no passwords

**Zachery** · Sat 16 Apr '05, 10:56pm

users should not be able to login without a password.

Users should need to reset their passwords before they are able to login via

login.php?do=lostpw

**Karmann** · Sun 17 Apr '05, 7:20am

Originally posted by Zachery

users should not be able to login without a password.

Users should need to reset their passwords before they are able to login via

login.php?do=lostpw

Well, a user told me about it and I checked a random profil. I got in.
Anyway I can prevent this ?

**Zachery** · Sun 17 Apr '05, 8:32am

Did you confirm it? Prevent what?

**brisk_99** · Sun 17 Apr '05, 8:56am

Originally posted by Zachery

Did you confirm it?

Zachery Darling...

Originally posted by Karmann

I checked a random profil. I got in.

**Zachery** · Sun 17 Apr '05, 8:57am

Misread that, this should NOT be possible in any way shape or form.....

**Karmann** · Sun 17 Apr '05, 9:30am

Originally posted by Zachery

Misread that, this should NOT be possible in any way shape or form.....

Be my guest: http://www.sunddebat.com/debat/

Any idea what I can do ?

**Steve Machol** · Sun 17 Apr '05, 10:08am

Confirmed. However this means that the import was not done correctly since passwords should have been imported:

vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?p=761893#post761893

I suggest redoing the import.

**Jerry** · Mon 18 Apr '05, 9:01am

The only way that could happen is if the discuss user file was diffrent and a blank string was imported, I would also advise redoing the import, or setting all of them to a random string to force the user to update the password.

**Karmann** · Mon 18 Apr '05, 12:01pm

The funny thing is that if you check the Mysql all the fields are set with some code

**Jerry** · Mon 18 Apr '05, 12:22pm

Originally posted by Karmann

The funny thing is that if you check the Mysql all the fields are set with some code

Thats probally going to be MD5 hash of the salt and a blank field, which is why you can login with a blank password, i.e. thats what was imported, a blank password.

Try logging in with a random string opposed to a blank password.

This will force them all to change the password.

PHP Code:


UPDATE user SET password='a8305446bf6faca25b8163335b56b03b' WHERE userid != 1;

That's if your admin user is userid 1 and there arn't any other users in there that is !

no passwords

no passwords

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment