vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   Password prune (https://vborg.vbsupport.ru/showthread.php?t=47220)

Tryfwar 01-01-2003 06:16 PM
Password prune
 
I've seen a few requests for the ability to mass change peoples passwords and one idea crossed my mind that would avoid resetting everyones access level to Awaiting E-Mail.

To empty all of the password fields in the database and then have it so that the forum won't allow accounts to work that have no password.

Would this work and be possible to do?

Tryfwar 01-01-2003 06:28 PM
well, i just tested my idea by emptying the password field of an account and once the cookie of that test session had expired i could no longer browse and attempts to log in failed, even with leaving the password blank.
Is there a security flaw anyone knows of if i use this method on a mass senario ? As i wish to FORCE all my users to lose their passwords and then apply for new ones via the lost password form.

Xenon 01-01-2003 06:59 PM
well, there shouldn't be a problem, when everybody uses the right email in his account :)

just run [sql]UPDATE user SET password='' WHERE userid>1[/sql]

then all passwords should be deleted (except yours)

Tryfwar 01-01-2003 07:03 PM
so theres no way that someone could somehow enter a MD5 equivalent of 'blank' ? hehe, i dunno *shrug* just paranoid that i'll open up a can of worms.

Xenon 01-01-2003 07:07 PM
as far as i know, the md5 function can never return a blank string, it'll alwasy return a string largen than 30 chars, so it will be save.

you can also fill the passwordfield with a random string, it would have the same effect that everybody has to redo his passwords with the vb-fuction ;)

Tryfwar 01-01-2003 07:10 PM
okie, i'll empty all the password fields except 1 using syntax above, thanks for your help :)

NTLDR 01-01-2003 07:12 PM
A blank pw in md5 is:

Code:
d41d8cd98f00b204e9800998ecf8427e
However I don't suggest you make everyones password blank. There is a hack in the full releases forum that allows you to set password expiry times.

Xenon 01-01-2003 07:12 PM
you're welcome :)

Xenon 01-01-2003 07:14 PM
@NTDLR: you've missread something:

he not asked for x=MD5(''), he asked if there is an x so that MD5(x)=''

and there isn't one as i know


All times are GMT. The time now is 07:34 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00974 seconds
  • Memory Usage 1,718KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (9)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete