Re: [Phpwebsite-developers] Banning of users

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Ok, I don't know of any plans to add this, but here is a quick and
dirty.

Change the user password directly in the db to DENIED

change line 1153 in mod/users/class/Users.php,v 1.106 from:
} elseif ($_SESSION["OBJ_user"]->isDeity($user_id)) {

to

} elseif ($_SESSION["OBJ_user"]->isDeity($user_id) ||
($GLOBALS['core']->getRow("select password from
{$GLOBALS['core']->tbl_prefix}mod_users where user_id='$user_id'") ==
'DENIED')) {

Will spit out the message:
Unable to email change form. 
Please contact the systems administrator.

HTH

Wendall

On Fri, 2005-02-18 at 02:13 -0800, Greg Tassone wrote:
> Good day to you all,
> 
> We have the need for user "ban" functionality within phpWebSite.  To
> clarify, we want to deny registered users the ability to login.  This
> usually is needed when vulgar or profane language is used, etc., or when
> an account must be "disabled" for some reason.
> 
> We have the following goals:
> 
> - We need to prevent users with certain accounts from being able to
> login to the site.
> 
> - We need to leave their E-mail address in place; otherwise they could
> register a new user account with their same address.  We just want to
> "disable" their existing account (and E-mail).
> 
> 
> At present we are changing their passwords when such things happen.
> However, if they are smart enough to use the "Lost Password"
> functionality they can get right back in.  THIS IS BECOMING A BIG
> PROBLEM FOR US.
> 
> Are there any plans for such an enhancement?  Our team was going to
> write this functionality ourselves, but we don't want to duplicate/break
> something you are already planning.
> 
> We're not yet familiar with all parts of the architecture yet to know
> how to best accomplish this.  Our initial design thoughts were to tweak
> the security module.  On every security check we could examine the user
> account for a "disabled" status, and if the user was disabled the
> security check would always return false.  This would probably be simple
> to add and would probably disable most/all functionality within the
> site.
> 
> However, do you have any reasons for/against?  Any better ways?  Is this
> already done so that I don't have to worry about it? ;-)
> 
> Thanks in advance!
> 
> Greg T.
> 