* Add basic spam fighting tool for admins: An admin's prefs page now allows

  editing a list of banned users who are not allowed to log in.

4 files changed, 39 insertions, 3 deletions

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index fe89e2758..fcf5e0dd8 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -314,9 +314,11 @@ sub cgi_prefs ($$) { #{{{
 		comment => "(".htmllink("", "", "PageSpec", 1).")");
 	$form->field(name => "locked_pages", size => 50,
 		comment => "(".htmllink("", "", "PageSpec", 1).")");
+	$form->field(name => "banned_users", size => 50);
 	
 	if (! is_admin($user_name)) {
 		$form->field(name => "locked_pages", type => "hidden");
+		$form->field(name => "banned_users", type => "hidden");
 	}
 
 	if ($config{httpauth}) {
@@ -331,6 +333,10 @@ sub cgi_prefs ($$) { #{{{
 			value => userinfo_get($user_name, "subscriptions"));
 		$form->field(name => "locked_pages", force => 1,
 			value => userinfo_get($user_name, "locked_pages"));
+		if (is_admin($user_name)) {
+			$form->field(name => "banned_users", force => 1,
+				value => join(" ", get_banned_users()));
+		}
 	}
 	
 	decode_form_utf8($form);
@@ -350,6 +356,10 @@ sub cgi_prefs ($$) { #{{{
 				userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
 			}
 		}
+		if (is_admin($user_name)) {
+			set_banned_users(grep { ! is_admin($_) }
+					split(' ', $form->field("banned_users")));
+		}
 		$form->text("Preferences saved.");
 	}
 	
@@ -671,7 +681,7 @@ sub cgi () { #{{{
 		}
 		else {
 			$session->param("name", $q->remote_user());
-			if (!userinfo_get($session->param("name"),"regdate")) {
+			if (! userinfo_get($session->param("name"), "regdate")) {
 				userinfo_setall($session->param("name"), {
 					email => "",
 					password => "",
@@ -680,6 +690,12 @@ sub cgi () { #{{{
 			}
 		}
 	}
+
+	if (userinfo_get($session->param("name"), "banned")) {
+		print $q->header(-status => "403 Forbidden");
+		print "You are banned.";
+		exit;
+	}
 	
 	if ($do eq 'create' || $do eq 'edit') {
 		cgi_editpage($q, $session);
diff --git a/IkiWiki/UserInfo.pm b/IkiWiki/UserInfo.pm
index a944cafa6..ae63d8023 100644
--- a/IkiWiki/UserInfo.pm
+++ b/IkiWiki/UserInfo.pm
@@ -67,6 +67,24 @@ sub is_admin ($) { #{{{
 	return grep { $_ eq $user_name } @{$config{adminuser}};
 } #}}}
 
+sub get_banned_users () { #{{{
+	my @ret;
+	my $userinfo=userinfo_retrieve();
+	foreach my $user (keys %{$userinfo}) {
+		push @ret, $user if $userinfo->{$user}->{banned};
+	}
+	return @ret;
+} #}}}
+
+sub set_banned_users (@) { #{{{
+	my %banned=map { $_ => 1 } @_;
+	my $userinfo=userinfo_retrieve();
+	foreach my $user (keys %{$userinfo}) {
+		$userinfo->{$user}->{banned} = $banned{$user};
+	}
+	return userinfo_store($userinfo);
+} #}}}
+
 sub commit_notify_list ($@) { #{{{
 	my $committer=shift;
 	
diff --git a/debian/changelog b/debian/changelog
index 3ba6d15ed..57ad8a7a1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,8 +12,10 @@ ikiwiki (1.31) UNRELEASED; urgency=low
     just in case. Should not be exploitable anyway, since it only tries to run
     polygen after finding the specified grammar file.
   * Add missing dependency on the URI perl module.
+  * Add basic spam fighting tool for admins: An admin's prefs page now allows
+    editing a list of banned users who are not allowed to log in.
 
- -- Joey Hess <joeyh@debian.org>  Fri, 27 Oct 2006 13:10:49 -0400
+ -- Joey Hess <joeyh@debian.org>  Fri, 27 Oct 2006 20:00:33 -0400
 
 ikiwiki (1.30) unstable; urgency=low
 
diff --git a/doc/todo/spam_fighting.mdwn b/doc/todo/spam_fighting.mdwn
index c7f7bbd8c..1e20a0c1b 100644
--- a/doc/todo/spam_fighting.mdwn
+++ b/doc/todo/spam_fighting.mdwn
@@ -1 +1 @@
-Admins need the ability to lock/remove users, and to block IP ranges.
+Admins need the ability to block IP ranges. They can already ban users.