Re: [vchkpw] RE:(2) [vchkpw] Script for users to delete their ownaccount

2003-08-31 Thread Evren Yurtesen 
The default is 6 months for vdelolduser. Perhaps thats the problem or
maybe you are not logging lastauth at all?

Evren

On Sun, 31 Aug 2003, QingYan wrote:

 
 - Original Message - 
 From: Shane Chrisp [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Saturday, August 30, 2003 11:45 PM
 Subject: RE: [vchkpw] RE:(2) [vchkpw] Script for users to delete their own account
 
 
  I think the following would be sufficient.
  
  1. Auth the user against the database using their email/passwd
  2. Change the last auth value to a year ago.
  3. Display a message that they have until the next quarter hour
 to change their mind about deleting their account, and if they
 decide to keep it, to pop into their mailbox.
  4. cron the vdeloldusers to run at */15.
  
  Can you think of anything I have missed?
  
  Shane
  
 
 Cool.  I think it would work.  
 Is that vdelolduser uses lastauth to determine whether user old enough to delete?  I 
 got some users who haven't logged but when I use vdelolduser, they are not in the 
 deletion list.
 
 Qing.

Re: [vchkpw] RE:(2) [vchkpw] Script for users to delete their ownaccount

2003-08-30 Thread Evren Yurtesen 
well it is not a good idea to run php setuid, neither to run your web
server in your vpopmail user. which would effectively lead to your web
server able to delete user directories etc.
thus you can use an external perl script which can be invoked from php,
which has setuid. 
or if you prefer a C program or anything else in that matter...

Evren


On Sat, 30 Aug 2003, QingYan wrote:

 
 - Original Message - 
 From: Evren Yurtesen [EMAIL PROTECTED]
 To: QingYan [EMAIL PROTECTED]
 Sent: Saturday, August 30, 2003 9:30 PM
 Subject: Re: [vchkpw] RE:(2) [vchkpw] Script for users to delete their own account
 
 
  with php this is easy to accomplish with php, you just need to use an
  external setuid program. inside this setuid program you can double check
  the user password to be sure that the user is authenticated properly.
  with perl something like this would work nicely. then you can put inside
  blah blah the vdeluser $username command so your user is gone.
  
  
$cryptpass=`$syshomedir/bin/vuserinfo -p $username`;
$cryptpass=~ s/^\s+|\s+$//g;
  
if(crypt($password, $cryptpass) eq $cryptpass) {
  
  blah blah
  
}
  
  
 
 Thank you very much.  I am quite new to php. 
 I don't have idea how to setuid to run php. 
 I read some information from website but still don't have any idea.
 
   
 
 Regards,
 Qing.

RE: [vchkpw] RE:(2) [vchkpw] Script for users to delete their ownaccount

2003-08-30 Thread Evren Yurtesen 
Thats something I havent thought of also :) Yet you should wait until the
vdeloldusers program is run after you set your account to be deleted.

I think the best way is to run it from php by utilizing an external
program/script which has setuid. Which double checks the username/password
to be sure that the person who runs the script is the actual user.

Evren

On Sat, 30 Aug 2003, Shane Chrisp wrote:

 Now that's actually an idea I hadnt thought of. You could change the last
 auth field for the user to some value like 12 months ago in the databasr
 and then cron the vdeloldusers to delet anyone older than that value. 
 This wouldn't require any special permissions/perl scripts, just a crontab 
 entry.
 
 Shane
 
 
 Well, if you are using mysql, why dont you use the veloldusers program
 periodicly to delete unused accounts? you can perhaps delete 
 accounts not
 logged in for 3 months. Like hotmail does.
 
 I think its a really bad idea to think that user will delete his email
 when he doesnt use it :) Well I dont think anybody would go 
 through this.
 Why would somebody delete their own account anyhow? even if 
 they are not
 going to use it anymore.