no passwords [Archive] - vBulletin Community Forum

View Full Version : no passwords

Karmann

Sun 17th Apr '05, 3:49am

Hi

I'm very happy that I have been able to use Vbullletin, but I have a problem:

I've imported users from discus, but the passwords didn't get imported. I knew that, but what I didn't know was that users were allowed to login WITHOUT password. How can I stop this???

Zachery

Sun 17th Apr '05, 3:56am

users should not be able to login without a password.

Users should need to reset their passwords before they are able to login via

login.php?do=lostpw

Karmann

Sun 17th Apr '05, 12:20pm

users should not be able to login without a password.

Users should need to reset their passwords before they are able to login via

login.php?do=lostpw

Well, a user told me about it and I checked a random profil. I got in.
Anyway I can prevent this ?

Zachery

Sun 17th Apr '05, 1:32pm

Did you confirm it? Prevent what?

brisk_99

Sun 17th Apr '05, 1:56pm

Did you confirm it?

Zachery Darling...

I checked a random profil. I got in.

:p

Zachery

Sun 17th Apr '05, 1:57pm

Misread that, this should NOT be possible in any way shape or form.....

Karmann

Sun 17th Apr '05, 2:30pm

Misread that, this should NOT be possible in any way shape or form.....

Be my guest: http://www.sunddebat.com/debat/

Any idea what I can do ?

Steve Machol

Sun 17th Apr '05, 3:08pm

Confirmed. However this means that the import was not done correctly since passwords should have been imported:

http://www.vbulletin.com/forum/showthread.php?p=761893#post761893

I suggest redoing the import.

Jerry

Mon 18th Apr '05, 2:01pm

The only way that could happen is if the discuss user file was diffrent and a blank string was imported, I would also advise redoing the import, or setting all of them to a random string to force the user to update the password.

Karmann

Mon 18th Apr '05, 5:01pm

The funny thing is that if you check the Mysql all the fields are set with some code

Jerry

Mon 18th Apr '05, 5:22pm

The funny thing is that if you check the Mysql all the fields are set with some code

Thats probally going to be MD5 hash of the salt and a blank field, which is why you can login with a blank password, i.e. thats what was imported, a blank password.

Try logging in with a random string opposed to a blank password.

This will force them all to change the password.

UPDATE user SET password='a8305446bf6faca25b8163335b56b03b' WHERE userid != 1;

That's if your admin user is userid 1 and there arn't any other users in there that is !