Author |
Topic |
yigal7
Junior Member
297 Posts |
Posted - 29 September 2003 : 13:05:05
|
is there a way to see the password of my forum members via the admin section?
|
|
Mr Pink
Junior Member
United Kingdom
387 Posts |
Posted - 29 September 2003 : 13:14:40
|
No, as far as I know, you can only see the pasword by looking at the database. If you have encryption on, then you won't be able to see it at all. Admin can change the password in a members profile though and it is up to the member to change that to a password that only they know. |
Martin Leyland Forum Leyland Lancashire UK |
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 29 September 2003 : 13:16:46
|
quote: Originally posted by Mr Pink
No, as far as I know, you can only see the pasword by looking at the database. If you have encryption on, then you won't be able to see it at all. Admin can change the password in a members profile though and it is up to the member to change that to a password that only they know.
This would be correct. They are encrypted just so people can't be tempted to look at someones password.
They can click on the forgot their password link which will send them an email which contains a link that they can use to change their passwords themselves OR the admin can do it for them and the admin can tell them what it's changed to. |
Dave Maxwell Barbershop Harmony Freak |
|
|
yigal7
Junior Member
297 Posts |
Posted - 29 September 2003 : 17:47:13
|
i am the Admin-and i do remember that there was a small mod wich did it.
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 29 September 2003 : 19:07:47
|
quote: Originally posted by yigal7
i am the Admin-and i do remember that there was a small mod wich did it.
Not for 3.4.xx there wasn't. That capability was removed when the passwords were hashed. There was no good reason for not encrypting the passwords that overrode the benefits of hashing the passwords for security reasons. |
Dave Maxwell Barbershop Harmony Freak |
|
|
yigal7
Junior Member
297 Posts |
Posted - 30 September 2003 : 09:47:47
|
i'm using Snitz 3.03.3 and i use to have this mod. can someone send it to me?
|
|
|
davemaxwell
Access 2000 Support Moderator
USA
3020 Posts |
Posted - 30 September 2003 : 10:25:11
|
I searched for it, but couldn't find it. Can I ask why you're so hard-set on having this mod? I know personally I wouldn't be frequenting your site if I knew you could get my password easily. There is NO (and I repeat NO) good reason to have to be able to see peoples passwords. None. Period. End of Discussion.
I would also strongly suggesting upgrading your Snitz to 3.4.03. There are NUMEROUS improvements, but a boatload of security fixes which were added. |
Dave Maxwell Barbershop Harmony Freak |
Edited by - davemaxwell on 30 September 2003 10:39:08 |
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
|
yigal7
Junior Member
297 Posts |
Posted - 30 September 2003 : 14:02:06
|
1)i'm having problem with my maill (sending forgoten password etc.) and members asking me for there password. 2)i translated my forum to Hebrew and put lot's of mod in it. any upgrade will force me to translate the forum from the start.
if u can tell me the bug's i need to fix i'll appreciate it.
|
Edited by - yigal7 on 30 September 2003 14:04:12 |
|
|
OneWayMule
Dev. Team Member & Support Moderator
Austria
4969 Posts |
|
yigal7
Junior Member
297 Posts |
Posted - 30 September 2003 : 14:15:50
|
security bug's that 3.03.03 has.
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
|
Image
Average Member
Canada
574 Posts |
Posted - 30 September 2003 : 22:14:40
|
For Snitz 3.03.3 admin_show_mempwd.zip
upload the admin_show_mempwd.asp file to your /forum directory.
Add the following line to your admin_home.asp file:
<LI><a href="admin_show_mempwd.asp">Show Member Password</a></LI>
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 01 October 2003 : 03:43:47
|
You might want to limit that so admins passwords cant be displayed, at a quick glance that code will show the currently logged in admin all other admin passwords as well which isn't a good idea at all (not that I approve of showing the passwrords to begin with, I'm with the others on that issue). |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
Image
Average Member
Canada
574 Posts |
Posted - 01 October 2003 : 19:45:30
|
You are right, but when you use a free web server without an E-mail Component that is the only way I know to inform a user who lost their password. What do you think I could use to give that information? |
|
|
yigal7
Junior Member
297 Posts |
Posted - 02 October 2003 : 05:33:40
|
I agree with Image since u can also see thee pw via the mdb file. |
|
|
Topic |
|