vBulletin 4.2.5 SQL to export just one user from the user table

djbaxter

Tazmanian Veteran
Joined
Jun 6, 2006
Messages
10,485
Yet another GDPR issue.

A user demands a record of his data under the GDPR.

I want to do an export of the data for just that one user from the user table.

What is the SQL to do that?
 

mysiteguy

Devotee
Joined
Feb 20, 2007
Messages
2,988
Are you in a GDPR covered country? Do you specifically sell to, or target EU users? If not, I'd tell them you are under no obligation to provide it.

If you are, PM me and I can work out putting together something for you. There are a lot of tables involved in a stock VB install, possibly more if you have add-ons.
 

djbaxter

Tazmanian Veteran
Joined
Jun 6, 2006
Messages
10,485
Figured it out.

Just go to phpMyAdmin.

Select the user table.

Execute SELECT * FROM `user` WHERE user.username='usernameinquestion'

That will bring up one record.

Click on Export and choose the format.

Save file.

Done.
 

BirdOPrey5

#Awesome
Joined
Aug 14, 2008
Messages
4,217
For security reasons you shouldn't send their password or salt. (Password will be hashed, but still.)
 

djbaxter

Tazmanian Veteran
Joined
Jun 6, 2006
Messages
10,485
I didn't send it. I made it available for download. And this is a European forum. If the ask for a data dump, you cannot legally refuse..
 

mysiteguy

Devotee
Joined
Feb 20, 2007
Messages
2,988
Oh, I misunderstood. You weren't giving him posts, etc.

One thing though, I'd send him usertextfield and userfield as well since those potentially have personal info.
 

djbaxter

Tazmanian Veteran
Joined
Jun 6, 2006
Messages
10,485
Perhaps. But those aren't data collected by the forum, technically. Seriously, GDPR is a huge nightmare once you get into it. I really don't think a lot of the pieces of that legislation were thought out very well. I think it's more an emotional reaction to Google and Facebook and the uncertainty of what data they are/were collecting and what they were doing with it.

Meanwhile, a lot of websites and SMBs that fall under the GDPR are having to fork out real time and money for this. My policy for now is give them what they ask for and leave it at that. If they ask for more, then I'll act.


Reminds me of when prisoners in Canada were given the right to request their documents in either official languiage under the Freedom of Information act. For a while, a lot of inmates were requesting having their records translated into French, even though most of them didn't even speak French. Until thankfully someone put a lid on that, it was costing a lot of tax dollars and wasting a lot of other people's time. Prisoners didn't care, of course - they have plenty of time to waste and it wasn't costing them anything.
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,371
You know that this legislation was never tailored for Facebook or Google the story began in 2008/2009 long before anyone was unhappy with Google or Facebook. What they forgot was that small sites would have strain on them to comply, there is going to be a review of this law it seems after 18 months so next year there going to see if it works. But it will get harder not easier.
 

djbaxter

Tazmanian Veteran
Joined
Jun 6, 2006
Messages
10,485
You know that this legislation was never tailored for Facebook or Google the story began in 2008/2009 long before anyone was unhappy with Google or Facebook. What they forgot was that small sites would have strain on them to comply, there is going to be a review of this law it seems after 18 months so next year there going to see if it works. But it will get harder not easier.
Well who WAS it tailored for then?
 

BirdOPrey5

#Awesome
Joined
Aug 14, 2008
Messages
4,217
I didn't send it. I made it available for download. And this is a European forum. If the ask for a data dump, you cannot legally refuse..
I would argue the salt and hash isn't their data but it is of course your call.
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,371
Well who WAS it tailored for then?
It was made not specifically for Facebook or Google but also for companies that do big data so Microsoft, Apple and so on including companies that trade in other data to gain more data. Think banks, insurance companies everything that deals in privacy information. The intensions where good and still are but they forgot that small sites would have a heavy burden. The EU wanted that people got control over their own data and could revoke at anytime.
 

BirdOPrey5

#Awesome
Joined
Aug 14, 2008
Messages
4,217
No not mine at all. In their territory, all the power belongs to the EU and the GDPR.
I understand the EU requires you to give the user their data but you are already deciding what is their data. The salt is definitely not their data. I'd argue the hash isn't either. That is what is up to you. And if you say it isn't up to you than you should be sending them a lot more data than just one line of the user table, that is a completely arbitrary decision.
 

djbaxter

Tazmanian Veteran
Joined
Jun 6, 2006
Messages
10,485
My main intent here is to comply with a request made under the GDPR who is a vexatious troll and who is doing it to be annoying. Whatever gets rid of him is fine with me.

Not saying you're incorrect and not trying to have a debate here, BirdOPrey5. Just trying to do what I need to to get a pest off my back.
 

mysiteguy

Devotee
Joined
Feb 20, 2007
Messages
2,988
From what I've read you're also going to need to send them each unique id address VB has logged.
 

Paul M

Limeade Addict
Joined
Jun 26, 2006
Messages
3,852
GDPR only covers personal data, which on most forums is pretty much just their e-mail address, and they can already view that in their profile.
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,371
GDPR only covers personal data, which on most forums is pretty much just their e-mail address, and they can already view that in their profile.
Also if they request you’ll need to give them everything including posts and attachments in readable format.
 

Paul M

Limeade Addict
Joined
Jun 26, 2006
Messages
3,852
No, you dont. Thats not personal data, you have no obligation to provide that.
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,371
No, you dont. Thats not personal data, you have no obligation to provide that.
Yes you are required to do so. Please read https://gizmodo.com/how-to-download-your-data-with-all-the-fancy-new-gdpr-t-1826334079

In order to comply with the law, companies large and small are introducing data download tools. But actually transferring your stuff from one platform to another is still more annoying than it should be—you still have to deal with bulk downloads and conflicting file formats, and most platforms haven’t made really good portability features yet. Although they’ve made it possible for users to download their data, actually porting it over to the service you want to use is pretty much up to you. And for some services, like Facebook, there’s not a meaningful competitor waiting for you to make the switch.
People are in full control of their stuff they post and personal information, XML is at the moment accepted as readable and transferable to another platform. You can not claim exclusivity anymore on posts, copyright claiming that its yours cant be done either.
 
Top