Go Back   vb.org Archive > Community Discussions > Modification Requests/Questions (Unpaid)
  #1  
Old 01-01-2003, 06:16 PM
Tryfwar Tryfwar is offline
 
Join Date: Nov 2001
Location: Nottingham, UK
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Password prune

I've seen a few requests for the ability to mass change peoples passwords and one idea crossed my mind that would avoid resetting everyones access level to Awaiting E-Mail.

To empty all of the password fields in the database and then have it so that the forum won't allow accounts to work that have no password.

Would this work and be possible to do?
Reply With Quote
  #2  
Old 01-01-2003, 06:28 PM
Tryfwar Tryfwar is offline
 
Join Date: Nov 2001
Location: Nottingham, UK
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well, i just tested my idea by emptying the password field of an account and once the cookie of that test session had expired i could no longer browse and attempts to log in failed, even with leaving the password blank.
Is there a security flaw anyone knows of if i use this method on a mass senario ? As i wish to FORCE all my users to lose their passwords and then apply for new ones via the lost password form.
Reply With Quote
  #3  
Old 01-01-2003, 06:59 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well, there shouldn't be a problem, when everybody uses the right email in his account

just run [sql]UPDATE user SET password='' WHERE userid>1[/sql]

then all passwords should be deleted (except yours)
Reply With Quote
  #4  
Old 01-01-2003, 07:03 PM
Tryfwar Tryfwar is offline
 
Join Date: Nov 2001
Location: Nottingham, UK
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

so theres no way that someone could somehow enter a MD5 equivalent of 'blank' ? hehe, i dunno *shrug* just paranoid that i'll open up a can of worms.
Reply With Quote
  #5  
Old 01-01-2003, 07:07 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

as far as i know, the md5 function can never return a blank string, it'll alwasy return a string largen than 30 chars, so it will be save.

you can also fill the passwordfield with a random string, it would have the same effect that everybody has to redo his passwords with the vb-fuction
Reply With Quote
  #6  
Old 01-01-2003, 07:10 PM
Tryfwar Tryfwar is offline
 
Join Date: Nov 2001
Location: Nottingham, UK
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

okie, i'll empty all the password fields except 1 using syntax above, thanks for your help
Reply With Quote
  #7  
Old 01-01-2003, 07:12 PM
NTLDR's Avatar
NTLDR NTLDR is offline
Coder
 
Join Date: Apr 2002
Location: Bristol, UK
Posts: 3,644
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A blank pw in md5 is:

Code:
d41d8cd98f00b204e9800998ecf8427e
However I don't suggest you make everyones password blank. There is a hack in the full releases forum that allows you to set password expiry times.
Reply With Quote
  #8  
Old 01-01-2003, 07:12 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

you're welcome
Reply With Quote
  #9  
Old 01-01-2003, 07:14 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

@NTDLR: you've missread something:

he not asked for x=MD5(''), he asked if there is an x so that MD5(x)=''

and there isn't one as i know
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:11 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05343 seconds
  • Memory Usage 2,227KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete