summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-10-28 00:35:33 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-10-28 00:35:33 +0000
commitb6509c74a96ee5b16c774c5365f5ab6e542d180b (patch)
tree7c189fa7bb53d31a1381d25e79e84fa9d022e38d
parented463de21f4229a2e25083c623d8f8b8bab6138f (diff)
* Add basic spam fighting tool for admins: An admin's prefs page now allows
editing a list of banned users who are not allowed to log in.
-rw-r--r--IkiWiki/CGI.pm18
-rw-r--r--IkiWiki/UserInfo.pm18
-rw-r--r--debian/changelog4
-rw-r--r--doc/todo/spam_fighting.mdwn2
4 files changed, 39 insertions, 3 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index fe89e2758..fcf5e0dd8 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -314,9 +314,11 @@ sub cgi_prefs ($$) { #{{{
comment => "(".htmllink("", "", "PageSpec", 1).")");
$form->field(name => "locked_pages", size => 50,
comment => "(".htmllink("", "", "PageSpec", 1).")");
+ $form->field(name => "banned_users", size => 50);
if (! is_admin($user_name)) {
$form->field(name => "locked_pages", type => "hidden");
+ $form->field(name => "banned_users", type => "hidden");
}
if ($config{httpauth}) {
@@ -331,6 +333,10 @@ sub cgi_prefs ($$) { #{{{
value => userinfo_get($user_name, "subscriptions"));
$form->field(name => "locked_pages", force => 1,
value => userinfo_get($user_name, "locked_pages"));
+ if (is_admin($user_name)) {
+ $form->field(name => "banned_users", force => 1,
+ value => join(" ", get_banned_users()));
+ }
}
decode_form_utf8($form);
@@ -350,6 +356,10 @@ sub cgi_prefs ($$) { #{{{
userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
}
}
+ if (is_admin($user_name)) {
+ set_banned_users(grep { ! is_admin($_) }
+ split(' ', $form->field("banned_users")));
+ }
$form->text("Preferences saved.");
}
@@ -671,7 +681,7 @@ sub cgi () { #{{{
}
else {
$session->param("name", $q->remote_user());
- if (!userinfo_get($session->param("name"),"regdate")) {
+ if (! userinfo_get($session->param("name"), "regdate")) {
userinfo_setall($session->param("name"), {
email => "",
password => "",
@@ -680,6 +690,12 @@ sub cgi () { #{{{
}
}
}
+
+ if (userinfo_get($session->param("name"), "banned")) {
+ print $q->header(-status => "403 Forbidden");
+ print "You are banned.";
+ exit;
+ }
if ($do eq 'create' || $do eq 'edit') {
cgi_editpage($q, $session);
diff --git a/IkiWiki/UserInfo.pm b/IkiWiki/UserInfo.pm
index a944cafa6..ae63d8023 100644
--- a/IkiWiki/UserInfo.pm
+++ b/IkiWiki/UserInfo.pm
@@ -67,6 +67,24 @@ sub is_admin ($) { #{{{
return grep { $_ eq $user_name } @{$config{adminuser}};
} #}}}
+sub get_banned_users () { #{{{
+ my @ret;
+ my $userinfo=userinfo_retrieve();
+ foreach my $user (keys %{$userinfo}) {
+ push @ret, $user if $userinfo->{$user}->{banned};
+ }
+ return @ret;
+} #}}}
+
+sub set_banned_users (@) { #{{{
+ my %banned=map { $_ => 1 } @_;
+ my $userinfo=userinfo_retrieve();
+ foreach my $user (keys %{$userinfo}) {
+ $userinfo->{$user}->{banned} = $banned{$user};
+ }
+ return userinfo_store($userinfo);
+} #}}}
+
sub commit_notify_list ($@) { #{{{
my $committer=shift;
diff --git a/debian/changelog b/debian/changelog
index 3ba6d15ed..57ad8a7a1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,8 +12,10 @@ ikiwiki (1.31) UNRELEASED; urgency=low
just in case. Should not be exploitable anyway, since it only tries to run
polygen after finding the specified grammar file.
* Add missing dependency on the URI perl module.
+ * Add basic spam fighting tool for admins: An admin's prefs page now allows
+ editing a list of banned users who are not allowed to log in.
- -- Joey Hess <joeyh@debian.org> Fri, 27 Oct 2006 13:10:49 -0400
+ -- Joey Hess <joeyh@debian.org> Fri, 27 Oct 2006 20:00:33 -0400
ikiwiki (1.30) unstable; urgency=low
diff --git a/doc/todo/spam_fighting.mdwn b/doc/todo/spam_fighting.mdwn
index c7f7bbd8c..1e20a0c1b 100644
--- a/doc/todo/spam_fighting.mdwn
+++ b/doc/todo/spam_fighting.mdwn
@@ -1 +1 @@
-Admins need the ability to lock/remove users, and to block IP ranges.
+Admins need the ability to block IP ranges. They can already ban users.