User can login!

Author Message

david e

Tuesday 12 April 2005 3:04:39 pm

I know. Usualy the problem is the other way arround, but now there is a user group (guests) which get their accounts setup with the user/register form.

I don not want these users to be able to login until they get changed to another group (clients).

In site.ini there is no "PolicyOmitList[]=user/login" line. I got rid of the "User * *" policy in the anonymous role.

In vain. Guests can still login. They get a session and show up in the admin's sessions as guests, although they can do nothing. even the thing they are allowed to do.

This is the debug log:

Function required:
Module : user
Function : login
ClassID :
MainNodeID :
Policies that didn't match:

Any hints?

thanks!

http://www.ingent.cat/

Frederik Holljen

Friday 15 April 2005 3:52:06 am

If you remove all rights whatsoever to these users they should not be able to log in. Did you check if this is the case?

david e

Monday 18 April 2005 3:44:08 am

yes, I think this is the case:

1) remove all the rights to the user module and in site.ini policy omit list.

2) login, for instance, to the site admin.

3) as a result: you are allowed to enter (the menus show up) and your user is set as logged in (you are given a session, $current_user.is_logged_in is set)

btw: you can not operate, nor access any other function.

may be a bug or different understanding on wath "log in" means.

http://www.ingent.cat/

Bård Farstad

Wednesday 20 April 2005 12:57:55 am

David,

did you try to add a siteaccess limitation for the user/login function. Here you can enable login to any siteaccess, if you enable login to only the user siteaccess then users should not be able to log in to the admin.

--bård

Documentation: http://ez.no/doc

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.