Entries in OpenId table with no corresponding entry in user table

Create issue
Issue #1742 resolved
Daniel Zoller created an issue

I found out that some entries in the openIDUser table have no corresponding entry in the user table. If someone registers a new user with one of these usernames someone else has access to the new user account.

I found this on the BibLicious database, could someone of the senior developers check the BibSonomy's database?

Comments (7)

  1. Daniel Zoller reporter

    query should be

    CREATE TEMPORARY TABLE unknown_openid_users SELECT user_name FROM openIDUser LEFT JOIN user USING(user_name) WHERE user_password IS NULL;
    DELETE FROM openIDUser WHERE user_name IN (SELECT user_name FROM unknown_openid_users);
    DROP TABLE unknown_openid_users;
    
  2. Log in to comment