File zp-extensions/user-expiry.php

  1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317:

<?php

/**
 *
 * Set the "interval" to the number of days before expiration
 * Upon expiration, the user will be "disabled". He will not have
 * login access to the gallery.
 *
 * If the user visits the gallery within one week prior to his expiry date
 * an email will be sent to the user (if there is an email address)
 * warning him of the impending expiration.
 *
 * There is a subtab added to the "admin" tab for managing expirations.
 * A list of users without <var>ADMIN_RITGHTS</var> will be presented indicating each
 * user's expiry date. Dates within one week of expiry are shown in orange,
 * expired dates are shown in red.
 *
 * From this tab the user may be removed, disabled (enabled)
 * or renewed. Renewal is for a new "interval" from his last renewal (or the
 * current date if adding the interval would not bring him up-to-date.)
 *
 * <b>NOTE:</b> This plugin does not expire users with <var>ADMIN_RIGHTS</var>!
 *
 * @author Stephen Billard (sbillard)
 * @package plugins
 * @subpackage user-expiry
 */
// force UTF-8 Ø

$plugin_is_filter = 5 | CLASS_PLUGIN;
$plugin_description = gettext("Provides management of users based on when they were created.");
$plugin_author = "Stephen Billard (sbillard)";
$plugin_category = gettext('Users');

$option_interface = 'user_expiry';

zp_register_filter('admin_tabs', 'user_expiry::admin_tabs', 0);
zp_register_filter('authorization_cookie', 'user_expiry::checkcookie');
zp_register_filter('admin_login_attempt', 'user_expiry::checklogon');
zp_register_filter('federated_login_attempt', 'user_expiry::checklogon');
zp_register_filter('edit_admin_custom_data', 'user_expiry::edit_admin', 999);
zp_register_filter('load_theme_script', 'user_expiry::reverify', 999);
zp_register_filter('admin_note', 'user_expiry::notify', 999);
zp_register_filter('can_set_user_password', 'user_expiry::passwordAllowed');
zp_register_filter('remove_user', 'user_expiry::cleanup');

/**
 * Option handler class
 *
 */
class user_expiry {

    /**
     * class instantiation function
     *
     */
    function __construct() {
        setOptionDefault('user_expiry_interval', 365);
        setOptionDefault('user_expiry_warn_interval', 7);
        setOptionDefault('user_expiry_auto_renew', 0);
        setOptionDefault('user_expiry_password_cycle', 0);
    }

    /**
     * Reports the supported options
     *
     * @return array
     */
    function getOptionsSupported() {
        return array(gettext('Days until expiration') => array(
                        'key' => 'user_expiry_interval',
                        'type' => OPTION_TYPE_CLEARTEXT,
                        'order' => 1,
                        'desc' => gettext('The number of days until a user is flagged as expired. Set to zero for no expiry.')),
                gettext('Warning interval') => array(
                        'key' => 'user_expiry_warn_interval',
                        'type' => OPTION_TYPE_CLEARTEXT,
                        'order' => 2,
                        'desc' => gettext('The period in days before the expiry during which a warning message will be sent to the user. (If set to zero, no warning occurs.)')),
                gettext('Auto renew') => array(
                        'key' => 'user_expiry_auto_renew',
                        'type' => OPTION_TYPE_CHECKBOX,
                        'order' => 3,
                        'desc' => gettext('Automatically renew the subscription if the user visits during the warning period.')),
                gettext('Password cycle') => array(
                        'key' => 'user_expiry_password_cycle',
                        'type' => OPTION_TYPE_CLEARTEXT,
                        'order' => 4,
                        'desc' => gettext('Number of days between required password changes. Set to zero for no required changes.'))
        );
    }

    function handleOption($option, $currentValue) {

    }

    static function admin_tabs($tabs) {
        global $_zp_current_admin_obj, $_zp_loggedin;
        if (user_expiry::checkPasswordRenew()) {
            $_zp_current_admin_obj->setRights($_zp_loggedin = USER_RIGHTS | NO_RIGHTS);
            $tabs = array('users' => array(
                            'text' => gettext("users"),
                            'link' => FULLWEBPATH . '/' . ZENFOLDER . '/admin-users.php?page=users',
                            'subtabs' => NULL));
        }
        if (zp_loggedin(ADMIN_RIGHTS) && $_zp_current_admin_obj->getID()) {
            if (isset($tabs['users']['subtabs'])) {
                $subtabs = $tabs['users']['subtabs'];
            } else {
                $subtabs = array();
            }
            $subtabs[gettext('users')] = FULLWEBPATH . '/' . ZENFOLDER . '/' . 'admin-users.php?page=users&tab=users';
            $subtabs[gettext('expiry')] = FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user-expiry/user-expiry-tab.php?page=users&tab=expiry';
            $tabs['users'] = array(
                    'text' => gettext("admin"),
                    'link' => FULLWEBPATH . '/' . ZENFOLDER . '/admin-users.php?page=users&tab=users',
                    'subtabs' => $subtabs,
                    'default' => 'users');
        }
        return $tabs;
    }

