I've seen a few requests for the ability to mass change peoples passwords and one idea crossed my mind that would avoid resetting everyones access level to Awaiting E-Mail.

To empty all of the password fields in the database and then have it so that the forum won't allow accounts to work that have no password.

Would this work and be possible to do?

well, i just tested my idea by emptying the password field of an account and once the cookie of that test session had expired i could no longer browse and attempts to log in failed, even with leaving the password blank.
Is there a security flaw anyone knows of if i use this method on a mass senario ? As i wish to FORCE all my users to lose their passwords and then apply for new ones via the lost password form.

well, there shouldn't be a problem, when everybody uses the right email in his account :)

just run UPDATE user SET password='' WHERE userid>1

then all passwords should be deleted (except yours)

so theres no way that someone could somehow enter a MD5 equivalent of 'blank' ? hehe, i dunno *shrug* just paranoid that i'll open up a can of worms.

as far as i know, the md5 function can never return a blank string, it'll alwasy return a string largen than 30 chars, so it will be save.

you can also fill the passwordfield with a random string, it would have the same effect that everybody has to redo his passwords with the vb-fuction ;)

okie, i'll empty all the password fields except 1 using syntax above, thanks for your help :)

A blank pw in md5 is:

d41d8cd98f00b204e9800998ecf8427e

However I don't suggest you make everyones password blank. There is a hack in the full releases forum that allows you to set password expiry times.

you're welcome :)

@NTDLR: you've missread something:

he not asked for x=MD5(''), he asked if there is an x so that MD5(x)=''

and there isn't one as i know