Log in

View Full Version : Very bad things happen to people who use Mass PM

ender
02-16-2001, 03:19 AM
I did this message:
This is your name: $username
This is your password: $password

And I sent that to every single member of my message board.

Guess what?

This is what it gave to everyone:
This is your name: Ender
This is your password: **** [accually it was the password displayed]

As you all can imagine I was overjoyed my pass was released to the public for about 20 mins before I realized it.

THIS IS A VERY BAD THING! AHHH!
02-16-2001, 04:59 AM
Are you sure it sent YOUR username/password to them?
02-16-2001, 07:42 AM
The MASS PM feature is a hack and you will have to take this up with them.

Can Someone move this to the Hacking forum?
02-16-2001, 07:59 AM
neither of the hacks ever said that you could give out user variables, in fact mine explicitly states in a discussion with Me2Be i think that you can't. What you have done is just sent your variables which are in your cookie/session tag. It would not be hard to be able to do what you want but it was not something I added into the hack.
02-18-2001, 05:06 AM
No no, I'm not like pissed. I realized that it was a hack when I d/led it. I'm just stating this so it could possibly be fixed, and so that no one else has this happen. Is it now a bad thing to post bugs within hacks?
02-18-2001, 11:07 AM
no of course not but it is not really a bug, you were trying to use a feature you assumed was there but is not and by doing so had unforseen consequences. Nethertheless i can see how the mistake can happen and the next version (which is going to be PMTools) will ensure it does not.
02-19-2001, 02:58 PM
Originally posted by ender
I did this message:
This is your name: $username
This is your password: $password

This is what it gave to everyone:
This is your name: Ender
This is your password: **** [accually it was the password displayed]


I modified the hack by chris and added the \$username, \$password, \$email function to the MassPM and it will send each user THEIR OWN username,password,email NOT yours...

HACK found at http://www.vbulletin.com/forum/showthread.php?threadid=8742
02-28-2001, 12:52 PM
you know I had only one question when reading this

If you are sending a user their password through PM then they have already used their password to sign on so I would hope they have a clue what they typed in to get on the forum to check the PM that will tell them what their password is that they just entered to get there

:)