1: <?php
  2: 
  3: /**
  4:  *
  5:  * Set the "interval" to the number of days before expiration
  6:  * Upon expiration, the user will be "disabled". He will not have
  7:  * login access to the gallery.
  8:  *
  9:  * If the user visits the gallery within one week prior to his expiry date
 10:  * an email will be sent to the user (if there is an email address)
 11:  * warning him of the impending expiration.
 12:  *
 13:  * There is a subtab added to the "admin" tab for managing expirations.
 14:  * A list of users without <var>ADMIN_RITGHTS</var> will be presented indicating each
 15:  * user's expiry date. Dates within one week of expiry are shown in orange,
 16:  * expired dates are shown in red.
 17:  *
 18:  * From this tab the user may be removed, disabled (enabled)
 19:  * or renewed. Renewal is for a new "interval" from his last renewal (or the
 20:  * current date if adding the interval would not bring him up-to-date.)
 21:  *
 22:  * <b>NOTE:</b> This plugin does not expire users with <var>ADMIN_RIGHTS</var>!
 23:  *
 24:  * @author Stephen Billard (sbillard)
 25:  * @package plugins
 26:  * @subpackage users
 27:  */
 28: // force UTF-8 Ø
 29: 
 30: $plugin_is_filter = 5 | CLASS_PLUGIN;
 31: $plugin_description = gettext("Provides management of users based on when they were created.");
 32: $plugin_author = "Stephen Billard (sbillard)";
 33: 
 34: 
 35: $option_interface = 'user_expiry';
 36: 
 37: zp_register_filter('admin_tabs', 'user_expiry::admin_tabs', 0);
 38: zp_register_filter('authorization_cookie', 'user_expiry::checkcookie');
 39: zp_register_filter('admin_login_attempt', 'user_expiry::checklogon');
 40: zp_register_filter('federated_login_attempt', 'user_expiry::checklogon');
 41: zp_register_filter('edit_admin_custom_data', 'user_expiry::edit_admin', 999);
 42: zp_register_filter('load_theme_script', 'user_expiry::reverify', 999);
 43: zp_register_filter('admin_note', 'user_expiry::notify', 999);
 44: zp_register_filter('can_set_user_password', 'user_expiry::passwordAllowed');
 45: zp_register_filter('remove_user', 'user_expiry::cleanup');
 46: 
 47: /**
 48:  * Option handler class
 49:  *
 50:  */
 51: class user_expiry {
 52: 
 53:     /**
 54:      * class instantiation function
 55:      *
 56:      */
 57:     function __construct() {
 58:         setOptionDefault('user_expiry_interval', 365);
 59:         setOptionDefault('user_expiry_warn_interval', 7);
 60:         setOptionDefault('user_expiry_auto_renew', 0);
 61:         setOptionDefault('user_expiry_password_cycle', 0);
 62:     }
 63: 
 64:     /**
 65:      * Reports the supported options
 66:      *
 67:      * @return array
 68:      */
 69:     function getOptionsSupported() {
 70:         return
 71:                         array(gettext('Days until expiration') => array('key'        => 'user_expiry_interval', 'type'   => OPTION_TYPE_CLEARTEXT,
 72:                                                         'order'  => 1,
 73:                                                         'desc'   => gettext('The number of days until a user is flagged as expired. Set to zero for no expiry.')),
 74:                                         gettext('Warning interval')          => array('key'      => 'user_expiry_warn_interval', 'type'  => OPTION_TYPE_CLEARTEXT,
 75:                                                         'order'  => 2,
 76:                                                         'desc'   => gettext('The period in days before the expiry during which a warning message will be sent to the user. (If set to zero, no warning occurs.)')),
 77:                                         gettext('Auto renew')                        => array('key'      => 'user_expiry_auto_renew', 'type'     => OPTION_TYPE_CHECKBOX,
 78:                                                         'order'  => 3,
 79:                                                         'desc'   => gettext('Automatically renew the subscription if the user visits during the warning period.')),
 80:                                         gettext('Password cycle')                => array('key'      => 'user_expiry_password_cycle', 'type'     => OPTION_TYPE_CLEARTEXT,
 81:                                                         'order'  => 4,
 82:                                                         'desc'   => gettext('Number of days between required password changes. Set to zero for no required changes.'))
 83:         );
 84:     }
 85: 
 86:     function handleOption($option, $currentValue) {
 87: 
 88:     }
 89: 
 90:     static function admin_tabs($tabs) {
 91:         global $_zp_current_admin_obj, $_zp_loggedin;
 92:         if (user_expiry::checkPasswordRenew()) {
 93:             $_zp_current_admin_obj->setRights($_zp_loggedin = USER_RIGHTS | NO_RIGHTS);
 94:             $tabs = array('users' => array('text'        => gettext("users"),
 95:                                             'link'       => WEBPATH . "/" . ZENFOLDER . '/admin-users.php?page=users',
 96:                                             'subtabs'    => NULL));
 97:         }
 98:         if (zp_loggedin(ADMIN_RIGHTS) && $_zp_current_admin_obj->getID()) {
 99:             if (isset($tabs['users']['subtabs'])) {
100:                 $subtabs = $tabs['users']['subtabs'];
101:             } else {
102:                 $subtabs = array();
103:             }
104:             $subtabs[gettext('users')] = 'admin-users.php?page=users&tab=users';
105:             $subtabs[gettext('expiry')] = PLUGIN_FOLDER . '/user-expiry/user-expiry-tab.php?page=users&tab=expiry';
106:             $tabs['users'] = array('text'        => gettext("admin"),
107:                             'link'       => WEBPATH . "/" . ZENFOLDER . '/admin-users.php?page=users&tab=users',
108:                             'subtabs'    => $subtabs,
109:                             'default'    => 'users');
110:         }
111:         return $tabs;
112:     }
113: 
114:     private static function checkexpires($loggedin, $userobj) {
115:         global $_zp_gallery;
116: 
117:         if ($userobj->logout_link !== true) {
118:             return $loggedin;
119:         }
120:         if (!$subscription = 86400 * getOption('user_expiry_interval')) {
121:             // expiry is disabled
122:             return $loggedin;
123:         }
124:         $expires = strtotime($userobj->getDateTime()) + $subscription;
125:         if ($expires < time()) {
126:             $userobj->setValid(2);
127:             $userobj->save();
128:             $loggedin = false;
129:         } else {
130:             if ($expires < (time() + getOption('user_expiry_warn_interval') * 86400)) { //  expired
131:                 if (getOption('user_expiry_auto_renew')) {
132:                     $newdate = getOption('user_expiry_interval') * 86400 + strtotime($userobj->getDateTime());
133:                     if ($newdate + getOption('user_expiry_interval') * 86400 < time()) {
134:                         $newdate = time() + getOption('user_expiry_interval') * 86400;
135:                     }
136:                     $userobj->setDateTime(date('Y-m-d H:i:s', $newdate));
137:                     $userobj->setValid(1);
138:                     $credentials = $userobj->getCredentials();
139:                     $key = array_search('exiry_notice', $credentials);
140:                     if ($key !== false) {
141:                         unset($credentials[$key]);
142:                         $userobj->setCredentials($credentials);
143:                     }
144:                     $userobj->save();
145:                 } else {
146:                     if ($mail = $userobj->getEmail()) {
147:                         $credentials = $userobj->getCredentials();
148:                         if (!in_array('exiry_notice', $credentials)) {
149:                             $credentials[] = 'exiry_notice';
150:                             $userobj->setCredentials($credentials);
151:                             $userobj->save();
152:                             $message = sprintf(gettext('Your user id for the Zenphoto site %s will expire on %s.'), $_zp_gallery->getTitle(), date('Y-m-d', $expires));
153:                             $notify = zp_mail(get_language_string(gettext('User id expiration')), $message, array($userobj->getName() => $mail));
154:                         }
155:                     }
156:                 }
157:             } else {
158:                 $credentials = $userobj->getCredentials();
159:                 $key = array_search('exiry_notice', $credentials);
160:                 if ($key !== false) {
161:                     unset($credentials[$key]);
162:                     $userobj->setCredentials($credentials);
163:                     $userobj->save();
164:                 }
165:             }
166:         }
167:         return $loggedin;
168:     }
169: 
170:     static function checkPasswordRenew() {
171:         global $_zp_current_admin_obj;
172:         $threshold = getOption('user_expiry_password_cycle') * 86400;
173:         if ($threshold && is_object($_zp_current_admin_obj) && !($_zp_current_admin_obj->getRights() & ADMIN_RIGHTS)) {
174:             if (strtotime($_zp_current_admin_obj->get('passupdate')) + $threshold < time()) {
175:                 return true;
176:             }
177:         }
178:         return false;
179:     }
180: 
181:     static function cleanup($user) {
182:         query('DELETE FROM ' . prefix('plugin_storage') . ' WHERE `type`=' . db_quote('user_expiry_usedPasswords') . ' AND `aux`=' . $user->getID());
183:     }
184: 
185:     static function passwordAllowed($msg, $pwd, $user) {
186:         if ($id = $user->getID() > 0) {
187:             $store = query_single_row('SELECT * FROM ' . prefix('plugin_storage') . ' WHERE `type`=' . db_quote('user_expiry_usedPasswords') . ' AND `aux`=' . $id);
188:             if ($store) {
189:                 $used = getSerializedArray($store['data']);
190:                 if (in_array($pwd, $used)) {
