Page 1 of 1

What about banned phpBB users?

Posted: Sun Sep 24, 2017 10:30 am
by seyntjim
Hello,

First of all, thank you for this great plugin. I was just wondering what happens to a user that has been banned on forum. Will he/she still be able to login to wordpress? Thank you.

[TITLE EDITED]

Re: What about banned phpBB users?

Posted: Sun Sep 24, 2017 11:49 am
by axew3
Thank to you about this important report.
ops ... good point: we go to resolve this important bug:
the user seem to be able to login WP (and it is also logged in in phpBB after, because a valid session will be found by phpBB).
It will be patched as soon on 1.7.6 about this.
I will reply here when it has been done (or i please, ask anybody can patch in the while, to report here).

The title of this important bug/point has been edited.

Re: What about banned phpBB users?

Posted: Tue Sep 26, 2017 7:47 pm
by axew3
This issue has been resolved, but the fix will be available on next coming soon 1.7.7.

advanced explain about an aspect:
There is a point, that is improvable, and that i've not complete. The reason is that to get necessary data about banned users and have these data available in a specific point, the query should be rewrite on function w3all_get_phpbb_config(). And it need to be done exactly on this. It is an easy work, but should be done with care because it go to modify a default query that return array data for the plugin in a specific way. The addition need to be done on this query and can't be done as separate into verify_phpbb_credentials overloading adding another query. On it instead, has been modified the query that let check for username ban, with his returned data about user.

Result on 1.7.7 in the while so will be:
a banned IP, email or username, can't login or register WP.
If it is banned by username in phpBB, he will be logged out immediately, even without visiting phpBB, when return to visit the site with a valid cookie.
but if a ban is issued by IP or email and the user in the while return back to site visiting WP pages with valid credentials, will result logged in until he not visit phpBB (so phpBB will reset his cookie and will be logged out).


As said, this secondary (secondary?) aspect will be fixed before/on 1.8.0 or maybe before.
Memo: the user can also be deactivated in phpBB ACP. But of course, a moderator can't do this action ...

In the while 1.7.6 has been patched to resolve an issue about admins (WP uid1 and phpBB uid2) install when it mismatch as username on WP/phpBB.
https://wordpress.org/support/topic/1-7-6-patches/