miniBB ®  
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
How To miniBB Support Forums / How To /   

Getting forgotten password

Author Anonymous
Guest
#1 | Posted: 2 Oct 2007 08:23 
Occasionally I'll have a member email me saying he forgot his password. There is no way of getting this except for the md5 in the database correct?

Author Paul
Lead Developer
#2 | Posted: 2 Oct 2007 08:46 
How about reading the manual?

The link is on a "Password" wording in any username/password form.

You may also read this:

http://www.minibb.com/forums/12_3180_0.html

Author Anonymous
Guest
#3 | Posted: 6 Oct 2007 07:49 
When I click on the 'Password' link I get the "Restricted Access" message just like I am trying to enter a forum I don't have access to. I am using one private forum and one forum is controlled by this code below for the registered view only hack. Could this code be stopping the access to the action=sendpass? The code is in my lang files.

/* Hack - hiding all forums from not logged users */
if($forum!=0 and $user_id==0) {
if(!isset($clForums[11])) $clForums[]=11;
if(!isset($clForumsUsers[11])) $clForumsUsers[11]=array();
}
/* --Hack - hiding all threads from not logged users */

Author tom322
Registered
#4 | Posted: 6 Oct 2007 19:38 
I think I use a similar hack and don't have this problem... Possibly it's related to some other custom change..

Author Paul
Lead Developer
#5 | Posted: 8 Oct 2007 02:57 
Anonymous
I am wondering ;-) why you decided this hack is involved if in the code there is nowhere mentioned 'password' or 'pass' or 'sendpass' (as you may see this is the action's title which executes when you're trying to get the password, index.php?action=sendpass).

As you may see on minibbtest, there is also such kind error of forbidden. It could happen only in one case - when $genEmailDisable setting of setup_options.php is not set or set to 0. That means any kind of using email functions is disabled on the server that way you also can't use the password reminder.

Author Anonymous
Guest
#6 | Posted: 8 Oct 2007 07:06 
$genEmailDisable is set to 1. So that means there is no way of getting the password but cracking the md5, right.

why you decided this hack is involved if in the code

Because they both gave off the same $accessdenied error and its a custom add-on

Author Anonymous
Guest
#7 | Posted: 8 Oct 2007 07:08 
This brings me to a point, is there a way of adding a red warning when registering that passwords cannot be found if lost?

if $genEmailDisable == 1:

print "Warning: passwords cannot be found if lost"

Python programmer but you get the drift :)

Author Paul
Lead Developer
#8 | Posted: 8 Oct 2007 09:22 
I suppose if you are a programmer, first it is needed to get the nature of the error and probably find the place in the code where it's called ;-) miniBB uses one warning message for many cases, because it's mini, and for such rare cases we're not finding it suitable to create each and every variable in language pack.

If you have set $genEmailDisable to 1, you can just modify templates/user_dataform.html and place the warning message at any place you want on the Profile form.

Author Paul
Lead Developer
#9 | Posted: 8 Oct 2007 09:41 
Additionally, I would say the password is still restorable: maintainer of the forums could log-in to mySQL tool like phpMyAdmin directly and change the password to some other value, which will be MD5-encoded but at the same time original value will be known. That way the maintainer can reset the password for you if you forget it ;-) It would be possible to program even a simple script for it, but unfortunatelly I am very busy these days to provide it for free...

Author Anonymous
Guest
#10 | Posted: 8 Oct 2007 11:42 
I just added this to templates/user_dataform.html which adds Warning: Passwords cannot be rediscovered if lost. in red under the * Repeat Password form. Thanks again

<td class="caption4" style="text-align:right">*<b>{$l_passOnceAgain}</b></td>
<td class="caption5"><input type="password" name="passwd2" maxlength="32" size="20" value="{$passwd2}" class="textForm" style="width:200px;" /><br><b><font color="red"> Warning: Passwords cannot be rediscovered if lost.</font></b></td>
</tr>

Author Anonymous
Guest
#11 | Posted: 10 Oct 2007 10:37 
what would be the mysql command to change a password?

alter table table_users change old_password new_password varchar(50);

am I close?

Author Paul
Lead Developer
#12 | Posted: 11 Oct 2007 03:02 | Edited by: Paul 
First you need to know what the MD5-encoded value for the password is.

For example this script outputs the encoded value for the 'qwerty':

<?php
echo md5('qwerty');
?>

Later you need to execute the command like:

update minibbtable_users set user_passwod='YOUR_ENCODED_VALUE' where user_id='USER_ID';

I hope you know what values to substitute instead of 'YOUR_ENCODED_VALUE' and 'USER_ID'

Author Anonymous
Guest
#13 | Posted: 11 Oct 2007 10:00 
Thanks all fixed :)

How To miniBB Support Forums / How To / Getting forgotten password Top
Your Reply Click this icon to move up to the quoted message
 Short link for this topic:

 ?
Only registered users are allowed to post here. Please, enter your username/password details upon posting a message, or register first.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
 
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
  Extend your miniBB-forums, attaching the images and files,
get the File and Picture Attachments add-on!
Galleries / Attachments Addon for miniBB