From: Wendall C. <wen...@to...> - 2005-02-18 16:33:38
|
Ok, I don't know of any plans to add this, but here is a quick and dirty. Change the user password directly in the db to DENIED change line 1153 in mod/users/class/Users.php,v 1.106 from: } elseif ($_SESSION["OBJ_user"]->isDeity($user_id)) { to } elseif ($_SESSION["OBJ_user"]->isDeity($user_id) || ($GLOBALS['core']->getRow("select password from {$GLOBALS['core']->tbl_prefix}mod_users where user_id='$user_id'") == 'DENIED')) { Will spit out the message: Unable to email change form. Please contact the systems administrator. HTH Wendall On Fri, 2005-02-18 at 02:13 -0800, Greg Tassone wrote: > Good day to you all, > > We have the need for user "ban" functionality within phpWebSite. To > clarify, we want to deny registered users the ability to login. This > usually is needed when vulgar or profane language is used, etc., or when > an account must be "disabled" for some reason. > > We have the following goals: > > - We need to prevent users with certain accounts from being able to > login to the site. > > - We need to leave their E-mail address in place; otherwise they could > register a new user account with their same address. We just want to > "disable" their existing account (and E-mail). > > > At present we are changing their passwords when such things happen. > However, if they are smart enough to use the "Lost Password" > functionality they can get right back in. THIS IS BECOMING A BIG > PROBLEM FOR US. > > Are there any plans for such an enhancement? Our team was going to > write this functionality ourselves, but we don't want to duplicate/break > something you are already planning. > > We're not yet familiar with all parts of the architecture yet to know > how to best accomplish this. Our initial design thoughts were to tweak > the security module. On every security check we could examine the user > account for a "disabled" status, and if the user was disabled the > security check would always return false. This would probably be simple > to add and would probably disable most/all functionality within the > site. > > However, do you have any reasons for/against? Any better ways? Is this > already done so that I don't have to worry about it? ;-) > > Thanks in advance! > > Greg T. > |