r61694 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r61693‎ \| r61694 \| r61695 >
Date:	23:29, 29 January 2010
Author:	demon
Status:	ok (Comments)
Tags:
Comment:	Add new global $wgBlockDisablesLogin to prevent logging in by blocked users, obsoletes new Lockout extension
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/DefaultSettings.php (modified) (history) /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -1343,6 +1343,7 @@
1344	1344	'IPv4' => 16, # Blocks larger than a /16 (64k addresses) will not be allowed
1345	1345	'IPv6' => 64, # 2^64 = ~1.8x10^19 addresses
1346	1346	);
	1347	+$wgBlockDisablesLogin = false; # If true, blocked users will not be allowed to login
1347	1348
1348	1349	# Pages anonymous user may see as an array, e.g.:
1349	1350	# array ( "Main Page", "Wikipedia:Help");
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
—	—	@@ -417,6 +417,12 @@
418	418	return self::THROTTLED;
419	419	}
420	420	}
	421	+ // If we've enabled it, make it so that a blocked user cannot login
	422	+ global $wgBlockDisablesLogin;
	423	+ $u = User::newFromName( $this->mName );
	424	+ if( $wgBlockDisablesLogin && !is_null( $u ) && $u->isBlocked() ) {
	425	+ return self::USER_BLOCKED;
	426	+ }
421	427
422	428	// Load $wgUser now, and check to see if we're logging in as the same
423	429	// name. This is necessary because loading $wgUser (say by calling
—	—	@@ -433,7 +439,6 @@
434	440
435	441	# TODO: Allow some magic here for invalid external names, e.g., let the
436	442	# user choose a different wiki name.
437		~~- $u = User::newFromName( $this->mName );~~
438	443	if( is_null( $u ) \|\| !User::isUsableName( $u->getName() ) ) {
439	444	return self::ILLEGAL;
440	445	}
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -98,6 +98,8 @@
99	99	memcached servers.
100	100	* New configuration variables $wgDebugTimestamps and $wgDebugPrintHttpHeaders
101	101	for controlling debug output.
	102	+* New $wgBlockDisablesLogin when set to true disallows blocked users from
	103	+ logging in.
102	104
103	105	=== New features in 1.16 ===
104	106

Follow-up revisions

Revision	Commit summary	Author	Date
r61704	Followup r61694, expand comment based on [[Extension:Lockout]] and also deny ...	demon	01:28, 30 January 2010
r61788	Cleanup r61694, move blocked check to after password check, global auth check...	demon	14:51, 1 February 2010

Comments

#Comment by Platonides (talk | contribs) 00:52, 30 January 2010

The note from Extension:Lockout should be added to DefaultSettings

#Comment by Duesentrieb (talk | contribs) 13:08, 30 January 2010

This only implements half the functionality of Extension:Lockout: it prevents login of blocked users, but it doesn't terminate the current session. I.e. a blocked user will remain logged in until their session expires.

#Comment by Duesentrieb (talk | contribs) 13:11, 30 January 2010

setting to "fixme" as per the above (i hope this conforms to the local customs)

#Comment by 😂 (talk | contribs) 14:29, 30 January 2010

See r61704, I already addressed both these issues.

#Comment by Duesentrieb (talk | contribs) 14:39, 30 January 2010

ah, ok, thanks :)

Status & tagging log

02:16, 15 February 2010 Tim Starling (talk | contribs) changed the status of r61694 [removed: new added: ok]
14:39, 30 January 2010 Duesentrieb (talk | contribs) changed the status of r61694 [removed: fixme added: new]
13:11, 30 January 2010 Duesentrieb (talk | contribs) changed the status of r61694 [removed: new added: fixme]