Closes #668: Banning now works through a flag in the users_entity table. Database upgrade required.

* Added ElggUser::isBanned();
* Added 'banned' column to users_entity
* Modified ban() and unban()
* Modified pam functions to check $user->isBanned()
* Modified login() to check $user->isBanned()
* Modified sessions_init() to check isBanned() and destroy session accordingly
* Modified profile views to highlight banned users and prevent menus for non-admin users.

git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 10 insertions, 1 deletions

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 946fd69e2..602a9d13e 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -188,7 +188,7 @@
 				
 	            if ($user = get_user_by_username($credentials['username'])) {
 	            	// Let admins log in without validating their email, but normal users must have validated their email
-					if ((!$user->admin) && (!$user->validated) && (!$user->admin_created))
+					if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned()))
 						return false;
 	          	
 	                 if ($user->password == generate_user_password($user, $credentials['password'])) {
@@ -212,6 +212,8 @@
 		function login(ElggUser $user, $persistent = false) {

             

             global $CONFIG;
+            
+            if ($user->isBanned()) return false; // User is banned, return false.
           

             $_SESSION['user'] = $user;

             $_SESSION['guid'] = $user->getGUID();

@@ -377,6 +379,13 @@
     		// Initialise the magic session
     		global $SESSION;
     		$SESSION = new ElggSession();
+    		
+    		// Finally we ensure that a user who has been banned with an open session is kicked.
+    		if ((isset($_SESSION['user'])) && ($_SESSION['user']->isBanned()))
+    		{
+    			session_destroy();
+			    return false;
+    		}
     		

     		return true;