Coppermine Photo Gallery v1.5.x: Documentation and Manual

Table of Contents

Banning

As with most applications that allow user interaction, there is always a small minority of users that does not play by the rules. Gallery admins therefore need a tool to get rid of the users who misbehaved. That is what the ban feature is meant to be used for.

What's new?

For cpg1.5.x (in comparison to cpg1.4.x), the ban page has been overhauled to make it more useful, featuring pagination, multiple edits (instead of one row per edit), sorting, and the ability to ban by email address and also ban "in advance", i.e. ban user names that have not been registered yet.

Scope

You have to understand though that banning is not a tool to pro-actively secure your site against malevolent users. In fact, it is quite the opposite: it allows you to reduce the damage that could be caused by people who misbehave after they have done something wrong.

Banning is not the proper tool to fight spam - spammers will return with different accounts no matter how often you ban them. There are some others tools that work better against spammers (like captcha and comment moderation).

The "Ban users" page is of course admin-only. Non-admins can not access it.

How banning works

You can enter ban records on the "Ban users" page that can be accessed using the corresponding link in your admin menu (when you are logged in as admin).

It makes some sense to ban users by user name and email address, but it usually is not recommended to ban by IP address.

A ban record can contain a ban by user name, by email address and by IP address.

If you ban by user name and that user already exists in your gallery, the user is banned immediately - no matter what Coppermine page he is trying to visit. If you ban a user name that does not exist yet, the record is accepted as well: this is meant to reserve user names that you do not want your visitors to use when registering: it might be a good idea to ban user names that malevolent users might use to make others believe that they have a particular role on your site: usually, you would want to disallow your users to use names like "admin", "administrator", "moderator", "root" etc. Of course those would just be names and no special privileges would come with those names, but others might get the impression that the user who has chosen the name "admin" actually was the real admin of your gallery.

Bans on email addresses are not immediately taken into account: if you ban an email address that one of your registered users is already using, that user will not automatically be banned (use the ban by user name feature instead). The ban-by-email feature is only taken into account on the registration page: no one can register using the email addresses that have been banned.

Why banning by IP address is not recommended

One might think that banning by IP address is the most effective way to ban a user for good and avoid re-registration using another user name and email address. However, this is not the case: although the average user does not have control over his own IP address, banning by IP address usually is a lame crutch. Only use banning by IP address if you notice abuse frequently coming from the same IP address.

The main reasons why banning by IP address is not recommended:

Page controls

The "Ban users" page consists of the following controls:

No banning when bridged

Please note that banning does not make much sense if you have bridged Coppermine with another application (see "Bridging"), as in that case Coppermine drops the user management of its own and instead uses the user management of the app it is being bridged with. That is why the admin menu item "Ban users" is being deliberately hidden when you have bridged your gallery. You can still access the "Ban users" page if you must by manually entering the URL of that page into the address bar of your browser (e.g. http://yoursite.tld/your_coppermine_folder/banning.php - there will be a warning on the "Ban users" page; use the feature carefully and at your own risk when bridged.

Most applications that can be bridged with Coppermine have banning mechanisms of their own, so if your gallery is bridged, you should use your bridging application's banning mechanism instead of the one that ships with Coppermine.

To Do

There is a number of features that have not made it into the current release; among them is the ability to use wildcards for bans: ideally, you could ban entire IP address ranges or entire email domains. Currently, this is not possible. You are welcome to review Coppermine's core code and contribute your code change suggestions.