Re: Sysop ability to ban logged in users; Undelete bug fixed
Brion Vibber wrote:
> The Cunctator wrote:
>> I assume that sysops can be banned through this interface as well.
> Yes; one sysop having fun could ban all other existing user accounts and
> finally him/herself. That would be a pretty silly thing to do, though.
Tsk tsk, don't you people read? ;) I said:
:As usual, these automatically generated entries, and the original
:username entries, can be unblocked by any sysop (even blocked sysops).
Blocking by username or IP address only stops the user from editing
pages, it does not stop them from blocking or unblocking people. Mav has
been known to block himself at times, in an attempt to discourage
himself from wasting all his time on this rather addictive website. Now
he'll be able to block himself by username, he won't have to go to the
trouble of looking up his IP address.
>> hack sounds pretty ugly. Banning by username should be done by banning
>> through the login (i.e. the cookies) not by checking IP.
> Username banning bans the username only, or rather it _did_. (There was
> no user interface for doing it, so sysops could not do so.)
> Since it's trivial to log out and make a new account, Tim's patch also
> adds a check for the IP address when the banned user next tries to edit