Menu
▾
▴
Re: [Phpwebsite-developers] Banning of users
|
From: Kenneth P. <ken...@gm...> - 2005-02-22 22:36:15
|
+1 - indeed a very good and useful feature! Kenneth On Tue, 22 Feb 2005 14:03:38 -0400, Eloi George <el...@re...> wrote: > In June 2003, Richard Sumilang suggested changing the Admin switch to an > "Activate/Disable account" switch. All the active developers at the > time supported it and the core team agreed to code it. However, with > all the extra projects they had to work on and the fact that noone ever > submitted an RFE, we all just kind of forgot about it. > > The thread where this happened is at > https://sourceforge.net/mailarchive/forum.php?thread_id=2898205&forum_id=34704 > > To rectify the situation, I've just submitted an RFE. > https://sourceforge.net/tracker/index.php?func=detail&aid=1146448&group_id=15539&atid=365539 > I urge you all to put your "+1" on it again as an indication of our > desire for this change. > > -Eloi- > > > Greg Tassone wrote: > > >Thanks very much. That does help. I like it -- it is simple and will > >do the job just fine, without messing with the DB schema or anything > >drastic. > > > >With this solution, no encryption hash will ever translate to a "proper" > >password for them, effectively disabling their account. And, with the > >simple line of code you contributed they will not be able to bypass the > >lockout with the "Forgot Password" function. > > > >I plan on coding a patch for this over the weekend. Not only will I > >include what you describe, but I will add a *toggle* command link > >("Enable/Disable") to the User Manager that will automatically handle > >this. I'll probably tie it to the same permissions as the "Edit" > >command link. > > > >I'll post back on the results and patch availability in case anyone else > >wants to use this functionality. > > > >Thanks again! > > > >Greg T. > > > > > >On Fri, 2005-02-18 at 08:33 -0800, Wendall Cada wrote: > > > > > >>Ok, I don't know of any plans to add this, but here is a quick and > >>dirty. > >> > >>Change the user password directly in the db to DENIED > >> > >>change line 1153 in mod/users/class/Users.php,v 1.106 from: > >>} elseif ($_SESSION["OBJ_user"]->isDeity($user_id)) { > >> > >>to > >> > >>} elseif ($_SESSION["OBJ_user"]->isDeity($user_id) || > >>($GLOBALS['core']->getRow("select password from > >>{$GLOBALS['core']->tbl_prefix}mod_users where user_id='$user_id'") == > >>'DENIED')) { > >> > >>Will spit out the message: > >>Unable to email change form. > >>Please contact the systems administrator. > >> > >>HTH > >> > >>Wendall > >> > >>On Fri, 2005-02-18 at 02:13 -0800, Greg Tassone wrote: > >> > >> > >>>Good day to you all, > >>> > >>>We have the need for user "ban" functionality within phpWebSite. To > >>>clarify, we want to deny registered users the ability to login. This > >>>usually is needed when vulgar or profane language is used, etc., or when > >>>an account must be "disabled" for some reason. > >>> > >>>We have the following goals: > >>> > >>>- We need to prevent users with certain accounts from being able to > >>>login to the site. > >>> > >>>- We need to leave their E-mail address in place; otherwise they could > >>>register a new user account with their same address. We just want to > >>>"disable" their existing account (and E-mail). > >>> > >>> > >>>At present we are changing their passwords when such things happen. > >>>However, if they are smart enough to use the "Lost Password" > >>>functionality they can get right back in. THIS IS BECOMING A BIG > >>>PROBLEM FOR US. > >>> > >>>Are there any plans for such an enhancement? Our team was going to > >>>write this functionality ourselves, but we don't want to duplicate/break > >>>something you are already planning. > >>> > >>>We're not yet familiar with all parts of the architecture yet to know > >>>how to best accomplish this. Our initial design thoughts were to tweak > >>>the security module. On every security check we could examine the user > >>>account for a "disabled" status, and if the user was disabled the > >>>security check would always return false. This would probably be simple > >>>to add and would probably disable most/all functionality within the > >>>site. > >>> > >>>However, do you have any reasons for/against? Any better ways? Is this > >>>already done so that I don't have to worry about it? ;-) > >>> > >>>Thanks in advance! > >>> > >>>Greg T. > >>> > >>> > >>> > >> > >>------------------------------------------------------- > >>SF email is sponsored by - The IT Product Guide > >>Read honest & candid reviews on hundreds of IT Products from real users. > >>Discover which products truly live up to the hype. Start reading now. > >>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > >>_______________________________________________ > >>Phpwebsite-developers mailing list > >>Php...@li... > >>https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers > >> > >> > *______________________* > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Phpwebsite-developers mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers > > -- Kenneth |
