Thread: [REQUEST] Mass Password Reset for VB4
View Single Post
  #2  
Old 06-04-2010, 04:46 AM
Floris Floris is offline
 
Join Date: Jan 2002
Posts: 1,898
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
vBulletin does not allow you anymore to use a password that's the same as the username.

Run a manual query on the database to encode the pass to be like the username.

Then use the internal tool to diagnose for vulenarable passwords, it will find ALL users ..

then rewrite it to not show as vulnerable but as password reset email ..

and it generates the new pass for the user and emails them.

--------------- Added [DATE]1275630577[/DATE] at [TIME]1275630577[/TIME] ---------------

PHP Code:
<?php // made with help by ryan ashbrook, madmikeyb and chroder, 
// for floris at http://vbfans.com

die(); // uncomment this before using, and after editing this file.
require_once ( './global.php' );
$query $vbulletin->db->query_read "SELECT * FROM `" TABLE_PREFIX "user` WHERE usergroupid = 95" );
while ( $user $vbulletin->db->fetch_array $query ) )
{
    echo ( '<p>Updating user ' $user['username'] . '...' );
    $vbulletin->db->query_write '
        UPDATE `' TABLE_PREFIX 'user`
        SET password = \'' md5 md5 $user['username']) . $user['salt'] ) . '\'
        WHERE userid = ' $user['userid'] . '
    ' );
    echo ( ' done!</p>' );
}
?>
This is what I used on 3.8 forum to force the usergroupid 95 to have the same password as the username, so afterwards I could use the ' check for vulnerable pass ' feature built-in from vbulletin 3.8.

surely this works on 4.0 too.

BACK YOUR DB UP
put this in like 'forcepass.php' and put it in admincp/

edit the file to point to the usergroup,
add // in front of die();

and run it from the browser.

good luck
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01197 seconds
  • Memory Usage 1,781KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete