From: Greg T. <gt-...@ta...> - 2005-02-25 09:39:47
|
I've finally prepared an initial patch for the disabling of user accounts. It is simple but effective, and pretty clean. For details please see the Patch Tracker: https://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D1151625&group= _id=3D15539&atid=3D315539 Let me know if you have any questions. Greg T. On Fri, 2005-02-18 at 23:56 -0800, Greg Tassone wrote: > Thanks very much. That does help. I like it -- it is simple and will > do the job just fine, without messing with the DB schema or anything > drastic. >=20 > With this solution, no encryption hash will ever translate to a "proper" > password for them, effectively disabling their account. And, with the > simple line of code you contributed they will not be able to bypass the > lockout with the "Forgot Password" function. >=20 > I plan on coding a patch for this over the weekend. Not only will I > include what you describe, but I will add a *toggle* command link > ("Enable/Disable") to the User Manager that will automatically handle > this. I'll probably tie it to the same permissions as the "Edit" > command link. >=20 > I'll post back on the results and patch availability in case anyone else > wants to use this functionality. >=20 > Thanks again! >=20 > Greg T. >=20 >=20 > On Fri, 2005-02-18 at 08:33 -0800, Wendall Cada wrote: > > Ok, I don't know of any plans to add this, but here is a quick and > > dirty. > >=20 > > Change the user password directly in the db to DENIED > >=20 > > change line 1153 in mod/users/class/Users.php,v 1.106 from: > > } elseif ($_SESSION["OBJ_user"]->isDeity($user_id)) { > >=20 > > to > >=20 > > } elseif ($_SESSION["OBJ_user"]->isDeity($user_id) || > > ($GLOBALS['core']->getRow("select password from > > {$GLOBALS['core']->tbl_prefix}mod_users where user_id=3D'$user_id'") = =3D=3D > > 'DENIED')) { > >=20 > > Will spit out the message: > > Unable to email change form.=20 > > Please contact the systems administrator. > >=20 > > HTH > >=20 > > Wendall > >=20 > > On Fri, 2005-02-18 at 02:13 -0800, Greg Tassone wrote: > > > Good day to you all, > > >=20 > > > We have the need for user "ban" functionality within phpWebSite. To > > > clarify, we want to deny registered users the ability to login. This > > > usually is needed when vulgar or profane language is used, etc., or w= hen > > > an account must be "disabled" for some reason. > > >=20 > > > We have the following goals: > > >=20 > > > - We need to prevent users with certain accounts from being able to > > > login to the site. > > >=20 > > > - We need to leave their E-mail address in place; otherwise they coul= d > > > register a new user account with their same address. We just want to > > > "disable" their existing account (and E-mail). > > >=20 > > >=20 > > > At present we are changing their passwords when such things happen. > > > However, if they are smart enough to use the "Lost Password" > > > functionality they can get right back in. THIS IS BECOMING A BIG > > > PROBLEM FOR US. > > >=20 > > > Are there any plans for such an enhancement? Our team was going to > > > write this functionality ourselves, but we don't want to duplicate/br= eak > > > something you are already planning. > > >=20 > > > We're not yet familiar with all parts of the architecture yet to know > > > how to best accomplish this. Our initial design thoughts were to twe= ak > > > the security module. On every security check we could examine the us= er > > > account for a "disabled" status, and if the user was disabled the > > > security check would always return false. This would probably be sim= ple > > > to add and would probably disable most/all functionality within the > > > site. > > >=20 > > > However, do you have any reasons for/against? Any better ways? Is t= his > > > already done so that I don't have to worry about it? ;-) > > >=20 > > > Thanks in advance! > > >=20 > > > Greg T. > > >=20 > >=20 > >=20 > >=20 > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users= . > > Discover which products truly live up to the hype. Start reading now. > > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > > _______________________________________________ > > Phpwebsite-developers mailing list > > Php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers |