savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: Active pending users?

From: Mathieu Roy
Subject: [Savannah-hackers] Re: Active pending users?
Date: Thu, 21 Oct 2004 00:28:26 +0200
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux) 
Sylvain Beucler <address@hidden> tapota :

> On Wed, Oct 20, 2004 at 11:21:16PM +0200, Mathieu Roy wrote:
>> Sylvain Beucler <address@hidden> tapota :
>> 
>> > Hmm, at least I get the time to work on this issue:
>> >
>> > On Fri, Oct 01, 2004 at 01:31:33PM +0200, Mathieu Roy wrote:
>> >> Sylvain Beucler <address@hidden> tapota :
>> >> 
>> >> > Hi,
>> >> >
>> >> > In our database at savannah, there are about ten users who are both
>> >> > pending and member of a project. They have no registered SSH keys and
>> >> > thus are quite useless. For example, user 'sevy'.
>> >> >
>> >> > Do you know how such accounts could have been created?
>> >> 
>> >> No clue.
>> >> 
>> >> How old are these accounts?
>> >
>> > It ranges from Wed Nov 14 20:39:07 2001 to Tue Nov 25 12:41:45 2003.
>> >
>> >> Who added these users to projets (should be
>> >> printed in these projects history)? Was it a site admin or a project
>> >> admin?
>> >
>> > Project admins.
>> >
>> > However, I tried to add a pending user myself, and the system did not
>> > returned it in the "Adding User(s) to Group" search box. Maybe this
>> > situation is checked since when you installed Savannah?
>> 
>> The search is made only of users that are not already member of a
>> group.
>
> ?
>
> Here's the query (useradmin.php):
>
> $result = db_query("SELECT user_id, user_name, realname "
>                    . "FROM user "
>                    . "WHERE ((user_name LIKE '%$words1%') OR (realname LIKE 
> '%$words2%'))
>                       AND (status='A') ORDER BY user_name LIMIT 0,26");


What really needs to be checked is in fact member_add().
The useradmin form apparently do not make checks on group membership
(maybe forgotten, maybe avoiding for perfs). But member_add() test
group membership.

The problem could come from member_approve() also, but this function
make no insert, only update.

It would be interesting to know what the user exactly did about his
account? Do you have user input?

> Since this script only exists since the CERN branch from 2003/09, I
> guess there was a bug in the previous member management code...

Were these dupes created before 2004?

Regards,

-- 
Mathieu Roy

  +---------------------------------------------------------------------+
  | General Homepage:           http://yeupou.coleumes.org/             |
  | Computing Homepage:         http://alberich.coleumes.org/           |
  | Not a native english speaker:                                       |
  |     http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english  |
  +---------------------------------------------------------------------+
reply via email to
[Prev in Thread] Current Thread [Next in Thread]