Announcement

Collapse
No announcement yet.

Password Log

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password Log

    Here it is, at long last.
    I've searched these forums and there seems to be interest so I went ahead and did it.

    Introducing the Password Log.
    Part of the 1984 series.

    Before going any further, I have no intention of attaching the hack to this thread.
    When vBulletin.org accepts vB3 hacks I will submit there.

    O.K. Now for some info.

    The password log records UNENCRYPTED passwords on registration and password change.
    This is a one time operation. md5 hashes and salts are generated as normal.
    Login is unaffected and uses the md5 and salt system.

    The password log was created to allow board owners the ability to do two things:-
    1) Find multiple accounts operated by troublesome users by comparing passwords.
    2) Temporarily gain access to a user's account without changing their password.

    The log runs in the admin control panel with fully integrated help provided.

    View and prune access is restricted by userid in config.php
    Also in config.php there is a master toggle enabling / disabling all logging as well as a limiter preventing the logging of users with admin or mod powers and the option to choose your own name for the password log table in the db.

    This is still a beta hack for a beta board so please don't ask for a download at present.
    I have no idea what impact changes to vB during beta and RC will have on it.

    I am currently working on a few enhancements such as IP cross referencing, which should be done very soon.

    Here are some screen shots of the current version.


    The screen in the control panel where you select how you wish to view / prune your logs



    A sample log.



    Admin help.


    Opinions?
    Sig? What sig?

  • #2
    Mine is that you shouldn't be hacking an already unfinished vBulletin 3.
    --filburt1, vBulletin.org/vBulletinTemplates.com moderator
    Web Design Forums.net: vB Board of the Month
    vBulletin Mail System (vBMS): webmail for your forum users

    Comment


    • #3
      Originally posted by filburt1
      Mine is that you shouldn't be hacking an already unfinished vBulletin 3.
      Back off dude. Hes just showing people what his hack is.

      Comment


      • #4
        Originally posted by filburt1
        Mine is that you shouldn't be hacking an already unfinished vBulletin 3.
        Absolutely. I completely agree.

        I did say it was a beta hack for a beta board and that I am fully prepared for things to go pearshaped by the next beta.

        This is just to give you all a preview of things to come.
        Sig? What sig?

        Comment


        • #5
          Nice hack dude!

          Comment


          • #6
            I hope there wil be a registration option to disallow the admin from seeing the password since it is a huge risk to the users privacy...For example:

            1)User goes to forums

            2)User registers, admin knows who User is

            3)Admin trys out the password on User's e-mail account etc

            Comment


            • #7
              Originally posted by John Round
              I hope there wil be a registration option to disallow the admin from seeing the password since it is a huge risk to the users privacy...
              I will not be doing this.
              It would totally negate the primary function of the log which is to pull up the passwords of troublesome users who will simply deny the admin access when registering.
              The best thing you can do is to make reference in the TOS people have to read before being allowed to register that selected administrators may be able to view their passwords.
              The same thing applies to other hacks in the 1984 series, e.g. pm viewer.

              If anyone wishes to modify the hack further to include this, it is up to them.
              Sig? What sig?

              Comment


              • #8
                DarkDelight.net, don't worry about babysitting those who will use it. It is an awsome hack, period.

                Comment


                • #9
                  What is the point of this? Wouldn't a more secure way be to add a link to the admin Edit Profile page which logs in as that user. Short of logging in as the user, I can't see a need for knowing the person's password. I mean, it's a good hack and everything, and it's obvious a lot of work went into it. I just can't see using it over a Login As... link.

                  Comment


                  • #10
                    Did you add the hack to vb.org? That's where I think this should be.
                    Fan Club member for VBulletin Dev and Support Team ;)

                    Hysterectomy - GirlsGetGoing.com - Fabulous Fifty

                    I'm frequently asked about the skin designer for my forums. ForumSkin.com

                    Comment


                    • #11
                      Originally posted by Kathy
                      Did you add the hack to vb.org? That's where I think this should be.
                      Hacks at vB.org for vB3 are not allowed yet for the reason I mentioned earlier
                      --filburt1, vBulletin.org/vBulletinTemplates.com moderator
                      Web Design Forums.net: vB Board of the Month
                      vBulletin Mail System (vBMS): webmail for your forum users

                      Comment


                      • #12
                        It would make me wary to register at a site that can view an unencrypted version of my password, unless they mention it in their privacy statement... then again, that's just me
                        OPEN TECH SUPPORT
                        "Tech is our middle name!"

                        Comment


                        • #13
                          Ditto, shame on the hack maker
                          Running vB since 4-14-2002

                          Comment


                          • #14
                            You would be surprised how many users forget their password and the NEW vB3 does not allow for an admin to email a user their password. Instead it send the user a NEW password, which is ****ed up!

                            Comment


                            • #15
                              You give two reasons. The first is good for vB3, but isn't for vB2, as then you could compare the hashes. As this is untrue for vB3, I'll let it slide.

                              But for #2, you could always port over the "login as user" hack from vB2.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X