwg_mail($email, array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Registration'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); $pwg_id = get_userid($username); FluxBB_Linkuser($pwg_id, $fluxbb_id, "NOK"); } return $errors; }