From e90692bc720cf4c520ee36c603395cf1e1b80b45 Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 9 Jan 2009 14:21:48 +0000 Subject: Closes #668: Banning now works through a flag in the users_entity table. Database upgrade required. * Added ElggUser::isBanned(); * Added 'banned' column to users_entity * Modified ban() and unban() * Modified pam functions to check $user->isBanned() * Modified login() to check $user->isBanned() * Modified sessions_init() to check isBanned() and destroy session accordingly * Modified profile views to highlight banned users and prevent menus for non-admin users. git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/sessions.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'engine/lib/sessions.php') diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 946fd69e2..602a9d13e 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -188,7 +188,7 @@ if ($user = get_user_by_username($credentials['username'])) { // Let admins log in without validating their email, but normal users must have validated their email - if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) + if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned())) return false; if ($user->password == generate_user_password($user, $credentials['password'])) { @@ -212,6 +212,8 @@ function login(ElggUser $user, $persistent = false) { global $CONFIG; + + if ($user->isBanned()) return false; // User is banned, return false. $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); @@ -377,6 +379,13 @@ // Initialise the magic session global $SESSION; $SESSION = new ElggSession(); + + // Finally we ensure that a user who has been banned with an open session is kicked. + if ((isset($_SESSION['user'])) && ($_SESSION['user']->isBanned())) + { + session_destroy(); + return false; + } return true; -- cgit v1.2.3