    private static function checkexpires($loggedin, $userobj) {
        global $_zp_gallery, $_zp_current_admin_obj;

        if ($userobj->logout_link !== true) {
            return $loggedin;
        }
        if (!$subscription = 86400 * getOption('user_expiry_interval')) {
            // expiry is disabled
            return $loggedin;
        }
        $expires = strtotime($userobj->getDateTime()) + $subscription;
        if ($expires < time()) {
            $userobj->setValid(2);
            $userobj->setLastChangeUser($_zp_current_admin_obj->getUser());
            $userobj->save();
            $loggedin = false;
        } else {
            if ($expires < (time() + getOption('user_expiry_warn_interval') * 86400)) { //  expired
                if (getOption('user_expiry_auto_renew')) {
                    $newdate = getOption('user_expiry_interval') * 86400 + strtotime($userobj->getDateTime());
                    if ($newdate + getOption('user_expiry_interval') * 86400 < time()) {
                        $newdate = time() + getOption('user_expiry_interval') * 86400;
                    }
                    $userobj->setDateTime(date('Y-m-d H:i:s', $newdate));
                    $userobj->setValid(1);
                    $credentials = $userobj->getCredentials();
                    $key = array_search('exiry_notice', $credentials);
                    if ($key !== false) {
                        unset($credentials[$key]);
                        $userobj->setCredentials($credentials);
                    }
                    $userobj->setLastChangeUser($_zp_current_admin_obj->getUser());
                    $userobj->save();
                } else {
                    if ($mail = $userobj->getEmail()) {
                        $credentials = $userobj->getCredentials();
                        if (!in_array('exiry_notice', $credentials)) {
                            $credentials[] = 'exiry_notice';
                            $userobj->setCredentials($credentials);
                            $userobj->setLastChangeUser($_zp_current_admin_obj->getUser());
                            $userobj->save();
                            $message = sprintf(gettext('Your user id for the Zenphoto site %s will expire on %s.'), $_zp_gallery->getTitle(), date('Y-m-d', $expires));
                            $notify = zp_mail(get_language_string(gettext('User id expiration')), $message, array($userobj->getName() => $mail));
                        }
                    }
                }
            } else {
                $credentials = $userobj->getCredentials();
                $key = array_search('exiry_notice', $credentials);
                if ($key !== false) {
                    unset($credentials[$key]);
                    $userobj->setCredentials($credentials);
                    $userobj->setLastChangeUser($_zp_current_admin_obj->getUser());
                    $userobj->save();
                }
            }
        }
        return $loggedin;
    }

    static function checkPasswordRenew() {
        global $_zp_current_admin_obj;
        $threshold = getOption('user_expiry_password_cycle') * 86400;
        if ($threshold && is_object($_zp_current_admin_obj) && !($_zp_current_admin_obj->getRights() & ADMIN_RIGHTS)) {
            if (strtotime($_zp_current_admin_obj->get('passupdate')) + $threshold < time()) {
                return true;
            }
        }
        return false;
    }

    static function cleanup($user) {
        query('DELETE FROM ' . prefix('plugin_storage') . ' WHERE `type`=' . db_quote('user_expiry_usedPasswords') . ' AND `aux`=' . $user->getID());
    }

    static function passwordAllowed($msg, $pwd, $user) {
        if ($id = $user->getID() > 0) {
            $store = query_single_row('SELECT * FROM ' . prefix('plugin_storage') . ' WHERE `type`=' . db_quote('user_expiry_usedPasswords') . ' AND `aux`=' . $id);
            if ($store) {
                $used = getSerializedArray($store['data']);
                if (in_array($pwd, $used)) {
                    if (zp_loggedin(ADMIN_RIGHTS)) { // persons with ADMIN_RIGHTS get to override this so they can reset a passwrod for a user
                        unset($used[$pwd]);
                    } else {
                        return gettext('You have used that password recently. Please choose a different password.');
                    }
                }
                if (count($used) > 9) {
                    $used = array_slice($used, 1);
                }
            } else {
                $used = array();
            }
            array_push($used, $pwd);
            if ($store) {
                query('UPDATE ' . prefix('plugin_storage') . 'SET `data`=' . db_quote(serialize($used)) . ' WHERE `type`=' . db_quote('user_expiry_usedPasswords') . ' AND `aux`=' . $id);
            } else {
                query('INSERT INTO ' . prefix('plugin_storage') . ' (`type`, `aux`, `data`) VALUES (' . db_quote('user_expiry_usedPasswords') . ',' . $id . ',' . db_quote(serialize($used)) . ')');
            }
        }
        return $msg;
    }

    static function checkcookie($loggedin) {
        global $_zp_current_admin_obj;
        if (is_object($_zp_current_admin_obj) && !($_zp_current_admin_obj->getRights() & ADMIN_RIGHTS)) {
            $loggedin = user_expiry::checkexpires($loggedin, $_zp_current_admin_obj);
        }
        return $loggedin;
    }

    static function checklogon($loggedin, $user) {
        if ($loggedin) {
            if (!($loggedin & ADMIN_RIGHTS)) {
                if ($userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`=' => 1))) {
                    $loggedin = user_expiry::checkexpires($loggedin, $userobj);
                }
            }
        }
        return $loggedin;
    }

    /**
     * Re-validates user's e-mail via ticket.
     * @param string $path the script (which we ignore)
     * @return string
     */
    static function reverify($path) {
        //process any verifications posted
        if (isset($_GET['user_expiry_reverify'])) {
            $params = unserialize(pack("H*", trim(sanitize($_GET['user_expiry_reverify']), '.')));
            if ((time() - $params['date']) < 2592000) {
                $userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $params['user'], '`email`=' => $params['email'], '`valid`>' => 0));
                if ($userobj) {
                    $credentials = $userobj->getCredentials();
                    $credentials[] = 'expiry';
                    $credentials[] = 'email';
                    $credentials = array_unique($credentials);
                }
                $userobj->setCredentials($credentials);
                $userobj->setValid(1);
                $userobj->set('loggedin', date('Y-m-d H:i:s'));
                $userobj->setLastChangeUser($_zp_current_admin_obj->getUser());
                $userobj->save();

                Zenphoto_Authority::logUser($userobj);
                redirectURL(FULLWEBPATH . '/' . ZENFOLDER . '/admin.php');
            }
        }
        if (user_expiry::checkPasswordRenew()) {
            redirectURL(FULLWEBPATH . '/' . ZENFOLDER . '/admin-users.php?page=users&tab=users');
        }
        return $path;
    }

    static function edit_admin($html, $userobj, $i, $background, $current, $local_alterrights) {
        global $_zp_current_admin_obj;
        if (!$userobj->getValid())
            return $html;
        $subscription = 86400 * getOption('user_expiry_interval');
        if ($subscription && !zp_loggedin(ADMIN_RIGHTS) && $userobj->getID() == $_zp_current_admin_obj->getID()) {
            $now = time();
            $warnInterval = $now + getOption('user_expiry_warn_interval') * 86400;
            $expires = strtotime($userobj->getDateTime()) + $subscription;
            $expires_display = date('Y-m-d', $expires);
            if ($expires < $warnInterval) {
                $expires_display = '<span style="color:red" class="tooltip" title="' . gettext('Expires soon') . '">' . $expires_display . '</span>';
            }
            $msg = sprintf(gettext('Your subscription expires on %s'), $expires_display);
            $myhtml = '<tr' . ((!$current) ? ' style="display:none;"' : '') . ' class="userextrainfo">
                    <td' . ((!empty($background)) ? ' style="' . $background . '"' : '') . ' valign="top" colspan="2">' . "\n" .
                            '<p class="notebox">' . $msg . '</p>' . "\n" .
                            '</td>
                </tr>' . "\n";
            $html = $myhtml . $html;
        }
        return $html;
    }

    static function notify($tab, $subtab) {
        if ($tab == 'users' && $subtab = 'users') {
            if (user_expiry::checkPasswordRenew()) {
                echo '<p class="errorbox">' . gettext('You must change your password.'), '</p>';
            } else {
                if (Zenphoto_Authority::getAnAdmin(array('`valid`>' => 1))) {
                    echo '<p class="notebox">' . gettext('You have users whose credentials have expired.'), '</p>';
                }
            }
        }
    }

}

?>

Classes

Interfaces

Exceptions

Functions