On Tuesday, Aug 19, 2003, at 17:48 US/Central, Charlie Davis wrote:
Does courier have any ability to deny login to accounts that are still
the database? I'd like to have it so if an account gets disabled,
rejects the login to it. Is this possible?
Solution A, aka "messy" or "sloppy" method:
Reset the password of any disabled account to something that would
never be valid, such as a normal string in a cryptpw field (and to a
blank clearpw field if it's not already) -- like "-DISABLED-".
Solution B, aka "lame":
Change the user id in such a way that it will no longer validate. (i.e.
convert the first character -- or 5 -- to HTML escape sequences; or
rot13 the whole id string; or ... well, you get the idea.)
Solution C, aka "better":
Use another field in the database record that marks an account as
active or inactive and use the MYSQL_WHERE_CLAUSE to check its value
during authentication. (e.g. I could use 'PGSQL_WHERE_CLAUSE active=1'
in my authpgsqlrc file, seeing as I use PostgreSQL instead of MySQL
Solution C.2, aka "better: the alternate version":
Use another field as in C, but create your own entire select statement
with the MYSQL_SELECT_CLAUSE option... if that's more appropriate to
Solution D, aka "the stuff I didn't think of".....