2012-12-23, 09:57 AM
Hello,
I had a look into the following thread http://community.mybb.com/thread-104768.html
And wondered if I might be able to do this myself.
In the functions-user.php file the following can be seen on line 198
I edited it to the following in the hope that it would make all new users have passwords salted with the random salt and the one specified in the config.
After the edit, I logged out of my admin account that was created before that edit and found I could log in again easily. I think this means I stuffed something up because what I wanted to achieve should make all existing accounts unusable unless the password is manually reset.
I also tried messing with the manual stuff to match the password for the new user in the db.
Sorry for bad English.
Am I on the right track?
Is there anything else I need to edit?
Could anyone tell me how I could do this please?
Thanks in advance.
I had a look into the following thread http://community.mybb.com/thread-104768.html
And wondered if I might be able to do this myself.
In the functions-user.php file the following can be seen on line 198
function salt_password($password, $salt)
{
return md5(md5($salt).$password);
}
I edited it to the following in the hope that it would make all new users have passwords salted with the random salt and the one specified in the config.
function salt_password($password, $salt)
{
return md5(md5($salt).$password.$config['passwordSalt']);
}
After the edit, I logged out of my admin account that was created before that edit and found I could log in again easily. I think this means I stuffed something up because what I wanted to achieve should make all existing accounts unusable unless the password is manually reset.
I also tried messing with the manual stuff to match the password for the new user in the db.
Sorry for bad English.
Am I on the right track?
Is there anything else I need to edit?
Could anyone tell me how I could do this please?
Thanks in advance.