Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Reset forum member password?

KristianBKristianB
edited June 2012 in Vanilla 2.0 - 2.8

One of the members of my forum (Vanilla1) has lost his password. According to the FAQ he can get a new one from the Administrator (which happens to be me). However, I can't find any description on how to do this.

When I look in the database all passwords are encrypted and, thus, illegible. Can I translate it back to some kind of human language or perhaps erase it so that he can sign in and create e new password himself?

Best Answer

  • peregrineperegrine MVP
    Answer ✓

    You could probably create a new user with a password you know. and copy the hash and salt from the new user to the user that forgot their password (in the v1 table), delete the new user after you copy the hash and salt, and send the password to the user who forgot.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Answers

  • johansonlockerjohansonlocker

    Passwords in db are not encrypted and what you call passwords are really hashes.

    As for erasing password try to edit user in the userlist of the dashboard. There's an option for resetting pass there.

  • KristianBKristianB

    Thank you for replying. When I uses the search function to show the complete userlist I can click on his name and change his personal information. However, the password - or change of pw - is not an option.

  • x00x00 MVP

    It has been a long time since i have used V1, it should be possible.

    grep is your friend.

  • KristianBKristianB

    OK, thx. I'll just ask him to register again - and remember his new pw. :-)

  • peregrineperegrine MVP
    Answer ✓

    You could probably create a new user with a password you know. and copy the hash and salt from the new user to the user that forgot their password (in the v1 table), delete the new user after you copy the hash and salt, and send the password to the user who forgot.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • KristianBKristianB

    I have been thinking of doing something like this (I have a second identity and could change the pw there and copy to the user) - but I am a bit reluctant about making any changes in the db. I wouldn't like to end up with a corrupted db and no forum! It has been running now for almost three years (http://naturnettet.dk).

  • bogdancristianbogdancristian

    you could just change the hash method in the tabele of youre db where is the user in question and change it from "vanilla", "punbb" or what method are you using to " reset" and the user when he will try to loggin he will get a message telling him he dose not hae a password and to set one now ! or somthing like that

Sign In or Register to comment.