Re: [Phpwebsite-developers] Banning of users

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

In June 2003, Richard Sumilang suggested changing the Admin switch to an 
"Activate/Disable account" switch.  All the active  developers at the 
time supported it and the core team agreed to code it.  However, with 
all the extra projects they had to work on and the fact that noone ever 
submitted an RFE, we all just kind of forgot about it. 

The thread where this happened is at 
https://sourceforge.net/mailarchive/forum.php?thread_id=2898205&forum_id=34704

To rectify the situation, I've just submitted an RFE. 
https://sourceforge.net/tracker/index.php?func=detail&aid=1146448&group_id=15539&atid=365539
I urge you all to put your "+1" on it again as an indication of our 
desire for this change.

-Eloi-

Greg Tassone wrote:

>Thanks very much.  That does help.  I like it -- it is simple and will
>do the job just fine, without messing with the DB schema or anything
>drastic.
>
>With this solution, no encryption hash will ever translate to a "proper"
>password for them, effectively disabling their account.  And, with the
>simple line of code you contributed they will not be able to bypass the
>lockout with the "Forgot Password" function.
>
>I plan on coding a patch for this over the weekend.  Not only will I
>include what you describe, but I will add a *toggle* command link
>("Enable/Disable") to the User Manager that will automatically handle
>this.  I'll probably tie it to the same permissions as the "Edit"
>command link.
>
>I'll post back on the results and patch availability in case anyone else
>wants to use this functionality.
>
>Thanks again!
>
>Greg T.
>
>
>On Fri, 2005-02-18 at 08:33 -0800, Wendall Cada wrote:
>  
>
>>Ok, I don't know of any plans to add this, but here is a quick and
>>dirty.
>>
>>Change the user password directly in the db to DENIED
>>
>>change line 1153 in mod/users/class/Users.php,v 1.106 from:
>>} elseif ($_SESSION["OBJ_user"]->isDeity($user_id)) {
>>
>>to
>>
>>} elseif ($_SESSION["OBJ_user"]->isDeity($user_id) ||
>>($GLOBALS['core']->getRow("select password from
>>{$GLOBALS['core']->tbl_prefix}mod_users where user_id='$user_id'") ==
>>'DENIED')) {
>>
>>Will spit out the message:
>>Unable to email change form. 
>>Please contact the systems administrator.
>>
>>HTH
>>
>>Wendall
>>
>>On Fri, 2005-02-18 at 02:13 -0800, Greg Tassone wrote:
>>    
>>
>>>Good day to you all,
>>>
>>>We have the need for user "ban" functionality within phpWebSite.  To
>>>clarify, we want to deny registered users the ability to login.  This
>>>usually is needed when vulgar or profane language is used, etc., or when
>>>an account must be "disabled" for some reason.
>>>
>>>We have the following goals:
>>>
>>>- We need to prevent users with certain accounts from being able to
>>>login to the site.
>>>
>>>- We need to leave their E-mail address in place; otherwise they could
>>>register a new user account with their same address.  We just want to
>>>"disable" their existing account (and E-mail).
>>>
>>>
>>>At present we are changing their passwords when such things happen.
>>>However, if they are smart enough to use the "Lost Password"
>>>functionality they can get right back in.  THIS IS BECOMING A BIG
>>>PROBLEM FOR US.
>>>
>>>Are there any plans for such an enhancement?  Our team was going to
>>>write this functionality ourselves, but we don't want to duplicate/break
>>>something you are already planning.
>>>
>>>We're not yet familiar with all parts of the architecture yet to know
>>>how to best accomplish this.  Our initial design thoughts were to tweak
>>>the security module.  On every security check we could examine the user
>>>account for a "disabled" status, and if the user was disabled the
>>>security check would always return false.  This would probably be simple
>>>to add and would probably disable most/all functionality within the
>>>site.
>>>
>>>However, do you have any reasons for/against?  Any better ways?  Is this
>>>already done so that I don't have to worry about it? ;-)
>>>
>>>Thanks in advance!
>>>
>>>Greg T.
>>>
>>>      
>>>
>>
>>-------------------------------------------------------
>>SF email is sponsored by - The IT Product Guide
>>Read honest & candid reviews on hundreds of IT Products from real users.
>>Discover which products truly live up to the hype. Start reading now.
>>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>>_______________________________________________
>>Phpwebsite-developers mailing list
>>Php...@li...
>>https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
>>    
>>
*______________________*