Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: General / Previous versions
 Forgot your password link		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

texanman
Junior Member

United States
410 Posts
Posted - 07 August 2007 :  10:53:52  Show Profile
A user brought to my attention a scenario in which a hacker gets hold of the e-mail address and password of the user’s e-mail and then tries to use the password change in a private forum. My question is, is there a way to add more security measures in the “Forgot your password” link? Like security question(s) or something? I am using Snitz v 3.05
Thanks

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 07 August 2007 :  11:10:00  Show Profile
This is a known issue. A quick search in the bug forums should find you the fix.
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Edited by - Shaggy on 07 August 2007 12:02:20
Go to Top of Page

AnonJr
Moderator

United States
5768 Posts
Posted - 07 August 2007 :  11:50:02  Show Profile  Visit AnonJr's Homepage
Of course, it goes without mentioning that if they have the password to the user's e-mail (as you mentioned) there are bigger issues.
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 07 August 2007 :  12:01:58  Show Profile
Ah, OK, I read that completely wrong!

Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

texanman
Junior Member

United States
410 Posts
Posted - 07 August 2007 :  12:05:24  Show Profile
quote:
Originally posted by Shaggy

Ah, OK, I read that completely wrong!



Shaggy now what?
Go to Top of Page

phy1729
Average Member

USA
589 Posts
Posted - 07 August 2007 :  12:28:07  Show Profile
You could add an extra question like when the user's birthday is. But, I don't know the amount of coding that would take. I'll see if i can code it.
Go to Top of Page

phy1729
Average Member

USA
589 Posts
Posted - 07 August 2007 :  13:59:58  Show Profile
I'm not going to be able to test this whenever I edit inc_header.asp so that I don't have to be logged in on password.test.asp I get a 500 Server Error So far I have in password.asp at line 161 add

 	if trim(Request.Form("Birthday")) = "" then
		Err_Msg = Err_Msg & "<li>You must enter your Birthday</li>"
	end if

line 169 with prev edit add

	strSql = strSql & " AND M_DOB = '" & ChkString(Trim(Request.Form("Birthday")), "SQLString") &"'"

line 257 with prev edits add

			"              <tr>" & vbNewLine & _
			"                <td width=""50%"" align=""right"" bgcolor=""" & strForumCellColor & """ nowrap><b><b><font face=""" & strDefaultFontFace & """ size=""" & strDefaultFontSize & """>Birthday: </font></b></td>" & vbNewLine & _
			"                <td width=""50%"" bgcolor=""" & strForumCellColor & """><input type=""text"" name=""Birthday"" size=""8"" maxLength=""8"" value=""yyyymmdd""></td>" & vbNewLine & _
			"              </tr>" & vbNewLine & _

if anyone could test this or look over this that would be appreciated

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.17 seconds. Powered By: Snitz Forums 2000 Version 3.4.07