Redmine

Just for your information so you can work around it, I figured out a few SQL queries to help you manually delete people from your database (MySQL). This is best done from a shell.

Get a list of all users and their ID. I suggest you delete by ID, since that's far less likely to mess things up.

SELECT id, login FROM users;

Test the ID just to be sure, otherwise you could accidentally delete the wrong user!

SELECT id, login FROM users WHERE id = #;

Finally, be careful when you do this!

DELETE FROM users WHERE id = #;

+1

sorry, that previous comment should have been:
+1 (killing spam users is an important issue for us)

is there a way to edit your own comment?

Just clearing up the user table may not be a good idea, if the user has been in use for a while. There are entries keyed on the userid in a bunch of other tables.

If the user has not logged in or did anything, the following tables need to be cleared:

• tokens (user_id)
• user_preferences (user_id)

On top of that, a user id may also be found in the following tables:

• attachements (author_id)
• changesets (user_id)
• groups_users (user_id)
• issues (assigned_to_id, author_id)
• issue_category (assigned_to_id)
• journals (user_id)
• members (user_id)
• member_roles (member_id)
• messages (author_id)
• news (author_id)
• queries (user_id)
• time_entries (user_id)
• watchers
• wiki_contents (author_id)
• wiki_content_versions (author_id)

Looks like it would be quite messy to cleanup all this stuff. For example: what do we do with an issue owned by a deleted user? Do we revert back to anonymous?

I'm not sure that deleting the users is a good idea.

"I'm not sure that deleting the users is a good idea."
--
please don't let implementation considerations obscure the actual issue here: spam bots are registering users in redmine projects all over the world, and redmine owners have no way to delete them. we have over 100 spam users in our db now. we need a way to delete them.

If assigned tasks, etc. are the only issue, a step for deleting users should be to reassign all related data to another user, an administrator for example.

+1 We have the same problem, and have been manually cleaning the SQL DB since 0.7x

Maybe this could be split into two mini-features:

1. Add Delete choice to the Registered page view (today the only option remains: Activate)
2. Add Delete + Reassign Issues/Wiki edits/etc... on the Locked page view

In this case, the higher priority, and likely easier to do, would be on the Registered page.

Deleting users ( simply from DB ) works normal. Issues change field "assigned to" to "---".

In shotgun software it is works same. ( shotgunsoftware.com )

Ben Blanco wrote:

+1 We have the same problem, and have been manually cleaning the SQL DB since 0.7x

Maybe this could be split into two mini-features:

1. Add Delete choice to the Registered page view (today the only option remains: Activate)
2. Add Delete + Reassign Issues/Wiki edits/etc... on the Locked page view

In this case, the higher priority, and likely easier to do, would be on the Registered page.

+! at least for a bogus registered user - they have left no traces in the DB yet.
Mark

FYI - you can put this in cron and it'll lock any accounts older than two months.

psql redmine -c "UPDATE users SET status = 3 WHERE last_login_on BETWEEN '2000-01-01' and '$(date +%Y-%m-%d --date="2 months ago")' and status != 3;"