Nameless
Nameless copied to clipboard
NamelessMC
Banned users are asked to verify their account
Describe the issue
After banning a user, when he try to login he see two error:
- user/account_banned
- user/inactive_account
NamelessMC Version
2.0.0
To Reproduce
- Ban a user
- Try to login
Expected Behaviour
See only user/account_banned message
Screenshots
Additional Information
No response
Well not a bug thought, as the user is inactive you have banned a user that is inactive never verified the account
so the error is correct that the user is both inactive and banned
Well not a bug thought, as the user is inactive you have banned a user that is inactive never verified the account
wrong, the test was done on a verified and active user.
@partydragen The issue in code can be explained as follows:
First in \modules\Core\pages\panel\users_punishments.php at line 156 we have this code block:
// ...
switch:
// ...
case 3:
// Ban the user
DB::getInstance()->update('users', $query->id, [
'isbanned' => true,
'active' => false
]);
// ...
Therefore, when a user is banned, the isbanned flag is set to true and the active flag is set to false.
Secondly in \modules\Core\pages\login.php at line 85 we have this code block:
// ...
$validation = Validate::check($_POST, $to_validate)->messages([
'email' => [
Validate::REQUIRED => $language->get('user', 'must_input_email'),
Validate::IS_BANNED => $language->get('user', 'account_banned'),
Validate::IS_ACTIVE => $language->get('user', 'inactive_account'),
Validate::RATE_LIMIT => fn($meta) => $language->get('general', 'rate_limit', $meta),
],
'username' => [
Validate::REQUIRED => ($login_method == 'username' ? $language->get('user', 'must_input_username') : $language->get('user', 'must_input_email_or_username')),
Validate::IS_BANNED => $language->get('user', 'account_banned'),
Validate::IS_ACTIVE => $language->get('user', 'inactive_account'),
Validate::RATE_LIMIT => fn($meta) => $language->get('general', 'rate_limit', $meta),
],
'password' => $language->get('user', 'must_input_password')
]);
// ...
Therefore, when a verified and banned user tries to login, their account is validated with (among others) the Validate::IS_BANNED check and Validate::IS_ACTIVE check.
Because of how the method Validate::check is implemented, all of the failing checks will be shown. Which can be derived from the following code block in \modules\Core\pages\login.php:
// ...
} else {
// Validation failed
$return_error = $validation->errors(); // META COMMENT: `$validation->errors();` fetched ALL the errors
}
// ...
$smarty->assign([
// ...
'ERROR' => ($return_error ?? []),
// ...
]);
// ...
Therefore, when an verified user is banned, both the Validate::IS_BANNED check and the Validate::IS_ACTIVE check will fail/error, therefore, showing both the user/account_banned and the user/inactive_account message at once. This is because their account is made "inactive" through the banning process.
From this it can be concluded that, banned active users will be shown the inactive account message when trying to login. I can not confirm that this is indeed an issue, but this is why the event in the GitHub "issue" is occurring.
Thank you @XYZHolder! Let's wait @partydragen or someone else which can confirm if this is a bug or was meant to be.
from my point of view if a user is banned it is understood that his account will become inactive, but he shouldn't see a message telling him to check his email to verify his account.