Commit 4c77761e authored by Dries's avatar Dries

- Patch #3962 by deekayen: improved error message when a blocked user attempts to login.

parent e550f841
......@@ -781,9 +781,8 @@ function drupal_get_messages() {
/**
* Perform an access check for a given mask and rule type. Rules are usually created via admin/access/rules page.
*
*/
function drupal_deny($type, $mask) {
function drupal_is_denied($type, $mask) {
$allow = db_fetch_object(db_query("SELECT * FROM {access} WHERE status = 1 AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
$deny = db_fetch_object(db_query("SELECT * FROM {access} WHERE status = 0 AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
......@@ -801,7 +800,7 @@ function drupal_deny($type, $mask) {
include_once 'includes/database.inc';
// deny access to hosts which were banned. t() is not yet available.
if (drupal_deny('host', $_SERVER['REMOTE_ADDR'])) {
if (drupal_is_denied('host', $_SERVER['REMOTE_ADDR'])) {
header('HTTP/1.0 403 Forbidden');
print "Sorry, ". $_SERVER['REMOTE_ADDR']. " has been banned.";
exit();
......
......@@ -338,6 +338,18 @@ function user_access($string, $account = NULL) {
return FALSE;
}
/**
* Checks for usernames blocked by user administration
*
* @return boolean true for blocked users, false for active
*/
function user_is_blocked($name) {
$allow = db_fetch_object(db_query("SELECT * FROM {users} WHERE status = 1 AND name = LOWER('%s')", $name));
$deny = db_fetch_object(db_query("SELECT * FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
return $deny && !$allow;
}
/**
* Send an e-mail message.
*/
......@@ -798,8 +810,13 @@ function user_login($edit = array(), $msg = '') {
drupal_goto('user');
}
if (drupal_deny('user', $edit['name'])) {
$error = t('The name %s has been denied access.', array('%s' => theme('placeholder', $edit['name'])));
if (user_is_blocked($edit['name'])) {
// blocked in user administration
$error = t('The username %name has been blocked.', array('%name' => theme('placeholder', $edit['name'])));
}
else if (drupal_is_denied('user', $edit['name'])) {
// denied by access controls
$error = t('The name %name is a reserved username.', array('%name' => theme('placeholder', $edit['name'])));
}
else if ($edit['name'] && $edit['pass']) {
......@@ -1116,7 +1133,7 @@ function user_edit_validate($uid, &$edit) {
else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
form_set_error('name', t('The name %name is already taken.', array('%name' => theme('placeholder', $edit['name']))));
}
else if (drupal_deny('user', $edit['name'])) {
else if (drupal_is_denied('user', $edit['name'])) {
form_set_error('name', t('The name %name has been denied access.', array('%name' => theme('placeholder', $edit['name']))));
}
......@@ -1127,7 +1144,7 @@ function user_edit_validate($uid, &$edit) {
else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => theme('placeholder', $edit['mail']))));
}
else if (drupal_deny('mail', $edit['mail'])) {
else if (drupal_is_denied('mail', $edit['mail'])) {
form_set_error('mail', t('The e-mail address %email has been denied access.', array('%email' => theme('placeholder', $edit['mail']))));
}
......@@ -1384,7 +1401,7 @@ function user_admin_access_check() {
$edit = $_POST['edit'];
if ($op) {
if (drupal_deny($edit['type'], $edit['test'])) {
if (drupal_is_denied($edit['type'], $edit['test'])) {
drupal_set_message(t('%test is not allowed.', array('%test' => theme('placeholder', $edit['test']))));
}
else {
......
......@@ -338,6 +338,18 @@ function user_access($string, $account = NULL) {
return FALSE;
}
/**
* Checks for usernames blocked by user administration
*
* @return boolean true for blocked users, false for active
*/
function user_is_blocked($name) {
$allow = db_fetch_object(db_query("SELECT * FROM {users} WHERE status = 1 AND name = LOWER('%s')", $name));
$deny = db_fetch_object(db_query("SELECT * FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
return $deny && !$allow;
}
/**
* Send an e-mail message.
*/
......@@ -798,8 +810,13 @@ function user_login($edit = array(), $msg = '') {
drupal_goto('user');
}
if (drupal_deny('user', $edit['name'])) {
$error = t('The name %s has been denied access.', array('%s' => theme('placeholder', $edit['name'])));
if (user_is_blocked($edit['name'])) {
// blocked in user administration
$error = t('The username %name has been blocked.', array('%name' => theme('placeholder', $edit['name'])));
}
else if (drupal_is_denied('user', $edit['name'])) {
// denied by access controls
$error = t('The name %name is a reserved username.', array('%name' => theme('placeholder', $edit['name'])));
}
else if ($edit['name'] && $edit['pass']) {
......@@ -1116,7 +1133,7 @@ function user_edit_validate($uid, &$edit) {
else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
form_set_error('name', t('The name %name is already taken.', array('%name' => theme('placeholder', $edit['name']))));
}
else if (drupal_deny('user', $edit['name'])) {
else if (drupal_is_denied('user', $edit['name'])) {
form_set_error('name', t('The name %name has been denied access.', array('%name' => theme('placeholder', $edit['name']))));
}
......@@ -1127,7 +1144,7 @@ function user_edit_validate($uid, &$edit) {
else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => theme('placeholder', $edit['mail']))));
}
else if (drupal_deny('mail', $edit['mail'])) {
else if (drupal_is_denied('mail', $edit['mail'])) {
form_set_error('mail', t('The e-mail address %email has been denied access.', array('%email' => theme('placeholder', $edit['mail']))));
}
......@@ -1384,7 +1401,7 @@ function user_admin_access_check() {
$edit = $_POST['edit'];
if ($op) {
if (drupal_deny($edit['type'], $edit['test'])) {
if (drupal_is_denied($edit['type'], $edit['test'])) {
drupal_set_message(t('%test is not allowed.', array('%test' => theme('placeholder', $edit['test']))));
}
else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment