ban user

dckurushin · August 25, 2011, 4:36pm

Added ban field to the users table, no how you suggest to do it?

This is easy to block user, for example in beforeLogin I can return false if user banned…

But I want to catch the ban, and retrun to the user in the login information that he is banned…

jacmoe · August 25, 2011, 4:48pm

Add a custom validation rule - with a custom message ?

dckurushin · August 25, 2011, 4:57pm

I ended up like this…

I decided to save the ban property as private in UserIdentity…

And that after successed validation, I will check before do the user->login

if $identity->ban… and return the message…

And for the autologin, added !$user->ban




if(!$identity->isBanned()){

	$duration = $_POST['rememberMe'] ? 3600*24*30 : 0; // 30 days		

	Yii::app()->user->login($identity, $duration);

	echo json_encode(array('err' => false, 'desc' => $result , 'redirect' => Yii::app()->user->returnUrl));

}else

	echo json_encode(array('err' => true, 'desc' => 'user is banned'));

I use custom ajax validation…

justforgetme · August 25, 2011, 6:09pm

Looks effective…

But: If you only check the user’s ban status on identity validation do note that a logged in user will still be able to do all the user stuff untill his session ends, which if you use a rememberMe implementation can last some time… I never did a ban implementation but I think what I would do would be keep bans in a separate table where id=INT banned=BOOLEAN PK=id this way you should be able to do lightning fast queries that won’t impede your app and you can check on each pageload. On the admin side I probably would (for convenience) couple the banned table as an FK to the users table. That way once you have a user id you can $user->banned=true and on his next pageload the user will be locked out.

Just my 2c.

dckurushin · August 25, 2011, 10:01pm

The problem is - that the script consume a lot of memory…

it is actually scares me a little bit…

If I load the user with AR, I get

Execution Time: 0.085 sec Memory Usage: 1.58 kb

DAO

Execution Time: 0.104 sec Memory Usage: 1.35 kb

If i don’t load I get

Execution Time: 0.05 sec Memory Usage: 1.21 kb

300kb is alot!

So going for now with dao to retrive user info and check ban…

added this in Controller beforeAction

Alain_lf · December 29, 2013, 10:33am

I implemented this feature too but since the goal was simply to stop a user from causing damage, I decided to extend ActiveRecord and check for ban in beforeSave.

If they are banned, log them out.

Instead of checking for ban every request, we only check when we really need to (When user change stuff).

Edit: I tried to post a code sample but for some reason it get flagged as spam…