Tim Starling wrote:
I agree. But how do we implement it?
Nothing fancy, just implement it more or less the same way we have the ability to ban non-logged-in users.
The sysop clicks on 'block', and then the system says "This is a logged in user, so don't do this unless you're really prepared to take the heat for it. This has to be an emergency situation to ban someone who is doing something really egregious right now, or to ban someone who you are *certain* is one of our usual suspects. Abuse this, and you'll face the wrath of the community! No cupcakes for you at the annual convention!"
And then, conceivably, it also has a checkbox for: Block IP too?
At that point, both the username block and the ip block would show up in the usual log, so that the action is open to public scrutiny.
Keeping things like this simple and not having the code enforce a particular solution seems like a good idea to me.
This is the second time now that we've had an emergency where some jerk logs in again and again.
--Jimbo