• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Is it possible to disable an account?

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a user who is posting unacceptable posts. I have locked his account but he is still able to log in and post. I have seen this with users in the past. Is there any way to actually prevent a user from logging in, ie, to disable an account? If that isn't possible, JForum is fatally flawed.

[originally posted on jforum.net by CaliforniaCCW]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What version of Jforum are you using? I ran into this in the earlier versions (i.e. 2.1.4-2.1.6). Sometimes clearing the session cache will drop them off if they are still logged in when you disable their account. You could also manually change their password in the DB to prevent them from logging in ... somewhat clumsy, but should work.

[originally posted on jforum.net by GatorBait3]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is with 2.1.7. When this happened before, I cleared the jforum_sessions table. I restarted the server. Nothing help until I changed a value in the jforum properties file.

This is a critical bug in JForum. All the login scripts should check, "is this user locked". All the posting scripts should check that. The PM scripts should check that. Users shouldn't be able to do anything when their accounts are locked. As it is it seems to have no effect at all.

[originally posted on jforum.net by CaliforniaCCW]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And what makes it the worst is that users figure out, "hey he has no way of disabling my account" and then they go crazy with the posts.

There should be an emergency release to fix this. At this point I would not recommend this software to anyone because once someone has an account, he basically has the ability to post whatever he wants whenever he wants.
[originally posted on jforum.net by CaliforniaCCW]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As described - why dont you just change the password on the user? or delete him, updating the forum posts table to set the posts either to written by "Deleted user" or delete them... ^^

The magic of SQL provides alot of tricks to help admins on getting rid of users ;)
[originally posted on jforum.net by Sid]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I did change the password. Nothing works. Once someone has an account, the admin has no way to control him from posting, other than going through and deleting his posts.

This is bad. I want to prevent a certain user from posting, or PMing. Honestly, this problem is a show-stopper critical bug in JForum. If the forum admin can't prevent a user from posting, then the admin has no control of the website. Why even bother to have passwords and users? Just let anyone post anything.

I would not recommend JForum to anyone until this is fixed. I regret using it but a) it's too late to switch and b) I don't know of any other forum software in Java.

[originally posted on jforum.net by CaliforniaCCW]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

CaliforniaCCW wrote:I did change the password. Nothing works. Once someone has an account, the admin has no way to control him from posting, other than going through and deleting his posts.

This is bad. I want to prevent a certain user from posting, or PMing. Honestly, this problem is a show-stopper critical bug in JForum. If the forum admin can't prevent a user from posting, then the admin has no control of the website. Why even bother to have passwords and users? Just let anyone post anything.

I would not recommend JForum to anyone until this is fixed. I regret using it but a) it's too late to switch and b) I don't know of any other forum software in Java.


If you manually changed his password in the SQL table and reset the session cache in the Admin console, he shouldn't be able to log back in. I am also assuming that you have anonymous posting turned off.

And, agreed, it is serious! I'm off to check my test install now ....

[originally posted on jforum.net by GatorBait3]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I found that banning by email had no effect, even after clearing the sessions.

However, banning by user ID worked fine ... I was presented with this message: You have been banned from this forum. If you have any questions, please contact the Administrator. Thank you. and could not log in.

Now, the user ID is NOT the username! Use the UserID listed next to the user in the Admin console. Then do a ban based on userID, and be sure to clear the sessions kick him off (Admin Console / Cache / Sessions - Clear).

That seems to work just fine.

[edit] this was using version JForum 2.1.7[/edit]


[originally posted on jforum.net by GatorBait3]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Cool, thank you for the tip on that! I just put in a ban on that user id. Hopefully this will work. It's fine if it works but it would be a lot more logical if locking a user would accomplish the same thing. That's my recommendation for the JF devs. It should be a small change somewhere, I would think.

[originally posted on jforum.net by CaliforniaCCW]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And he's logged in still. I put in the user ID in the ban list. I cleared the session cache. This is a fatal fatal flaw in JForum and it has been this way for a long time. Hello, it is a very small code change to fix this. I once found that changing the user.hash.sequence properties value worked, but that required me to reset the server.

This is really bad! The moment someone has an account, the admin no longer has control of the site!

We might as well not have passwords, or just give everyone admin.

[originally posted on jforum.net by CaliforniaCCW]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The Admin Console / Cache / Sessions - Clear should log EVERYONE off ... including you. Is this not the case?
[originally posted on jforum.net by GatorBait3]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It does, indeed, log everyone off. And I put that guy's user ID in the ban list, locked his account, and changed his password. And he still is able to log in. Really, once someone has an account, that person can't be stopped, from what I can tell.

I am using Postgres as the DB. Is that a factor? Maybe there is a bug in one of the Postgres queries, where it is not properly checking these things?

[originally posted on jforum.net by CaliforniaCCW]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

CaliforniaCCW wrote:It does, indeed, log everyone off. And I put that guy's user ID in the ban list, locked his account, and changed his password. And he still is able to log in. Really, once someone has an account, that person can't be stopped, from what I can tell.

I am using Postgres as the DB. Is that a factor? Maybe there is a bug in one of the Postgres queries, where it is not properly checking these things?


My tests were with MySQL. I only used the "ban by user ID" (i.e. didn't lock the acct or change passwd) and I could not log back in with the banned account.
[originally posted on jforum.net by GatorBait3]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
are you using some sort of sso or did you change the authentication classes california?
[originally posted on jforum.net by Sid]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic