Jkx@home » cps http://www.larsen-b.com Titanium Exposé Fri, 31 Oct 2025 02:15:37 +0000 en-US hourly 1 http://wordpress.org/?v=3.5 Howto to a delete lot of Zope/Plone/CPS User account ? http://www.larsen-b.com/Article/253.html http://www.larsen-b.com/Article/253.html#comments Mon, 05 Feb 2007 15:44:03 +0000 admin Continue reading ]]> In a previous post, I study the way some spammers use plone user folder to spam my blog. But this time, it’s my turn. I host since a little time right now, a small CPS
website for my work. And I discovered a lot of spammer user account on it.

The main issue, is that I haven’t unset the “joinable” flag, so everybody can create a account. By the way password are sent, spammers doesn’t manage to post stuff in the personnal area.

With 300 users, and only 4 valids, I need to find a way to clean the acl_user folder. Last time I used twill, this works really great, so I decided to use the same stuff for Zope.

Here my little script:

#!/usr/bin/python

LOGIN='foo'
PASSWORD='far'

LOGIN_URL='http://your_server/manage_main'
USER_URL='http://your_server/acl_users/manage_users'
GOOD_USERS = ['jkx','foobar']

import twill

def delUsers():
   twill.commands.go(USER_URL)
   form = twill.commands.showforms()[0]

   usernames = form.possible_items('names:list')
   for u in usernames:
      if u not in GOOD_USERS:
         twill.commands.formvalue(1,'names:list',u)

      twill.commands.showforms()
      twill.commands.submit(3)

def doLogin():
   twill.commands.go(LOGIN_URL)
   forms = twill.commands.showforms()

   twill.commands.formvalue(2,'__ac_name',LOGIN)
   twill.commands.formvalue(2,'__ac_password',PASSWORD)
   twill.commands.submit()

if __name__ =='__main__':
  doLogin()
  delUsers()

This will drop all user account (not the ones in GOOD_USERS) ..

]]> http://www.larsen-b.com/Article/253.html/feed 1