Account Recovery Bug

[tmccormack165]

It is impossible for a user to recover their account without the help of the system administrator.

In Mod_users.php we have: $query = $this->db->where('username',$username)->where('oauth2_login',null)->get('user'); //TODO: Test this

This query is not accurately finding users who exist in the database.

[tmccormack165]

The root cause of this bug is that there are many non-null empty values for oauth2_login in the user table.

mysql> SELECT DISTINCT(oauth2_login), COUNT(*) FROM bol_user GROUP BY oauth2_login;
+--------------+----------+
| oauth2_login | COUNT(*) |
+--------------+----------+
| NULL         |       24 |
| google       |      561 |
| facebook     |       69 |
|              |     1183 |
+--------------+----------+
4 rows in set (0.00 sec)

[tmccormack165]

Solved the issue by searching for users that have oauth2_login values not equal to facebook or google

see commit 4a977624c539597bbafe6f2546835921dfaae386