This project is not covered by Drupal’s security advisory policy.
The module handles access control of user login and registration by maintaining a list of masks, similar to the core user access features, but unlike the core it only triggers when a user is trying to authenticate or registering.
On most sites the purpose of banning a user is not to keep that person unable to access the content of the site, but to keep him, or her away from causing any harm with comments, posts, things in general that require signing in.
Drupal core in versions 5 and 6 uses a complete denial of access on a very early page load phase, which means that any core access rule is being run on every pageload, and the
drupal_is_denied() call being an expensive one as it is (see more at and ), providing this alternative might be a good performance improving solution for large and busy sites.
Plans for Drupal 7
Once the module is stable and well tested I am going to port it to Drupal 6. The Drupal 7 version will be an upgrade path to the user_restrictions module.
The popups module is supported on the administration interface.
The Drupal 5 version was sponsored by Efero.