vb.org Archive - [release vb2] Database Password Encryption

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)

- - [release vb2] Database Password Encryption (https://vborg.vbsupport.ru/showthread.php?t=18868)

i'm getting some errors but i may have made a typo. checking that now... i will let you know how things work for me.

it appears that i do NOT have a typo... what i'm getting is "The document contained no data."
when attempting to change my options in the user cp.. any ideas???

Quote:

Originally posted by rebby
it appears that i do NOT have a typo... what i'm getting is "The document contained no data."
when attempting to change my options in the user cp.. any ideas???

i also get this when clicking change avatar.

the problem was w/the modifyoptions template...

i'm not positive about this, but with this hack forgot pass template will not work, so users can't get their passwords emailed to them.

and with many registered users, i am not prepared to get emails asking ...what is my password?

Quote:

Originally posted by Ruth
i'm not positive about this, but with this hack forgot pass template will not work, so users can't get their passwords emailed to them.

and with many registered users, i am not prepared to get emails asking ...what is my password?

This is not a problem with this hack as the password lookup functions are replaced with a automatic password regenerator should the password be encrypted.

Firstly the code checks to see if the password has been encypted if it has then a email is sent the account holder (valid email addresses are required for this feature to work, but vBulletin can check the validity at registration so its not that much of a problem).

Overview

Account holder requests a password lookup.
The account holder checks their email like they would for a normal password lookup. But this time they get a link to follow.
After following the link there new password is generated (does not use a wordlist to stop dictionary brute force attacks) and emailed to them. Or you could/can hack the template to display it on screen if you so wish.

The reason for the middle step in process is to prevent people typing in email addresses of their friends for fun and causing there password to get changed.

I have this installed on 2.0.3 but now I can't get into my Admin CP. If the password is wrong it says it is, but if its right it just refreshes the page. Help!

Hello???

Has anyone gotten this to work on vB 2.0.3??

Works fine with 2.0.3 recheck you've modified the files correctly.

I just redid everything, and it works almost perfectly. When registering, the user gets an error saying an error has occured and an email has been dispatched...blah blah. Here's the email:

Quote:

Database error in vBulletin: Invalid SQL: INSERT INTO userfield (userid,field5,field6,field7,field1,field2,field3, field4) VALUES (52,'','','','','','','')
mysql error: Duplicate entry '52' for key 1
mysql error number: 1062
Date: Friday 14th of September 2001 09:04:44 PM
Script: /forums/register.php
Referer: http://www.mysite.org/forums/register.php

However, it creates the user just fine, and they can login and everything. Here's the relevent section of code from member.php:

Code:

  // encypted password modification

  $DB_site->query("INSERT INTO user (userid,username,password,email,".$newstylefield."parentemail,coppauser,homepage,icq,aim,yahoo,signature,adminemail,showemail,invisible,usertitle,joindate,cookieuser,daysprune,lastvisit,lastactivity,usergroupid,timezoneoffset,emailnotification,receivepm,emailonpm,options,birthday,maxposts,startofweek,ipaddress,pmpopup,referrerid,nosessionhash,encryptedpass) VALUES (NULL,'".addslashes(htmlspecialchars($username))."','".addslashes($password)."','".addslashes(htmlspecialchars($email))."',".$newstyleval."'".addslashes(htmlspecialchars($parentemail))."','$coppauser','".addslashes(htmlspecialchars($homepage))."','".addslashes(htmlspecialchars($icq))."','".addslashes(htmlspecialchars($aim))."','".addslashes(htmlspecialchars($yahoo))."','".addslashes($signature)."','$adminemail','$showemail','$invisible','".addslashes($usertitle)."','".time()."','$cookieuser','".addslashes($prunedays)."','".time()."','".time()."','$newusergroupid','".addslashes($timezoneoffset)."','$emailnotification','$receivepm','$emailonpm','$options','".addslashes($birthday)."','".addslashes($umaxposts)."','".addslashes($startofweek)."','".addslashes($ipaddress)."','$pmpopup','".addslashes($testreferrerid['userid'])."','$nosessionhash','$encryptedpass')");

  // end secure password modification

  $userid=$DB_site->insert_id();



  // insert custom user fields

  $DB_site->query("INSERT INTO userfield $userfieldsnames VALUES ($userid$userfields)");

What's going on here?

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02196 seconds Memory Usage 1,741KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: