Version: , by dabean
Developer Last Online: Dec 2003
Version: Unknown
Rating:
Released: 05-31-2001
Last Update: Never
Installs: 0
No support by the author.
Updated 15th July 2001
Simplish hack that allows end users to chose if they want to store encrypted versions of their password.
Full details of how this is implemented are contained in the file.
Requirements:
vBulletin 2.0.0
This has not been tested on rc1/2/3 beta1-5. It might work or it might not.
From the june 3rd update onwards a installation script is included, full details in the instructions.
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Originally posted by mrlister plain text passwords is the only reason why i have to memorize so many different passwords for each vB i sign up with.
I know what you mean however even if the passwords are set as standard to be encrypted (and i am sure it will be an option anyway) you can't trust the person operating the VB as they could easily hack it not to use encrypted passwords. Any password you use should really be unique or there is a chance someone could use it.
Originally posted by Lord Satan Am I to understand that anyone can see anyone's password without the encryption?
What other security holes are there in vBB?
clearly you don't understand. Only the admin can see anyone's (who has registered at their site's) password. Why would you expect any different. If you pass information to a site you have to expect them to be able to look at it if they want to.
clearly you don't understand. Only the admin can see anyone's (who has registered at their site's) password. Why would you expect any different. If you pass information to a site you have to expect them to be able to look at it if they want to.
and it is VB not vBB
actually that is not true. anybody w/access to the sql server can. if the server is comprimised... well, i won't point out the obvious....
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in /home/atrl/public_html/forums/member.php on line 139 is the error i get what do i do?
from the php manual "parse error, expecting `T_STRING' or `T_VARIABLE' ..." Generally that type of error is caused by the echo function, how ever as my code fragment doesn't use this particular function it is probibaly some other hack or modification you've made.
this is indeed very cool, and i have set it up on my site. one caveat, though.
should a user ever decide to go back to a non-encrypted password, this is not provided for. there of course is the option to select 'no' in the user template, but this has no effect on the stored password in the database. i may just be ignorant, but i don't know of a way to un-MD5 a password hash.
any ideas? otherwise i'll just change the template and remove the 'no' option for encrypted passwords, stating that it's an irreversable option.
Originally posted by thewitt Though I have not looked at this particular hack, MD5 is a hashed-asymetric encryption that is not reversable.
You cannot take the MD5 hash and turn it back into the plain text password.
-t
true... the only way to do this would be to prompt for the password, store it in a temporary variable, verify that it is correct, and then change the db if it is... you will have to use the temp var though cause like thewitt said you can't revert an md5 hash...
Details »»
About Developer
Visit Web Site
No support by the author.
06-05-2001, 06:35 PM
sorry...
