I think this is the right forum...is there any way of getting a password from any of the files???

Why are you so intent on finding passwords? I wouldn't register at your board if I knew the admin was going to take my password...

Well why would you need the password, because Admins have the overall power

Maybe he needs the passwords cause his board is on a host like spaceports where they have disabled the email so if his members lose there pass then he has no way to send it to them so the only option they have it to resign backup....Just a thought! :)

in admin/config.php


// allow password viewing / editing in control panel
// 0 = not visible or editable
// 1 = not visible, but can be edited
// 2 = visible and can be edited
$pwdincp=0;

I look up users passwords every now and then to make sure they have access to what they need to. However, I always reset the timestamps so they don't miss anything.

However, I usually ask them before I do that.

Originally posted by Delhaze
in admin/config.php


// allow password viewing / editing in control panel
// 0 = not visible or editable
// 1 = not visible, but can be edited
// 2 = visible and can be edited
$pwdincp=0;

Hi Delhaze

I have this pwdincp=2 setup on my config.php but still, the passwords are not visible in the CP, but yes, I can edit them (by typing a new password)

I had vb 2.2.3 that was updated with updates without reuploading all the new php files of the new vb versions.

I would highly apperciate your help

those lines aren't in config.php for me :S

Those lines are from pre-2.2.0 versions of vB. They are no longer functional.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
those lines aren't in config.php for me :S
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

then, you have the new version. !

:(

why nobody is trying to help Smachol ???

Why would one assume that whenever someone would want to see the password, then he has bad intentions.

on my board, I had more than one person signing up with free email adresses such as hotmail and yahoo, only to spam the board with their filth.

Yes, I could ban the bad user, but he would have signed up with many many usernames, so when I ban one username he would enjoy relogging with another username and spreading his garbage again.

remember you can't always block the ip number.

sometimes the ip number is that of a proxy for a big city, and blocking this one person's ip would mean blocking the whole city....

the only way to know those people was to look at their password, as they were using the same password in all the other accounts that they planned to use once the username they are using now is banned.

Its because, the password is encrypted in the database, none of the vb hackers have actually really found out how to decrypt it, and if it were decrypted, alot of other security software would be in danger, the ones that use the same encryption tool.

Also I highly doubt the encryption is standard, it possible is random. Not really sure

OK lets make this clear:

vB Uses MD5 Irriversable encryption. THIS MEANS, that once the password is encrypted into the DB YOU CANNOT decrypt it full stop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Its because, the password is encrypted in the database, none of the vb
hackers have actually really found out how to decrypt it, and if it were
decrypted, alot of other security software would be in danger, the ones that
use the same encryption tool.

Also I highly doubt the encryption is standard, it possible is random. Not
really sure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ahah! thank you so much for your feedback ...
so do you think I should continue to look for it, or is it really a loss of
time ??

Well if you wish to waste your life away trying to reverse iriversable encryption go ahead. Even if you do manage to crack it YOU CAN'T display it in the Admin CP and you would have to spend a few more years posibly decades runing the cracking algorithum on it.

Its not actually encryption btw ;) Its a hash

http://www.faqs.org/rfcs/rfc1321.html

This document describes the MD5 message-digest algorithm. The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest

yep PPN is correct... md5 is not an encryption there is no way to decrypt (hence it is not an encryption / decryption function) md5 passwords... (at least not to my knowledge you can't undo the md5 function) and the passwords are stored as md5.... yes passwords can be obtained... but vb seems to have taken that function away as Smachol stated probably because of malice useage... regards...

g-force2k2

Originally posted by Learner29
on my board, I had more than one person signing up with free email adresses such as hotmail and yahoo, only to spam the board with their filth.

Yes, I could ban the bad user, but he would have signed up with many many usernames, so when I ban one username he would enjoy relogging with another username and spreading his garbage again.

Your Solution:
https://vborg.vbsupport.ru/showthread.php?s=&threadid=38909

Enjoy..

Ban free emails. I do.

eva2000's mega-list of 30,000 free email domains formatted for vB right here:

http://i4net.tv/marticle/get.php?action=getarticle&articleid=30

Cut and paste... :)

Originally posted by NTLDR
Well if you wish to waste your life away trying to reverse iriversable encryption go ahead. Even if you do manage to crack it YOU CAN'T display it in the Admin CP and you would have to spend a few more years posibly decades runing the cracking algorithum on it.

LOOOOOL :cheeky: :cheeky: :cheeky:

now I understand where your name comes from.....

OK OK . that was Very encouraging NTLDR ....

In fact, that was as encouraging as booting your windows 2000 and getting this lovely message......


NTLDR ......


(for those who are not too much into computer tech, this means your computer does not recognize your hard disk as a boot partition, i.e., either you caught a serious boot virus, or that you simply lost your hard disk (and possibly all files on it) .....

THANK YOU NTLDR ...

that actually was a full answer.... LOL.

Big Big thanks to PPN, g-force2k2, Erwin and Logician for the very kind help .

thank you very sincerely....

Now I understand I will have to give up this idea....... I was so frustrated but thanks to you guys, I am fine now.

special thanks to Logician who YES provided a solution to my problem.

Kind Regards.

yeah if the option is only in the older verisons of vbulletin.. how can i down-grade my vbulletin to the older verison? I have good reasons so please dont give me ++++ about it. But I think this is a most for admins. Its just my opinion.. but again.. how can i down grade?

You can't. vB no longer offers any copies of the old versions.

what? how come? so your telling me i paid for a software I dont have total control of? thats ++++ing bull++++ in my eyes... all these realeases and ++++ they wont give me a older verison? even after I already paid for it? what hell nah.. I think this feature needs to be put into the admin cp.. its our boards and we have to pay for the right to use vbulletin, how we run our boards is up to us, not the software heads at vbulletin.

I ++++ing demand something is done about this.

with that kind of attitude no one is going to do anything about it... like i said its privacy invasion... you want an older version? it probably wont' even work anymore... so in otherwords settle down... demand eh? you ain't getting nothing from me...

g-force2k2

It has already been proved impossible...

Whether you like it or not, vB will not change their policy, and I agree with g-force...

Satan

There is *never* a good reason for needing somones password, you can send members a new one and you can check if passwords are the same by comparing the MD5 hashes. Also why would Jelsoft provide old unstable and insecure versions of vB to the public?

I may want Windows 1.01, but Microsoft wouldn't supply me with a copy even if I paid.

Tip: Save each origional zip and store on your computer. Then you can use whatever version you want on your live board.

come on, you need to understand that the encryption of the password is for
the security of your people, members of your boards. It is not an
out-of-the-cough decision by some heads at jelsoft... it is a thoughtful
idea about the security of your board.

vbulletins policys are just like the american government.. always trying to censer our freedoms. I paid for a software that censers me. thats bull++++. where the ++++ are the software heads? out planing more ways to kill freedom as we know it? ++++ing terriost.

To everyone that thinks they should beable to view passwords, and doesn't want to be censered by the vbulletin freedom haters, please go to this thread I made on vbulletin.com and voice your opinion.

We paid for a software, we should have total control of it.

http://www.vbulletin.com/forum/showthread.php?s=&threadid=54380

You do have total control of it. If you do not likepassword encryption, then just hack it out of the code. You can also hack in a password generator and have the new passwords emailed to your members. This is all entirely within your control. There's not a single person in the world who can stop you from doing this.

By the way you efforts at branding Jelsoft as 'censors' are ridiculous. You clearly have no understanding of the word.

@ king sting - I certainly hope that nobody bothers to go to http://www.illstylez.com/board/ and PM's or email's your members there with copies of your posts about wanting to get their passwords.

Then again, it's probably all right with you, eh - anything else would be censorship! :rolleyes:

There is no good reason to have a users password - unless you want to either log in and pretend to be them in a post, (Very unethical!) or you want to see if the same password works works in other sites or locations. (More than just a little unethical!)

