Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Encrypted and un-encrypted passwords in user table
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> CNB Your Account
Author Message
srhh
Involved
Involved



Joined: Dec 27, 2005
Posts: 296
PostPosted: Thu Jun 08, 2006 7:54 pm Reply with quote
I had a member have problems signing into the site a couple weeks ago. (He ended up just getting a new account). So I looked in the database and noticed about 25% of the users' passwords were encrypted and the rest were not encrypted. His was one of the encrypted passwords. I wasn't able to re-create his problem with one of my own user accounts which also happened to have an encrypted password so it may have just been something on his part.
The question is, what is the deal with the encyrpted passwords versus the un-encrypted passwords and does this pose any potential problems?
 
View user's profile Send private message
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6437
PostPosted: Thu Jun 08, 2006 8:25 pm Reply with quote
I wasn't aware of the unencrypted passwords. This is using CNB? Were the passwords created or changed with CNB?

If so, we should investigate. It would be a problem if someone were able to read your user table.

_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
srhh
PostPosted: Thu Jun 08, 2006 8:40 pm Reply with quote
Yes, I'm using that last stable release of CNBYA. I'm assuming that all the passwords were created and/or changed with CNBYA as I've been using it since I opened the site. Another funny quirk is that on some of the dummy user accounts I've created for myself, when the password and account confimation gets sent to my e-mail address, the password is different. For example, say I pick the password: user1, well CNBYA sends me a different password like: bnj727 or something like that.
I don't suppose there is some kind of SQL command that will encrypt all the members' passwords?
 
kguske
PostPosted: Thu Jun 08, 2006 9:33 pm Reply with quote
I checked my CNB YA, and none of the passwords are unencrypted. I don't see how they could log on that way, since it encrypts the password they enter before comparing it to what's stored in the database.

I believe it's MD5 encrypted, and there is a MySQL function to do that, which can (I think) be used with SQL.
 
srhh
PostPosted: Thu Jun 08, 2006 9:50 pm Reply with quote
Hmm.....
I found one of my dummy accounts that was *not* encrypted and was able to log in alright with that unencrytped password.
It looks like its been mixing encrypted with unencryted since the beginning of the databse, so I know it's not due to some third party add-on and I checked the file integrity in CNBYA and nothing is showing as 0kb, so.......??
 
kguske
PostPosted: Thu Jun 08, 2006 9:58 pm Reply with quote
What version of CNB?
 
srhh
PostPosted: Thu Jun 08, 2006 10:02 pm Reply with quote
4.4.0 b2
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> CNB Your Account


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©