Revision [1647]
This is an old revision of RemovingUsers made by DarTar on 2004-10-05 09:26:22.
How to remove users
These ideas are related to the development of a UserAdmin interface
I would like to share with you some thoughts on the problem of how to remove registered users.
This has maybe little interest for traditional wikis (meant to be collaborative tools with unrestricted access), but is certainly relevant for many other possible uses of a wiki engine (e.g. a moderated or members-only CMS)
Why deleting users?
There are cases in which a wikka administrator might be willing to delete a user:
- spammers - users that exploit wikis as link farms for boosting their websites;
- vandals - users removing whole pages just for fun;
- fake users - users who created a "throw-away" account just for testing the wikiengine;
- obsolete users - depending on the use of a wiki, there are cases in which users become inactive after a certain time (imagine a wiki engine used as an intranet tool for a group/organization whose members are renewed every year and in which content is reset every year).
So far, the only way to remove users is to manually delete entries from the wikka_users table, which raises some major problems (see below) and requires some basic knowledge of MySQL/phpmyadmin.
I think that a wiki-based system for managing user deletion might interest many potential wiki administrators.
Problems with user deletion
Removing users has a number of consequences similar to removing pages. Wiki users are not atoms, they are embedded at different levels in a wiki engine: they appear in the history of wiki pages as contributors or page owners, in comments, in ACL lists etc.
Simply deleting an entry in the user table leaves won't help remove their 'presence' from the wiki and can create inconsistencies in the wiki.
Active/inactive users
A possible way to avoid the problems above is to think of user deletion as user inactivation, i.e. handling a list of active users and inactive users (much as valid vs. blacklisted referrers). This solution has a number of benefits:
- Removing users takes just one click to shift them from the active to the inactive list.
- Users can be reactivated on demand: their logs and pages are still available in the database.
- The overall consistency of the wiki is saved. One just needs to implement a function that checks the status of a user (active/inactive) before performing operations like displaying a page content, a comment or an ACL interface. This should be discussed in
Banning users by IP
A different but related issue concerns the possibility to remove users not by username but by IP address. This might be useful in the case of vandals or spammers that can create an infinite number of useraccounts. Requiring WikkaAndEmail email validation on registration can be a good solution, but perhaps the best solution would be to store the IP of the last connection in a dedicated field of the wikka_users table. Dozens of users connected from the same IP address might draw the Wikka administrator's attention;
Any ideas/thoughts on these issues before I start toying with some code?
-- DarTar
CategoryDevelopment
