if (isset($error_copy)) {
$errors[] = $error_copy;
} else {
session_set_save_handler('pwg_session_open', 'pwg_session_close', 'pwg_session_read', 'pwg_session_write', 'pwg_session_destroy', 'pwg_session_gc');
if (function_exists('ini_set')) {
ini_set('session.use_cookies', $conf['session_use_cookies']);
ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
ini_set('session.cookie_httponly', 1);
}
session_name($conf['session_name']);
session_set_cookie_params(0, cookie_path());
register_shutdown_function('session_write_close');
$user = build_user(1, true);
log_user($user['id'], false);
// email notification
if (isset($_POST['send_password_by_mail'])) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$keyargs_content = array(get_l10n_args('Hello %s,', $admin_name), get_l10n_args('Welcome to your new installation of Piwigo!', ''), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', $admin_name), get_l10n_args('Password: %s', $admin_pass1), get_l10n_args('Email: %s', $admin_mail), get_l10n_args('', ''), get_l10n_args('Don\'t hesitate to consult our forums for any help: %s', PHPWG_URL));
pwg_mail($admin_mail, array('subject' => l10n('Just another Piwigo gallery'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain'));
}
}
}
if (count($errors) != 0) {
$template->assign('errors', $errors);
}
if (count($infos) != 0) {
$template->assign('infos', $infos);
}
//----------------------------------------------------------- html code display
$template->pparse('install');
/**
* returns a string formated with l10n elements.
* it is usefull to "prepare" a text and translate it later
* @see get_l10n_args()
*
* @param array $key_args one l10n_args element or array of l10n_args elements
* @param string $sep used when translated elements are concatened
* @return string
*/
function l10n_args($key_args, $sep = "\n")
{
if (is_array($key_args)) {
foreach ($key_args as $key => $element) {
if (isset($result)) {
$result .= $sep;
} else {
$result = '';
}
if ($key === 'key_args') {
array_unshift($element, l10n(array_shift($element)));
// translate the key
$result .= call_user_func_array('sprintf', $element);
} else {
$result .= l10n_args($element, $sep);
}
}
} else {
fatal_error('l10n_args: Invalid arguments');
}
return $result;
}
/**
* Creates a new user.
*
* @param string $login
* @param string $password
* @param string $mail_adress
* @param bool $notify_admin
* @param array &$errors populated with error messages
* @param bool $notify_user
* @return int|false user id or false
*/
function register_user($login, $password, $mail_address, $notify_admin = true, &$errors = array(), $notify_user = false)
{
global $conf;
if ($login == '') {
$errors[] = l10n('Please, enter a login');
}
if (preg_match('/^.* $/', $login)) {
$errors[] = l10n('login mustn\'t end with a space character');
}
if (preg_match('/^ .*$/', $login)) {
$errors[] = l10n('login mustn\'t start with a space character');
}
if (get_userid($login)) {
$errors[] = l10n('this login is already used');
}
if ($login != strip_tags($login)) {
$errors[] = l10n('html tags are not allowed in login');
}
$mail_error = validate_mail_address(null, $mail_address);
if ('' != $mail_error) {
$errors[] = $mail_error;
}
if ($conf['insensitive_case_logon'] == true) {
$login_error = validate_login_case($login);
if ($login_error != '') {
$errors[] = $login_error;
}
}
$errors = trigger_change('register_user_check', $errors, array('username' => $login, 'password' => $password, 'email' => $mail_address));
// if no error until here, registration of the user
if (count($errors) == 0) {
$insert = array($conf['user_fields']['username'] => pwg_db_real_escape_string($login), $conf['user_fields']['password'] => $conf['password_hash']($password), $conf['user_fields']['email'] => $mail_address);
single_insert(USERS_TABLE, $insert);
$user_id = pwg_db_insert_id();
// Assign by default groups
$query = '
SELECT id
FROM ' . GROUPS_TABLE . '
WHERE is_default = \'' . boolean_to_string(true) . '\'
ORDER BY id ASC
;';
$result = pwg_query($query);
$inserts = array();
while ($row = pwg_db_fetch_assoc($result)) {
$inserts[] = array('user_id' => $user_id, 'group_id' => $row['id']);
}
if (count($inserts) != 0) {
mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
}
$override = array();
if ($language = get_browser_language()) {
$override['language'] = $language;
}
create_user_infos($user_id, $override);
if ($notify_admin and $conf['email_admin_on_new_user']) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$admin_url = get_absolute_root_url() . 'admin.php?page=user_list&username='******'User: %s', stripslashes($login)), get_l10n_args('Email: %s', $mail_address), get_l10n_args(''), get_l10n_args('Admin: %s', $admin_url));
pwg_mail_notification_admins(get_l10n_args('Registration of %s', stripslashes($login)), $keyargs_content);
}
if ($notify_user and email_check_format($mail_address)) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$keyargs_content = array(get_l10n_args('Hello %s,', stripslashes($login)), get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', stripslashes($login)), get_l10n_args('Password: %s', stripslashes($password)), get_l10n_args('Email: %s', $mail_address), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()));
pwg_mail($mail_address, array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Registration'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain'));
}
trigger_notify('register_user', array('id' => $user_id, 'username' => $login, 'email' => $mail_address));
return $user_id;
} else {
return false;
}
}
function save_profile_from_post($userdata, &$errors)
{
global $conf, $page;
$errors = array();
if (!isset($_POST['validate'])) {
return false;
}
$special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
if ($special_user) {
unset($_POST['username'], $_POST['mail_address'], $_POST['password'], $_POST['use_new_pwd'], $_POST['passwordConf'], $_POST['theme'], $_POST['language']);
$_POST['theme'] = get_default_theme();
$_POST['language'] = get_default_language();
}
if (!defined('IN_ADMIN')) {
unset($_POST['username']);
}
if ($conf['allow_user_customization'] or defined('IN_ADMIN')) {
$int_pattern = '/^\\d+$/';
if (empty($_POST['nb_image_page']) or !preg_match($int_pattern, $_POST['nb_image_page'])) {
$errors[] = l10n('The number of photos per page must be a not null scalar');
}
// periods must be integer values, they represents number of days
if (!preg_match($int_pattern, $_POST['recent_period']) or $_POST['recent_period'] < 0) {
$errors[] = l10n('Recent period must be a positive integer value');
}
if (!in_array($_POST['language'], array_keys(get_languages()))) {
die('Hacking attempt, incorrect language value');
}
if (!in_array($_POST['theme'], array_keys(get_pwg_themes()))) {
die('Hacking attempt, incorrect theme value');
}
}
if (isset($_POST['mail_address'])) {
// if $_POST and $userdata have are same email
// validate_mail_address allows, however, to check email
$mail_error = validate_mail_address($userdata['id'], $_POST['mail_address']);
if (!empty($mail_error)) {
$errors[] = $mail_error;
}
}
if (!empty($_POST['use_new_pwd'])) {
// password must be the same as its confirmation
if ($_POST['use_new_pwd'] != $_POST['passwordConf']) {
$errors[] = l10n('The passwords do not match');
}
if (!defined('IN_ADMIN')) {
// changing password requires old password
$query = '
SELECT ' . $conf['user_fields']['password'] . ' AS password
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['id'] . ' = \'' . $userdata['id'] . '\'
;';
list($current_password) = pwg_db_fetch_row(pwg_query($query));
if (!$conf['password_verify']($_POST['password'], $current_password)) {
$errors[] = l10n('Current password is wrong');
}
}
}
if (count($errors) == 0) {
// mass_updates function
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
if (isset($_POST['mail_address'])) {
// update common user informations
$fields = array($conf['user_fields']['email']);
$data = array();
$data[$conf['user_fields']['id']] = $userdata['id'];
$data[$conf['user_fields']['email']] = $_POST['mail_address'];
// password is updated only if filled
if (!empty($_POST['use_new_pwd'])) {
$fields[] = $conf['user_fields']['password'];
// password is hashed with function $conf['password_hash']
$data[$conf['user_fields']['password']] = $conf['password_hash']($_POST['use_new_pwd']);
}
// username is updated only if allowed
if (!empty($_POST['username'])) {
if ($_POST['username'] != $userdata['username'] and get_userid($_POST['username'])) {
$page['errors'][] = l10n('this login is already used');
unset($_POST['redirect']);
} else {
$fields[] = $conf['user_fields']['username'];
$data[$conf['user_fields']['username']] = $_POST['username'];
// send email to the user
if ($_POST['username'] != $userdata['username']) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
switch_lang_to($userdata['language']);
$keyargs_content = array(get_l10n_args('Hello', ''), get_l10n_args('Your username has been successfully changed to : %s', $_POST['username']));
pwg_mail($_POST['mail_address'], array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Username modification'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain'));
switch_lang_back();
}
}
}
mass_updates(USERS_TABLE, array('primary' => array($conf['user_fields']['id']), 'update' => $fields), array($data));
}
if ($conf['allow_user_customization'] or defined('IN_ADMIN')) {
// update user "additional" informations (specific to Piwigo)
$fields = array('nb_image_page', 'language', 'expand', 'show_nb_hits', 'recent_period', 'theme');
if ($conf['activate_comments']) {
$fields[] = 'show_nb_comments';
}
$data = array();
$data['user_id'] = $userdata['id'];
foreach ($fields as $field) {
if (isset($_POST[$field])) {
$data[$field] = $_POST[$field];
}
}
mass_updates(USER_INFOS_TABLE, array('primary' => array('user_id'), 'update' => $fields), array($data));
}
trigger_notify('save_profile_from_post', $userdata['id']);
if (!empty($_POST['redirect'])) {
redirect($_POST['redirect']);
}
}
return true;
}
/**
* Send a notification email to all administrators.
