XF 2.2 How to delete messages from a user already deleted

[MediaFolSupport]

Hello,

we have deleted a user account on his request.
now he see messages in the forum with his name, (as a guest, of course), and he asked to us to delete all his messages...

From admin control panel i cannot find any more nor his account nor his contents... how can i find/delete content from a deleted account?
thanks.

 

[Mr. Jinx]

We recently had a similar request. The only way to change the name of a deleted member is with SQL queries.
I'm pretty sure there are examples posted already on this forum.
If the name is also inside post, you will have to do a normal forum search and edit the post (hoping it is not too much).

 

[MediaFolSupport]

thanks, I figured but I was hoping it wasn't a complicated job like that...
SQL queries is the way, so...
not easy for me, i have to open a tiket etc...

no, we have not much contents, around 100 comments with some quote from other users...

 

[Mr. Jinx]

Some tools in ACP to help us with this would indeed be very welcome.

 

[MediaFolSupport]

yeah... may a basic search and edit/manage content published by guest users.

 

[ge66]

Ask him to report any and all posts that have personal information about him according to GDPR. Then decide if it's true and delete them.

I inform users that their posts will not get deleted, and that they have to inform me if they want their username changed before deletion of user account.

 

[Neilski]

I inform users that their posts will not get deleted, and that they have to inform me if they want their username changed before deletion of user account.

Deleting all posts does seem a step further than is probably necessary, but... I'm not a lawyer.

However, how does it help if they change their username before the account is deleted?

I ask because in my experience:

• any post by a deleted user shows up as being from "deleted user [number]" (making the final username before deletion irrelevant for their own posts)
• posts by other users which quote posts from deleted users only ever show the username that was active at the time of the quote being posted (so any changes of username after that are irrelevant for posts by others)

 

[ge66]

Deleting all posts does seem a step further than is probably necessary, but... I'm not a lawyer.

However, how does it help if they change their username before the account is deleted?

I ask because in my experience:

• any post by a deleted user shows up as being from "deleted user [number]" (making the final username before deletion irrelevant for their own posts)
• posts by other users which quote posts from deleted users only ever show the username that was active at the time of the quote being posted (so any changes of username after that are irrelevant for posts by others)

As I remember there is a choice for me as admin to keep the old username on deleted posts or make it something else like a number.
I know about the problem with quotes.

I inform them before because after it is almost impossible to change it.

Some of this I do to give them time to calm down, make them think it is to much work for little gain.
A few stay and continues to participate in the forum, some asks to be deleted giving me the information I need and most I probably not hear from again.

 

[The Cyst]

That might be a good plugin. A button that purges the posts of a specified user (also removing the quoted part of a post others may have quoted the OP in) to prevent that quote showing even if the OP was deleted.

 

[MediaFolSupport]

That might be a good plugin. A button that purges the posts of a specified user (also removing the quoted part of a post others may have quoted the OP in) to prevent that quote showing even if the OP was deleted.

yeah, this could be a great idea that help admins to fight this problem.
i know GDPR, but a user has the right to ask for purge all his post, quotes included. And we cannot say... "mmm nope, we can remove a message only if there is a privacy issue" ... we have to respect a user right.
Sometime remane a user with number... is not what a user want.
This is a mess.

 

[Mr Lucky]

but a user has the right to ask for purge all his post, quotes included. And we cannot say... "mmm nope, we can remove a message only if there is a privacy issue" ... we have to respect a user right.

The xenForo default terms mean that you, the forum owner, has the right not to delete user generated content.

You are granting us with a non-exclusive, permanent, irrevocable, unlimited license to use, publish, or re-publish your Content in connection with the Service. You retain copyright over the Content.


In many cases deleting a user’s entire postings can destroy the meaning, flow and context of thread content.

I would however happily delete specific posts that contain personally identifiable information as defined by the ICO . I would do this whether or not the account was deleted.

I would strongly advise against giving users the right to have all their posts and quotes posts deleted.

 

[Neilski]

but a user has the right to ask for purge all his post, quotes included

Perhaps you can explain why you believe this to be the case, because I think @Mr Lucky nailed it:

The xenForo default terms mean that you, the forum owner, has the right not to delete user generated content.

You are granting us with a non-exclusive, permanent, irrevocable, unlimited license to use, publish, or re-publish your Content in connection with the Service. You retain copyright over the Content.

...but yes, with that obvious caveat around personally identifiable information, which is probably a legal requirement in many countries anyway (regardless of whether it conflicts with a site's terms).
Not being a lawyer, I have no idea if the "non-exclusive, permanent, irrevocable, unlimited license" bit could be challenged legally.

I also agree with the view that deleting posts can wreck threads. (Depending on the forum "edit own post" settings, a determined user may be able to go back and remove all of the text from their own posts anyway of course.)

 

[Mr Lucky]

Not being a lawyer, I have no idea if the "non-exclusive, permanent, irrevocable, unlimited license" bit could be challenged legally.

I’ve challenged a few copyright claims in which there were allegedly done grey area. This one has no grey area, it is what it says on the tin and is presented to users at registration where they either accept those vey unambiguous terms or they don’t join the forum. If they choose not to read it then that’s tough.

You might argue “oh but nobody reads Ts & Cs" but that won’t stand up in court

 

[Neilski]

I’ve challenged a few copyright claims in which there were allegedly done grey area. This one has no grey area, it is what it says on the tin and is presented to users at registration where they either accept those vey unambiguous terms or they don’t join the forum. If they choose not to read it then that’s tough.

You might argue “oh but nobody reads Ts & Cs" but that won’t stand up in court

No, I'm not saying that the default Xenforo terms aren't clear (on the contrary, they are very clear and simple), I'm saying that I am not qualified to say that they would stand up if challenged in court, much as I hope they would.

Courts have been known to declare certain things illegal, e.g. in EULAs. In fact, lots of EULAs even say things like "if any portion of this EULA is deemed invalid/unenforceable by a court, the rest of it will be unaffected". Implicitly accepting an EULA by installing a piece of software doesn't prevent you from asking a court to deem some parts of the EULA illegal/unfair.

The obvious example, which as I said, you've already mentioned, and which I think we'd probably agree would clearly trump those default forum terms in respect of "you gave us a permanent license to your words" would be if someone's posts contained personally identifiable information which they wished to have deleted.

 

[Mr Lucky]

and which I think we'd probably agree would clearly trump those default forum terms in respect of "you gave us a permanent license to your words" would be if someone's posts contained personally identifiable information which they wished to have deleted.

Indeed I agree those posts may be disputable, but this thread is about all posts.

The reason I say disputable is that I believe the privacy laws are about information held (ie account details) not information freely posted to the public realm by the user. It would be stupid of someone to post PII publically. Maybe privacy policies should advise people against posting email addresses, phone numbers, DOB, mothers maiden name, bank details, social security numbers etc. But in those cases I would delete the content if requested, not because I have to but out of courtesy as it’s a reasonable request.

 

[Mr Lucky]

A further thought on this. Perhaps the word permanent is debatable, given that in most jurisdictions copyright has a limited duration defined in statutes. For example in the UK it is 70 years after the authors death.

In the case of a forum the user who made the post is the copyright owner, the forum admin is not the owner, but is a licensee. Because it is a non-exclusive licence, the owner owns the content and can control its use outside of the forum. After their death, the user's heirs inherit that right for 70 years (in the UK).

But presumably 70 years after the user's death that post becomes public domain.

 

[Mr Lucky]

The thread has gone a bit off topic so maybe it's worth actually answering the question.
I know the OP would prefer not to do itv with SQL query

SQL queries is the way, so...
not easy for me, i have to open a tiket etc...

But just for information here is how to do it.

First you need to create a temporary new user, because you will convert the deleted member into a real member in order to delete their posts. Afterwards you then delete this newly created member.

Get the id of the new member.

Then run this query, (which assumes the new member id is 1234 and the deleted member username is 'deleteduser')

UPDATE `xf_post`
SET `user_id` = replace(user_id, '0', '1234')
WHERE username = 'deleteduser'

Spoiler: How to run a query in phpmyadmin

• Click on the forum database name
• Open the SQL tab.
• Paste in the code.
• Click "Go"

In ACP:

• Rebuild thread cache
• Temporarily set all Spam cleaner user criteria to 0
• Spam clean the newly created user to delete all posts and or threads
• Set the Spam cleaner user criteria back.

Now you can delete the newly created user.

Before you choose to do this on your live forum, please do it on a test installation and/or at least take a backup first. Don't do it until you are confident it works as intended and your forum is not broken!

 

[Suzanne O]

If the deleted user is whinging i reply with a no.
if that user gets angry and sends me an abusive email demanding this gets done i range ban his ip address.
if he finds my address and takes me to court i will get him done for stalking.

Make your forum private. If he gets offended make his page redirect to reddit.

 

[zappaDPJ]

If the deleted user is whinging i reply with a no.

Which within the context of the OP could put you in breach of data protection regulations including GDPR.

if that user gets angry and sends me an abusive email demanding this gets done i range ban his ip address.

By range banning an IP you are denying access to anyone within that range which may even include current members and you still by law need to deal with the member's request.

if he finds my address and takes me to court i will get him done for stalking.

And you will lose because you have a responsibility to deal with deletion requests for personally identifiable information (PII).

I'm sure you mean well but when it comes to PII everything you've posted could land a forum owner in trouble. Requests to remove PII have to be taken seriously.

 

[Suzanne O]

Which within the context of the OP could put you in breach of data protection regulations including GDPR.


By range banning an IP you are denying access to anyone within that range which may even include current members and you still by law need to deal with the member's request.


And you will lose because you have a responsibility to deal with deletion requests for personally identifiable information (PII).

I'm sure you mean well but when it comes to PII everything you've posted could land a forum owner in trouble. Requests to remove PII have to be taken seriously.

I don't use that system on my forum as it's an Australian forum.