User ban

Review Request #175 - Created Sept. 15, 2011 and updated - Latest diff uploaded

Information
Serban Andrei Stan
infoarena
Reviewers
hackers
I've implemented most of the banip utility. At the request of some admins, I've posted my work, to ease the debugging while there are still few lines of code.

The banip utility works in the following way:

There are two types of ban: for username, and for userip. At user login, it verifies if the user is banned. If he is banned, then access to his account is not permitted (though access to the site is unrestrained).

Now for the ban functions: 
   - migrate-ban-ip was created in order to modify the db
   - I've modified login.php to acces the verify ban functions (placed in common/ban.php)
   - The ban functions verify if a user is banned, and if he is, he is not permitted login, otherwise if he was banned and the ban date expired, he is removed from the ban tables [DONE with keeping the user in the ban tables]
   - I've created a ban form in www/views/form_ban, very similar to the login form
   - Ban.php in /controllers retrieves the information from the form and accesses the functions in common/ban.php

What remains to be done:
    1)FIRST of all, permissions for the ban page [DONE]
    2)the possibility to ban a substring for an ip (i.e. 192.168.0.*, but 192.16*.0.1 does not work) [DONE]
    3)adding a button on each user's profile page, that redirects the current admin to the ban page, autocomplete-ing the username and IP form fields [DONE]
    4)the automatic logout of a banned user [DONE]
    5)on the ban page, for each userip the possibility to show all the accounts that utilised the current ip.
    6)an unban page (the functions that work with the database are already implemented in /common/ban.php) (eventualy the possibility to show all the elements in the ban tables).

How I have tested the changes so far:
    -I've tested the ban functions directly in a mysql console, adding users and deleting them to test the variables introduced
    -I didn't test the banip form so thoroughly, seems it works though

Screenshots


Loading...