Home » Download » Modules » abuse » Issues

Ban does not update sequences access_aid field

kjl - November 18, 2007 - 19:08
Project:abuse
Version:5.x-1.x-dev
Component:Code
Category:bug report
Priority:critical
Assigned:Unassigned
Status:needs review
Description

When you ban a user, the access_aid field is not incremented in the sequences table. Thereafter, you will not be able to add access rules to your site using the drupal access rule administration screen.

In two spots in abuse_ban_form_submit, there needs to be a call to db_next_id('{access}_aid'); prior to the two access table insert queries.

      // ban this email address
      $aid = db_next_id('{access}_aid');
      db_query("INSERT INTO {access} (aid, mask, type, status) VALUES (%d, '%s', 'mail', 0)", $aid, $account->mail);
     
      // block this user
      db_query("UPDATE {users} SET status=0 WHERE uid=%d", $account->uid);
      $aid = db_next_id('{access}_aid');
      db_query("INSERT INTO {access} (aid, mask, type, status) VALUES (%d, '%s', 'user', 0)", $aid, $account->name);

» Login or register to post comments

#1

jaydub - March 6, 2008 - 08:45
Status:active» closed

I am looking at my Drupal 5 install and the access table uses an auto_increment/serial column for (aid). The Drupal 5 version of the abuse module no longer attempts to set the (aid) in the INSERTs into {access}.

Login or register to post comments

#2

jenlampton - December 3, 2008 - 23:10
Title:Does not update sequences access_aid field» Ban does not update sequences access_aid field
Priority:normal» critical

The update made to the db when banning users BREAKS CORE user banning functionality.

It doesn't matter if the column in the {access} table is autoincrement, if the {sequences} table isn't updated to match, all user banning is still broken.

Please update right away:

function abuse_admin_ban_user($uid) {
  global $user;
  $account = user_load(array('uid' => $uid));
  $status = FALSE;
  $message = 'User !name could not be banned.';
  if ($user->uid > 1 && $user->uid !== $account->uid) {
    abuse_remove_account_content($account);
    sess_destroy_uid($uid);
    $aid = db_next_id('{access}_aid');
    db_query("INSERT INTO {access} (aid, mask, type, status) VALUES (%d, '%s', 'mail', 0)", $aid, $account->mail);
    $aid = db_next_id('{access}_aid');
    db_query("INSERT INTO {access} (aid, mask, type, status) VALUES (%d, '%s', 'user', 0)", $aid, $account->name);
    db_query("UPDATE {users} SET status=0 WHERE uid=%d", $account->uid);
    $status = TRUE;
    $message = "The user !name has been banned.";
  }
  return array('status' => $status, 'data' => t($message, array('!name' => $account->name)));
}

AttachmentSize
ban.patch 1.22 KB
Login or register to post comments

#3

kjl - December 18, 2008 - 06:50
Status:closed» needs review

Resetting status from closed -> patch

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.