Security Breech.

Devicon · September 01, 2012, 04:37:50 PM

On another site that a majority of my users are members on the passwords turned out to be logged. This could be a serious security breech for my entire member base. Is there anyway i could reset all the passwords and email them to the person on the next login, or make them change their password next time they login?

kat · September 02, 2012, 01:19:15 PM

Other than going through each member's profile, individually, no.

Although, there may be a database hack, to do that, I guess.

Why not just send them all a PM, reminding them to change their passwords, and to try to remember to do that, regularly?

Chalky · September 02, 2012, 01:45:13 PM

Emanuele made this mod a short while ago http://www.simplemachines.org/community/index.php?topic=476080.msg3328998#msg3328998

kat · September 02, 2012, 01:56:51 PM

Or that.

Devicon · September 02, 2012, 03:48:42 PM

Thanks for the swift replies!

emanuele · September 02, 2012, 06:24:45 PM

mmm...I'd better trust a complete reset of all the passwords rather than force the users to change their password.

The attached files should do that.
It's not nice to see since I wrote it now, but it should work. Put it in your SMF directory and run it from your browser.
It will automatically reload the page properly if javasript is enabled.

I didn't test it that much...

Devicon · September 02, 2012, 10:26:54 PM

Thanks, that worked even better.

emanuele · September 03, 2012, 05:12:56 AM

And write it allowed me to discover a bug!

News:

Security Breech.

Devicon

kat

Chalky

kat

Devicon

emanuele

Devicon

emanuele