[BETA] MOD Ban_cookie: Ban users with a cookie

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
User avatar
badboy4ever
Registered User
Posts: 177
Joined: Sat Jun 11, 2005 2:38 pm
Location: UK

Post by badboy4ever » Sat Dec 17, 2005 1:44 pm

Merlin Sythove wrote:
badboy4ever wrote:Wait Ive seen loads of people saying It dont work I have phpbb 2.0.18 will it work?


It works fine on my own board which is 2.0.18 of course.
And since you only have to replace 1 block of code, it is soooooo easy to try.


Yeah I guess if Something goes wrong Its easy to change back.

Image

User avatar
badboy4ever
Registered User
Posts: 177
Joined: Sat Jun 11, 2005 2:38 pm
Location: UK

Post by badboy4ever » Sat Dec 17, 2005 1:51 pm

Well I just installed it looks fine for the moment havent tested the ban I will get somone else to do it on.

Image

User avatar
jvini
Registered User
Posts: 300
Joined: Tue Sep 24, 2002 11:20 pm
Contact:

Post by jvini » Mon Dec 19, 2005 12:42 am

Merlin Sythove wrote:
jvini wrote:Merlin Sythove, I never updated this...I still was unable to get it to work, same errors on vanilla phpBB 2.0.18.


Please send me your sessions.php.

Finally got it working! Mistake on my part, where my editing program was adding some weird characters in sessions.php...haven't tested it but the error is now gone.

Thanks.

Merlin Sythove
Registered User
Posts: 2339
Joined: Tue Mar 16, 2004 7:42 am

Post by Merlin Sythove » Mon Dec 19, 2005 8:08 am

Glad to hear you got your problems solved and it's working!

maledictions
Registered User
Posts: 1
Joined: Mon Jan 02, 2006 6:15 pm

User List

Post by maledictions » Mon Jan 02, 2006 6:29 pm

Just idea :

What if someone try to login from the same computer that was marked using the cookie will be added to a somekind of database ?

so admin knows when one computer is being use by a user with several login name.

it will be much better if there is such database for all user (not only the ones being banned)

.... so if the forum is not allowing a user with more than one login.... the admin can take action.


I really not care about that computer privacy when an A**H*** is abusing the forum.

Minodragon
Registered User
Posts: 23
Joined: Tue Jan 03, 2006 7:32 am

Post by Minodragon » Tue Jan 03, 2006 7:43 am

What if they just delete the cookie and then block cookies from your site?

Merlin Sythove
Registered User
Posts: 2339
Joined: Tue Mar 16, 2004 7:42 am

Post by Merlin Sythove » Tue Jan 03, 2006 8:29 am

Minodragon wrote: What if they just delete the cookie and then block cookies from your site?


Then the ban process is back to what phpBB offers originally: a check only if you try to log in with your old user name.

Please, don't forget, the cookie is an ADDITIONAL LEVEL to the existing ban procedures phpBB already offers. If the user manages to circumvent the cookies for a short while, they are banned by the default phpBB options, until such time as a cookie can be set again.

GRIZZLY_NL
Registered User
Posts: 21
Joined: Sat Mar 29, 2003 10:01 pm

Post by GRIZZLY_NL » Fri Jan 06, 2006 8:21 pm

Mod is looking good, however I have one question:
My board is pretty large and a lot of users use the same proxies and dynamic IP ranges. Some ppl can become annoying sometimes and in some cases I have to ban proxies or whole IP ranges to stop them from abusing my forum.
I don't want anyone using that proxy to have a "ban cookie" planted on his/her PC, and when I ban just a username it doesn't deny access when I'm trying to login with other username or visit afterwards.

Is it possible to ban usernames/user ids only? I don't want to block everyone who is using the same proxy or IP range as the abuser. So we ban a user -> a cookie will be set -> the cookie contains the userid of the banned user -> when a user tries to come back with a different IP/username the session management sees that the cookie exists/is not empty and denies access to the forum (with optional unban check). Basically the IP ban is stripped out, but the cookie with username/id is kept a limited time or forever so IP address wouldn't be relevant anymore as long as the abuser doesn't clear out his cookies or uses a different browser.

ZaraX
Registered User
Posts: 31
Joined: Mon Aug 15, 2005 10:09 pm

Post by ZaraX » Fri Jan 06, 2006 8:28 pm

You can delete separate Cookies too...
So this ban is only worth installing if you use this WITH another type of ban, As a "Dont see frontpage" ban!

