Hi again,

The module works quite well and relieves the burden of having thousands of rules in a .htaccess file.
It has the ability to let the guests from a country see the site (this is really awesome), but not register or login.

There is however some improvement that can be made on the error messages for guest of blocked countries.
The error messages on a white screen let scammers think that the site is working but forbids them access. (It is a behaviour they know from hitting many 403 Forbidden pages)
There are two alternatives to spoof these people :

1. Show a message on a white screen followed by a fake PHP warning/error. They will think the site has a problem not relative to their location and give up.
2. Show an error message on the home page, NOT telling that the access is forbidden. They may think the site has a problem and give up.

If have some code to show an error message on the Home page of your site :

Circa Line 338

    switch ($op) {
      case 'register':
        if ( ($banvalue == 1) || ($banvalue == 2) ) {
          drupal_set_message (variable_get('countryban_readonly', "Accounts Disabled."), 'error');
          drupal_goto();
        }
        break; 
      case 'login':
        if ( ($banvalue == 1) || ($banvalue == 2) ) {
          // Destroy the current session:
          module_invoke_all('user', 'logout', NULL, $user);
          // Load the anonymous user
          $user = drupal_anonymous_user();
          drupal_set_message(variable_get('countryban_readonly', "Accounts Disabled."));
          drupal_goto();
        }
        break;
      case 'load':
        if ($banvalue == 2) {
          // Destroy the current session:
          session_destroy();
          module_invoke_all('user', 'logout', NULL, $user);
          // Load the anonymous user
          $user = drupal_anonymous_user();
          drupal_set_message(variable_get('countryban_completeban', "Access Denied."), 'error');
          drupal_goto();
        }
        break;
    }

Cheers

Comments

artscoop’s picture

artscoop commented

Oops, don't forget to add

global $user;

at the beginning of function countryban_user

jboukes’s picture

jboukes commented

This is wonderful feedback and I do appreciate it very much! I'll be working in your suggestions and fixes soon.

Thank you so much,

--JB

jboukes’s picture

jboukes commented
Assigned: Unassigned » jboukes
Status: Needs review » Fixed

Fixed in 6.x-1.1-beta1 - the error messages are now drupal messages instead of just echo output. It does look much better now :)

I like the suggestion of spoof pages. I didn't include that update in this release yet, as I wanted to answer bugs before functionality. I'm going to look at adding some flexibility/options for the user in case they might want to spoof the spammers instead of just throwing an error message.

Thanks again for your review and feedback! If you find anything else, please let me know.

artscoop’s picture

artscoop commented

Hi,

No prob :)

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.