Download & Extend
abuse » Issues

Ban does not update sequences access_aid field

Posted by kjl on November 18, 2007 at 7:08pm
Project:abuse
Version:5.x-1.x-dev
Component:Code
Category:bug report
Priority:critical
Assigned:Unassigned
Status:needs review

Issue Summary

When you ban a user, the access_aid field is not incremented in the sequences table. Thereafter, you will not be able to add access rules to your site using the drupal access rule administration screen.

In two spots in abuse_ban_form_submit, there needs to be a call to db_next_id('{access}_aid'); prior to the two access table insert queries.

      // ban this email address
      $aid = db_next_id('{access}_aid');
      db_query("INSERT INTO {access} (aid, mask, type, status) VALUES (%d, '%s', 'mail', 0)", $aid, $account->mail);
     
      // block this user
      db_query("UPDATE {users} SET status=0 WHERE uid=%d", $account->uid);
      $aid = db_next_id('{access}_aid');
      db_query("INSERT INTO {access} (aid, mask, type, status) VALUES (%d, '%s', 'user', 0)", $aid, $account->name);
Login or register to post comments

Comments

#1

Posted by jaydub on March 6, 2008 at 8:45am
Status:active» closed (fixed)

I am looking at my Drupal 5 install and the access table uses an auto_increment/serial column for (aid). The Drupal 5 version of the abuse module no longer attempts to set the (aid) in the INSERTs into {access}.

#2

Posted by jenlampton on December 3, 2008 at 11:10pm
Title:Does not update sequences access_aid field» Ban does not update sequences access_aid field
Priority:normal» critical

The update made to the db when banning users BREAKS CORE user banning functionality.

It doesn't matter if the column in the {access} table is autoincrement, if the {sequences} table isn't updated to match, all user banning is still broken.

Please update right away:

function abuse_admin_ban_user($uid) {
  global $user;
  $account = user_load(array('uid' => $uid));
  $status = FALSE;
  $message = 'User !name could not be banned.';
  if ($user->uid > 1 && $user->uid !== $account->uid) {
    abuse_remove_account_content($account);
    sess_destroy_uid($uid);
    $aid = db_next_id('{access}_aid');
    db_query("INSERT INTO {access} (aid, mask, type, status) VALUES (%d, '%s', 'mail', 0)", $aid, $account->mail);
    $aid = db_next_id('{access}_aid');
    db_query("INSERT INTO {access} (aid, mask, type, status) VALUES (%d, '%s', 'user', 0)", $aid, $account->name);
    db_query("UPDATE {users} SET status=0 WHERE uid=%d", $account->uid);
    $status = TRUE;
    $message = "The user !name has been banned.";
  }
  return array('status' => $status, 'data' => t($message, array('!name' => $account->name)));
}
AttachmentSize
ban.patch 1.22 KB

#3

Posted by kjl on December 18, 2008 at 6:50am
Status:closed (fixed)» needs review

Resetting status from closed -> patch

nobody click here