hi all!
vanilla 1.1.2 has an additional security check to allow only the deletion of users with role "applicant".
just comment out line 616:
$s->AddWhere('u', 'RoleID', '', 0, '=');
in the library People.Class.UserManager.php
regards, J
vanilla 1.1.2 has an additional security check to allow only the deletion of users with role "applicant".
just comment out line 616:
$s->AddWhere('u', 'RoleID', '', 0, '=');
This was actually on line 624 for me. Also it's worth noting that the comment above the line "Adding in this little check to make sure that only applicants can be removed." belies exactly how naive this check is - just prior to this, everything else related to the user has already been deleted, meaning that all this does is protect the user record from deletion, but by this point all the comments, etc. that user has created are long gone. The check shouldn't even be in there, at least certainly not with this "implementation". This kind of scares me - how many other places in Vanilla have stuff like this?
I also changed
header("Location: account.php");
to
header("Location: search.php");
in the DeleteUserById() function of DeleteUser/default.php since redirecting to a page that looks exactly like the previous one but is my admin account is a bad idea - what if I forgot I already deleted the other account and clicked "Delete User" again accidentally? Suddenly my admin account and all it's posts would be nuked! I strongly recommend making this change...
Anyway, with these notes, the extension is working perfectly. Now I can delete all those junk accounts created by bots!
With vanilla 1.15a I am seeing something weird. I tried creating a dummy user with user ID 68. I then ran the SQL query
DELETE FROM van_user WHERE UserID='68'
Instead I found user ID 67 deleted
and the name assigned to userID 68 became userID 67 in the memberlist
In the SQL table I see a userID 69 but this does not exist in the member list
Weird!
Btw even with the changes suggested above the Delete add-on does not work for me.
Hallo! Just started using Vanilla. Had set up a few test users, wanted to get rid of them, 'Delete User' wasn't working. Followed advice to comment out $s-> etc (and change default.php - thanks blueapples - yes, it was confusing and dangerous!). Now I can delete 'users' that hadn't posted, but one 'user' who had posted can't be deleted, even though the relevant test threads and posts have been deleted! Any ideas? Have little experience with php and mysql, though confident enough to edit config files if given suitable pointers! Had hoped using an off-the-shelf program would mean I didn't have to tinker under the bonnet/hood!
Comments
The results from doing that simple search yielded this most helpful thread:
want to be able to delete users # 34
Now I can delete 'users' that hadn't posted, but one 'user' who had posted can't be deleted, even though the relevant test threads and posts have been deleted!
Any ideas? Have little experience with php and mysql, though confident enough to edit config files if given suitable pointers! Had hoped using an off-the-shelf program would mean I didn't have to tinker under the bonnet/hood!
$s->AddWhere('u', 'RoleID', '', 0, '=');
did the trick (it was a higher line number for me as well)