Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Vanilla account session

I'm building my e-participation thesis and using vanilla as it's platform forum. I was wondering if I can use the accounts in the vanilla forum database to log-on for the other functions of my system.

I checked out the database make up of vanilla and the password seems to be encrypted.

Comments

  • Options
    hbfhbf wiki guy? MVP

    the passwords are stored in a uni-directional hash.

    there is a plugin that allows you to impersonate other users if you are an admin.

    alternatively you can go to the account profile in question and just change the password, of course your users will consider this pretty offensive if you do it without their permission...

  • Options

    I searched for a work around, I switched the datatype of the passwords column in the database to VARCHAR, it displays as a hashed password but can still be logged on with the normal system login that i'm using.

    This may be a security threat but I'll just have to fix that later on after my basic functionality is done. :)

  • Options

    okay so I tried it and i've got this:

    I assume that this has something to do with my site being locally hosted, atleast its not a bonk.

    By any chance do you know any workaround for this?

Sign In or Register to comment.