From: joey Date: Sat, 28 Oct 2006 00:35:33 +0000 (+0000) Subject: * Add basic spam fighting tool for admins: An admin's prefs page now allows X-Git-Url: https://scripts.mit.edu/gitweb/www/ikiwiki.git/commitdiff_plain/b6509c74a96ee5b16c774c5365f5ab6e542d180b * Add basic spam fighting tool for admins: An admin's prefs page now allows editing a list of banned users who are not allowed to log in. --- diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index fe89e2758..fcf5e0dd8 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -314,9 +314,11 @@ sub cgi_prefs ($$) { #{{{ comment => "(".htmllink("", "", "PageSpec", 1).")"); $form->field(name => "locked_pages", size => 50, comment => "(".htmllink("", "", "PageSpec", 1).")"); + $form->field(name => "banned_users", size => 50); if (! is_admin($user_name)) { $form->field(name => "locked_pages", type => "hidden"); + $form->field(name => "banned_users", type => "hidden"); } if ($config{httpauth}) { @@ -331,6 +333,10 @@ sub cgi_prefs ($$) { #{{{ value => userinfo_get($user_name, "subscriptions")); $form->field(name => "locked_pages", force => 1, value => userinfo_get($user_name, "locked_pages")); + if (is_admin($user_name)) { + $form->field(name => "banned_users", force => 1, + value => join(" ", get_banned_users())); + } } decode_form_utf8($form); @@ -350,6 +356,10 @@ sub cgi_prefs ($$) { #{{{ userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field"); } } + if (is_admin($user_name)) { + set_banned_users(grep { ! is_admin($_) } + split(' ', $form->field("banned_users"))); + } $form->text("Preferences saved."); } @@ -671,7 +681,7 @@ sub cgi () { #{{{ } else { $session->param("name", $q->remote_user()); - if (!userinfo_get($session->param("name"),"regdate")) { + if (! userinfo_get($session->param("name"), "regdate")) { userinfo_setall($session->param("name"), { email => "", password => "", @@ -680,6 +690,12 @@ sub cgi () { #{{{ } } } + + if (userinfo_get($session->param("name"), "banned")) { + print $q->header(-status => "403 Forbidden"); + print "You are banned."; + exit; + } if ($do eq 'create' || $do eq 'edit') { cgi_editpage($q, $session); diff --git a/IkiWiki/UserInfo.pm b/IkiWiki/UserInfo.pm index a944cafa6..ae63d8023 100644 --- a/IkiWiki/UserInfo.pm +++ b/IkiWiki/UserInfo.pm @@ -67,6 +67,24 @@ sub is_admin ($) { #{{{ return grep { $_ eq $user_name } @{$config{adminuser}}; } #}}} +sub get_banned_users () { #{{{ + my @ret; + my $userinfo=userinfo_retrieve(); + foreach my $user (keys %{$userinfo}) { + push @ret, $user if $userinfo->{$user}->{banned}; + } + return @ret; +} #}}} + +sub set_banned_users (@) { #{{{ + my %banned=map { $_ => 1 } @_; + my $userinfo=userinfo_retrieve(); + foreach my $user (keys %{$userinfo}) { + $userinfo->{$user}->{banned} = $banned{$user}; + } + return userinfo_store($userinfo); +} #}}} + sub commit_notify_list ($@) { #{{{ my $committer=shift; diff --git a/debian/changelog b/debian/changelog index 3ba6d15ed..57ad8a7a1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,8 +12,10 @@ ikiwiki (1.31) UNRELEASED; urgency=low just in case. Should not be exploitable anyway, since it only tries to run polygen after finding the specified grammar file. * Add missing dependency on the URI perl module. + * Add basic spam fighting tool for admins: An admin's prefs page now allows + editing a list of banned users who are not allowed to log in. - -- Joey Hess Fri, 27 Oct 2006 13:10:49 -0400 + -- Joey Hess Fri, 27 Oct 2006 20:00:33 -0400 ikiwiki (1.30) unstable; urgency=low diff --git a/doc/todo/spam_fighting.mdwn b/doc/todo/spam_fighting.mdwn index c7f7bbd8c..1e20a0c1b 100644 --- a/doc/todo/spam_fighting.mdwn +++ b/doc/todo/spam_fighting.mdwn @@ -1 +1 @@ -Admins need the ability to lock/remove users, and to block IP ranges. +Admins need the ability to block IP ranges. They can already ban users.