diff options
| -rw-r--r-- | includes/bootstrap.inc | 5 | ||||
| -rw-r--r-- | modules/user.module | 27 | ||||
| -rw-r--r-- | modules/user/user.module | 27 |
3 files changed, 46 insertions, 13 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index e2e322269..0fde1d259 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -781,9 +781,8 @@ function drupal_get_messages() { /** * Perform an access check for a given mask and rule type. Rules are usually created via admin/access/rules page. - * */ -function drupal_deny($type, $mask) { +function drupal_is_denied($type, $mask) { $allow = db_fetch_object(db_query("SELECT * FROM {access} WHERE status = 1 AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask)); $deny = db_fetch_object(db_query("SELECT * FROM {access} WHERE status = 0 AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask)); @@ -801,7 +800,7 @@ include_once "$config/settings.php"; include_once 'includes/database.inc'; // deny access to hosts which were banned. t() is not yet available. -if (drupal_deny('host', $_SERVER['REMOTE_ADDR'])) { +if (drupal_is_denied('host', $_SERVER['REMOTE_ADDR'])) { header('HTTP/1.0 403 Forbidden'); print "Sorry, ". $_SERVER['REMOTE_ADDR']. " has been banned."; exit(); diff --git a/modules/user.module b/modules/user.module index 7bba07fb7..d53165d69 100644 --- a/modules/user.module +++ b/modules/user.module @@ -339,6 +339,18 @@ function user_access($string, $account = NULL) { } /** + * Checks for usernames blocked by user administration + * + * @return boolean true for blocked users, false for active + */ +function user_is_blocked($name) { + $allow = db_fetch_object(db_query("SELECT * FROM {users} WHERE status = 1 AND name = LOWER('%s')", $name)); + $deny = db_fetch_object(db_query("SELECT * FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name)); + + return $deny && !$allow; +} + +/** * Send an e-mail message. */ function user_mail($mail, $subject, $message, $header) { @@ -798,8 +810,13 @@ function user_login($edit = array(), $msg = '') { drupal_goto('user'); } - if (drupal_deny('user', $edit['name'])) { - $error = t('The name %s has been denied access.', array('%s' => theme('placeholder', $edit['name']))); + if (user_is_blocked($edit['name'])) { + // blocked in user administration + $error = t('The username %name has been blocked.', array('%name' => theme('placeholder', $edit['name']))); + } + else if (drupal_is_denied('user', $edit['name'])) { + // denied by access controls + $error = t('The name %name is a reserved username.', array('%name' => theme('placeholder', $edit['name']))); } else if ($edit['name'] && $edit['pass']) { @@ -1116,7 +1133,7 @@ function user_edit_validate($uid, &$edit) { else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) { form_set_error('name', t('The name %name is already taken.', array('%name' => theme('placeholder', $edit['name'])))); } - else if (drupal_deny('user', $edit['name'])) { + else if (drupal_is_denied('user', $edit['name'])) { form_set_error('name', t('The name %name has been denied access.', array('%name' => theme('placeholder', $edit['name'])))); } @@ -1127,7 +1144,7 @@ function user_edit_validate($uid, &$edit) { else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) { form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => theme('placeholder', $edit['mail'])))); } - else if (drupal_deny('mail', $edit['mail'])) { + else if (drupal_is_denied('mail', $edit['mail'])) { form_set_error('mail', t('The e-mail address %email has been denied access.', array('%email' => theme('placeholder', $edit['mail'])))); } @@ -1384,7 +1401,7 @@ function user_admin_access_check() { $edit = $_POST['edit']; if ($op) { - if (drupal_deny($edit['type'], $edit['test'])) { + if (drupal_is_denied($edit['type'], $edit['test'])) { drupal_set_message(t('%test is not allowed.', array('%test' => theme('placeholder', $edit['test'])))); } else { diff --git a/modules/user/user.module b/modules/user/user.module index 7bba07fb7..d53165d69 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -339,6 +339,18 @@ function user_access($string, $account = NULL) { } /** + * Checks for usernames blocked by user administration + * + * @return boolean true for blocked users, false for active + */ +function user_is_blocked($name) { + $allow = db_fetch_object(db_query("SELECT * FROM {users} WHERE status = 1 AND name = LOWER('%s')", $name)); + $deny = db_fetch_object(db_query("SELECT * FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name)); + + return $deny && !$allow; +} + +/** * Send an e-mail message. */ function user_mail($mail, $subject, $message, $header) { @@ -798,8 +810,13 @@ function user_login($edit = array(), $msg = '') { drupal_goto('user'); } - if (drupal_deny('user', $edit['name'])) { - $error = t('The name %s has been denied access.', array('%s' => theme('placeholder', $edit['name']))); + if (user_is_blocked($edit['name'])) { + // blocked in user administration + $error = t('The username %name has been blocked.', array('%name' => theme('placeholder', $edit['name']))); + } + else if (drupal_is_denied('user', $edit['name'])) { + // denied by access controls + $error = t('The name %name is a reserved username.', array('%name' => theme('placeholder', $edit['name']))); } else if ($edit['name'] && $edit['pass']) { @@ -1116,7 +1133,7 @@ function user_edit_validate($uid, &$edit) { else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) { form_set_error('name', t('The name %name is already taken.', array('%name' => theme('placeholder', $edit['name'])))); } - else if (drupal_deny('user', $edit['name'])) { + else if (drupal_is_denied('user', $edit['name'])) { form_set_error('name', t('The name %name has been denied access.', array('%name' => theme('placeholder', $edit['name'])))); } @@ -1127,7 +1144,7 @@ function user_edit_validate($uid, &$edit) { else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) { form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => theme('placeholder', $edit['mail'])))); } - else if (drupal_deny('mail', $edit['mail'])) { + else if (drupal_is_denied('mail', $edit['mail'])) { form_set_error('mail', t('The e-mail address %email has been denied access.', array('%email' => theme('placeholder', $edit['mail'])))); } @@ -1384,7 +1401,7 @@ function user_admin_access_check() { $edit = $_POST['edit']; if ($op) { - if (drupal_deny($edit['type'], $edit['test'])) { + if (drupal_is_denied($edit['type'], $edit['test'])) { drupal_set_message(t('%test is not allowed.', array('%test' => theme('placeholder', $edit['test'])))); } else { |