Any information that you can get as a logged in user is available to you, if you take the time to learn how to access the database.

See you on the boards, eh!

Originally posted by king sting
what? how come? so your telling me i paid for a software I dont have total control of? thats ++++ing bull++++ in my eyes... all these realeases and ++++ they wont give me a older verison? even after I already paid for it? what hell nah.. I think this feature needs to be put into the admin cp.. its our boards and we have to pay for the right to use vbulletin, how we run our boards is up to us, not the software heads at vbulletin.

I ++++ing demand something is done about this.
It's very clear that you dont have any knowledge about internet security nor intentions of the developers about securing the passwords in the database. All good software secure passwords because they can be exploited by people other than Site Admins. Your hosting company's/isp's people can get them, someone who hacks your board can get them, hackers watching the internet can get them while you backup your database and in the end it's your boards passwords that will be revealed and it's you your members would accuse even if these wouldnt be your fault.

By securing the passwords in the database Jelsoft saves YOU and your users from the trouble and from this point of view you have no rights to complain about "paying money to them", its these security features you are (at least should be) paying for this software. If you are Winoows XP user, go complain to Microsoft too, because they are using the same mechanism for all passwords (user etc.) in the software..

It's never aimed to hide passwords from Site Admins. And in fact Site Admins can still get user's passwords if they want to, but dont ask me the way, I have no intentions of telling you how..

Ok.. everyone says it can be done, and I can hack it in myself.. yet no one wants to tell me how? If you people wont tell me how.. then how can I?

@2 X Viverridae.. go away.

I think this is stupid. Its just a simple request and no one wants to help me with it just because you people think its unmoral or something?

Someone just tell me please.

Originally posted by king sting
I think this is stupid. Its just a simple request and no one wants to help me with it just because you people think its unmoral or something?

Someone just tell me please.
Why dont you tell us why you want to get the passwords? What good and legal use they can be used for? I really wonder..

does it matter what I want them for? no it doesn't. thats my business.

I really dont even need them. I just think as a owner of the software I should have control over things like this.

Please point me in the direction of the hack. Whats with all this debate over it? Its my board, I'll run it as I want.

Originally posted by king sting
does it matter what I want them for? no it doesn't.

himm let me put it in this way: If you are asking the answer from me, yes it matters to me (and apperantly to the other contributers of this thread), because we dont want to help an Admin who might try to get user's passwords so as to hack into their other accounts in other boards, their personal pages or their email accounts. I cant see another reason as to why an Admin will try to get this info.

thats my business.
sure it is .. And people's willing to help you is their business then..

Whats with all this debate over it?
I dont debate.. You asked why people does not help and I'm stating why..

Man.. the support around here sucks.

like i said if you had a nicer attitude then i'd be happy to help you out... but with your disrespect towards vbulletin members and staff you won't be getting any... for your information the passwords are exactly as they are... you want them? just select them from your database....

$pass = $DB_site->query("SELECT password FROM user WHERE userid=1");
echo "$pass[password]";

And there's your password? like it good... thats how i get my passwords ;) as for you informtion you want to learn more? then go do like the rest of us and learn some coding ;) regards...

g-force22k2

Originally posted by g-force2k2
like i said if you had a nicer attitude then i'd be happy to help you out... but with your disrespect towards vbulletin members and staff you won't be getting any... for your information the passwords are exactly as they are... you want them? just select them from your database....

$pass = $DB_site->query("SELECT password FROM user WHERE userid=1");
echo "$pass[password]";

And there's your password? like it good... thats how i get my passwords ;) as for you informtion you want to learn more? then go do like the rest of us and learn some coding ;) regards...

g-force22k2

uhh.. I'm sorry about the dis respect.. but I'm getting upset that no one wants to help and everyone just looks at me like i'm hella evil for waiting this feature or hack or whatever..

as for your database thing.. i dont know what your talking about.. are you really telling me how.. or was that a joke?

what? a joke would be telling you to run a query that would delete your whole database :p and i don't really think that you're sorry for the disrespect... just saying that because someone is actually giving you something to work with... enjoy...

g-force2k2

man this isnt funny.. its serious business

@king sting - There is no need to have the user's password...

