vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Reset Passwords for All Users? (https://vborg.vbsupport.ru/showthread.php?t=326850)

brandon515 10-25-2018 02:29 PM
Reset Passwords for All Users?
 
Is there a way I can reset the passwords for all users and then send them all and email letting them know how to proceed?

snakes1100 10-25-2018 06:06 PM
Phpmyadmin, go to the user table, drop the password column, then add it back, with the same details (varchar32, adjust priv's etc....)

Mass mail your users with this:

Hello $username,

We have recently had a issue with the site, please reset your password via the link below.

http://www.yoursite.com/forum/login.php?do=lostpw&email=$email

Thanks Staff

TheLastSuperman 10-25-2018 06:13 PM
For some that might be a bit "much" and they could potentially mess up the table if they don't add it back properly.

I would instead run this query:
Code:
UPDATE `user`
SET `password` = MD5(CONCAT(MD5('HibbityJibbityBl@hBl@h'), `user`.`salt`))
WHERE `userid` != 1;
Be sure to change the primary Admin password if userid = 1 before anything IF you've been hacked/compromised.

Now everyone's password is:
Code:
HibbityJibbityBl@hBl@h
DON'T TELL THEM THAT THOUGH, now simply email as Snakes said to all members and let them know to request a password reset, once they do a password request reset it will reset their password. Before you run the query replace HibbityJibbityBl@hBl@h with a long password of your own that no one would know.

z3r0 10-26-2018 06:23 AM
I've used this in the past when I had to reset all passwords and email all users on one of my vb4 boards.

https://vborg.vbsupport.ru/showthrea...904#post479904

x iJailBreak x 10-29-2018 11:25 AM
Quote:
Originally Posted by TheLastSuperman (Post 2597005)
Be sure to change the primary Admin password if userid = 1 before anything IF you've been hacked/compromised.
I would expand on this to say this needs to be done for all administrators/staff accounts, regardless of how much access they have. And enforcing a 2FA solution (at least on staff accounts including administrators and moderators) such as Google Authenticator also goes a long way when it comes to protecting your users and website from malicious users.

scottkoz20 10-29-2018 12:44 PM
Quote:
Originally Posted by x iJailBreak x (Post 2597079)
I would expand on this to say this needs to be done for all administrators/staff accounts, regardless of how much access they have. And enforcing a 2FA solution (at least on staff accounts including administrators and moderators) such as Google Authenticator also goes a long way when it comes to protecting your users and website from malicious users.
is there a good 2FA modification that exists?

x iJailBreak x 10-29-2018 09:35 PM
Quote:
Originally Posted by scottkoz20 (Post 2597081)
is there a good 2FA modification that exists?
For vB4, yes. I used to use a modification that I wrote myself, however as it's not commercially available (and likely never will be) I would suggest looking at DBTech Two Factor Authentication. This should achieve the same as what my own plugin did. 2FA really beefs up the security of your platform when used correctly!

TheBang 11-01-2018 05:38 PM
Quote:
Originally Posted by TheLastSuperman (Post 2597005)
I would instead run this query:
Code:
UPDATE `user`
SET `password` = MD5(CONCAT(MD5('HibbityJibbityBl@hBl@h'), `user`.`salt`))
WHERE `userid` != 1;
It's probably not a great idea to set everyone's password to the same thing, no matter how obscure.

This is probably a better idea:

Code:
UPDATE `user`
SET `password` = NULL
WHERE `userid` != 1;
This basically invalidates everyone's password (except for userid 1). No one will be able to authenticate until they go through the password reset process and select a new password.


All times are GMT. The time now is 04:35 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01152 seconds
  • Memory Usage 1,728KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete