The Arcive of Official vBulletin Modifications Site.

Tryfwar · #1 01-01-2003, 06:16 PM

I've seen a few requests for the ability to mass change peoples passwords and one idea crossed my mind that would avoid resetting everyones access level to Awaiting E-Mail.

To empty all of the password fields in the database and then have it so that the forum won't allow accounts to work that have no password.

Would this work and be possible to do?

Tryfwar · #2 01-01-2003, 06:28 PM

well, i just tested my idea by emptying the password field of an account and once the cookie of that test session had expired i could no longer browse and attempts to log in failed, even with leaving the password blank.
Is there a security flaw anyone knows of if i use this method on a mass senario ? As i wish to FORCE all my users to lose their passwords and then apply for new ones via the lost password form.

Xenon · #3 01-01-2003, 06:59 PM

well, there shouldn't be a problem, when everybody uses the right email in his account

just run [sql]UPDATE user SET password='' WHERE userid>1[/sql]

then all passwords should be deleted (except yours)

Tryfwar · #4 01-01-2003, 07:03 PM

so theres no way that someone could somehow enter a MD5 equivalent of 'blank' ? hehe, i dunno *shrug* just paranoid that i'll open up a can of worms.

Xenon · #5 01-01-2003, 07:07 PM

as far as i know, the md5 function can never return a blank string, it'll alwasy return a string largen than 30 chars, so it will be save.

you can also fill the passwordfield with a random string, it would have the same effect that everybody has to redo his passwords with the vb-fuction

Tryfwar · #6 01-01-2003, 07:10 PM

okie, i'll empty all the password fields except 1 using syntax above, thanks for your help

NTLDR · #7 01-01-2003, 07:12 PM

A blank pw in md5 is:

Code:

d41d8cd98f00b204e9800998ecf8427e

However I don't suggest you make everyones password blank. There is a hack in the full releases forum that allows you to set password expiry times.

Xenon · #8 01-01-2003, 07:12 PM

you're welcome

Xenon · #9 01-01-2003, 07:14 PM

@NTDLR: you've missread something:

he not asked for x=MD5(''), he asked if there is an x so that MD5(x)=''

and there isn't one as i know

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04013 seconds Memory Usage 2,231KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_code (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (9)post_thanks_box (9)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (9)post_thanks_postbit_info (9)postbit (9)postbit_onlinestatus (9)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!