Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. A great bug on JFBConnect

Topic-icon A great bug on JFBConnect

Active Subscriptions:

None
4 years 1 month ago #66175 by aitcal
JFBConnect duplicate usernames on joomla.
I have JFBConnect with Jomsocial integration, and after new joomla update that create a new unique index ALTER TABLE `#__users` ADD UNIQUE INDEX `idx_username` (`username`); i saw that there are thousand of usernames duplicated and all of them comes from JFBConnect.
I investigate more and i saw that JFBConnect use only the user with the first id to access from all facebook profiles, this is a security problem because all users use same joomsocial profile.
I am deleting manually all duplicated users.
The topic has been locked.
Support Specialist
4 years 1 month ago #66176 by alzander
Replied by alzander on topic A great bug on JFBConnect
Aitor,
The issue with username uniqueness doesn't affect just JFBConnect. There was a bug in Joomla where in specific cases the username could be duplicated. We have multiple checks within JFBConnect to prevent creating them and also relied on some checks that Joomla has built in, but it seems those didn't always work.

We updated this site and found 27 duplicate usernames (out of >50,000 accounts). The last duplicate username was from 2014, so it's an issue that's progressively been going away with new safeguards implemented in JFBConnect and Joomla. JFBConnect and Joomla are our only means of registration.

With that said, can you explain how you know 'all' of the duplicate accounts were caused by JFBConnect? On our site and others with JFBConnect, we aren't seeing thousands of duplicates. You also mention JomSocial. I'd like to understand how you've narrowed down all duplicate usernames to JFBConnect. I wasn't able to understand your explanation:

i saw that JFBConnect use only the user with the first id to access from all facebook profiles,

Can you help explain this more?

Finally, Joomla has already an FAQ related to this issue:
docs.joomla.org/J3.x:Duplicate_usernames_cause_update_issue

The original issue tracker post is:
github.com/joomla/joomla-cms/issues/28308

Again, it is possible JFBConnect has created duplicate usernames. We'd like to understand your situation more so we can investigate the issue more thoroughly.

Thanks,
Alex
The topic has been locked.
Support Specialist
4 years 1 month ago #66177 by alzander
Replied by alzander on topic A great bug on JFBConnect
As a followup, if you have registration dates for the duplicates, that would be helpful. Mainly, have duplicates been created recently or did they stop being created years ago as we've seen?

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
4 years 1 month ago #66181 by aitcal
Replied by aitcal on topic A great bug on JFBConnect
Hi Alex, I detect 545 duplicated users, some of them duplicated 9 times (most of them 2-3 times). The duplicated users are created all the time from 2015 to the present. I have a quite big database (more than a million). The great problem is that many users are different person and all use the same profile.
The topic has been locked.
Support Specialist
4 years 1 month ago #66182 by alzander
Replied by alzander on topic A great bug on JFBConnect
We completely agree that duplicate users can cause problems. I'd like to understand why you feel JFBConnect is the cause of all of your duplicate users as you originally posted. Any details on your investigation will help us understand the issue further and if there's anything we can do better within our code.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
4 years 1 month ago #66190 by aitcal
Replied by aitcal on topic A great bug on JFBConnect
Is very simple I use the default configuration for many options on jfbconnect and one of this options (i think that is an error and now i change it) is that dont generate a password and all duplicated users have a blank passwords (jomsocial dont permit blank passwords). This is the reason to know that jfbconnect is the extension who duplicate the users.
The topic has been locked.
Support Specialist
4 years 4 weeks ago #66200 by alzander
Replied by alzander on topic A great bug on JFBConnect
We'll have to investigate how the blank password option could cause what you're describing. Can you tell me also if the duplicate accounts have the same (or very close) registration dates? That will help us understand if they were created at the same time or if one was created and another was created much later.

We are still unable to see a cause in our code that would allow duplicates, but again, were also relying on some safeguards within Joomla. Fortunately, the newest Joomla release adds a unique index to the username column, which prevents duplicates completely. We still want to make whatever changes are necessary to prevent the issue in case things change in the future.

Thanks,
Alex
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. A great bug on JFBConnect
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS