comment => "(".htmllink("", "", "PageSpec", 1).")");
$form->field(name => "locked_pages", size => 50,
comment => "(".htmllink("", "", "PageSpec", 1).")");
+ $form->field(name => "banned_users", size => 50);
if (! is_admin($user_name)) {
$form->field(name => "locked_pages", type => "hidden");
+ $form->field(name => "banned_users", type => "hidden");
}
if ($config{httpauth}) {
value => userinfo_get($user_name, "subscriptions"));
$form->field(name => "locked_pages", force => 1,
value => userinfo_get($user_name, "locked_pages"));
+ if (is_admin($user_name)) {
+ $form->field(name => "banned_users", force => 1,
+ value => join(" ", get_banned_users()));
+ }
}
decode_form_utf8($form);
userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
}
}
+ if (is_admin($user_name)) {
+ set_banned_users(grep { ! is_admin($_) }
+ split(' ', $form->field("banned_users")));
+ }
$form->text("Preferences saved.");
}
}
else {
$session->param("name", $q->remote_user());
- if (!userinfo_get($session->param("name"),"regdate")) {
+ if (! userinfo_get($session->param("name"), "regdate")) {
userinfo_setall($session->param("name"), {
email => "",
password => "",
}
}
}
+
+ if (userinfo_get($session->param("name"), "banned")) {
+ print $q->header(-status => "403 Forbidden");
+ print "You are banned.";
+ exit;
+ }
if ($do eq 'create' || $do eq 'edit') {
cgi_editpage($q, $session);
return grep { $_ eq $user_name } @{$config{adminuser}};
} #}}}
+sub get_banned_users () { #{{{
+ my @ret;
+ my $userinfo=userinfo_retrieve();
+ foreach my $user (keys %{$userinfo}) {
+ push @ret, $user if $userinfo->{$user}->{banned};
+ }
+ return @ret;
+} #}}}
+
+sub set_banned_users (@) { #{{{
+ my %banned=map { $_ => 1 } @_;
+ my $userinfo=userinfo_retrieve();
+ foreach my $user (keys %{$userinfo}) {
+ $userinfo->{$user}->{banned} = $banned{$user};
+ }
+ return userinfo_store($userinfo);
+} #}}}
+
sub commit_notify_list ($@) { #{{{
my $committer=shift;
just in case. Should not be exploitable anyway, since it only tries to run
polygen after finding the specified grammar file.
* Add missing dependency on the URI perl module.
+ * Add basic spam fighting tool for admins: An admin's prefs page now allows
+ editing a list of banned users who are not allowed to log in.
- -- Joey Hess <joeyh@debian.org> Fri, 27 Oct 2006 13:10:49 -0400
+ -- Joey Hess <joeyh@debian.org> Fri, 27 Oct 2006 20:00:33 -0400
ikiwiki (1.30) unstable; urgency=low