diff options
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/api.php | 4 | ||||
-rw-r--r-- | engine/lib/sessions.php | 11 | ||||
-rw-r--r-- | engine/lib/users.php | 27 | ||||
-rw-r--r-- | engine/schema/mysql.sql | 2 | ||||
-rw-r--r-- | engine/schema/upgrades/2009010901.sql | 3 |
5 files changed, 39 insertions, 8 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index 198f3efb0..4b7820c7d 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -847,7 +847,9 @@ if ($validated_userid) { $u = get_entity($validated_userid); if (!$u) return false; // Could we get the user? - if (!login($u)) return false; // Fail if we couldn't log the user in (likely means they were banned). + if ( (!$u instanceof ElggUser)) return false; // Not an elgg user + if ($u->isBanned()) return false; // User is banned + if (!login($u)) return false; // Fail if we couldn't log the user in } diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 946fd69e2..602a9d13e 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -188,7 +188,7 @@ if ($user = get_user_by_username($credentials['username'])) { // Let admins log in without validating their email, but normal users must have validated their email - if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) + if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned())) return false; if ($user->password == generate_user_password($user, $credentials['password'])) { @@ -212,6 +212,8 @@ function login(ElggUser $user, $persistent = false) {
global $CONFIG; + + if ($user->isBanned()) return false; // User is banned, return false. $_SESSION['user'] = $user;
$_SESSION['guid'] = $user->getGUID();
@@ -377,6 +379,13 @@ // Initialise the magic session global $SESSION; $SESSION = new ElggSession(); + + // Finally we ensure that a user who has been banned with an open session is kicked. + if ((isset($_SESSION['user'])) && ($_SESSION['user']->isBanned())) + { + session_destroy(); + return false; + } return true;
diff --git a/engine/lib/users.php b/engine/lib/users.php index 79e9c9d24..0628f36c7 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -46,7 +46,8 @@ $this->attributes['salt'] = "";
$this->attributes['email'] = "";
$this->attributes['language'] = "";
- $this->attributes['code'] = "";
+ $this->attributes['code'] = ""; + $this->attributes['banned'] = "no";
$this->attributes['tables_split'] = 2;
}
@@ -167,7 +168,14 @@ /** * Unban this user. */ - public function unban() { return unban_user($this->guid); }
+ public function unban() { return unban_user($this->guid); } + + /** + * Is this user banned or not? + * + * @return bool + */ + public function isBanned() { return $this->banned == 'yes'; }
/**
* Get sites that this user is a member of
@@ -443,6 +451,8 @@ */ function ban_user($user_guid, $reason = "") { + global $CONFIG; + $user_guid = (int)$user_guid; $reason = sanitise_string($reason); @@ -450,8 +460,12 @@ if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { - if (disable_user_entities($user_guid)) - return $user->disable($reason); + // Add reason + if ($reason) + create_metadata($user_guid, 'ban_reason', $reason,'', 0, 2); + + // Set ban flag + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid"); } return false; @@ -464,13 +478,16 @@ */ function unban_user($user_guid) { + global $CONFIG; + $user_guid = (int)$user_guid; $user = get_entity($user_guid); if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { - return enable_entity($user_guid); + create_metadata($user_guid, 'ban_reason', '','', 0, 2); + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid"); } return false; diff --git a/engine/schema/mysql.sql b/engine/schema/mysql.sql index 521cda27f..2c0dfa6aa 100644 --- a/engine/schema/mysql.sql +++ b/engine/schema/mysql.sql @@ -140,8 +140,8 @@ CREATE TABLE `prefix_users_entity` ( `email` text NOT NULL,
`language` varchar(6) NOT NULL default '',
`code` varchar(32) NOT NULL default '',
+ `banned` enum ('yes', 'no') NOT NULL default 'no',
-
`last_action` int(11) NOT NULL default '0',
`prev_last_action` int(11) NOT NULL default '0',
`last_login` int(11) NOT NULL default '0',
diff --git a/engine/schema/upgrades/2009010901.sql b/engine/schema/upgrades/2009010901.sql new file mode 100644 index 000000000..29eb68f29 --- /dev/null +++ b/engine/schema/upgrades/2009010901.sql @@ -0,0 +1,3 @@ +-- Add banned column refs #668 +ALTER TABLE `prefix_users_entity` ADD COLUMN `banned` enum ('yes', 'no') NOT NULL default 'no' AFTER `code`; + |