diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-01-09 14:21:48 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-01-09 14:21:48 +0000 |
commit | e90692bc720cf4c520ee36c603395cf1e1b80b45 (patch) | |
tree | 63cb37887110ff6c782b65da036b7e74b6b08884 | |
parent | 6588ff3eb201cb9d9834323e670771daa87696c0 (diff) | |
download | elgg-e90692bc720cf4c520ee36c603395cf1e1b80b45.tar.gz elgg-e90692bc720cf4c520ee36c603395cf1e1b80b45.tar.bz2 |
Closes #668: Banning now works through a flag in the users_entity table. Database upgrade required.
* Added ElggUser::isBanned();
* Added 'banned' column to users_entity
* Modified ban() and unban()
* Modified pam functions to check $user->isBanned()
* Modified login() to check $user->isBanned()
* Modified sessions_init() to check isBanned() and destroy session accordingly
* Modified profile views to highlight banned users and prevent menus for non-admin users.
git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | actions/admin/user/unban.php | 2 | ||||
-rw-r--r-- | engine/lib/api.php | 4 | ||||
-rw-r--r-- | engine/lib/sessions.php | 11 | ||||
-rw-r--r-- | engine/lib/users.php | 27 | ||||
-rw-r--r-- | engine/schema/mysql.sql | 2 | ||||
-rw-r--r-- | engine/schema/upgrades/2009010901.sql | 3 | ||||
-rw-r--r-- | languages/en.php | 3 | ||||
-rw-r--r-- | mod/profile/views/default/profile/css.php | 7 | ||||
-rw-r--r-- | mod/profile/views/default/profile/gallery.php | 12 | ||||
-rw-r--r-- | mod/profile/views/default/profile/icon.php | 7 | ||||
-rw-r--r-- | mod/profile/views/default/profile/listing.php | 31 | ||||
-rw-r--r-- | mod/profile/views/default/profile/menu/adminlinks.php | 2 | ||||
-rw-r--r-- | mod/profile/views/default/profile/profilelinks.php | 48 | ||||
-rw-r--r-- | mod/profile/views/default/profile/userdetails.php | 11 | ||||
-rw-r--r-- | version.php | 2 |
15 files changed, 129 insertions, 43 deletions
diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php index 7f7ce3157..1f715008e 100644 --- a/actions/admin/user/unban.php +++ b/actions/admin/user/unban.php @@ -26,7 +26,7 @@ if ( ($obj instanceof ElggUser) && ($obj->canEdit())) { // Now actually disable it - if ($obj->enable()) + if ($obj->unban()) system_message(elgg_echo('admin:user:unban:yes')); else register_error(elgg_echo('admin:user:unban:no')); diff --git a/engine/lib/api.php b/engine/lib/api.php index 198f3efb0..4b7820c7d 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -847,7 +847,9 @@ if ($validated_userid) { $u = get_entity($validated_userid); if (!$u) return false; // Could we get the user? - if (!login($u)) return false; // Fail if we couldn't log the user in (likely means they were banned). + if ( (!$u instanceof ElggUser)) return false; // Not an elgg user + if ($u->isBanned()) return false; // User is banned + if (!login($u)) return false; // Fail if we couldn't log the user in } diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 946fd69e2..602a9d13e 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -188,7 +188,7 @@ if ($user = get_user_by_username($credentials['username'])) { // Let admins log in without validating their email, but normal users must have validated their email - if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) + if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned())) return false; if ($user->password == generate_user_password($user, $credentials['password'])) { @@ -212,6 +212,8 @@ function login(ElggUser $user, $persistent = false) {
global $CONFIG; + + if ($user->isBanned()) return false; // User is banned, return false. $_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
@@ -377,6 +379,13 @@ // Initialise the magic session global $SESSION; $SESSION = new ElggSession(); + + // Finally we ensure that a user who has been banned with an open session is kicked. + if ((isset($_SESSION['user'])) && ($_SESSION['user']->isBanned())) + { + session_destroy(); + return false; + } return true;
diff --git a/engine/lib/users.php b/engine/lib/users.php index 79e9c9d24..0628f36c7 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -46,7 +46,8 @@ $this->attributes['salt'] = "";
$this->attributes['email'] = "";
$this->attributes['language'] = "";
- $this->attributes['code'] = "";
+ $this->attributes['code'] = ""; + $this->attributes['banned'] = "no";
$this->attributes['tables_split'] = 2;
}
@@ -167,7 +168,14 @@ /** * Unban this user. */ - public function unban() { return unban_user($this->guid); }
+ public function unban() { return unban_user($this->guid); } + + /** + * Is this user banned or not? + * + * @return bool + */ + public function isBanned() { return $this->banned == 'yes'; }
/**
* Get sites that this user is a member of
@@ -443,6 +451,8 @@ */ function ban_user($user_guid, $reason = "") { + global $CONFIG; + $user_guid = (int)$user_guid; $reason = sanitise_string($reason); @@ -450,8 +460,12 @@ if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { - if (disable_user_entities($user_guid)) - return $user->disable($reason); + // Add reason + if ($reason) + create_metadata($user_guid, 'ban_reason', $reason,'', 0, 2); + + // Set ban flag + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid"); } return false; @@ -464,13 +478,16 @@ */ function unban_user($user_guid) { + global $CONFIG; + $user_guid = (int)$user_guid; $user = get_entity($user_guid); if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { - return enable_entity($user_guid); + create_metadata($user_guid, 'ban_reason', '','', 0, 2); + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid"); } return false; diff --git a/engine/schema/mysql.sql b/engine/schema/mysql.sql index 521cda27f..2c0dfa6aa 100644 --- a/engine/schema/mysql.sql +++ b/engine/schema/mysql.sql @@ -140,8 +140,8 @@ CREATE TABLE `prefix_users_entity` ( `email` text NOT NULL,
`language` varchar(6) NOT NULL default '',
`code` varchar(32) NOT NULL default '',
+ `banned` enum ('yes', 'no') NOT NULL default 'no',
-
`last_action` int(11) NOT NULL default '0',
`prev_last_action` int(11) NOT NULL default '0',
`last_login` int(11) NOT NULL default '0',
diff --git a/engine/schema/upgrades/2009010901.sql b/engine/schema/upgrades/2009010901.sql new file mode 100644 index 000000000..29eb68f29 --- /dev/null +++ b/engine/schema/upgrades/2009010901.sql @@ -0,0 +1,3 @@ +-- Add banned column refs #668 +ALTER TABLE `prefix_users_entity` ADD COLUMN `banned` enum ('yes', 'no') NOT NULL default 'no' AFTER `code`; + diff --git a/languages/en.php b/languages/en.php index 4f07528d3..feb882f28 100644 --- a/languages/en.php +++ b/languages/en.php @@ -241,6 +241,7 @@ To remove a widget drag it back to the <b>Widget gallery</b>.", 'item:user' => "Users", 'riveritem:single:user' => 'a user', 'riveritem:plural:user' => 'some users', + /** * Profile menu items and titles @@ -271,6 +272,8 @@ To remove a widget drag it back to the <b>Widget gallery</b>.", 'profile:phone' => "Telephone", 'profile:mobile' => "Mobile phone", 'profile:website' => "Website", + + 'profile:banned' => 'This user account has been suspended.', 'profile:river:update' => "%s updated their profile", 'profile:river:iconupdate' => "%s updated their profile icon", diff --git a/mod/profile/views/default/profile/css.php b/mod/profile/views/default/profile/css.php index 6162170e5..f4704b32a 100644 --- a/mod/profile/views/default/profile/css.php +++ b/mod/profile/views/default/profile/css.php @@ -90,4 +90,11 @@ div.usericon a.icon img { } .user_menu_admin a { color:#cc0033; +} + +/* Banned user */ +#profile_banned { + background-color:#FF8888; + border:3px solid #FF0000; + padding:2px; }
\ No newline at end of file diff --git a/mod/profile/views/default/profile/gallery.php b/mod/profile/views/default/profile/gallery.php index 4db26c8bd..80f614754 100644 --- a/mod/profile/views/default/profile/gallery.php +++ b/mod/profile/views/default/profile/gallery.php @@ -21,21 +21,25 @@ } */
-
$icon = elgg_view(
"profile/icon", array(
'entity' => $vars['entity'],
'size' => 'medium',
)
- );
+ ); + + $banned = $vars['entity']->isBanned();
$rel = ""; if (page_owner() == $vars['entity']->guid) $rel = 'me'; else if (check_entity_relationship(page_owner(), 'friend', $vars['entity']->guid)) $rel = 'friend'; -
- $info .= "<p><b><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></b></p>";
+ + if (!$banned)
+ $info .= "<p><b><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></b></p>"; + else + $info .= "<p><b><strike>" . $vars['entity']->name . "</b></strike><br />".elgg_echo('profile:banned')."</p>";
// echo elgg_view_listing($icon, $info);
echo elgg_view('search/gallery_listing',array('icon' => $icon, 'info' => $info));
diff --git a/mod/profile/views/default/profile/icon.php b/mod/profile/views/default/profile/icon.php index fcdbfa70c..0710cf6c5 100644 --- a/mod/profile/views/default/profile/icon.php +++ b/mod/profile/views/default/profile/icon.php @@ -68,11 +68,12 @@ } else {
echo elgg_view('profile/menu/links',$vars);
}
-
?>
-
</div>
- <a href="<?php echo $vars['entity']->getURL(); ?>" class="icon" ><?php
+ <?php + if ((isadminloggedin()) || (!$vars['entity']->isBanned())) { + ?><a href="<?php echo $vars['entity']->getURL(); ?>" class="icon" ><?php + }
}
diff --git a/mod/profile/views/default/profile/listing.php b/mod/profile/views/default/profile/listing.php index eb991be07..b9c6a0959 100644 --- a/mod/profile/views/default/profile/listing.php +++ b/mod/profile/views/default/profile/listing.php @@ -28,7 +28,9 @@ 'entity' => $vars['entity'],
'size' => 'small',
)
- );
+ ); + + $banned = $vars['entity']->isBanned();
// Simple XFN $rel = ""; @@ -36,13 +38,28 @@ $rel = 'me'; else if (check_entity_relationship(page_owner(), 'friend', $vars['entity']->guid)) $rel = 'friend'; + + if (!$banned) {
+ $info .= "<p><b><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></b></p>";
- $info .= "<p><b><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></b></p>";
-
- $location = $vars['entity']->location;
- if (!empty($location)) {
- $info .= "<p class=\"owner_timestamp\">" . elgg_echo("profile:location") . ": " . elgg_view("output/tags",array('value' => $vars['entity']->location)) . "</p>";
- }
+ $location = $vars['entity']->location;
+ if (!empty($location)) {
+ $info .= "<p class=\"owner_timestamp\">" . elgg_echo("profile:location") . ": " . elgg_view("output/tags",array('value' => $vars['entity']->location)) . "</p>";
+ } + } + else
+ { + $info .= "<p><b><strike>"; + if (isadminloggedin()) + $info .= "<a href=\"" . $vars['entity']->getUrl() . "\">"; + $info .= $vars['entity']->name; + if (isadminloggedin()) + $info .= "</a>"; + $info .= "</strike></b></p>"; + + $info .= "<p class=\"owner_timestamp\">" . elgg_echo('profile:banned') . "</p>"; + + } echo elgg_view_listing($icon, $info);
diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php index 59aca6902..efd6201ed 100644 --- a/mod/profile/views/default/profile/menu/adminlinks.php +++ b/mod/profile/views/default/profile/menu/adminlinks.php @@ -21,7 +21,7 @@ ?> <a href="<?php echo $vars['url']; ?>pg/settings/user/<?php echo $vars['entity']->username; ?>/"><?php echo elgg_echo('profile:editdetails'); ?></a> <?php - if ($vars['entity']->isEnabled()) { + if (!$vars['entity']->isBanned()) { ?><a href="<?php echo $vars['url']; ?>actions/admin/user/ban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("ban"); ?></a><?php } else { ?><a href="<?php echo $vars['url']; ?>actions/admin/user/unban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("unban"); ?></a><?php diff --git a/mod/profile/views/default/profile/profilelinks.php b/mod/profile/views/default/profile/profilelinks.php index 5873fe210..ff4a97e68 100644 --- a/mod/profile/views/default/profile/profilelinks.php +++ b/mod/profile/views/default/profile/profilelinks.php @@ -17,22 +17,34 @@ ?>
<?php
-
- //check to see if the user is looking at their own profile
- if($_SESSION['user']->guid == page_owner()){
-
- echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
- echo elgg_view("profile/menu/actions",$vars);//grab action links such as make friend
- echo elgg_view("profile/menu/linksownpage",$vars); // an different view for user's own profile
- echo "</div>"; //close wrapper div
-
- } else {
-
- echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
- echo elgg_view("profile/menu/actions",$vars); //grab action links such as make friend
- echo elgg_view("profile/menu/links",$vars); //passive links to items such as user blog etc
- echo "</div>"; //close wrapper div
-
- }
-
+ + $banned = false; + $owner = page_owner_entity(); + if ($owner) $banned = $owner->isBanned(); + + // Allow menus if not banned or admin logged in + if ((!$banned) || (isadminloggedin())) + {
+ //check to see if the user is looking at their own profile
+ if ($_SESSION['user']->guid == page_owner()){
+
+ echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
+ echo elgg_view("profile/menu/actions",$vars);//grab action links such as make friend
+ echo elgg_view("profile/menu/linksownpage",$vars); // an different view for user's own profile
+ echo "</div>"; //close wrapper div
+
+ } else {
+
+ echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
+ echo elgg_view("profile/menu/actions",$vars); //grab action links such as make friend
+ echo elgg_view("profile/menu/links",$vars); //passive links to items such as user blog etc
+ echo "</div>"; //close wrapper div
+
+ }
+ } + else + { // Some nice spacing + echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div + echo "</div>"; //close wrapper div + }
?>
\ No newline at end of file diff --git a/mod/profile/views/default/profile/userdetails.php b/mod/profile/views/default/profile/userdetails.php index 48b49426f..8463ee9f2 100644 --- a/mod/profile/views/default/profile/userdetails.php +++ b/mod/profile/views/default/profile/userdetails.php @@ -134,9 +134,20 @@ <div id="profile_info_column_right"> <p class="profile_aboutme_title"><b><?php echo elgg_echo("profile:aboutme"); ?></b></p> <?php echo autop($vars['entity']->description); ?> + + <?php if ($vars['entity']->isBanned()) { ?> + <div id="profile_banned"> + <?php echo elgg_echo('profile:banned'); ?> + </div><!-- /#profile_info_column_right --> + + <?php } ?> + </div><!-- /#profile_info_column_right --> </td> + + + </tr> <?php } ?> diff --git a/version.php b/version.php index 2bcdc83b8..77a543c3c 100644 --- a/version.php +++ b/version.php @@ -13,7 +13,7 @@ * @link http://elgg.org/
*/
- $version = 2009010801; // YYYYMMDD = Elgg Date
+ $version = 2009010901; // YYYYMMDD = Elgg Date
// XX = Interim incrementer
$release = '1.2'; // Human-friendly version name
|