* Add basic spam fighting tool for admins: An admin's prefs page now allows

editing a list of banned users who are not allowed to log in.
master
joey 2006-10-28 00:35:33 +00:00
parent ed463de21f
commit b6509c74a9
4 changed files with 39 additions and 3 deletions

View File

@ -314,9 +314,11 @@ sub cgi_prefs ($$) { #{{{
comment => "(".htmllink("", "", "PageSpec", 1).")");
$form->field(name => "locked_pages", size => 50,
comment => "(".htmllink("", "", "PageSpec", 1).")");
$form->field(name => "banned_users", size => 50);
if (! is_admin($user_name)) {
$form->field(name => "locked_pages", type => "hidden");
$form->field(name => "banned_users", type => "hidden");
}
if ($config{httpauth}) {
@ -331,6 +333,10 @@ sub cgi_prefs ($$) { #{{{
value => userinfo_get($user_name, "subscriptions"));
$form->field(name => "locked_pages", force => 1,
value => userinfo_get($user_name, "locked_pages"));
if (is_admin($user_name)) {
$form->field(name => "banned_users", force => 1,
value => join(" ", get_banned_users()));
}
}
decode_form_utf8($form);
@ -350,6 +356,10 @@ sub cgi_prefs ($$) { #{{{
userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
}
}
if (is_admin($user_name)) {
set_banned_users(grep { ! is_admin($_) }
split(' ', $form->field("banned_users")));
}
$form->text("Preferences saved.");
}
@ -671,7 +681,7 @@ sub cgi () { #{{{
}
else {
$session->param("name", $q->remote_user());
if (!userinfo_get($session->param("name"),"regdate")) {
if (! userinfo_get($session->param("name"), "regdate")) {
userinfo_setall($session->param("name"), {
email => "",
password => "",
@ -680,6 +690,12 @@ sub cgi () { #{{{
}
}
}
if (userinfo_get($session->param("name"), "banned")) {
print $q->header(-status => "403 Forbidden");
print "You are banned.";
exit;
}
if ($do eq 'create' || $do eq 'edit') {
cgi_editpage($q, $session);

View File

@ -67,6 +67,24 @@ sub is_admin ($) { #{{{
return grep { $_ eq $user_name } @{$config{adminuser}};
} #}}}
sub get_banned_users () { #{{{
my @ret;
my $userinfo=userinfo_retrieve();
foreach my $user (keys %{$userinfo}) {
push @ret, $user if $userinfo->{$user}->{banned};
}
return @ret;
} #}}}
sub set_banned_users (@) { #{{{
my %banned=map { $_ => 1 } @_;
my $userinfo=userinfo_retrieve();
foreach my $user (keys %{$userinfo}) {
$userinfo->{$user}->{banned} = $banned{$user};
}
return userinfo_store($userinfo);
} #}}}
sub commit_notify_list ($@) { #{{{
my $committer=shift;

4
debian/changelog vendored
View File

@ -12,8 +12,10 @@ ikiwiki (1.31) UNRELEASED; urgency=low
just in case. Should not be exploitable anyway, since it only tries to run
polygen after finding the specified grammar file.
* Add missing dependency on the URI perl module.
* Add basic spam fighting tool for admins: An admin's prefs page now allows
editing a list of banned users who are not allowed to log in.
-- Joey Hess <joeyh@debian.org> Fri, 27 Oct 2006 13:10:49 -0400
-- Joey Hess <joeyh@debian.org> Fri, 27 Oct 2006 20:00:33 -0400
ikiwiki (1.30) unstable; urgency=low

View File

@ -1 +1 @@
Admins need the ability to lock/remove users, and to block IP ranges.
Admins need the ability to block IP ranges. They can already ban users.