Followup r61694, expand comment based on [[Extension:Lockout]] and also deny login...

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index f711e87..c7d547e 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1343,7 +1343,15 @@ $wgBlockCIDRLimit = array(
        'IPv4' => 16, # Blocks larger than a /16 (64k addresses) will not be allowed
        'IPv6' => 64, # 2^64 = ~1.8x10^19 addresses
 );
-$wgBlockDisablesLogin = false; # If true, blocked users will not be allowed to login
+
+/**
+ * If true, blocked users will not be allowed to login. When using this with
+ * a public wiki, the effect of logging out blocked users may actually be
+ * avers: unless the user's address is also blocked (e.g. auto-block),
+ * logging the user out will again allow reading and editing, just as for
+ * anonymous visitors.
+ */
+$wgBlockDisablesLogin = false; #
 
 # Pages anonymous user may see as an array, e.g.:
 # array ( "Main Page", "Wikipedia:Help");

diff --git a/includes/User.php b/includes/User.php
index 688146a..9dbd403 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -904,6 +904,13 @@ class User {
                        return false;
                }
 
+               global $wgBlockDisablesLogin;
+               if( $wgBlockDisablesLogin && $this->isBlocked() ) {
+                       # User blocked and we've disabled blocked user logins
+                       $this->loadDefaults();
+                       return false;
+               }
+
                if ( isset( $_SESSION['wsToken'] ) ) {
                        $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
                        $from = 'session';