Like Logician and g-force have said - You can get it if you need it...

If you provided some valid excuse, like "It's for National Security" or something, I am sure they would be more than willing to help...

I stopped posting at some UBB boards before, because the Admins kept getting my password, and checking my emails...I would not be comfortable if the Admin of the site I posted at had my password, nor would I be comfortable with the ability to see users password AS the Admin of a site...

There are reasons for having passwords, and in all fairness, only the Owner of the account and all those who he/she gives it to should know it;)

Satan

Originally posted by king sting
man this isnt funny.. its serious business

i never stated it wasn't serious... but as stated its your business... frankly smachol clearly told you that you can obtain passwords... without a doubt vbulletin doesn't restrict you this feature... but more ppl then not wanted it the way it was... end of story ;)

g-force2k2

@king sting, no one here ows it to you to write you a hack, or any hack at all, remember were all here out of our own free will. If your that desperate for it then contact a coder and pay them to do it. After your posts in this thread can you blame people for not wanting to help you?

**removed how to do that**

Originally posted by smachol
Those lines are from pre-2.2.0 versions of vB. They are no longer functional. steve, look in admin/adminlog.php at line 308. it's still present as part of the code. :)
i think they forgot it there because is the only string found on hole files...

@ PPN :rolleyes:

[QUOTE]Originally posted by TECK
steve, look in admin/adminlog.php at line 308. it's still present as part of the code. :)

I don't know if this works for everyone or not.. but I have managed to make two admin folders.. one is old like vB2.0.0 or something like that.. and when I need to check passwords I use that side making sure command line to show password in config is there and set to 2. and I was able to see the passwords both ways.. crypted and also have seen the plain text on vB2.2.6

Originally posted by Merjawy
I was able to see the passwords both ways.. crypted and also have seen the plain text on vB2.2.6

Now for some reason why don't I belive you :rolleyes:

the only way that is possible is if you take out the md5() functions as listed by PPN... unless you got your forum from somewhere else other then vb.com they don't show passwords ;) regards...

g-force2k2

i know i will not signup with a board that can read my password. that's why i own VB.

Originally posted by TECK
i know i will not signup with a board that can read my password. that's why i own VB.

well that's the problem. An admin with some coding skills can easily change the way passwords are encryptedt by saving em in the db unencrypted also.

so you always have to trust an Admin (also an admin of a vB) that he doesn't do it....
That's why everyone should use different passwords on different pages, just a way of security ;)

Yep, I sign up on a lot of forums but make sure I use a different password on each...:)

umm Best way never use the same PW as your ADMIN CP

FWIW, the owner of a site has installed a hack that emails him the password upon new registrations. It's not the "Who might this New User be?" hack, I'm pretty sure. He is also using the latest vBB. Read here:

Here is a little bit more free education on vBulletin and MD5 encryption.

MD5 encryption is one-way encryption. If you have the unencrypted password, you can use vBulletin's built-in functionality to search for users with that password.

When you register, your password, unencrypted, is included in the email notification I receive.

========
There is a new user, *************** at ********* Forums
To view their profile, go here:
http://www.**********.com/forums/member.php?action=getinfo&userid=*****
IP Address: ***.241.245.34
Host Name:
Password: ******
Email Address : ****************@hotmail.com
========



Any ideas how he's doing this?

Yes, and it's quite easy to do it to.

The question again is wy you would need clear plain text passwords. Name me one good reason and I'll be glad to help you out.

Originally posted by Codename49
The question again is wy you would need clear plain text passwords. Name me one good reason and I'll be glad to help you out.

Agreed, it would take all of 2 mins to do, but out of all the posts in these sorts of threads I've never seen one good reason why, basicly becuase there isn't one IMO.