191:                     if (zp_loggedin(ADMIN_RIGHTS)) { // persons with ADMIN_RIGHTS get to override this so they can reset a passwrod for a user
192:                         unset($used[$pwd]);
193:                     } else {
194:                         return gettext('You have used that password recently. Please choose a different password.');
195:                     }
196:                 }
197:                 if (count($used) > 9) {
198:                     $used = array_slice($used, 1);
199:                 }
200:             } else {
201:                 $used = array();
202:             }
203:             array_push($used, $pwd);
204:             if ($store) {
205:                 query('UPDATE ' . prefix('plugin_storage') . 'SET `data`=' . db_quote(serialize($used)) . ' WHERE `type`=' . db_quote('user_expiry_usedPasswords') . ' AND `aux`=' . $id);
206:             } else {
207:                 query('INSERT INTO ' . prefix('plugin_storage') . ' (`type`, `aux`, `data`) VALUES (' . db_quote('user_expiry_usedPasswords') . ',' . $id . ',' . db_quote(serialize($used)) . ')');
208:             }
209:         }
210:         return $msg;
211:     }
212: 
213:     static function checkcookie($loggedin) {
214:         global $_zp_current_admin_obj;
215:         if (is_object($_zp_current_admin_obj) && !($_zp_current_admin_obj->getRights() & ADMIN_RIGHTS)) {
216:             $loggedin = user_expiry::checkexpires($loggedin, $_zp_current_admin_obj);
217:         }
218:         return $loggedin;
219:     }
220: 
221:     static function checklogon($loggedin, $user) {
222:         if ($loggedin) {
223:             if (!($loggedin & ADMIN_RIGHTS)) {
224:                 if ($userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`=' => 1))) {
225:                     $loggedin = user_expiry::checkexpires($loggedin, $userobj);
226:                 }
227:             }
228:         }
229:         return $loggedin;
230:     }
231: 
232:     /**
233:      * Re-validates user's e-mail via ticket.
234:      * @param string $path the script (which we ignore)
235:      * @return string
236:      */
237:     static function reverify($path) {
238:         //process any verifications posted
239:         if (isset($_GET['user_expiry_reverify'])) {
240:             $params = unserialize(pack("H*", trim(sanitize($_GET['user_expiry_reverify']), '.')));
241:             if ((time() - $params['date']) < 2592000) {
242:                 $userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $params['user'], '`email`=' => $params['email'], '`valid`>' => 0));
243:                 if ($userobj) {
244:                     $credentials = $userobj->getCredentials();
245:                     $credentials[] = 'expiry';
246:                     $credentials[] = 'email';
247:                     $credentials = array_unique($credentials);
248:                 }
249:                 $userobj->setCredentials($credentials);
250:                 $userobj->setValid(1);
251:                 $userobj->set('loggedin', date('Y-m-d H:i:s'));
252:                 $userobj->save();
253: 
254:                 Zenphoto_Authority::logUser($userobj);
255:                 header("Location: " . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php');
256:                 exitZP();
257:             }
258:         }
259:         if (user_expiry::checkPasswordRenew()) {
260:             header("Location: " . FULLWEBPATH . '/' . ZENFOLDER . '/admin-users.php?page=users&tab=users');
261:             exitZP();
262:         }
263:         return $path;
264:     }
265: 
266:     static function edit_admin($html, $userobj, $i, $background, $current, $local_alterrights) {
267:         global $_zp_current_admin_obj;
268:         if (!$userobj->getValid())
269:             return $html;
270:         $subscription = 86400 * getOption('user_expiry_interval');
271:         if ($subscription && !zp_loggedin(ADMIN_RIGHTS) && $userobj->getID() == $_zp_current_admin_obj->getID()) {
272:             $now = time();
273:             $warnInterval = $now + getOption('user_expiry_warn_interval') * 86400;
274:             $expires = strtotime($userobj->getDateTime()) + $subscription;
275:             $expires_display = date('Y-m-d', $expires);
276:             if ($expires < $warnInterval) {
277:                 $expires_display = '<span style="color:red" class="tooltip" title="' . gettext('Expires soon') . '">' . $expires_display . '</span>';
278:             }
279:             $msg = sprintf(gettext('Your subscription expires on %s'), $expires_display);
280:             $myhtml = '<tr' . ((!$current) ? ' style="display:none;"' : '') . ' class="userextrainfo">
281:                     <td' . ((!empty($background)) ? ' style="' . $background . '"' : '') . ' valign="top" colspan="2">' . "\n" .
282:                             '<p class="notebox">' . $msg . '</p>' . "\n" .
283:                             '</td>
284:                 </tr>' . "\n";
285:             $html = $myhtml . $html;
286:         }
287:         return $html;
288:     }
289: 
290:     static function notify($tab, $subtab) {
291:         if ($tab == 'users' && $subtab = 'users') {
292:             if (user_expiry::checkPasswordRenew()) {
293:                 echo '<p class="errorbox">' . gettext('You must change your password.'), '</p>';
294:             } else {
295:                 if (Zenphoto_Authority::getAnAdmin(array('`valid`>' => 1))) {
296:                     echo '<p class="notebox">' . gettext('You have users whose credentials have expired.'), '</p>';
297:                 }
298:             }
299:         }
300:     }
301: 
302: }
303: 
304: ?>
305: