aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-01-09 14:21:48 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-01-09 14:21:48 +0000
commite90692bc720cf4c520ee36c603395cf1e1b80b45 (patch)
tree63cb37887110ff6c782b65da036b7e74b6b08884
parent6588ff3eb201cb9d9834323e670771daa87696c0 (diff)
downloadelgg-e90692bc720cf4c520ee36c603395cf1e1b80b45.tar.gz
elgg-e90692bc720cf4c520ee36c603395cf1e1b80b45.tar.bz2
Closes #668: Banning now works through a flag in the users_entity table. Database upgrade required.
* Added ElggUser::isBanned(); * Added 'banned' column to users_entity * Modified ban() and unban() * Modified pam functions to check $user->isBanned() * Modified login() to check $user->isBanned() * Modified sessions_init() to check isBanned() and destroy session accordingly * Modified profile views to highlight banned users and prevent menus for non-admin users. git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--actions/admin/user/unban.php2
-rw-r--r--engine/lib/api.php4
-rw-r--r--engine/lib/sessions.php11
-rw-r--r--engine/lib/users.php27
-rw-r--r--engine/schema/mysql.sql2
-rw-r--r--engine/schema/upgrades/2009010901.sql3
-rw-r--r--languages/en.php3
-rw-r--r--mod/profile/views/default/profile/css.php7
-rw-r--r--mod/profile/views/default/profile/gallery.php12
-rw-r--r--mod/profile/views/default/profile/icon.php7
-rw-r--r--mod/profile/views/default/profile/listing.php31
-rw-r--r--mod/profile/views/default/profile/menu/adminlinks.php2
-rw-r--r--mod/profile/views/default/profile/profilelinks.php48
-rw-r--r--mod/profile/views/default/profile/userdetails.php11
-rw-r--r--version.php2
15 files changed, 129 insertions, 43 deletions
diff --git a/actions/admin/user/unban.php b/actions/admin/user/unban.php
index 7f7ce3157..1f715008e 100644
--- a/actions/admin/user/unban.php
+++ b/actions/admin/user/unban.php
@@ -26,7 +26,7 @@
if ( ($obj instanceof ElggUser) && ($obj->canEdit()))
{
// Now actually disable it
- if ($obj->enable())
+ if ($obj->unban())
system_message(elgg_echo('admin:user:unban:yes'));
else
register_error(elgg_echo('admin:user:unban:no'));
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 198f3efb0..4b7820c7d 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -847,7 +847,9 @@
if ($validated_userid) {
$u = get_entity($validated_userid);
if (!$u) return false; // Could we get the user?
- if (!login($u)) return false; // Fail if we couldn't log the user in (likely means they were banned).
+ if ( (!$u instanceof ElggUser)) return false; // Not an elgg user
+ if ($u->isBanned()) return false; // User is banned
+ if (!login($u)) return false; // Fail if we couldn't log the user in
}
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 946fd69e2..602a9d13e 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -188,7 +188,7 @@
if ($user = get_user_by_username($credentials['username'])) {
// Let admins log in without validating their email, but normal users must have validated their email
- if ((!$user->admin) && (!$user->validated) && (!$user->admin_created))
+ if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned()))
return false;
if ($user->password == generate_user_password($user, $credentials['password'])) {
@@ -212,6 +212,8 @@
function login(ElggUser $user, $persistent = false) {
global $CONFIG;
+
+ if ($user->isBanned()) return false; // User is banned, return false.
$_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
@@ -377,6 +379,13 @@
// Initialise the magic session
global $SESSION;
$SESSION = new ElggSession();
+
+ // Finally we ensure that a user who has been banned with an open session is kicked.
+ if ((isset($_SESSION['user'])) && ($_SESSION['user']->isBanned()))
+ {
+ session_destroy();
+ return false;
+ }
return true;
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 79e9c9d24..0628f36c7 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -46,7 +46,8 @@
$this->attributes['salt'] = "";
$this->attributes['email'] = "";
$this->attributes['language'] = "";
- $this->attributes['code'] = "";
+ $this->attributes['code'] = "";
+ $this->attributes['banned'] = "no";
$this->attributes['tables_split'] = 2;
}
@@ -167,7 +168,14 @@
/**
* Unban this user.
*/
- public function unban() { return unban_user($this->guid); }
+ public function unban() { return unban_user($this->guid); }
+
+ /**
+ * Is this user banned or not?
+ *
+ * @return bool
+ */
+ public function isBanned() { return $this->banned == 'yes'; }
/**
* Get sites that this user is a member of
@@ -443,6 +451,8 @@
*/
function ban_user($user_guid, $reason = "")
{
+ global $CONFIG;
+
$user_guid = (int)$user_guid;
$reason = sanitise_string($reason);
@@ -450,8 +460,12 @@
if (($user) && ($user->canEdit()) && ($user instanceof ElggUser))
{
- if (disable_user_entities($user_guid))
- return $user->disable($reason);
+ // Add reason
+ if ($reason)
+ create_metadata($user_guid, 'ban_reason', $reason,'', 0, 2);
+
+ // Set ban flag
+ return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid");
}
return false;
@@ -464,13 +478,16 @@
*/
function unban_user($user_guid)
{
+ global $CONFIG;
+
$user_guid = (int)$user_guid;
$user = get_entity($user_guid);
if (($user) && ($user->canEdit()) && ($user instanceof ElggUser))
{
- return enable_entity($user_guid);
+ create_metadata($user_guid, 'ban_reason', '','', 0, 2);
+ return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid");
}
return false;
diff --git a/engine/schema/mysql.sql b/engine/schema/mysql.sql
index 521cda27f..2c0dfa6aa 100644
--- a/engine/schema/mysql.sql
+++ b/engine/schema/mysql.sql
@@ -140,8 +140,8 @@ CREATE TABLE `prefix_users_entity` (
`email` text NOT NULL,
`language` varchar(6) NOT NULL default '',
`code` varchar(32) NOT NULL default '',
+ `banned` enum ('yes', 'no') NOT NULL default 'no',
-
`last_action` int(11) NOT NULL default '0',
`prev_last_action` int(11) NOT NULL default '0',
`last_login` int(11) NOT NULL default '0',
diff --git a/engine/schema/upgrades/2009010901.sql b/engine/schema/upgrades/2009010901.sql
new file mode 100644
index 000000000..29eb68f29
--- /dev/null
+++ b/engine/schema/upgrades/2009010901.sql
@@ -0,0 +1,3 @@
+-- Add banned column refs #668
+ALTER TABLE `prefix_users_entity` ADD COLUMN `banned` enum ('yes', 'no') NOT NULL default 'no' AFTER `code`;
+
diff --git a/languages/en.php b/languages/en.php
index 4f07528d3..feb882f28 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -241,6 +241,7 @@ To remove a widget drag it back to the <b>Widget gallery</b>.",
'item:user' => "Users",
'riveritem:single:user' => 'a user',
'riveritem:plural:user' => 'some users',
+
/**
* Profile menu items and titles
@@ -271,6 +272,8 @@ To remove a widget drag it back to the <b>Widget gallery</b>.",
'profile:phone' => "Telephone",
'profile:mobile' => "Mobile phone",
'profile:website' => "Website",
+
+ 'profile:banned' => 'This user account has been suspended.',
'profile:river:update' => "%s updated their profile",
'profile:river:iconupdate' => "%s updated their profile icon",
diff --git a/mod/profile/views/default/profile/css.php b/mod/profile/views/default/profile/css.php
index 6162170e5..f4704b32a 100644
--- a/mod/profile/views/default/profile/css.php
+++ b/mod/profile/views/default/profile/css.php
@@ -90,4 +90,11 @@ div.usericon a.icon img {
}
.user_menu_admin a {
color:#cc0033;
+}
+
+/* Banned user */
+#profile_banned {
+ background-color:#FF8888;
+ border:3px solid #FF0000;
+ padding:2px;
} \ No newline at end of file
diff --git a/mod/profile/views/default/profile/gallery.php b/mod/profile/views/default/profile/gallery.php
index 4db26c8bd..80f614754 100644
--- a/mod/profile/views/default/profile/gallery.php
+++ b/mod/profile/views/default/profile/gallery.php
@@ -21,21 +21,25 @@
} */
-
$icon = elgg_view(
"profile/icon", array(
'entity' => $vars['entity'],
'size' => 'medium',
)
- );
+ );
+
+ $banned = $vars['entity']->isBanned();
$rel = "";
if (page_owner() == $vars['entity']->guid)
$rel = 'me';
else if (check_entity_relationship(page_owner(), 'friend', $vars['entity']->guid))
$rel = 'friend';
-
- $info .= "<p><b><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></b></p>";
+
+ if (!$banned)
+ $info .= "<p><b><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></b></p>";
+ else
+ $info .= "<p><b><strike>" . $vars['entity']->name . "</b></strike><br />".elgg_echo('profile:banned')."</p>";
// echo elgg_view_listing($icon, $info);
echo elgg_view('search/gallery_listing',array('icon' => $icon, 'info' => $info));
diff --git a/mod/profile/views/default/profile/icon.php b/mod/profile/views/default/profile/icon.php
index fcdbfa70c..0710cf6c5 100644
--- a/mod/profile/views/default/profile/icon.php
+++ b/mod/profile/views/default/profile/icon.php
@@ -68,11 +68,12 @@
} else {
echo elgg_view('profile/menu/links',$vars);
}
-
?>
-
</div>
- <a href="<?php echo $vars['entity']->getURL(); ?>" class="icon" ><?php
+ <?php
+ if ((isadminloggedin()) || (!$vars['entity']->isBanned())) {
+ ?><a href="<?php echo $vars['entity']->getURL(); ?>" class="icon" ><?php
+ }
}
diff --git a/mod/profile/views/default/profile/listing.php b/mod/profile/views/default/profile/listing.php
index eb991be07..b9c6a0959 100644
--- a/mod/profile/views/default/profile/listing.php
+++ b/mod/profile/views/default/profile/listing.php
@@ -28,7 +28,9 @@
'entity' => $vars['entity'],
'size' => 'small',
)
- );
+ );
+
+ $banned = $vars['entity']->isBanned();
// Simple XFN
$rel = "";
@@ -36,13 +38,28 @@
$rel = 'me';
else if (check_entity_relationship(page_owner(), 'friend', $vars['entity']->guid))
$rel = 'friend';
+
+ if (!$banned) {
+ $info .= "<p><b><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></b></p>";
- $info .= "<p><b><a href=\"" . $vars['entity']->getUrl() . "\" rel=\"$rel\">" . $vars['entity']->name . "</a></b></p>";
-
- $location = $vars['entity']->location;
- if (!empty($location)) {
- $info .= "<p class=\"owner_timestamp\">" . elgg_echo("profile:location") . ": " . elgg_view("output/tags",array('value' => $vars['entity']->location)) . "</p>";
- }
+ $location = $vars['entity']->location;
+ if (!empty($location)) {
+ $info .= "<p class=\"owner_timestamp\">" . elgg_echo("profile:location") . ": " . elgg_view("output/tags",array('value' => $vars['entity']->location)) . "</p>";
+ }
+ }
+ else
+ {
+ $info .= "<p><b><strike>";
+ if (isadminloggedin())
+ $info .= "<a href=\"" . $vars['entity']->getUrl() . "\">";
+ $info .= $vars['entity']->name;
+ if (isadminloggedin())
+ $info .= "</a>";
+ $info .= "</strike></b></p>";
+
+ $info .= "<p class=\"owner_timestamp\">" . elgg_echo('profile:banned') . "</p>";
+
+ }
echo elgg_view_listing($icon, $info);
diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php
index 59aca6902..efd6201ed 100644
--- a/mod/profile/views/default/profile/menu/adminlinks.php
+++ b/mod/profile/views/default/profile/menu/adminlinks.php
@@ -21,7 +21,7 @@
?>
<a href="<?php echo $vars['url']; ?>pg/settings/user/<?php echo $vars['entity']->username; ?>/"><?php echo elgg_echo('profile:editdetails'); ?></a>
<?php
- if ($vars['entity']->isEnabled()) {
+ if (!$vars['entity']->isBanned()) {
?><a href="<?php echo $vars['url']; ?>actions/admin/user/ban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("ban"); ?></a><?php
} else {
?><a href="<?php echo $vars['url']; ?>actions/admin/user/unban?guid=<?php echo $vars['entity']->guid; ?>&__elgg_token=<?php echo $token; ?>&__elgg_ts=<?php echo $ts; ?>"><?php echo elgg_echo("unban"); ?></a><?php
diff --git a/mod/profile/views/default/profile/profilelinks.php b/mod/profile/views/default/profile/profilelinks.php
index 5873fe210..ff4a97e68 100644
--- a/mod/profile/views/default/profile/profilelinks.php
+++ b/mod/profile/views/default/profile/profilelinks.php
@@ -17,22 +17,34 @@
?>
<?php
-
- //check to see if the user is looking at their own profile
- if($_SESSION['user']->guid == page_owner()){
-
- echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
- echo elgg_view("profile/menu/actions",$vars);//grab action links such as make friend
- echo elgg_view("profile/menu/linksownpage",$vars); // an different view for user's own profile
- echo "</div>"; //close wrapper div
-
- } else {
-
- echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
- echo elgg_view("profile/menu/actions",$vars); //grab action links such as make friend
- echo elgg_view("profile/menu/links",$vars); //passive links to items such as user blog etc
- echo "</div>"; //close wrapper div
-
- }
-
+
+ $banned = false;
+ $owner = page_owner_entity();
+ if ($owner) $banned = $owner->isBanned();
+
+ // Allow menus if not banned or admin logged in
+ if ((!$banned) || (isadminloggedin()))
+ {
+ //check to see if the user is looking at their own profile
+ if ($_SESSION['user']->guid == page_owner()){
+
+ echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
+ echo elgg_view("profile/menu/actions",$vars);//grab action links such as make friend
+ echo elgg_view("profile/menu/linksownpage",$vars); // an different view for user's own profile
+ echo "</div>"; //close wrapper div
+
+ } else {
+
+ echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
+ echo elgg_view("profile/menu/actions",$vars); //grab action links such as make friend
+ echo elgg_view("profile/menu/links",$vars); //passive links to items such as user blog etc
+ echo "</div>"; //close wrapper div
+
+ }
+ }
+ else
+ { // Some nice spacing
+ echo "<div id=\"profile_menu_wrapper\">"; //start the wrapper div
+ echo "</div>"; //close wrapper div
+ }
?> \ No newline at end of file
diff --git a/mod/profile/views/default/profile/userdetails.php b/mod/profile/views/default/profile/userdetails.php
index 48b49426f..8463ee9f2 100644
--- a/mod/profile/views/default/profile/userdetails.php
+++ b/mod/profile/views/default/profile/userdetails.php
@@ -134,9 +134,20 @@
<div id="profile_info_column_right">
<p class="profile_aboutme_title"><b><?php echo elgg_echo("profile:aboutme"); ?></b></p>
<?php echo autop($vars['entity']->description); ?>
+
+ <?php if ($vars['entity']->isBanned()) { ?>
+ <div id="profile_banned">
+ <?php echo elgg_echo('profile:banned'); ?>
+ </div><!-- /#profile_info_column_right -->
+
+ <?php } ?>
+
</div><!-- /#profile_info_column_right -->
</td>
+
+
+
</tr>
<?php } ?>
diff --git a/version.php b/version.php
index 2bcdc83b8..77a543c3c 100644
--- a/version.php
+++ b/version.php
@@ -13,7 +13,7 @@
* @link http://elgg.org/
*/
- $version = 2009010801; // YYYYMMDD = Elgg Date
+ $version = 2009010901; // YYYYMMDD = Elgg Date
// XX = Interim incrementer
$release = '1.2'; // Human-friendly version name