Added a way to disable a user.

2025-01-21 02:35:21 +00:00 · 2000-01-18 22:41:26 +00:00 · 2000-01-18 22:41:26 +00:00 · 4e67064f23
commit 4e67064f23
parent 9a4f6d0b36
3 changed files with 93 additions and 24 deletions
--- a/webtools/bugzilla/CGI.pl
+++ b/webtools/bugzilla/CGI.pl
@ -487,6 +487,7 @@ sub PasswordForLogin {
 sub quietly_check_login() {
    $::usergroupset = '0';
    my $loginok = 0;
+    $::disabledreason = '';
    if (defined $::COOKIE{"Bugzilla_login"} &&
 	defined $::COOKIE{"Bugzilla_logincookie"}) {
        ConnectToDatabase();
@ -499,16 +500,23 @@ sub quietly_check_login() {
 		" and profiles.cryptpassword = logincookies.cryptpassword " .
 		"and logincookies.hostname = " .
 		SqlQuote($ENV{"REMOTE_HOST"}) .
+                ", profiles.disabledtext " .
 		" from profiles,logincookies where logincookies.cookie = " .
 		SqlQuote($::COOKIE{"Bugzilla_logincookie"}) .
 		" and profiles.userid = logincookies.userid");
        my @row;
        if (@row = FetchSQLData()) {
-            $loginok = $row[2];
-            if ($loginok) {
-                $::usergroupset = $row[0];
-                $::COOKIE{"Bugzilla_login"} = $row[1]; # Makes sure case is in
-                                                       # canonical form.
+            my ($groupset, $loginname, $ok, $disabledtext) = (@row);
+            if ($ok) {
+                if ($disabledtext eq '') {
+                    $loginok = 1;
+                    $::usergroupset = $groupset;
+                    $::COOKIE{"Bugzilla_login"} = $loginname; # Makes sure case
+                                                              # is in
+                                                              # canonical form.
+                } else {
+                    $::disabledreason = $disabledtext;
+                }
            }
        }
    }
@ -639,6 +647,22 @@ sub confirm_login {
    my $loginok = quietly_check_login();

    if ($loginok != 1) {
+        if ($::disabledreason) {
+            print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+Content-type: text/html
+
+";
+            PutHeader("Your account has been disabled");
+            print $::disabledreason;
+            print "<HR>\n";
+            print "If you believe your account should be restored, please\n";
+            print "send email to " . Param("maintainer") . " explaining\n";
+            print "why.\n";
+            PutFooter();
+            exit();
+        }
        print "Content-type: text/html\n\n";
        PutHeader("Login", undef, undef, undef, 1);
        print "I need a legitimate e-mail address and password to continue.\n";
--- a/webtools/bugzilla/checksetup.pl
+++ b/webtools/bugzilla/checksetup.pl
@ -625,6 +625,7 @@ $table{profiles} =
    realname varchar(255),
    groupset bigint not null,
    emailnotification enum("ExcludeSelfChanges", "CConly", "All") not null default "ExcludeSelfChanges",
+    disabledtext mediumtext not null,

    index(login_name)';

@ -1024,7 +1025,13 @@ if (!GetFieldDef('bugs', 'keywords')) {
        push(@list, $k);
    }
 }
-        
+
+
+# 2000-01-18 Added a "disabledtext" field to the profiles table.  If not
+# empty, then this account has been disabled, and this field is to contain
+# text describing why.
+
+AddField('profiles', 'disabledtext',  'mediumtext not null');



--- a/webtools/bugzilla/editusers.cgi
+++ b/webtools/bugzilla/editusers.cgi
@ -73,9 +73,10 @@ sub CheckUser ($)
 # Displays the form to edit a user parameters
 #

-sub EmitFormElements ($$$$$)
+sub EmitFormElements ($$$$$$)
 {
-    my ($user, $password, $realname, $groupset, $emailnotification) = @_;
+    my ($user, $password, $realname, $groupset, $emailnotification,
+        $disabledtext) = @_;

    print "  <TH ALIGN=\"right\">Login name:</TH>\n";
    print "  <TD><INPUT SIZE=64 MAXLENGTH=255 NAME=\"user\" VALUE=\"$user\"></TD>\n";
@ -102,6 +103,15 @@ sub EmitFormElements ($$$$$)
        print qq{<OPTION$selectpart VALUE="$tag">$desc\n};
    }
    print "</SELECT></TD>\n";
+    print "</TR><TR>\n";
+    print "  <TH ALIGN=\"right\">Disable text:</TH>\n";
+    print "  <TD ROWSPAN=2><TEXTAREA NAME=\"disabledtext\" ROWS=10 COLS=60>" .
+        value_quote($disabledtext) . "</TEXTAREA>\n";
+    print "  </TD>\n";
+    print "</TR><TR>\n";
+    print "  <TD VALIGN=\"top\">If non-empty, then the account will\n";
+    print "be disabled, and this text should explain why.</TD>\n";
+

    SendSQL("SELECT bit,name,description,bit & $groupset != 0
 	     FROM groups
@ -182,7 +192,7 @@ my $candelete = Param('allowuserdeletion');
 unless ($action) {
    PutHeader("Select match string");
    print qq{
-<FORM METHOD=POST ACTION="editusers.cgi">
+<FORM METHOD=GET ACTION="editusers.cgi">
 <INPUT TYPE=HIDDEN NAME="action" VALUE="list">
 List users with login name matching: 
 <INPUT SIZE=32 NAME="matchstr">
@ -205,7 +215,8 @@ List users with login name matching:

 if ($action eq 'list') {
    PutHeader("Select user");
-    my $query = "SELECT login_name,realname FROM profiles WHERE login_name ";
+    my $query = "SELECT login_name,realname,disabledtext " .
+        "FROM profiles WHERE login_name ";
    if ($::FORM{'matchtype'} eq 'substr') {
        $query .= "like";
        $::FORM{'matchstr'} = '%' . $::FORM{'matchstr'} . '%';
@ -234,11 +245,17 @@ if ($action eq 'list') {
        if ($count % 100 == 0) {
            print "</table>$header";
        }
-	my ($user, $realname) = FetchSQLData();
+	my ($user, $realname, $disabledtext) = FetchSQLData();
+        my $s = "";
+        my $e = "";
+        if ($disabledtext) {
+            $s = "<STRIKE>";
+            $e = "</STRIKE>";
+        }
 	$realname ||= "<FONT COLOR=\"red\">missing</FONT>";
 	print "<TR>\n";
-	print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$user</B></A></TD>\n";
-	print "  <TD VALIGN=\"top\">$realname</TD>\n";
+	print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$s$user$e</B></A></TD>\n";
+	print "  <TD VALIGN=\"top\">$s$realname$e</TD>\n";
        if ($candelete) {
            print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=del&user=", url_quote($user), "\">Delete</A></TD>\n";
        }
@ -273,7 +290,7 @@ if ($action eq 'add') {
    print "<FORM METHOD=POST ACTION=editusers.cgi>\n";
    print "<TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0><TR>\n";

-    EmitFormElements('', '', '', 0, 'ExcludeSelfChanges');
+    EmitFormElements('', '', '', 0, 'ExcludeSelfChanges', '');

    print "</TR></TABLE>\n<HR>\n";
    print "<INPUT TYPE=SUBMIT VALUE=\"Add\">\n";
@ -298,6 +315,7 @@ if ($action eq 'new') {
    # Cleanups and valididy checks
    my $realname = trim($::FORM{realname} || '');
    my $password = trim($::FORM{password} || '');
+    my $disabledtext = trim($::FORM{disabledtext} || '');

    unless ($user) {
        print "You must enter a name for the new user. Please press\n";
@ -335,13 +353,15 @@ if ($action eq 'new') {

    # Add the new user
    SendSQL("INSERT INTO profiles ( " .
-          "login_name, password, cryptpassword, realname, groupset" .
-          " ) VALUES ( " .
-          SqlQuote($user) . "," .
-          SqlQuote($password) . "," .
-          "encrypt(" . SqlQuote($password) . ")," .
-          SqlQuote($realname) . "," .
-          $bits . ")" );
+            "login_name, password, cryptpassword, realname, groupset, " .
+            "disabledtext" .
+            " ) VALUES ( " .
+            SqlQuote($user) . "," .
+            SqlQuote($password) . "," .
+            "encrypt(" . SqlQuote($password) . ")," .
+            SqlQuote($realname) . "," .
+            $bits . "," .
+            SqlQuote($disabledtext) . ")" );

    #+++ send e-mail away

@ -525,16 +545,18 @@ if ($action eq 'edit') {
    CheckUser($user);

    # get data of user
-    SendSQL("SELECT password, realname, groupset, emailnotification
+    SendSQL("SELECT password, realname, groupset, emailnotification,
+                    disabledtext
 	     FROM profiles
 	     WHERE login_name=" . SqlQuote($user));
-    my ($password, $realname, $groupset, $emailnotification) = FetchSQLData();
+    my ($password, $realname, $groupset, $emailnotification,
+        $disabledtext) = FetchSQLData();

    print "<FORM METHOD=POST ACTION=editusers.cgi>\n";
    print "<TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0><TR>\n";

    EmitFormElements($user, $password, $realname, $groupset,
-                     $emailnotification);
+                     $emailnotification, $disabledtext);
    
    print "</TR></TABLE>\n";

@ -543,6 +565,8 @@ if ($action eq 'edit') {
    print "<INPUT TYPE=HIDDEN NAME=\"realnameold\" VALUE=\"$realname\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"groupsetold\" VALUE=\"$groupset\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"emailnotificationold\" VALUE=\"$emailnotification\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"disabledtextold\" VALUE=\"" .
+        value_quote($disabledtext) . "\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"update\">\n";
    print "<INPUT TYPE=SUBMIT VALUE=\"Update\">\n";

@ -568,6 +592,8 @@ if ($action eq 'update') {
    my $passwordold           = trim($::FORM{passwordold}          || '');
    my $emailnotification     = trim($::FORM{emailnotification}    || '');
    my $emailnotificationold  = trim($::FORM{emailnotificationold} || '');
+    my $disabledtext          = trim($::FORM{disabledtext}         || '');
+    my $disabledtextold       = trim($::FORM{disabledtextold}      || '');
    my $groupsetold           = trim($::FORM{groupsetold}          || '');

    my $groupset = "0";
@ -609,6 +635,18 @@ if ($action eq 'update') {
 		 WHERE login_name=" . SqlQuote($userold));
 	print "Updated real name.<BR>\n";
    }
+    if ($disabledtext ne $disabledtextold) {
+        SendSQL("UPDATE profiles
+		 SET disabledtext=" . SqlQuote($disabledtext) . "
+		 WHERE login_name=" . SqlQuote($userold));
+        SendSQL("SELECT userid
+	         FROM profiles
+	         WHERE login_name=" . SqlQuote($user));
+        my $userid = FetchOneColumn();
+        SendSQL("DELETE FROM logincookies
+	         WHERE userid=" . $userid);
+	print "Updated disabled text.<BR>\n";
+    }
    if ($user ne $userold) {
 	unless ($user) {
 	    print "Sorry, I can't delete the user's name.";