From e90692bc720cf4c520ee36c603395cf1e1b80b45 Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 9 Jan 2009 14:21:48 +0000 Subject: Closes #668: Banning now works through a flag in the users_entity table. Database upgrade required. * Added ElggUser::isBanned(); * Added 'banned' column to users_entity * Modified ban() and unban() * Modified pam functions to check $user->isBanned() * Modified login() to check $user->isBanned() * Modified sessions_init() to check isBanned() and destroy session accordingly * Modified profile views to highlight banned users and prevent menus for non-admin users. git-svn-id: https://code.elgg.org/elgg/trunk@2554 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/api.php | 4 +++- engine/lib/sessions.php | 11 ++++++++++- engine/lib/users.php | 27 ++++++++++++++++++++++----- 3 files changed, 35 insertions(+), 7 deletions(-) (limited to 'engine/lib') diff --git a/engine/lib/api.php b/engine/lib/api.php index 198f3efb0..4b7820c7d 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -847,7 +847,9 @@ if ($validated_userid) { $u = get_entity($validated_userid); if (!$u) return false; // Could we get the user? - if (!login($u)) return false; // Fail if we couldn't log the user in (likely means they were banned). + if ( (!$u instanceof ElggUser)) return false; // Not an elgg user + if ($u->isBanned()) return false; // User is banned + if (!login($u)) return false; // Fail if we couldn't log the user in } diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 946fd69e2..602a9d13e 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -188,7 +188,7 @@ if ($user = get_user_by_username($credentials['username'])) { // Let admins log in without validating their email, but normal users must have validated their email - if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) + if ((!$user->admin) && (!$user->validated) && (!$user->admin_created) && (!$user->isBanned())) return false; if ($user->password == generate_user_password($user, $credentials['password'])) { @@ -212,6 +212,8 @@ function login(ElggUser $user, $persistent = false) { global $CONFIG; + + if ($user->isBanned()) return false; // User is banned, return false. $_SESSION['user'] = $user; $_SESSION['guid'] = $user->getGUID(); @@ -377,6 +379,13 @@ // Initialise the magic session global $SESSION; $SESSION = new ElggSession(); + + // Finally we ensure that a user who has been banned with an open session is kicked. + if ((isset($_SESSION['user'])) && ($_SESSION['user']->isBanned())) + { + session_destroy(); + return false; + } return true; diff --git a/engine/lib/users.php b/engine/lib/users.php index 79e9c9d24..0628f36c7 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -46,7 +46,8 @@ $this->attributes['salt'] = ""; $this->attributes['email'] = ""; $this->attributes['language'] = ""; - $this->attributes['code'] = ""; + $this->attributes['code'] = ""; + $this->attributes['banned'] = "no"; $this->attributes['tables_split'] = 2; } @@ -167,7 +168,14 @@ /** * Unban this user. */ - public function unban() { return unban_user($this->guid); } + public function unban() { return unban_user($this->guid); } + + /** + * Is this user banned or not? + * + * @return bool + */ + public function isBanned() { return $this->banned == 'yes'; } /** * Get sites that this user is a member of @@ -443,6 +451,8 @@ */ function ban_user($user_guid, $reason = "") { + global $CONFIG; + $user_guid = (int)$user_guid; $reason = sanitise_string($reason); @@ -450,8 +460,12 @@ if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { - if (disable_user_entities($user_guid)) - return $user->disable($reason); + // Add reason + if ($reason) + create_metadata($user_guid, 'ban_reason', $reason,'', 0, 2); + + // Set ban flag + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid"); } return false; @@ -464,13 +478,16 @@ */ function unban_user($user_guid) { + global $CONFIG; + $user_guid = (int)$user_guid; $user = get_entity($user_guid); if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { - return enable_entity($user_guid); + create_metadata($user_guid, 'ban_reason', '','', 0, 2); + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid"); } return false; -- cgit v1.2.3