Announcement

Collapse
No announcement yet.

no passwords

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • no passwords

    Hi

    I'm very happy that I have been able to use Vbullletin, but I have a problem:

    I've imported users from discus, but the passwords didn't get imported. I knew that, but what I didn't know was that users were allowed to login WITHOUT password. How can I stop this???

  • #2
    users should not be able to login without a password.

    Users should need to reset their passwords before they are able to login via

    login.php?do=lostpw

    Comment


    • #3
      Originally posted by Zachery
      users should not be able to login without a password.

      Users should need to reset their passwords before they are able to login via

      login.php?do=lostpw
      Well, a user told me about it and I checked a random profil. I got in.
      Anyway I can prevent this ?

      Comment


      • #4
        Did you confirm it? Prevent what?

        Comment


        • #5
          Originally posted by Zachery
          Did you confirm it?
          Zachery Darling...

          Originally posted by Karmann
          I checked a random profil. I got in.

          Comment


          • #6
            Misread that, this should NOT be possible in any way shape or form.....

            Comment


            • #7
              Originally posted by Zachery
              Misread that, this should NOT be possible in any way shape or form.....
              Be my guest: http://www.sunddebat.com/debat/

              Any idea what I can do ?

              Comment


              • #8
                Confirmed. However this means that the import was not done correctly since passwords should have been imported:

                http://www.vbulletin.com/forum/showt...893#post761893

                I suggest redoing the import.
                Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                Change CKEditor Colors to Match Style (for 4.1.4 and above)

                Steve Machol Photography


                Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                Comment


                • #9
                  The only way that could happen is if the discuss user file was diffrent and a blank string was imported, I would also advise redoing the import, or setting all of them to a random string to force the user to update the password.
                  I wrote ImpEx.

                  Blog | Me

                  Comment


                  • #10
                    The funny thing is that if you check the Mysql all the fields are set with some code

                    Comment


                    • #11
                      Originally posted by Karmann
                      The funny thing is that if you check the Mysql all the fields are set with some code
                      Thats probally going to be MD5 hash of the salt and a blank field, which is why you can login with a blank password, i.e. thats what was imported, a blank password.

                      Try logging in with a random string opposed to a blank password.

                      This will force them all to change the password.

                      PHP Code:
                      UPDATE user SET password='a8305446bf6faca25b8163335b56b03b' WHERE userid != 1
                      That's if your admin user is userid 1 and there arn't any other users in there that is !
                      I wrote ImpEx.

                      Blog | Me

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...
                      X