The Arcive of Official vBulletin Modifications Site.

Skyrider · #1 01-23-2015, 11:45 AM

Account Password Vulnerability option in vB resets the passwords of those who has found to be vulnerable. It emails you a new password, yay! But is there anyway the password that is going to be send out is more enhanced? More characters, lower/bigger cases and symbols?

The passwords that were send and given by vbulletin though this feature is not that long, and i prefer it to be stronger by default.

Digital Jedi · #2 01-23-2015, 11:59 AM

I'm not sure about how to configure that without major(?) code changes, but the new password should only be used temporarily, and immediately changed by the user. Even it it sends them a more complicated one. In fact, the email should probably tell them this, if it doesn't already.

HM666 · #3 01-23-2015, 12:00 PM

Maybe try this: https://vborg.vbsupport.ru/showthrea...light=password

If that is not what you are looking for then just do a search. Go to the search box at the top of the forum and use the word password as your search term then choose "All Mods" in the first drop down and then choose "Titles only" in the second one. That will give you several results to compare.

Skyrider · #4 01-23-2015, 12:01 PM

I saw that, but I'm looking for a way to give everyone a new password (mass force), but I prefer it having a hard password right away also for the inactive users.

HM666 · #5 01-23-2015, 12:09 PM

Hmmmm I see the built in feature will not work for that either. You would probably nee a special plugin/code for that.

kh99 · #6 01-23-2015, 01:22 PM

You could edit file includes/functions.php and change the function fetch_random_password(), but that's also used by the mobile api so I don't know what affect that would have. It's also a kind of strange function that generates a string of random characters but seems to have been modified to insert one digit in a random place or something like that.

Or you could edit admincp/passwordcheck.php and where fetch_random_password() is called, substitute your own code. That's where the vulnerable password check happens, if the user requests a change that's done in login.php.

Skyrider · #7 01-23-2015, 04:31 PM

Thanks for the hint KH. I've altered the line:

Code:

$password_characters = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';

and I've included some symbols. Seems to work just fine!

However, when I alter:

Code:

function fetch_random_password($length = 8)

And change the lenght of the password to 12, doesn't appear to work. It sticks with giving a password length of 8.

Dave · #8 01-23-2015, 05:11 PM

That's because in admincp/passwordcheck.php around line 148 it calls the function with the number 8, that has priority over those default values.

Skyrider · #9 01-23-2015, 06:13 PM

Quote:

Originally Posted by Dave

That's because in admincp/passwordcheck.php around line 148 it calls the function with the number 8, that has priority over those default values.

Sweet, thanks! Now I receive awesome passwords now, the way I want it.

Last question though. When resetting a password through recovery (user recovery password), what controls the type of password there that will be send? I am unable to find password_characters under login.php, though I found fetch_random_password.

kh99 · #10 01-23-2015, 06:15 PM

You should find a call to fetch_random_password(8) in login.php.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04174 seconds Memory Usage 2,252KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (2)bbcode_code (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!