Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 25 Oct 2018, 16:29
brandon515 brandon515 is offline
 
Join Date: Nov 2006
Reset Passwords for All Users?

Is there a way I can reset the passwords for all users and then send them all and email letting them know how to proceed?
Reply With Quote
  #2  
Old 25 Oct 2018, 20:06
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Real name: Anthony
Phpmyadmin, go to the user table, drop the password column, then add it back, with the same details (varchar32, adjust priv's etc....)

Mass mail your users with this:

Hello $username,

We have recently had a issue with the site, please reset your password via the link below.

http://www.yoursite.com/forum/login.php?do=lostpw&email=$email

Thanks Staff
Reply With Quote
  #3  
Old 25 Oct 2018, 20:13
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
For some that might be a bit "much" and they could potentially mess up the table if they don't add it back properly.

I would instead run this query:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Be sure to change the primary Admin password if userid = 1 before anything IF you've been hacked/compromised.

Now everyone's password is:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

DON'T TELL THEM THAT THOUGH, now simply email as Snakes said to all members and let them know to request a password reset, once they do a password request reset it will reset their password. Before you run the query replace [email protected]@h with a long password of your own that no one would know.
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #4  
Old 26 Oct 2018, 08:23
z3r0's Avatar
z3r0 z3r0 is offline
 
Join Date: Apr 2005
Location: Lancashire, UK
I've used this in the past when I had to reset all passwords and email all users on one of my vb4 boards.

https://www.vbulletin.org/forum/show...904#post479904
__________________
Better VB.org search
Reply With Quote
  #5  
Old 29 Oct 2018, 12:25
x iJailBreak x's Avatar
x iJailBreak x x iJailBreak x is offline
 
Join Date: Jan 2011
Originally Posted by TheLastSuperman View Post
Be sure to change the primary Admin password if userid = 1 before anything IF you've been hacked/compromised.
I would expand on this to say this needs to be done for all administrators/staff accounts, regardless of how much access they have. And enforcing a 2FA solution (at least on staff accounts including administrators and moderators) such as Google Authenticator also goes a long way when it comes to protecting your users and website from malicious users.
__________________
Professional web developer & sysadmin. Former bad man.
Reply With Quote
  #6  
Old 29 Oct 2018, 13:44
scottkoz20 scottkoz20 is offline
 
Join Date: Jan 2016
Real name: Scott
Originally Posted by x iJailBreak x View Post
I would expand on this to say this needs to be done for all administrators/staff accounts, regardless of how much access they have. And enforcing a 2FA solution (at least on staff accounts including administrators and moderators) such as Google Authenticator also goes a long way when it comes to protecting your users and website from malicious users.
is there a good 2FA modification that exists?
Reply With Quote
  #7  
Old 29 Oct 2018, 22:35
x iJailBreak x's Avatar
x iJailBreak x x iJailBreak x is offline
 
Join Date: Jan 2011
Originally Posted by scottkoz20 View Post
is there a good 2FA modification that exists?
For vB4, yes. I used to use a modification that I wrote myself, however as it's not commercially available (and likely never will be) I would suggest looking at DBTech Two Factor Authentication. This should achieve the same as what my own plugin did. 2FA really beefs up the security of your platform when used correctly!
__________________
Professional web developer & sysadmin. Former bad man.
Reply With Quote
  #8  
Old 01 Nov 2018, 18:38
TheBang TheBang is offline
 
Join Date: Aug 2010
Originally Posted by TheLastSuperman View Post
I would instead run this query:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.
It's probably not a great idea to set everyone's password to the same thing, no matter how obscure.

This is probably a better idea:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This basically invalidates everyone's password (except for userid 1). No one will be able to authenticate until they go through the password reset process and select a new password.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 21:34.

Layout Options | Width: Wide Color: