vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Easy Password: Coders Please read. (https://vborg.vbsupport.ru/showthread.php?t=186734)

noj75 07-30-2008 11:15 AM
Easy Password: Coders Please read.
 
Hi all,

I have nothing but problems on my board with people using the default Lost Password system and then emailing me as it has not worked.

I therefor wrote the following script to make my life a little simpler.

If there are any professional coders amongst you that would like to review and critique this script I would very much appreciate your view as I am by no means a pro. I am just a person interested in PHP.

PHP Code:
I HAVE REMOVED THE CODE 
I have tested this script and it is running fine.

Your views are appreciated.

Kind regards

Marco van Herwaarden 07-30-2008 11:21 AM
This script is very insecure and is vulnerable to SQL-Injections. Please see our articles section on how to write secure scripts.

PS Why would the default recover password not work?

noj75 07-30-2008 11:27 AM
Hi Marco,

Thanks for the prompt reply.

My default system either defaults the user to the login page or does not recognise the password that is sent in the email.

P.S. Any pointers on making this script more secure? Would appreciate your input.

Regards

Dismounted 07-30-2008 11:33 AM
Why not try fixing the current system? Try disabling any modifications running.

Marco van Herwaarden 07-30-2008 11:41 AM
Please provide a link to your board so i can see what is going wrong with the default system.

Quote:
P.S. Any pointers on making this script more secure? Would appreciate your input.
See the articles on writing secure modifications in our articles section.

noj75 07-30-2008 12:15 PM
Quote:
Originally Posted by Marco van Herwaarden (Post 1587362)
Please provide a link to your board so i can see what is going wrong with the default system.

See the articles on writing secure modifications in our articles section.
Sent you a PM Marco

--------------- Added [DATE]1217425598[/DATE] at [TIME]1217425598[/TIME] ---------------

Does this improve things?

PHP Code:
I HAVE REMOVED THE CODE 
Regards

Marco van Herwaarden 07-30-2008 12:56 PM
I have tested the (default vBulletin) lost password feature on your site, and i had no problem at all getting a new password. You might want to delete the account created for testing: vBTest

Also i suggest that you remove your own script (really remove from disk) ASAP as it is very insecure and could very easily be used to destroy your database or such.

noj75 07-30-2008 01:10 PM
Well, thats strange. It did not work for me this morning, but it does now?

I have though, taken your advice and removed the script from my server. Thank you very much for the advice Marco, very much appreciated.

Kindest regards


All times are GMT. The time now is 04:29 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01027 seconds
  • Memory Usage 1,726KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete