Last updated January 6, 2009. Created by dawehner on April 25, 2008.
Edited by add1sun, sepeck. Log in to edit this page.
Set up username and e-mail address access rules for new and existing accounts (currently logged in accounts will not be logged out). If a username or e-mail address for an account matches any deny rule, but not an allow rule, then the account will not be allowed to be created or to log in. A host rule is effective for every page view, not just registrations.
Select Add rule to add a rule. You can choose between an access/deny rule and apply it to username, e-mail or host mask and use wildcards. Using the Check rule you can test whether it applies.
Comments
"Bug" to be careful of
It's very important that you DO NOT create a rule blocking the first user out of the site.
Traditionally this means, do not create "%admin%" without also creating another rule expressly allowing "admin" It will block you from logging in.
Of course extend this to whatever username your first use is.
This access rule issue should really be fixed, but it's a pretty edge case.
This is the line of mysql I had to use to add the allow, after I blocked myself from the site :(
insert into access (mask,type,status) values ('admin','user','1');Once-a-year case?
Thank You doublejosh, for sharing the information of how to fix this!
I made the same mistake almost precisely a year later from yours.
It would be nice to know, if anyone has come up with a way to fix this "bug". I know it is not an actual bug, but if someone has written additional code to keep this from happening, kindly, share it. Though I'm sure to remember to avoid doing this again, there might still be others like doublejosh and me, and you'll see another poor soul browsing here next time, in March 2012. ;)
Thanks, and regards,
MerjaS
____________________
MerjaS
www.gurux.org
------------------
Drupal 6.22
MySQL database 5.0.77
PHP 5.2.8
server Microsoft-IIS/7.0
When creating a site with complex username-driven URLs...
When creating a site with complex username-driven URLs, you might also want to prevent users from using underscores. You can do this by typing %\_%, and just to be safe, you might want to block the \ character by typing %\\%.
Also, when blocking IPs, be careful blocking ranges, because you might share the same range as the person you're trying to get rid off. (Trust me, it happens.) Best practice is to ban the specific IP, and if needed, allow your specific IP before banning the IP range. This lets you keep your access to the site and ban the range at the same time.
---
My D6 reviews site: http://getlives.com
My portfolio/blog: http://www.tapskill.com
Guys, I added 'deny' access
Guys,
I added 'deny' access rules for 31 symbols and now I cannot log in with any account on my website.
I did the following
%!%
%@%
%#% ....etc, for 31 symbols below
` ~ ! @ # $ % ^ & * ( ) + = \ | ] } [ { ' " ; : / ? . > , < (and space)Here is the thread I started - http://drupal.org/node/962358
Any help is appreciate, thanks!
You've added the % symbol,
You've added the % symbol, you can remove it from you db in table access
Not possible to WHITELIST some and Admin Approve others
To my knowledge, it is not possible to set up a set of whitelist Allow Without Admin Approval masks (except partially with #1046802: register_preapproved works as advertised, but admin-approval message still shows), blacklist (Deny) masks, and still have non-matching emails fall back on Admin Approval.
--
..happiness is point and click..
http://www.bronius.com
Characters
So if I wanted to restrict users to numerical user names, how would I do that?
For instance, would it work to set an allow rule to ### to allow only 3 digit numerical user names?
Module For adding Multiple Access Rules
Is there a module for adding multiple rules at once?
I have found SQL examples but just wondering if there is module to do this in Drupal 6.
Also where is this in Drupal 7?
Thanks
Ted Bowman
Six Mile Tech Drupal Training
Moved out of D7 core, into user_restrictions module
Ref. the ended discussion in http://drupal.org/node/228594
and the resulting new contrib. module, currently in beta:
http://drupal.org/project/user_restrictions
You can place feature requests in that issue queue if you want to suggest added functionality.
[FYI: Feb. 2012: User name changed from "DanielTheViking" to "Leeteq".]
I find it really strange that
I find it really strange that I can't delete a spam account after I've denied the email domain or some other deny access rule. So, if the email address of the spam account is now disallowed, I can't delete the account. Who decided the admin account can't delete any user account regardless of the deny rules?
Steel Rat
Some of My Drupal Sites:
Helm's Deep RPG Network
RPGMapShare.com
Infinite Realities
The reasoning behind this, is
The reasoning behind this, is if the access rule can be bypassed, circumvented, or is removed--the account discovered to be spamming remains blocked from the site entirely. In this way, the spammer can't re-register or re-activate their account with the same email address.
Depending on your mix of modules, as well, another module may be preventing you from removing the account because something is associated with it that shouldn't be removed from the database.
I only get a deletion error
I only get a deletion error if any if the user account fields matches a denied access rule.
Seems like a permissions check for user 1 would allow a deletion anyway.
Steel Rat
Some of My Drupal Sites:
Helm's Deep RPG Network
RPGMapShare.com
Infinite Realities
Require Specific Domain on Registration, but Allow Change Later
Is there a way to require a specific domain during registration to only allow e-mail addresses from a particular domain, then once that use has created an account, allow them to change it and not have a rule that only restricts e-mails to one domain not deny it or block that user?
I completely understand the whole using rules to block out all but one domain (or others for admins), but I'm not seeing a logical way to make it possible for users to change their e-mail address to one they prefer to use later. We're verifying/restricting for one domain, but we'd like to keep those users after they've moved on and no longer have access to the old e-mail address that we're requiring.
Obviously we can just add in "allow" rules for people that contact us with their new address, but that would get old real quick, especially with thousands and thousands of users.
Thanks to anyone that might have some clear ideas and possible steps/code that would help a newbie out!
∞ DEAN FLORY
Cary, North Carolina, USA
Learning something every day...