Merlin Sythove
Registered User
Posts: 2339
Joined: Tue Mar 16, 2004 7:42 am

Post by Merlin Sythove » Fri Jan 06, 2006 8:35 pm

GRIZZLY_NL wrote: Mod is looking good, however I have one question:
My board is pretty large and a lot of users use the same proxies and dynamic IP ranges. Some ppl can become annoying sometimes and in some cases I have to ban proxies or whole IP ranges to stop them from abusing my forum.
I don't want anyone using that proxy to have a "ban cookie" planted on his/her PC, and when I ban just a username it doesn't deny access when I'm trying to login with other username or visit afterwards.

Is it possible to ban usernames/user ids only?


Yes of course, that is standard phpBB ACP. You can ban by user_id, or by IP, or both. That is up to you. My mod doesn't change any of that, it only sets a cookie if the user turns out to be banned. But the check IF a user is banned, is standard phpBB, unaltered.

GRIZZLY_NL
Registered User
Posts: 21
Joined: Sat Mar 29, 2003 10:01 pm

Post by GRIZZLY_NL » Fri Jan 06, 2006 9:36 pm

Merlin Sythove wrote:
GRIZZLY_NL wrote:Mod is looking good, however I have one question:
My board is pretty large and a lot of users use the same proxies and dynamic IP ranges. Some ppl can become annoying sometimes and in some cases I have to ban proxies or whole IP ranges to stop them from abusing my forum.
I don't want anyone using that proxy to have a "ban cookie" planted on his/her PC, and when I ban just a username it doesn't deny access when I'm trying to login with other username or visit afterwards.

Is it possible to ban usernames/user ids only?


Yes of course, that is standard phpBB ACP. You can ban by user_id, or by IP, or both. That is up to you. My mod doesn't change any of that, it only sets a cookie if the user turns out to be banned. But the check IF a user is banned, is standard phpBB, unaltered.


No thats not what I meant, what I meant is that if you try to login or surf with a banned username, a cookie will be stored (which will be checked upon every visit) so it will keep blocking you from visiting the site or loging in with a different username. Without using an IP ban of course. Right now if I ban a test user, it will say I'm banned when I log in with that username, but I can still visit the site or login with a different username.
And thats what I want to prevent.

Merlin Sythove
Registered User
Posts: 2339
Joined: Tue Mar 16, 2004 7:42 am

Post by Merlin Sythove » Sat Jan 07, 2006 7:40 am

GRIZZLY_NL wrote: No thats not what I meant, what I meant is that if you try to login or surf with a banned username, a cookie will be stored (which will be checked upon every visit) so it will keep blocking you from visiting the site or loging in with a different username. Without using an IP ban of course. Right now if I ban a test user, it will say I'm banned when I log in with that username, but I can still visit the site or login with a different username.
And thats what I want to prevent.


Hmm, are you asking things that are already clearly outlined in post 1?
This mod sets a cookie on the user's machine if that user is banned by user_id and/or IP. As long as the cookie matches a banned user_id or banned IP in the database, the user is denied access to the forum so they cannot even see the forum as a guest. Even if the user changes their IP, they are still banned.


That means that if you are banned, you cannot access the forum at all, not as guest, not to log in under any username, nothing, there is no access from that computer to the forum, until the admin unbans you. This works too if you are banned by username only, provided you tried to log in once so the cookie could be set.

Hence the severe warning: do not try out this mod on yourself unless you know what you are doing, because if you don't remove the cookie AND change the ban setting as Admin, you wont be able to get back on the forum. And you cannot change the ban setting for yourself unless you log in as admin, and if you try that when you are banned, you immediately have another cookie and are banned again.

rapghsi
Registered User
Posts: 40
Joined: Sat Jan 07, 2006 12:11 pm

thank you~

Post by rapghsi » Sat Jan 07, 2006 12:17 pm

thank you~

User avatar
milkboy31
Registered User
Posts: 422
Joined: Tue Aug 09, 2005 2:44 pm

Post by milkboy31 » Thu Jun 08, 2006 4:45 am

just gave it a shot... lets see if it works for me. 8)

chris3471
Registered User
Posts: 157
Joined: Wed Dec 07, 2005 8:32 pm

Post by chris3471 » Thu Jun 08, 2006 5:07 am

So what happens if you ban someone and then they delete their cookies?

Post Reply

Return to “[2.0.x] MODs in Development”

Who is online

Users browsing this forum: No registered users and 18 guests