MyBB Community Forums
Global password resets - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: MyBB 1.6 (https://community.mybb.com/forum-138.html)
+------ Forum: 1.6 Security Management and Support (https://community.mybb.com/forum-153.html)
+------ Thread: Global password resets (/thread-145578.html)



Global password resets - kdevs - 2013-09-16

Hey, my forum had a security issue and because of it, I would like to reset all members passwords and send a global email.

How can this be possible? The only plugin i found wasn't compatible.


RE: Global password resets - Arbaz - 2013-09-16

Password Reset

Plugin: http://mods.mybb.com/view/force-password-change

Open plugin file and find;

"compatibility"     => "1605"

and Change it into;

"compatibility"     => "16*" 

Global E-mail

Go to ACP>Users & Groups>Mass Mail>Create New Mailing


RE: Global password resets - kdevs - 2013-09-16

(2013-09-16, 03:14 AM)Arbaz Wrote: Password Reset

Plugin: http://mods.mybb.com/view/force-password-change

Open plugin file and find;

"compatibility"     => "1605"

and Change it into;

"compatibility"     => "16*" 

Global E-mail

Go to ACP>Users & Groups>Mass Mail>Create New Mailing

This helps, but we was hacked because of an XSS vuln. of ajax chat. I believe they have a list of a few users with their passwords because of it. So, I geuss my question is how to also globally reset all passwords on the forums?


RE: Global password resets - Arbaz - 2013-09-16

Well there's not much people can do with your database. The most they will try to do is to sell the accounts or DB. The force password change plugin will force all your members to change their password. If you want, you can change all your members password (By running a SQL query) to a certain password such as johnerty758 or something and send a mass mail. Tell your members that the password in the e-mail is their newly generated password and they have to use that password to log in to their account and change their password accordingly.

If you want the query, let me know.


RE: Global password resets - kdevs - 2013-09-16

(2013-09-16, 03:41 AM)Arbaz Wrote: Well there's not much people can do with your database. The most they will try to do is to sell the accounts or DB. The force password change plugin will force all your members to change their password. If you want, you can change all your members password (By running a SQL query) to a certain password such as johnerty758 or something and send a mass mail. Tell your members that the password in the e-mail is their newly generated password and they have to use that password to log in to their account and change their password accordingly.

If you want the query, let me know.

That would be nice. Thank you.


RE: Global password resets - Arbaz - 2013-09-16

I think the following query should do the trick:

UPDATE `mybb_users` SET `salt` = '', `password` = md5('password') WHERE `uid` = *;

Replace "Password" with the text of your choice.

Be sure to create a backup of your board before running the above query.


RE: Global password resets - Krytic - 2013-09-20

Unfortunately that won't work. MyBB's passwords aren't md5'd (that's actually a very bad idea to leave it at that), they are thrown through several hashes and a salt.

UPDATE `mybb_users` SET `password` = '098f6bcd4621d373cade4e832627b4f6', `salt` = '' WHERE `uid` = *;

Untested, but run this and everybody's password should be "test". But as Arbaz said, back up your board and db first.