Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 07-30-2008, 11:15 AM
noj75 noj75 is offline
 
Join Date: Nov 2004
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Easy Password: Coders Please read.

Hi all,

I have nothing but problems on my board with people using the default Lost Password system and then emailing me as it has not worked.

I therefor wrote the following script to make my life a little simpler.

If there are any professional coders amongst you that would like to review and critique this script I would very much appreciate your view as I am by no means a pro. I am just a person interested in PHP.

PHP Code:
I HAVE REMOVED THE CODE 
I have tested this script and it is running fine.

Your views are appreciated.

Kind regards
Reply With Quote
  #2  
Old 07-30-2008, 11:21 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This script is very insecure and is vulnerable to SQL-Injections. Please see our articles section on how to write secure scripts.

PS Why would the default recover password not work?
Reply With Quote
  #3  
Old 07-30-2008, 11:27 AM
noj75 noj75 is offline
 
Join Date: Nov 2004
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi Marco,

Thanks for the prompt reply.

My default system either defaults the user to the login page or does not recognise the password that is sent in the email.

P.S. Any pointers on making this script more secure? Would appreciate your input.

Regards
Reply With Quote
  #4  
Old 07-30-2008, 11:33 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Why not try fixing the current system? Try disabling any modifications running.
Reply With Quote
  #5  
Old 07-30-2008, 11:41 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Please provide a link to your board so i can see what is going wrong with the default system.

Quote:
P.S. Any pointers on making this script more secure? Would appreciate your input.
See the articles on writing secure modifications in our articles section.
Reply With Quote
  #6  
Old 07-30-2008, 12:15 PM
noj75 noj75 is offline
 
Join Date: Nov 2004
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Marco van Herwaarden View Post
Please provide a link to your board so i can see what is going wrong with the default system.

See the articles on writing secure modifications in our articles section.
Sent you a PM Marco

--------------- Added [DATE]1217425598[/DATE] at [TIME]1217425598[/TIME] ---------------

Does this improve things?

PHP Code:
I HAVE REMOVED THE CODE 
Regards
Reply With Quote
  #7  
Old 07-30-2008, 12:56 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have tested the (default vBulletin) lost password feature on your site, and i had no problem at all getting a new password. You might want to delete the account created for testing: vBTest

Also i suggest that you remove your own script (really remove from disk) ASAP as it is very insecure and could very easily be used to destroy your database or such.
Reply With Quote
  #8  
Old 07-30-2008, 01:10 PM
noj75 noj75 is offline
 
Join Date: Nov 2004
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, thats strange. It did not work for me this morning, but it does now?

I have though, taken your advice and removed the script from my server. Thank you very much for the advice Marco, very much appreciated.

Kindest regards
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:47 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04384 seconds
  • Memory Usage 2,227KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete