From 09c32f5e025bcb1619ff759186e3bb1389f93ada Mon Sep 17 00:00:00 2001
From: Chad Horohoe <demon@users.mediawiki.org>
Date: Sat, 30 Jan 2010 01:28:58 +0000
Subject: [PATCH] Followup r61694, expand comment based on
 [[Extension:Lockout]] and also deny login from session

---
 includes/DefaultSettings.php | 10 +++++++++-
 includes/User.php            |  7 +++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index f711e87b32..c7d547e1e9 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1343,7 +1343,15 @@ $wgBlockCIDRLimit = array(
 	'IPv4' => 16, # Blocks larger than a /16 (64k addresses) will not be allowed
 	'IPv6' => 64, # 2^64 = ~1.8x10^19 addresses
 );
-$wgBlockDisablesLogin = false; # If true, blocked users will not be allowed to login
+
+/**
+ * If true, blocked users will not be allowed to login. When using this with
+ * a public wiki, the effect of logging out blocked users may actually be
+ * avers: unless the user's address is also blocked (e.g. auto-block),
+ * logging the user out will again allow reading and editing, just as for
+ * anonymous visitors.
+ */
+$wgBlockDisablesLogin = false; #
 
 # Pages anonymous user may see as an array, e.g.:
 # array ( "Main Page", "Wikipedia:Help");
diff --git a/includes/User.php b/includes/User.php
index 688146a7c3..9dbd40397d 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -904,6 +904,13 @@ class User {
 			return false;
 		}
 
+		global $wgBlockDisablesLogin;
+		if( $wgBlockDisablesLogin && $this->isBlocked() ) {
+			# User blocked and we've disabled blocked user logins
+			$this->loadDefaults();
+			return false;
+		}
+
 		if ( isset( $_SESSION['wsToken'] ) ) {
 			$passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
 			$from = 'session';
-- 
2.20.1