Is this entire thing vibe coded?
That password reset process which basically destroys everything has to be seen to be believed.
I guess you also store all password in cleartext. Some script kiddy probably just read about sql injections in some book of his grandpa and that’s how you get into the plex password user db.
The access to my local plex library seems harder to access than your user db.
