Users, once registered, must be moderator approved.

8fc67cc6 · Jean Michel Rouly · 0e801396 · 8fc67cc6 · 8fc67cc6
Commit 8fc67cc6 authored Oct 29, 2013 by Jean Michel Rouly
--- a/wsgi/authenticate.py
+++ b/wsgi/authenticate.py
@@ -52,17 +52,22 @@ def application(environ, start_response):
      hash_value = cookie["user"].value
      
      if( library.user_registered( usr ) ):
-        # unregister the user, in case they're already in
-        ###library.deactivate_user( hash_value )
-        # register the hashed user with the SQL database
-        library.activate_user( hash_value, usr )
-        # push the cookie to the user and redirect
-        status = '303 See Other'
-        response_headers = [('Set-Cookie', cookie_value),
-                            ('Location', '/'),
-                            ('Content-type', 'text/plain')]
-        start_response(status, response_headers)
-        return [ str(cookie) ]
+        if( library.user_approved( usr ) ):
+          # deactivate the user, in case they're already in
+          ###library.deactivate_user( hash_value )
+          # activate the hashed user with the SQL database
+          library.activate_user( hash_value, usr )
+          # push the cookie to the user and redirect
+          status = '303 See Other'
+          response_headers = [('Set-Cookie', cookie_value),
+                              ('Location', '/'),
+                              ('Content-type', 'text/plain')]
+          start_response(status, response_headers)
+          return [ str(cookie) ]
+        else:
+          body = [""]
+          body.append("<p>Your account has been registered and is being processed.</p>")
+          body.append("<p>You will be notified when you are granted access.</p>")
      else:
        body = [""]
        body.append("<p>You do not currently have permission to use this ")

--- a/wsgi/library.py
+++ b/wsgi/library.py
@@ -59,6 +59,19 @@ def get_username( environ ):
  return username


+def user_approved( username ):
+  mdb,cursor = connect_to_mysql()
+  sql = """SELECT `approved` FROM `%s` WHERE `user`=%s;"""
+  cursor.execute( sql, (goconfig.sql_registration_table, username) )
+  ((approved,),) = cursor.fetchall()
+  mdb.commit()
+  mdb.close()
+  if approved == 1:
+    return True
+  else:
+    return False
+
+
 # Determine if the user has posting permissions via the registration
 # datbase.
 def user_registered( username ):
@@ -134,7 +147,9 @@ def connect_to_mysql():
  sql = """CREATE TABLE IF NOT EXISTS `'%s'`(
  user VARCHAR(50) CHARACTER SET 'utf8' NOT NULL,
  PRIMARY KEY(user),
-  comment VARCHAR(500) CHARACTER SET 'utf8' NOT NULL
+  name VARCHAR(100) CHARACTER SET 'utf8' NOT NULL,
+  comment VARCHAR(500) CHARACTER SET 'utf8' NOT NULL,
+  approved INT(1) NOT NULL DEFAULT '0'
  )
  ENGINE = InnoDB
  DEFAULT CHARACTER SET = latin1;""" % ( goconfig.sql_registration_table )