Closes #668: Banning now works through a flag in the users_entity table. Database upgrade required.

* Added ElggUser::isBanned();
* Added 'banned' column to users_entity
* Modified ban() and unban()
* Modified pam functions to check $user->isBanned()
* Modified login() to check $user->isBanned()
* Modified sessions_init() to check isBanned() and destroy session accordingly
* Modified profile views to highlight banned users and prevent menus for non-admin users.

git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544

5 files changed, 39 insertions, 8 deletions

diff --git a/engine/lib/api.php b/engine/lib/api.php
index 198f3efb0..4b7820c7d 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -847,7 +847,9 @@
 		if ($validated_userid) {			
 			$u = get_entity($validated_userid);
 			if (!$u) return false; // Could we get the user?
-			if (!login($u)) return false; // Fail if we couldn't log the user in (likely means they were banned).
+			if ( (!$u instanceof ElggUser)) return false; // Not an elgg user
+			if ($u->isBanned()) return false; // User is banned
+			if (!login($u)) return false; // Fail if we couldn't log the user in 
 			
 		}
 		
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 946fd69e2..602a9d13e 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -188,7 +188,7 @@
 				
 	            if ($user = get_user_by_username($credentials['username'])) {
 	            	// Let admins log in without validating their email, but normal users must have validated their email
-					if ((!$user->admin) && (!$user->validated) && (!$user->admin_created))
+					if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned()))
 						return false;
 	          	
 	                 if ($user->password == generate_user_password($user, $credentials['password'])) {
@@ -212,6 +212,8 @@
 		function login(ElggUser $user, $persistent = false) {

             

             global $CONFIG;
+            
+            if ($user->isBanned()) return false; // User is banned, return false.
           

             $_SESSION['user'] = $user;

             $_SESSION['guid'] = $user->getGUID();

@@ -377,6 +379,13 @@
     		// Initialise the magic session
     		global $SESSION;
     		$SESSION = new ElggSession();
+    		
+    		// Finally we ensure that a user who has been banned with an open session is kicked.
+    		if ((isset($_SESSION['user'])) && ($_SESSION['user']->isBanned()))
+    		{
+    			session_destroy();
+			    return false;
+    		}
     		

     		return true;

 	        

diff --git a/engine/lib/users.php b/engine/lib/users.php
index 79e9c9d24..0628f36c7 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -46,7 +46,8 @@
 			$this->attributes['salt'] = "";

 			$this->attributes['email'] = "";

 			$this->attributes['language'] = "";

-			$this->attributes['code'] = "";

+			$this->attributes['code'] = "";
+			$this->attributes['banned'] = "no";

 			$this->attributes['tables_split'] = 2;

 		}

 				

@@ -167,7 +168,14 @@
 		/**
 		 * Unban this user.
 		 */
-		public function unban()	{ return unban_user($this->guid); }

+		public function unban()	{ return unban_user($this->guid); }
+		
+		/**
+		 * Is this user banned or not?
+		 *
+		 * @return bool
+		 */
+		public function isBanned() { return $this->banned == 'yes'; }

 				

 		/**

 		 * Get sites that this user is a member of

@@ -443,6 +451,8 @@
 	 */
 	function ban_user($user_guid, $reason = "")
 	{
+		global $CONFIG;
+		
 		$user_guid = (int)$user_guid;
 		$reason = sanitise_string($reason);
 		
@@ -450,8 +460,12 @@
 		
 		if (($user) && ($user->canEdit()) && ($user instanceof ElggUser))
 		{
-			if (disable_user_entities($user_guid))
-				return $user->disable($reason);
+			// Add reason
+			if ($reason)
+				create_metadata($user_guid, 'ban_reason', $reason,'', 0, 2);
+			
+			// Set ban flag
+			return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid");
 		}		
 
 		return false;
@@ -464,13 +478,16 @@
 	 */
 	function unban_user($user_guid)
 	{
+		global $CONFIG;
+		
 		$user_guid = (int)$user_guid;
 		
 		$user = get_entity($user_guid);
 		
 		if (($user) && ($user->canEdit()) && ($user instanceof ElggUser))
 		{
-			return enable_entity($user_guid);
+			create_metadata($user_guid, 'ban_reason', '','', 0, 2);
+			return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid");
 		}
 		
 		return false;
diff --git a/engine/schema/mysql.sql b/engine/schema/mysql.sql
index 521cda27f..2c0dfa6aa 100644
--- a/engine/schema/mysql.sql
+++ b/engine/schema/mysql.sql
@@ -140,8 +140,8 @@ CREATE TABLE `prefix_users_entity` (
   `email` text NOT NULL,

   `language` varchar(6)  NOT NULL default '',

   `code` varchar(32) NOT NULL default '',

+  `banned` enum ('yes', 'no') NOT NULL default 'no',

   

-

   `last_action` int(11) NOT NULL default '0',

   `prev_last_action` int(11) NOT NULL default '0',

   `last_login` int(11) NOT NULL default '0',

diff --git a/engine/schema/upgrades/2009010901.sql b/engine/schema/upgrades/2009010901.sql
new file mode 100644
index 000000000..29eb68f29
--- /dev/null
+++ b/engine/schema/upgrades/2009010901.sql
@@ -0,0 +1,3 @@
+-- Add banned column refs #668
+ALTER TABLE `prefix_users_entity` ADD COLUMN `banned` enum ('yes', 'no') NOT NULL default 'no' AFTER `code`;
+