Re: [vchkpw] RE:(2) [vchkpw] Script for users to delete their own account
On Saturday, August 30, 2003, at 10:52 AM, Evren Yurtesen wrote: 1. Auth the user against the database using their email/passwd 2. Change the last auth value to a year ago. 3. Display a message that they have until the next quarter hour to change their mind about deleting their account, and if they decide to keep it, to pop into their mailbox. 4. cron the vdeloldusers to run at */15. How about a suid program that you could pass an email address and password to and it would outright delete the account? It could be run as any user, and would take care of authentication and deletion in one shot. -- Tom Collins [EMAIL PROTECTED] http://sniffter.com/ - info on the Sniffter hand-held Network Tester
Re: [vchkpw] RE:(2) [vchkpw] Script for users to delete their own account
- Original Message - From: "Shane Chrisp" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, August 30, 2003 11:45 PM Subject: RE: [vchkpw] RE:(2) [vchkpw] Script for users to delete their own account > I think the following would be sufficient. > > 1. Auth the user against the database using their email/passwd > 2. Change the last auth value to a year ago. > 3. Display a message that they have until the next quarter hour >to change their mind about deleting their account, and if they >decide to keep it, to pop into their mailbox. > 4. cron the vdeloldusers to run at */15. > > Can you think of anything I have missed? > > Shane > Cool. I think it would work. Is that vdelolduser uses lastauth to determine whether user old enough to delete? I got some users who haven't logged but when I use vdelolduser, they are not in the deletion list. Qing.
RE: [vchkpw] RE:(2) [vchkpw] Script for users to delete their own account
I think the following would be sufficient. 1. Auth the user against the database using their email/passwd 2. Change the last auth value to a year ago. 3. Display a message that they have until the next quarter hour to change their mind about deleting their account, and if they decide to keep it, to pop into their mailbox. 4. cron the vdeloldusers to run at */15. Can you think of anything I have missed? Shane > >Thats something I havent thought of also :) Yet you should >wait until the >vdeloldusers program is run after you set your account to be deleted. > >I think the best way is to run it from php by utilizing an external >program/script which has setuid. Which double checks the >username/password >to be sure that the person who runs the script is the actual user. > >Evren
RE: [vchkpw] RE:(2) [vchkpw] Script for users to delete their own account
Now that's actually an idea I hadnt thought of. You could change the last auth field for the user to some value like 12 months ago in the databasr and then cron the vdeloldusers to delet anyone older than that value. This wouldn't require any special permissions/perl scripts, just a crontab entry. Shane >Well, if you are using mysql, why dont you use the veloldusers program >periodicly to delete unused accounts? you can perhaps delete >accounts not >logged in for 3 months. Like hotmail does. > >I think its a really bad idea to think that user will delete his email >when he doesnt use it :) Well I dont think anybody would go >through this. >Why would somebody delete their own account anyhow? even if >they are not >going to use it anymore. > >
