diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-01-09 14:21:48 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-01-09 14:21:48 +0000 |
commit | e90692bc720cf4c520ee36c603395cf1e1b80b45 (patch) | |
tree | 63cb37887110ff6c782b65da036b7e74b6b08884 /engine/lib | |
parent | 6588ff3eb201cb9d9834323e670771daa87696c0 (diff) | |
download | elgg-e90692bc720cf4c520ee36c603395cf1e1b80b45.tar.gz elgg-e90692bc720cf4c520ee36c603395cf1e1b80b45.tar.bz2 |
Closes #668: Banning now works through a flag in the users_entity table. Database upgrade required.
* Added ElggUser::isBanned();
* Added 'banned' column to users_entity
* Modified ban() and unban()
* Modified pam functions to check $user->isBanned()
* Modified login() to check $user->isBanned()
* Modified sessions_init() to check isBanned() and destroy session accordingly
* Modified profile views to highlight banned users and prevent menus for non-admin users.
git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/api.php | 4 | ||||
-rw-r--r-- | engine/lib/sessions.php | 11 | ||||
-rw-r--r-- | engine/lib/users.php | 27 |
3 files changed, 35 insertions, 7 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index 198f3efb0..4b7820c7d 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -847,7 +847,9 @@ if ($validated_userid) { $u = get_entity($validated_userid); if (!$u) return false; // Could we get the user? - if (!login($u)) return false; // Fail if we couldn't log the user in (likely means they were banned). + if ( (!$u instanceof ElggUser)) return false; // Not an elgg user + if ($u->isBanned()) return false; // User is banned + if (!login($u)) return false; // Fail if we couldn't log the user in } diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 946fd69e2..602a9d13e 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -188,7 +188,7 @@ if ($user = get_user_by_username($credentials['username'])) { // Let admins log in without validating their email, but normal users must have validated their email - if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) + if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned())) return false; if ($user->password == generate_user_password($user, $credentials['password'])) { @@ -212,6 +212,8 @@ function login(ElggUser $user, $persistent = false) {
global $CONFIG; + + if ($user->isBanned()) return false; // User is banned, return false. $_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
@@ -377,6 +379,13 @@ // Initialise the magic session global $SESSION; $SESSION = new ElggSession(); + + // Finally we ensure that a user who has been banned with an open session is kicked. + if ((isset($_SESSION['user'])) && ($_SESSION['user']->isBanned())) + { + session_destroy(); + return false; + } return true;
diff --git a/engine/lib/users.php b/engine/lib/users.php index 79e9c9d24..0628f36c7 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -46,7 +46,8 @@ $this->attributes['salt'] = "";
$this->attributes['email'] = "";
$this->attributes['language'] = "";
- $this->attributes['code'] = "";
+ $this->attributes['code'] = ""; + $this->attributes['banned'] = "no";
$this->attributes['tables_split'] = 2;
}
@@ -167,7 +168,14 @@ /** * Unban this user. */ - public function unban() { return unban_user($this->guid); }
+ public function unban() { return unban_user($this->guid); } + + /** + * Is this user banned or not? + * + * @return bool + */ + public function isBanned() { return $this->banned == 'yes'; }
/**
* Get sites that this user is a member of
@@ -443,6 +451,8 @@ */ function ban_user($user_guid, $reason = "") { + global $CONFIG; + $user_guid = (int)$user_guid; $reason = sanitise_string($reason); @@ -450,8 +460,12 @@ if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { - if (disable_user_entities($user_guid)) - return $user->disable($reason); + // Add reason + if ($reason) + create_metadata($user_guid, 'ban_reason', $reason,'', 0, 2); + + // Set ban flag + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid"); } return false; @@ -464,13 +478,16 @@ */ function unban_user($user_guid) { + global $CONFIG; + $user_guid = (int)$user_guid; $user = get_entity($user_guid); if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { - return enable_entity($user_guid); + create_metadata($user_guid, 'ban_reason', '','', 0, 2); + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid"); } return false; |