User e-mail history ??

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • NetNanny
    Member
    • Oct 2008
    • 31

    User e-mail history ??

    Hi

    Just a question regarding a particular instance. When a registered user changes their email address to a new one, is there a way to see what the previous one was ? But also to make it a little harder to answer, let's assume it's a fairly new user and there is no old information on him. So we can not check an old database manually or such.

    Edit: After reading more posts on the forum, I also have a second question. Can site admins see a user's password ?? For example can the admins here see my password ?? I think yes, correct ?

    Thanks,
    Last edited by NetNanny; Wed 22 Oct '08, 2:56pm.
  • Steve Machol
    Former Customer Support Manager
    • Jul 2000
    • 154488

    #2
    The first question sounds like a support question. To get vB support on these forums you first need to be a licensed customer and register for Priority Forum Support. To do this, please go here:



    ...and enter your email address in one of the boxes. You'll need to have your customer number and password to access the page.

    Once you've done this, please post in the appropriate support forum for your version.

    Also passwords are hashed and cannot be seen.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment

    • SNN
      Senior Member
      • Jul 2006
      • 856
      • 4.0.0

      #3
      Passwords are hashed as md5(md5(password here) . salt here);
      Salt is a per-user ~4 character long that verifies that md5 cannot be cracked.

      Just reassuring that you know that this is a basic, no, they cannot.

      Comment

      • NetNanny
        Member
        • Oct 2008
        • 31

        #4
        1. Support ?? I doubt it. Why would it be ? I'm more curious from a technical standpoint. For example, if I go to my settings and change to a new email address it then updates the user settings to that new email, which I have to verify. So for argument's sake, even at that stage, could a board admin see the previous email used ? ...or only the new one that is yet to be verified ? I had a go with the demo board in the past and saw no such option - that's why I ask. As far as I can tell, an admin can see the user's profile and all that but the email he would see is the last one used.

        2. If that is so, then I must have got the wrong impression from reading that thread about user's passwords being the same as their user names and causing major problems. And if I'm wrong, how can that SQL query deduct which user has the password set to the same word ???

        Comment

        • copiertalk
          Senior Member
          • Oct 2005
          • 851
          • 3.7.x

          #5
          1. Where is your demo board hosted at?

          2. that is too much work for an admin to do. Why would I care what your password is if I am an honest admin.
          www.Copiertalk.com - Everything Copier , Printer, Fax

          Comment

          • nexialys
            Senior Member
            • May 2004
            • 2183
            • 1.1.x

            #6
            users history of username, password and usergroups are by default in the admincp, so yes, you can track the changes...

            and the passwords security is already explained. nobody can read the passwords. if you forget the password, you can click to renew it...
            oh no, i'm not going with Xenforo... come on, i'm better than that... i stick with Wordpress... rofl

            Comment

            • NetNanny
              Member
              • Oct 2008
              • 31

              #7
              Originally posted by copiertalk
              1. Where is your demo board hosted at?

              2. that is too much work for an admin to do. Why would I care what your password is if I am an honest admin.
              1. My board ?? I was referring to the demo here.

              2. How can that be, when that script can tell that user name "bob777" has the password "bob777". It surely must be able to see the password to be able to notice this, regardless of md5 hash, salt or whatever.

              Comment

              • Steve Machol
                Former Customer Support Manager
                • Jul 2000
                • 154488

                #8
                As I said before all passwords are hashed and cannot be seen. Nothing posted since then has changed that.

                vB does not store previous email addresses of members.
                Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                Change CKEditor Colors to Match Style (for 4.1.4 and above)

                Steve Machol Photography


                Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                Comment

                • NetNanny
                  Member
                  • Oct 2008
                  • 31

                  #9
                  Originally posted by nexialys
                  users history of username, password and usergroups are by default in the admincp, so yes, you can track the changes...

                  and the passwords security is already explained. nobody can read the passwords. if you forget the password, you can click to renew it...
                  1. I was asking about the email address used. Look, if I changed my own email address right now in my setting on this board - would Admin see the previous one ? (after I clicked the Update button? because I, as the end user will only see the new email address I just updated to.)

                  2. How can that be, when that script can tell that user name "bob777" has the password "bob777". It surely must be able to see the password to be able to notice this, regardless of md5 hash, salt or whatever.

                  Comment

                  • Steve Machol
                    Former Customer Support Manager
                    • Jul 2000
                    • 154488

                    #10
                    Those questions have been answered.
                    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                    Change CKEditor Colors to Match Style (for 4.1.4 and above)

                    Steve Machol Photography


                    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                    Comment

                    • NetNanny
                      Member
                      • Oct 2008
                      • 31

                      #11
                      Originally posted by Steve Machol
                      As I said before all passwords are hashed and cannot be seen. Nothing posted since then has changed that.

                      vB does not store previous email addresses of members.
                      OK, so how can that script/query I mentioned (and only as an example) tell that user name "bob777" has the password set to "bob777" ??? How does it work that out ?

                      Comment

                      • Steve Machol
                        Former Customer Support Manager
                        • Jul 2000
                        • 154488

                        #12
                        I don't know, nor do I think that is possible. You will have to ask the author of that script.

                        Why are you obsessed with this? It seems odd to me that you cannot accept my answer.
                        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                        Change CKEditor Colors to Match Style (for 4.1.4 and above)

                        Steve Machol Photography


                        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                        Comment

                        • NetNanny
                          Member
                          • Oct 2008
                          • 31

                          #13
                          Originally posted by Steve Machol
                          Those questions have been answered.
                          NO it hasn't. Look if it's some "We don't want to let potential hackers know" by posting too much info just say so and that's that. But it has not been answered. How does that script know that users have the name as their password ?

                          Comment

                          • Steve Machol
                            Former Customer Support Manager
                            • Jul 2000
                            • 154488

                            #14
                            What exactly has not been answered? Be clear because I do believe your questions have both been answered. Agasn:

                            1. vB does NOT store old email addresses. Period.

                            2. Passwords are hashed and CANNOT be viewed or decrypted.

                            Is there a third question I missed?
                            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                            Change CKEditor Colors to Match Style (for 4.1.4 and above)

                            Steve Machol Photography


                            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                            Comment

                            • NetNanny
                              Member
                              • Oct 2008
                              • 31

                              #15
                              Originally posted by Steve Machol
                              What exactly has not been answered? Be clear because I do believe your questions have both been answered. Agasn:

                              1. vB does NOT store old email addresses. Period.

                              2. Passwords are hashed and CANNOT be viewed or decrypted.

                              Is there a third question I missed?
                              Just those two, and these answers were more decisive, I guess a little anger makes most people get to the point. No doubt you were getting a little frustrated and answered more abruptly. Except for me, your last answers (even thou still somewhat technically vague) were the best ones.

                              Now I suppose I can give you an example, upon thinking about it, regarding the password query. Say a spammer creates several accounts that use different IP's and e-mail addresses and the only setting he reuses (just to give an example) is the password. So I wanted to know if there was a way to display users using the same password - like there are ways to show which users shared the same IP or email provider.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...