Welcome, Guest. Please Login or Register.
November 24, 2024, 12:35:42 PM
Home Help Search Log in Register
News: If you are still using YaBB SE, please consider upgrading to SMF as soon as possible.

YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  Version 1.4 on the way... « previous next »
Pages: 1 ... 7 8 [9] 10 11 ... 16 Reply Ignore Print
Author Topic: Version 1.4 on the way...  (Read 57012 times)
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:Version 1.4 on the way...
« Reply #120 on: May 23, 2002, 06:32:57 PM »
Reply with quote

I am trying to fix it, but am haveing trouble.

The problem is that, the password being sent to the e-mail address for some reason is not the same as the one that is in the member table... I don't know why it is doing this either. I don't know much about how the crypt function works so I beleive the crypt function is somehow tied into my problem.
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
John R
PHP Challenged
Global Moderator
Sr. Member
*****
Posts: 387


Click, Click, Click, Bang!

ICQ - 3166233codehammer@thevortex.com
Re:Version 1.4 on the way...
« Reply #121 on: May 24, 2002, 05:09:49 AM »
Reply with quote

The encryption works pretty much the same way in PHP as it does in Perl.  As I understand it, the way it works with the SE scripts is that the password is encrypted and stored in the membertable.  When a user logs in, he enters the un-encrypted version of his password.  Once he has entered his password, the password is encrypted and compared to the password stored in the membertable.  If it matches, he is logged in otherwise you get the incorrect password error.

To answer your query, the password that is emailed should be the plain version of the encrypted version that is stored in the membertable.  It shouldn't be the same as what is stored in the membertable.

cheers........
Logged

Be careful what you wish for, it might come true!

Note: I do not acknowledge support requests via PM, MSN or ICQ, please use the support boards.
xtra
Noobie
*
Posts: 4


I'm a llama!

Re:Version 1.4 on the way...
« Reply #122 on: May 24, 2002, 09:54:48 AM »
Reply with quote

I really think that storing encrypted passwords in a password protected database is useless and a waste of programming time. Protect only the password in cookies.

It's only a idea... I never protect them, because the database is already protected, so there isn't much sense on doing that. Is it?
Logged
Hypocrite
YaBB God
*****
Posts: 692


For To End Yet Again

dimmuh@gmx.net WWW
Re:Version 1.4 on the way...
« Reply #123 on: May 24, 2002, 09:56:23 AM »
Reply with quote

Quote from: xtra on May 24, 2002, 09:54:48 AMI really think that storing encrypted passwords in a password protected database is useless and a waste of programming time. Protect only the password in cookies.

It's only a idea... I never protect them, because the database is already protected, so there isn't much sense on doing that. Is it?

I don't want that admins see my passwords.
Logged
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:Version 1.4 on the way...
« Reply #124 on: May 24, 2002, 10:07:20 AM »
Reply with quote

I wouldn't want them seeing my passwords either. Just because they are an admin, does not mean they wouldn't try something with your password.
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
xtra
Noobie
*
Posts: 4


I'm a llama!

Re:Version 1.4 on the way...
« Reply #125 on: May 24, 2002, 10:39:14 AM »
Reply with quote

Come on guys, this is a simple forum, not the FBI files or some hot shot database from an organization. Why should we bother with an encrypted password in a forum, when we buy stuff over the internet and send our credit card info to people we don't know...?
Logged
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:Version 1.4 on the way...
« Reply #126 on: May 24, 2002, 10:41:09 AM »
Reply with quote

Listen would you trust me being able to see your password? I doubt anybody would but still it is just smart to encrypt them. This should not and probably will not be changed so everybody just shut up about it.
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
Dude
Guest
Re:Version 1.4 on the way...
« Reply #127 on: May 24, 2002, 11:08:06 AM »
Reply with quote

 ;D ;D ;D
I want everything encrypted.
 ;D ;D ;D
And one feature I think you need to add is an intelligence checker. Works like a spell checker only instead of correcting your spelling it removes all the dumb stuff and makes you sound smart.
 ;D ;D ;D


Seriously, 1.4 is a bug fix with a few new features. Personally I was surprised at the number of bugs squashed.
Logged
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:Version 1.4 on the way...
« Reply #128 on: May 24, 2002, 11:18:45 AM »
Reply with quote

Using encrypted passwords only makes the application more secure.

Anyway, once Chris tackles that issue, I think I'm going to release 1.4...
Logged

Mach8
Sweetie
Beta Tester
YaBB God
*****
Posts: 1218


ICQ - 339855961
Re:Version 1.4 on the way...
« Reply #129 on: May 24, 2002, 11:36:41 AM »
Reply with quote

Okay listen up here's a real example as to why the passwords should be encrypted:

About 5 months ago, a friend of mine signed up on a forum running a rival's forum software which DID NOT encrypt passwords. he'd spent the day doing stuff in his online bank account, then for a break went to this forum. Everything seemed normal.

Then he went to the bank's site the next day and noticed a problem... he couldn't login. The fact he needed to check something urgently made him email the bank. It turned out someone had logged in using his details, and changed the password.

The only site he'd been on that MONTH apart from the bank site was the forum. He had a good firewall which blocked personal data from being sent, so packet sniffers would find it hard to get his password.
Although he could never prove it, he knew someone with authority on this forum must have obtained his password, found he'd come from the bank site, and logged in.

I never use the same password across multiple sites, simply because if that one password is found out, then one person can login to all those sites at once.
Logged
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:Version 1.4 on the way...
« Reply #130 on: May 24, 2002, 12:06:09 PM »
Reply with quote

Alright, here is what I have:

      $pswd = $member['passwrd1'];
      $request = mysql_query("UPDATE {$db_prefix}members SET passwd='crypt($pswd,substr($pswd,0,2))' WHERE memberName='$user'");
      sendmail($member['email'],"$txt[700] $mbname", "$txt[733] $pswd $txt[734] $member[user].\n\n$txt[701] $scripturl?action=profile;user=$euser\n\n$txt[130]");

The only thing is it is sending a different password to the user than is being put into the table, any suggestions/ideas why?
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
Neil Darlow
Noobie
*
Posts: 9


I'm a llama!

WWW
Re:Version 1.4 on the way...
« Reply #131 on: May 24, 2002, 12:47:19 PM »
Reply with quote

I don't see how you can use the crypt function within the MySQL query like you are. I would expect you'd need to assign the crypted password to a PHP variable and put that variable into the query.
Logged
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:Version 1.4 on the way...
« Reply #132 on: May 24, 2002, 12:50:55 PM »
Reply with quote

Well that is how the dev's did it in Profile.php, whether it is correct or not... I am not sure.
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
sagacio
Noobie
*
Posts: 1


I'm a llama!

Re:Version 1.4 on the way...
« Reply #133 on: May 24, 2002, 01:11:46 PM »
Reply with quote

Quote from: Jeff Lewis on May 14, 2002, 03:29:01 PMI will be releasing a 1.4 version but am needing more information from you guys...

What bugs have popped up that we've needed to tackle?

Not really a bug, perhaps an enhancement to existing features... One of the things I was really hoping for was better control over group access to boards/categories.

For example, I have board Cat1 & Cat2, and custom labeled groups 1, 2, and 3.  I want custom group 1 to have user access to Cat1, group 2 to have moderator access to Cat1 (but not Cat2) and group 3 to have moderator access to Cat2 (but not Cat1).

Maybe I'm not looking deep enough, but I don't see a way to do this without a lot of unnecessary work, and without relying on "# of posts" ranks.

(Sorry if I've put this in the wrong area... Looked like the best place for it, since I figured it would be a code change.)
Logged
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:Version 1.4 on the way...
« Reply #134 on: May 24, 2002, 01:16:54 PM »
Reply with quote

1.4 is for bug fixes. They will add new features to YaBBSE2. ::)
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
Pages: 1 ... 7 8 [9] 10 11 ... 16 Reply Ignore Print 
YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  Version 1.4 on the way... « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.044 seconds with 20 queries.