Ticket #258 (closed defect: fixed)

Opened 1 year ago

Last modified 9 months ago

banned logged in user can still use system

Reported by: renato Assigned to: rho
Priority: high Milestone: 0.9.1
Component: core Version: 0.9.0
Severity: normal Keywords:
Cc: rho, dramirez, ewout, timh Patch Included: 1
Review Stage: readyforcheckin

Description (Last modified by misja)

If admin bans a user, that user can't login anymore, but if he's still logged in, he can use (and abuse) the system normally.

Seanski (thanks!) provided a solution in the form of a plugin (http://elgg.org/mod/vanillaforum/vanilla/comments.php?DiscussionID=547&page=1#Item_0). Maybe this should be included in core?

Attachments

080112_drop_banned_user.diff (2.2 kB) - added by rho on 01/13/08 03:14:03.
080227_check_banned_user.diff (2.3 kB) - added by rho on 02/27/08 15:34:25.

Change History

01/08/08 08:41:46 changed by misja

  • cc set to rho, dramirez, ewout, timh.

It probably should be a fix in core, so a patch would be appreciated.

01/13/08 03:13:24 changed by rho

  • owner changed from misja to rho.
  • status changed from new to assigned.

I'd located the problem un $_SESSIONUSER?, the check of banned flag it's done by cooked_login() but no gets called because session data doesn't expire.

Path attached, i tested and drop user from the system and destroy session/cookie data forcing to login again if gets unbanned shortly.

Path attached

01/13/08 03:14:03 changed by rho

  • attachment 080112_drop_banned_user.diff added.

01/24/08 20:29:23 changed by misja

  • priority changed from normal to high.
  • haspatch set to 1.
  • review_stage set to review.

02/12/08 00:26:14 changed by rho

  • review_stage changed from review to readyforcheckin.

02/14/08 14:30:04 changed by misja

  • status changed from assigned to closed.
  • resolution set to fixed.

Applied in r1551

02/27/08 15:12:38 changed by rho

  • status changed from closed to reopened.
  • resolution deleted.

The modifcation on setup.php cause the bug #322

02/27/08 15:34:25 changed by rho

  • attachment 080227_check_banned_user.diff added.

02/28/08 00:40:40 changed by joerosa

For doc-only this affects ticket #316, #317, #322 and changeset r1544.

02/28/08 00:48:40 changed by rho

also may be related to language persistent issue

03/01/08 13:22:16 changed by misja

The check looks good to me, ready for a commit.

03/13/08 09:44:39 changed by misja

  • cc changed from rho, dramirez, ewout, timh to rho, dramirez, ewout, timh.
  • status changed from reopened to closed.
  • resolution set to fixed.
  • description changed.

Committed in r1561 , applying attachment:ticket:258:080227_check_banned_user.diff