The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Password prune
I've seen a few requests for the ability to mass change peoples passwords and one idea crossed my mind that would avoid resetting everyones access level to Awaiting E-Mail.
To empty all of the password fields in the database and then have it so that the forum won't allow accounts to work that have no password. Would this work and be possible to do? |
#2
|
|||
|
|||
well, i just tested my idea by emptying the password field of an account and once the cookie of that test session had expired i could no longer browse and attempts to log in failed, even with leaving the password blank.
Is there a security flaw anyone knows of if i use this method on a mass senario ? As i wish to FORCE all my users to lose their passwords and then apply for new ones via the lost password form. |
#3
|
||||
|
||||
well, there shouldn't be a problem, when everybody uses the right email in his account
just run [sql]UPDATE user SET password='' WHERE userid>1[/sql] then all passwords should be deleted (except yours) |
#4
|
|||
|
|||
so theres no way that someone could somehow enter a MD5 equivalent of 'blank' ? hehe, i dunno *shrug* just paranoid that i'll open up a can of worms.
|
#5
|
||||
|
||||
as far as i know, the md5 function can never return a blank string, it'll alwasy return a string largen than 30 chars, so it will be save.
you can also fill the passwordfield with a random string, it would have the same effect that everybody has to redo his passwords with the vb-fuction |
#6
|
|||
|
|||
okie, i'll empty all the password fields except 1 using syntax above, thanks for your help
|
#7
|
||||
|
||||
A blank pw in md5 is:
Code:
d41d8cd98f00b204e9800998ecf8427e |
#8
|
||||
|
||||
you're welcome
|
#9
|
||||
|
||||
@NTDLR: you've missread something:
he not asked for x=MD5(''), he asked if there is an x so that MD5(x)='' and there isn't one as i know |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|