if (isset($error_copy)) { $errors[] = $error_copy; } else { session_set_save_handler('pwg_session_open', 'pwg_session_close', 'pwg_session_read', 'pwg_session_write', 'pwg_session_destroy', 'pwg_session_gc'); if (function_exists('ini_set')) { ini_set('session.use_cookies', $conf['session_use_cookies']); ini_set('session.use_only_cookies', $conf['session_use_only_cookies']); ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid'])); ini_set('session.cookie_httponly', 1); } session_name($conf['session_name']); session_set_cookie_params(0, cookie_path()); register_shutdown_function('session_write_close'); $user = build_user(1, true); log_user($user['id'], false); // email notification if (isset($_POST['send_password_by_mail'])) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Hello %s,', $admin_name), get_l10n_args('Welcome to your new installation of Piwigo!', ''), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', $admin_name), get_l10n_args('Password: %s', $admin_pass1), get_l10n_args('Email: %s', $admin_mail), get_l10n_args('', ''), get_l10n_args('Don\'t hesitate to consult our forums for any help: %s', PHPWG_URL)); pwg_mail($admin_mail, array('subject' => l10n('Just another Piwigo gallery'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); } } } if (count($errors) != 0) { $template->assign('errors', $errors); } if (count($infos) != 0) { $template->assign('infos', $infos); } //----------------------------------------------------------- html code display $template->pparse('install');
/** * returns a string formated with l10n elements. * it is usefull to "prepare" a text and translate it later * @see get_l10n_args() * * @param array $key_args one l10n_args element or array of l10n_args elements * @param string $sep used when translated elements are concatened * @return string */ function l10n_args($key_args, $sep = "\n") { if (is_array($key_args)) { foreach ($key_args as $key => $element) { if (isset($result)) { $result .= $sep; } else { $result = ''; } if ($key === 'key_args') { array_unshift($element, l10n(array_shift($element))); // translate the key $result .= call_user_func_array('sprintf', $element); } else { $result .= l10n_args($element, $sep); } } } else { fatal_error('l10n_args: Invalid arguments'); } return $result; }
/** * Creates a new user. * * @param string $login * @param string $password * @param string $mail_adress * @param bool $notify_admin * @param array &$errors populated with error messages * @param bool $notify_user * @return int|false user id or false */ function register_user($login, $password, $mail_address, $notify_admin = true, &$errors = array(), $notify_user = false) { global $conf; if ($login == '') { $errors[] = l10n('Please, enter a login'); } if (preg_match('/^.* $/', $login)) { $errors[] = l10n('login mustn\'t end with a space character'); } if (preg_match('/^ .*$/', $login)) { $errors[] = l10n('login mustn\'t start with a space character'); } if (get_userid($login)) { $errors[] = l10n('this login is already used'); } if ($login != strip_tags($login)) { $errors[] = l10n('html tags are not allowed in login'); } $mail_error = validate_mail_address(null, $mail_address); if ('' != $mail_error) { $errors[] = $mail_error; } if ($conf['insensitive_case_logon'] == true) { $login_error = validate_login_case($login); if ($login_error != '') { $errors[] = $login_error; } } $errors = trigger_change('register_user_check', $errors, array('username' => $login, 'password' => $password, 'email' => $mail_address)); // if no error until here, registration of the user if (count($errors) == 0) { $insert = array($conf['user_fields']['username'] => pwg_db_real_escape_string($login), $conf['user_fields']['password'] => $conf['password_hash']($password), $conf['user_fields']['email'] => $mail_address); single_insert(USERS_TABLE, $insert); $user_id = pwg_db_insert_id(); // Assign by default groups $query = ' SELECT id FROM ' . GROUPS_TABLE . ' WHERE is_default = \'' . boolean_to_string(true) . '\' ORDER BY id ASC ;'; $result = pwg_query($query); $inserts = array(); while ($row = pwg_db_fetch_assoc($result)) { $inserts[] = array('user_id' => $user_id, 'group_id' => $row['id']); } if (count($inserts) != 0) { mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts); } $override = array(); if ($language = get_browser_language()) { $override['language'] = $language; } create_user_infos($user_id, $override); if ($notify_admin and $conf['email_admin_on_new_user']) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $admin_url = get_absolute_root_url() . 'admin.php?page=user_list&username='******'User: %s', stripslashes($login)), get_l10n_args('Email: %s', $mail_address), get_l10n_args(''), get_l10n_args('Admin: %s', $admin_url)); pwg_mail_notification_admins(get_l10n_args('Registration of %s', stripslashes($login)), $keyargs_content); } if ($notify_user and email_check_format($mail_address)) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Hello %s,', stripslashes($login)), get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', stripslashes($login)), get_l10n_args('Password: %s', stripslashes($password)), get_l10n_args('Email: %s', $mail_address), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address())); pwg_mail($mail_address, array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Registration'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); } trigger_notify('register_user', array('id' => $user_id, 'username' => $login, 'email' => $mail_address)); return $user_id; } else { return false; } }
function save_profile_from_post($userdata, &$errors) { global $conf, $page; $errors = array(); if (!isset($_POST['validate'])) { return false; } $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id'])); if ($special_user) { unset($_POST['username'], $_POST['mail_address'], $_POST['password'], $_POST['use_new_pwd'], $_POST['passwordConf'], $_POST['theme'], $_POST['language']); $_POST['theme'] = get_default_theme(); $_POST['language'] = get_default_language(); } if (!defined('IN_ADMIN')) { unset($_POST['username']); } if ($conf['allow_user_customization'] or defined('IN_ADMIN')) { $int_pattern = '/^\\d+$/'; if (empty($_POST['nb_image_page']) or !preg_match($int_pattern, $_POST['nb_image_page'])) { $errors[] = l10n('The number of photos per page must be a not null scalar'); } // periods must be integer values, they represents number of days if (!preg_match($int_pattern, $_POST['recent_period']) or $_POST['recent_period'] < 0) { $errors[] = l10n('Recent period must be a positive integer value'); } if (!in_array($_POST['language'], array_keys(get_languages()))) { die('Hacking attempt, incorrect language value'); } if (!in_array($_POST['theme'], array_keys(get_pwg_themes()))) { die('Hacking attempt, incorrect theme value'); } } if (isset($_POST['mail_address'])) { // if $_POST and $userdata have are same email // validate_mail_address allows, however, to check email $mail_error = validate_mail_address($userdata['id'], $_POST['mail_address']); if (!empty($mail_error)) { $errors[] = $mail_error; } } if (!empty($_POST['use_new_pwd'])) { // password must be the same as its confirmation if ($_POST['use_new_pwd'] != $_POST['passwordConf']) { $errors[] = l10n('The passwords do not match'); } if (!defined('IN_ADMIN')) { // changing password requires old password $query = ' SELECT ' . $conf['user_fields']['password'] . ' AS password FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['id'] . ' = \'' . $userdata['id'] . '\' ;'; list($current_password) = pwg_db_fetch_row(pwg_query($query)); if (!$conf['password_verify']($_POST['password'], $current_password)) { $errors[] = l10n('Current password is wrong'); } } } if (count($errors) == 0) { // mass_updates function include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; if (isset($_POST['mail_address'])) { // update common user informations $fields = array($conf['user_fields']['email']); $data = array(); $data[$conf['user_fields']['id']] = $userdata['id']; $data[$conf['user_fields']['email']] = $_POST['mail_address']; // password is updated only if filled if (!empty($_POST['use_new_pwd'])) { $fields[] = $conf['user_fields']['password']; // password is hashed with function $conf['password_hash'] $data[$conf['user_fields']['password']] = $conf['password_hash']($_POST['use_new_pwd']); } // username is updated only if allowed if (!empty($_POST['username'])) { if ($_POST['username'] != $userdata['username'] and get_userid($_POST['username'])) { $page['errors'][] = l10n('this login is already used'); unset($_POST['redirect']); } else { $fields[] = $conf['user_fields']['username']; $data[$conf['user_fields']['username']] = $_POST['username']; // send email to the user if ($_POST['username'] != $userdata['username']) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; switch_lang_to($userdata['language']); $keyargs_content = array(get_l10n_args('Hello', ''), get_l10n_args('Your username has been successfully changed to : %s', $_POST['username'])); pwg_mail($_POST['mail_address'], array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Username modification'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); switch_lang_back(); } } } mass_updates(USERS_TABLE, array('primary' => array($conf['user_fields']['id']), 'update' => $fields), array($data)); } if ($conf['allow_user_customization'] or defined('IN_ADMIN')) { // update user "additional" informations (specific to Piwigo) $fields = array('nb_image_page', 'language', 'expand', 'show_nb_hits', 'recent_period', 'theme'); if ($conf['activate_comments']) { $fields[] = 'show_nb_comments'; } $data = array(); $data['user_id'] = $userdata['id']; foreach ($fields as $field) { if (isset($_POST[$field])) { $data[$field] = $_POST[$field]; } } mass_updates(USER_INFOS_TABLE, array('primary' => array('user_id'), 'update' => $fields), array($data)); } trigger_notify('save_profile_from_post', $userdata['id']); if (!empty($_POST['redirect'])) { redirect($_POST['redirect']); } } return true; }
/** * Send a notification email to all administrators. * current user (if admin) is not notified * * @param string|array $subject * @param string|array $content * @param boolean $send_technical_details - send user IP and browser * @return boolean */ function pwg_mail_notification_admins($subject, $content, $send_technical_details = true) { if (empty($subject) or empty($content)) { return false; } global $conf, $user; if (is_array($subject) or is_array($content)) { switch_lang_to(get_default_language()); if (is_array($subject)) { $subject = l10n_args($subject); } if (is_array($content)) { $content = l10n_args($content); } switch_lang_back(); } $tpl_vars = array(); if ($send_technical_details) { $tpl_vars['TECHNICAL'] = array('username' => stripslashes($user['username']), 'ip' => $_SERVER['REMOTE_ADDR'], 'user_agent' => $_SERVER['HTTP_USER_AGENT']); } return pwg_mail_admins(array('subject' => '[' . $conf['gallery_title'] . '] ' . $subject, 'mail_title' => $conf['gallery_title'], 'mail_subtitle' => $subject, 'content' => $content, 'content_format' => 'text/plain'), array('filename' => 'notification_admin', 'assign' => $tpl_vars)); }
/** * Function called from UAM_admin.php to send notification email when user registration have been manually validated by admin * * @param : user id * */ function validation_mail($id) { global $conf; $conf_UAM = unserialize($conf['UserAdvManager']); include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $custom_txt = ""; $subject = ""; // We have to get the user's language in database // ---------------------------------------------- $query = ' SELECT user_id, language FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $id . ' ;'; $data = pwg_db_fetch_assoc(pwg_query($query)); // Check if user is already registered (profile changing) - If not (new registration), language is set to current gallery language // ------------------------------------------------------------------------------------------------------------------------------- if (empty($data)) { // And switch gallery to this language before using personalized and multilangual contents // --------------------------------------------------------------------------------------- $language = pwg_get_session_var('lang_switch', $user['language']); switch_lang_to($language); } else { // And switch gallery to this language before using personalized and multilangual contents // --------------------------------------------------------------------------------------- $language = $data['language']; // Usefull for debugging switch_lang_to($data['language']); load_language('plugin.lang', UAM_PATH); } // Retreive users email and user name from id // ------------------------------------------ $query = ' SELECT id, username, mail_address FROM ' . USERS_TABLE . ' WHERE id = ' . $id . ' ;'; $result = pwg_db_fetch_assoc(pwg_query($query)); if (isset($conf_UAM['ADMINVALIDATIONMAIL_SUBJECT']) and !empty($conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) { // Management of Extension flags ([username], [mygallery]) // ------------------------------------------------------- $patterns[] = '#\\[username\\]#i'; $replacements[] = stripslashes($result['username']); $patterns[] = '#\\[mygallery\\]#i'; $replacements[] = $conf['gallery_title']; if (function_exists('get_user_language_desc')) { $subject = get_user_language_desc(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) . "\n\n"; } else { $subject = l10n(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL_SUBJECT'])) . "\n\n"; } } if (isset($conf_UAM['ADMINVALIDATIONMAIL']) and !empty($conf_UAM['ADMINVALIDATIONMAIL'])) { // Management of Extension flags ([username], [mygallery], [myurl]) // ---------------------------------------------------------------- $patterns[] = '#\\[username\\]#i'; $replacements[] = stripslashes($result['username']); $patterns[] = '#\\[mygallery\\]#i'; $replacements[] = $conf['gallery_title']; $patterns[] = '#\\[myurl\\]#i'; $replacements[] = get_gallery_home_url(); if (function_exists('get_user_language_desc')) { $custom_txt = get_user_language_desc(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL'])) . "\n\n"; } else { $custom_txt = l10n(preg_replace($patterns, $replacements, $conf_UAM['ADMINVALIDATIONMAIL'])) . "\n\n"; } } $infos = array(get_l10n_args('UAM_User: %s', stripslashes($result['username'])), get_l10n_args('Email: %s', $result['mail_address']), get_l10n_args('', '')); // Sending the email with subject and contents // ------------------------------------------- // Adding gallery URL at the end of the email if (isset($conf_UAM['ADD_GALLERY_URL_TO_EMAILS']) and $conf_UAM['ADD_GALLERY_URL_TO_EMAILS'] == 'true') { $content = l10n_args($infos) . "\n\n" . $custom_txt . get_absolute_root_url(); pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject)); // Send a copy to admins if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') { UAM_Copy2Admins($subject, $content); } } elseif (isset($conf_UAM['ADD_GALLERY_URL_TO_EMAILS']) and $conf_UAM['ADD_GALLERY_URL_TO_EMAILS'] == 'false') { $content = l10n_args($infos) . "\n\n" . $custom_txt; pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject)); // Send a copy to admins if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') { UAM_Copy2Admins($subject, $content); } } else { $content = l10n_args($infos) . "\n\n" . $custom_txt; pwg_mail(array('name' => stripslashes($result['username']), 'email' => $result['mail_address']), array('content' => $content, 'content_format' => 'text/plain', 'subject' => $subject)); // Send a copy to admins if (isset($conf_UAM['EMAILS_COPY_TO_ADMINS']) and $conf_UAM['EMAILS_COPY_TO_ADMINS'] == 'true') { UAM_Copy2Admins($subject, $content); } } // Switching back to default language // ---------------------------------- switch_lang_back(); }
/** * Triggered on loc_begin_profile */ function PP_Profile_Init() { global $conf, $user, $template; load_language('plugin.lang', PP_PATH); $conf_PP = unserialize($conf['PasswordPolicy']); // Special message display for password reset // ------------------------------------------ if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') { if (PP_check_pwdreset($user['id'])) { $template->append('errors', l10n('PP_Password_Reset_Msg')); } } // Controls on profile page submission // ----------------------------------- if (isset($_POST['validate']) and !is_admin()) { // Password reset control // ---------------------- if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true' and PP_check_pwdreset($user['id'])) { // if password not changed then pwdreset field = true else pwdreset field = false // ------------------------------------------------------------------------------ if (!empty($_POST['use_new_pwd'])) { $query = ' UPDATE ' . USERS_TABLE . ' SET PP_pwdreset = "false" WHERE id = ' . $user['id'] . ' LIMIT 1 ;'; pwg_query($query); } } if (!empty($_POST['use_new_pwd'])) { // Password enforcement control // ---------------------------- if (isset($conf_PP['PASSWORDENF']) and $conf_PP['PASSWORDENF'] == 'true' and !empty($conf_PP['PASSWORD_SCORE'])) { $PasswordCheck = PP_testpassword($_POST['use_new_pwd']); if ($PasswordCheck < $conf_PP['PASSWORD_SCORE']) { $message = get_l10n_args('PP_Error_Password_Need_Enforcement_%s', $PasswordCheck); $template->append('errors', l10n_args($message) . $conf_PP['PASSWORD_SCORE']); unset($_POST['use_new_pwd']); unset($_POST['validate']); } } } } }
/** * Add new registered user in Piwigo users table from audit/synch action * To solve password synch problem, passwords are reset to NULL to force users to get a new password on their profile page * * Based on user_mass_register plugin (thx to plg!) * * @return : $errors */ function Synch_Piwigo_Adduser($fluxbb_id, $username, $password, $email) { global $conf; load_language('plugin.lang', REGFLUXBB_PATH); $errors = register_user($username, $password, $email, false); if (empty($errors)) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Hello %s,', $username), get_l10n_args('To synchronize your forum access with the gallery you have been registered at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('Username: %s', $username), get_l10n_args('Password: %s', $password), get_l10n_args('Email: %s', $email), get_l10n_args('', ''), get_l10n_args('Please change your password at your first connexion on the gallery', ''), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address())); pwg_mail($email, array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Registration'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); $pwg_id = get_userid($username); FluxBB_Linkuser($pwg_id, $fluxbb_id, "NOK"); } return $errors; }