× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Block users
#1
I would like the ability to block users.
  Reply
#2
Hi Alex,

How would you choose to block them - by IP Address/Username?
Would you want to block them before registration (?) or detect the 'baddies' afterwards?
  Reply
#3
Different use case (perhaps) than OP, but in my forum example, I would just want to ban the user (troll, flamer, etc.). If they register again (reCaptcha would be enabled in production) and notice the same pattern, ban again.

The user table has an "active" field...not sure what it's for....
  Reply
#4
users.active is for when email activation is enabled (haven't done this yet, anyone doing Amazon SES?).

Could you use UserSpice permission groups to isolate users and act on this group information in your app?

  Reply
#5
That's a possibility...assign them to a banned group...my question would then be (which does not need an immediate answer) is how to inject this "check if user is banned, and present banned message" into the login code?
  Reply
#6
I'm mostly 3.x at the moment. Let's not get to code specifics Smile

In login, just before a successful login redirect, can you get the group of the newly logged-in (but not yet served anything) user from the user object? (line 62 in 4.0c)

If so, you can add an errors[] entry and do a (naughty) break out of the block. Or better, redirect to a new 'naughty step'.

One way you will have refused entry, the other you have them in a sandbox.
  Reply
#7
But then we have a quandry with upgrades Smile
  Reply
#8
So the US4 table has a column for active (0 or 1) and there is commented out code in the admin_user.php that actually does flip that bit if you set the thing between active and inactive (I'm 99{3bc1fe685386cc4c3ab89a3f76566d8931e181ad17f08aed9ad73b30bf28114d} sure of this). I've debated about how to handle this.

I have tried (and I'm sure I could get it right) to get the login method in the User class to do a check for that and boot the person, but it would be nice to have something a little more sophisticated. It was one of the things I gave up on just before 4.0 officially released because I wanted to do it right. We have to deal with the user trying to login. The user already having a remember me cookie, and any other issues of keeping unwanted people away. I'm sure the "guest tracking" feature could also be used to bounce someone to an error 404 if they were from a banned ip.
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)