* Add basic spam fighting tool for admins: An admin's prefs page now allows
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Sat, 28 Oct 2006 00:35:33 +0000 (00:35 +0000)
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Sat, 28 Oct 2006 00:35:33 +0000 (00:35 +0000)
  editing a list of banned users who are not allowed to log in.

IkiWiki/CGI.pm
IkiWiki/UserInfo.pm
debian/changelog
doc/todo/spam_fighting.mdwn

index fe89e2758b924cdf8063eb1d03ea3f082be360dc..fcf5e0dd8c42a5ba4c7297e1edf96807ba6a04d1 100644 (file)
@@ -314,9 +314,11 @@ sub cgi_prefs ($$) { #{{{
                comment => "(".htmllink("", "", "PageSpec", 1).")");
        $form->field(name => "locked_pages", size => 50,
                comment => "(".htmllink("", "", "PageSpec", 1).")");
+       $form->field(name => "banned_users", size => 50);
        
        if (! is_admin($user_name)) {
                $form->field(name => "locked_pages", type => "hidden");
+               $form->field(name => "banned_users", type => "hidden");
        }
 
        if ($config{httpauth}) {
@@ -331,6 +333,10 @@ sub cgi_prefs ($$) { #{{{
                        value => userinfo_get($user_name, "subscriptions"));
                $form->field(name => "locked_pages", force => 1,
                        value => userinfo_get($user_name, "locked_pages"));
+               if (is_admin($user_name)) {
+                       $form->field(name => "banned_users", force => 1,
+                               value => join(" ", get_banned_users()));
+               }
        }
        
        decode_form_utf8($form);
@@ -350,6 +356,10 @@ sub cgi_prefs ($$) { #{{{
                                userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
                        }
                }
+               if (is_admin($user_name)) {
+                       set_banned_users(grep { ! is_admin($_) }
+                                       split(' ', $form->field("banned_users")));
+               }
                $form->text("Preferences saved.");
        }
        
@@ -671,7 +681,7 @@ sub cgi () { #{{{
                }
                else {
                        $session->param("name", $q->remote_user());
-                       if (!userinfo_get($session->param("name"),"regdate")) {
+                       if (! userinfo_get($session->param("name"), "regdate")) {
                                userinfo_setall($session->param("name"), {
                                        email => "",
                                        password => "",
@@ -680,6 +690,12 @@ sub cgi () { #{{{
                        }
                }
        }
+
+       if (userinfo_get($session->param("name"), "banned")) {
+               print $q->header(-status => "403 Forbidden");
+               print "You are banned.";
+               exit;
+       }
        
        if ($do eq 'create' || $do eq 'edit') {
                cgi_editpage($q, $session);
index a944cafa6791e84a1ec9fb35a39761776dceda91..ae63d80235af328a8197775fdde3f75ec8ba31e2 100644 (file)
@@ -67,6 +67,24 @@ sub is_admin ($) { #{{{
        return grep { $_ eq $user_name } @{$config{adminuser}};
 } #}}}
 
+sub get_banned_users () { #{{{
+       my @ret;
+       my $userinfo=userinfo_retrieve();
+       foreach my $user (keys %{$userinfo}) {
+               push @ret, $user if $userinfo->{$user}->{banned};
+       }
+       return @ret;
+} #}}}
+
+sub set_banned_users (@) { #{{{
+       my %banned=map { $_ => 1 } @_;
+       my $userinfo=userinfo_retrieve();
+       foreach my $user (keys %{$userinfo}) {
+               $userinfo->{$user}->{banned} = $banned{$user};
+       }
+       return userinfo_store($userinfo);
+} #}}}
+
 sub commit_notify_list ($@) { #{{{
        my $committer=shift;
        
index 3ba6d15edc364508434ac6b14fb514bcbdd46ee3..57ad8a7a10dc7ccc0ab4905737e3998c5629e1f3 100644 (file)
@@ -12,8 +12,10 @@ ikiwiki (1.31) UNRELEASED; urgency=low
     just in case. Should not be exploitable anyway, since it only tries to run
     polygen after finding the specified grammar file.
   * Add missing dependency on the URI perl module.
+  * Add basic spam fighting tool for admins: An admin's prefs page now allows
+    editing a list of banned users who are not allowed to log in.
 
- -- Joey Hess <joeyh@debian.org>  Fri, 27 Oct 2006 13:10:49 -0400
+ -- Joey Hess <joeyh@debian.org>  Fri, 27 Oct 2006 20:00:33 -0400
 
 ikiwiki (1.30) unstable; urgency=low
 
index c7f7bbd8c56f0236e0564a5af41c90ba616c0e6a..1e20a0c1b63106d7bd370cd6f298f375ff970719 100644 (file)
@@ -1 +1 @@
-Admins need the ability to lock/remove users, and to block IP ranges.
+Admins need the ability to block IP ranges. They can already ban users.