makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-12 22:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/9650] Do not allow banning the anonymous user by username

Browse source 
Banning anonymous can result in bad things, like not being able to log in.  However, it was possible until now.

PHPBB3-9650
This commit is contained in:
Josh Woody 2010-07-05 22:22:25 -05:00
parent b7ae0fe4e9
commit ae967d16f1
3 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
phpBB/includes/acp/acp_users.php
View file

@ -231,6 +231,11 @@ class acp_users
trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
} }
if ($user_id == ANONYMOUS)
{
trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if ($user_row['user_type'] == USER_FOUNDER) if ($user_row['user_type'] == USER_FOUNDER)
{ {
trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

7
phpBB/includes/functions_user.php
View file

@ -837,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
FROM ' . USERS_TABLE . ' FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
// Do not allow banning yourself // Do not allow banning yourself, the guest account, or founders.
$non_bannable = array($user->data['user_id'], ANONYMOUS);
if (sizeof($founder)) if (sizeof($founder))
{ {
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true); $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
} }
else else
{ {
$sql .= ' AND user_id <> ' . $user->data['user_id']; $sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
} }
$result = $db->sql_query($sql); $result = $db->sql_query($sql);

1
phpBB/language/en/acp/users.php
View file

@ -42,6 +42,7 @@ $lang = array_merge($lang, array(
'BAN_ALREADY_ENTERED' => 'The ban had been previously entered successfully. The ban list has not been updated.', 'BAN_ALREADY_ENTERED' => 'The ban had been previously entered successfully. The ban list has not been updated.',
'BAN_SUCCESSFUL' => 'Ban entered successfully.', 'BAN_SUCCESSFUL' => 'Ban entered successfully.',
'CANNOT_BAN_ANONYMOUS' => 'You are not allowed to ban the anonymous account. Permissions for anonymous users can be set under the Permissions tab.',
'CANNOT_BAN_FOUNDER' => 'You are not allowed to ban founder accounts.', 'CANNOT_BAN_FOUNDER' => 'You are not allowed to ban founder accounts.',
'CANNOT_BAN_YOURSELF' => 'You are not allowed to ban yourself.', 'CANNOT_BAN_YOURSELF' => 'You are not allowed to ban yourself.',
'CANNOT_DEACTIVATE_BOT' => 'You are not allowed to deactivate bot accounts. Please deactivate the bot within the bots page instead.', 'CANNOT_DEACTIVATE_BOT' => 'You are not allowed to deactivate bot accounts. Please deactivate the bot within the bots page instead.',