MyBB Community Forums

Can you make a custom password encryption that I can control? I'd prefer it to be reversible.

The login password ? What's the use ? And if its reversible its 'hackable' ... so unsafe.

I would like to be able to tell members their passwords instead of merely resetting them.

That would be so insecure it isn't even funny. Just making sure you know that.

Not only that, but I'm sure your members will feel more secure that you CAN'T tell them their password. They can always set it back to whatever they want after you reset it for them.

Modify the password checking in inc/functions_user.php, validate_password_from_uid

I could see using something similar to validate users against a different database (integration with 3rd party software, anyone?).

I agree that it is insecure for admin being able to recover a user's password, since that means a bug in the software could display that plain text password to a potential hacker. At most, admin (and the user himself) should be able to reset the password, triggering an email to the user with a validation code which allows setting the password without knowing the previous value.

Quote:I would like to be able to tell members their passwords instead of merely resetting them.

I don't see a problem with just creating for them a temp password in admincp.

As others have stated ...what you want is very unsecure on so many levels. I always believe that people requesting a way to know members passwords are doing so for evil reasons. There isn't much of a reason for admins to know a users password.

Quote:I always believe that people requesting a way to know members passwords are doing so for evil reasons.

LOL! Well, I guess it's a bad idea anyway.