* current user (if admin) is not notified
*
* @param string|array $subject
* @param string|array $content
* @param boolean $send_technical_details - send user IP and browser
* @return boolean
*/
function pwg_mail_notification_admins($subject, $content, $send_technical_details = true)
{
if (empty($subject) or empty($content)) {
return false;
}
global $conf, $user;
if (is_array($subject) or is_array($content)) {
switch_lang_to(get_default_language());
if (is_array($subject)) {
$subject = l10n_args($subject);
}
if (is_array($content)) {
$content = l10n_args($content);
}
switch_lang_back();
}
$tpl_vars = array();
if ($send_technical_details) {
$tpl_vars['TECHNICAL'] = array('username' => stripslashes($user['username']), 'ip' => $_SERVER['REMOTE_ADDR'], 'user_agent' => $_SERVER['HTTP_USER_AGENT']);
}
return pwg_mail_admins(array('subject' => '[' . $conf['gallery_title'] . '] ' . $subject, 'mail_title' => $conf['gallery_title'], 'mail_subtitle' => $subject, 'content' => $content, 'content_format' => 'text/plain'), array('filename' => 'notification_admin', 'assign' => $tpl_vars));
}
/**
* Function called from UAM_admin.php to send notification email when user registration have been manually validated by admin
*
* @param : user id
*
*/
function validation_mail($id)
{
global $conf;
$conf_UAM = unserialize($conf['UserAdvManager']);
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$custom_txt = "";
$subject = "";
// We have to get the user's language in database
// ----------------------------------------------
$query = '
SELECT user_id, language
FROM ' . USER_INFOS_TABLE . '
WHERE user_id = ' . $id . '
;';
$data = pwg_db_fetch_assoc(pwg_query($query));
// Check if user is already registered (profile changing) - If not (new registration), language is set to current gallery language
// -------------------------------------------------------------------------------------------------------------------------------
if (empty($data)) {
// And switch gallery to this language before using personalized and multilangual contents
// ---------------------------------------------------------------------------------------
$language = pwg_get_session_var('lang_switch', $user['language']);
switch_lang_to($language);
} else {
// And switch gallery to this language before using personalized and multilangual contents
// ---------------------------------------------------------------------------------------
$language = $data['language'];
// Usefull for debugging
switch_lang_to($data['language']);
load_language('plugin.lang', UAM_PATH);
}
// Retreive users email and user name from id
// ------------------------------------------
$query = '
SELECT id, username, mail_address
FROM ' . USERS_TABLE . '
WHERE id = ' . $id . '
;';
$result = pwg_db_fetch_assoc(pwg_query($query));
if (isset($conf_UAM['ADMINVALIDATIONMAIL_SUBJECT']) and !empty($conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) {
// Management of Extension flags ([username], [mygallery])
// -------------------------------------------------------
$patterns[] = '#\\[username\\]#i';
$replacements[] = stripslashes($result['username']);
$patterns[] = '#\\[mygallery\\]#i';
$replacements[] = $conf['gallery_title'];
if (function_exists('get_user_language_desc')) {
$subject = get_user_language_desc(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) . "\n\n";
} else {
$subject = l10n(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) . "\n\n";
}
}
if (isset($conf_UAM['ADMINVALIDATIONMAIL']) and !empty($conf_UAM['ADMINVALIDATIONMAIL'])) {
// Management of Extension flags ([username], [mygallery], [myurl])
// ----------------------------------------------------------------
$patterns[] = '#\\[username\\]#i';
$replacements[] = stripslashes($result['username']);
$patterns[] = '#\\[mygallery\\]#i';
$replacements[] = $conf['gallery_title'];
$patterns[] = '#\\[myurl\\]#i';
$replacements[] = get_gallery_home_url();
if (function_exists('get_user_language_desc')) {
$custom_txt = get_user_language_desc(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL'])) . "\n\n";
} else {
$custom_txt = l10n(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL'])) . "\n\n";
}
}
$infos = array(get_l10n_args('UAM_User: %s', stripslashes($result['username'])), get_l10n_args('Email: %s', $result['mail_address']), get_l10n_args('', ''));
// Sending the email with subject and contents
// -------------------------------------------
// Adding gallery URL at the end of the email
if (isset($conf_UAM['ADD_GALLERY_URL_TO_EMAILS']) and $conf_UAM['ADD_GALLERY_URL_TO_EMAILS'] == 'true') {
$content = l10n_args($infos) . "\n\n" . $custom_txt . get_absolute_root_url();
pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject));
// Send a copy to admins
if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') {
UAM_Copy2Admins($subject, $content);
}
} elseif (isset($conf_UAM['ADD_GALLERY_URL_TO_EMAILS']) and $conf_UAM['ADD_GALLERY_URL_TO_EMAILS'] == 'false') {
$content = l10n_args($infos) . "\n\n" . $custom_txt;
pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject));
// Send a copy to admins
if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') {
UAM_Copy2Admins($subject, $content);
}
} else {
$content = l10n_args($infos) . "\n\n" . $custom_txt;
pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject));
// Send a copy to admins
if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') {
UAM_Copy2Admins($subject, $content);
}
}
// Switching back to default language
// ----------------------------------
switch_lang_back();
}
/**
* Triggered on loc_begin_profile
*/
function PP_Profile_Init()
{
global $conf, $user, $template;
load_language('plugin.lang', PP_PATH);
$conf_PP = unserialize($conf['PasswordPolicy']);
// Special message display for password reset
// ------------------------------------------
if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') {
if (PP_check_pwdreset($user['id'])) {
$template->append('errors', l10n('PP_Password_Reset_Msg'));
}
}
// Controls on profile page submission
// -----------------------------------
if (isset($_POST['validate']) and !is_admin()) {
// Password reset control
// ----------------------
if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true' and PP_check_pwdreset($user['id'])) {
// if password not changed then pwdreset field = true else pwdreset field = false
// ------------------------------------------------------------------------------
if (!empty($_POST['use_new_pwd'])) {
$query = '
UPDATE ' . USERS_TABLE . '
SET PP_pwdreset = "false"
WHERE id = ' . $user['id'] . '
LIMIT 1
;';
pwg_query($query);
}
}
if (!empty($_POST['use_new_pwd'])) {
// Password enforcement control
// ----------------------------
if (isset($conf_PP['PASSWORDENF']) and $conf_PP['PASSWORDENF'] == 'true' and !empty($conf_PP['PASSWORD_SCORE'])) {
$PasswordCheck = PP_testpassword($_POST['use_new_pwd']);
if ($PasswordCheck < $conf_PP['PASSWORD_SCORE']) {
$message = get_l10n_args('PP_Error_Password_Need_Enforcement_%s', $PasswordCheck);
$template->append('errors', l10n_args($message) . $conf_PP['PASSWORD_SCORE']);
unset($_POST['use_new_pwd']);
unset($_POST['validate']);
}
}
}
}
}
/**
* Add new registered user in Piwigo users table from audit/synch action
* To solve password synch problem, passwords are reset to NULL to force users to get a new password on their profile page
*
* Based on user_mass_register plugin (thx to plg!)
*
* @return : $errors
*/
function Synch_Piwigo_Adduser($fluxbb_id, $username, $password, $email)
{
global $conf;
load_language('plugin.lang', REGFLUXBB_PATH);
$errors = register_user($username, $password, $email, false);
if (empty($errors)) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$keyargs_content = array(get_l10n_args('Hello %s,', $username), get_l10n_args('To synchronize your forum access with the gallery you have been registered at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('Username: %s', $username), get_l10n_args('Password: %s', $password), get_l10n_args('Email: %s', $email), get_l10n_args('', ''), get_l10n_args('Please change your password at your first connexion on the gallery', ''), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()));
pwg_mail($email, array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Registration'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain'));
$pwg_id = get_userid($username);
FluxBB_Linkuser($pwg_id, $fluxbb_id, "NOK");
}
return $errors;
}
