[Sugar-devel] [Systems] trac breakage

[James Cameron]

On Mon, Mar 14, 2016 at 02:32:36AM -0300, Samuel Cantero wrote:
> Regarding to the inability to access the user page, I've checked our
> current users and I found 97426 users. We had a lot of spam
> here. I've checked this by doing:
> 
> sqlite> select count(*) from session;
> 97426

Perhaps "session" is wrong table.  My notes on this are;

0. trac.htdigest file is used to form list shown on manage user accounts,

1. passphrase is stored in trac.htdigest file,

2. the last login and authenticated flag are taken from session table,

   select * from session where sid = 'Quozl';

3. name and e-mail are taken from session_attribute table,

   select * from session_attribute where sid = 'Quozl';

4. deletion of the users via manage user accounts results in removal
   from trac.htdigest, removal from session table, removal from
   session_attribute table.

Hope that helps.

> [...]
> I tried to remove all suspicious users with the trac-admin utility
> and directly by database but this is almost imposible.

It may require very careful scripting, yes.  Last time I looked at
that, I made a mistake deleted all users.  (3rd March 2014, for
dev.laptop.org).  It hasn't been a problem since.

> I guess we should delete all users and ask them to re-register
> again. However, I don't want to proceed before your approval.

I'm fine with that.  Let's hear from others.

-- 
James Cameron
http://quozl.netrek.org/