Previous Thread
Next Thread
Print Thread
Hop To
#258496 06/13/2016 6:45 PM
Joined: Jun 2016
Posts: 5
G
stranger
stranger
G Offline
Joined: Jun 2016
Posts: 5
First post, so go easy on me. wink

We have a had a new member on our forum concerned about the activation email that is sent. It contains both his username and password.

I've done a little digging and this has come up a few times before. If passwords are hashed before stored in the system (MD5 ?), how does the activation email contain the user's password in plain text? Am I to assume the the email is generated by what they have keyed in at the time of registration?

It seems that the practice of emailing passwords (except temporary user requested) is not too acceptable anymore. We have modified our mailer.php file to excluded the string.

Interestingly, as I am a new user to this forum, I just received my activation email. And it contained both my username and password.

-mike


Joined: Jun 2006
Posts: 16,289
Likes: 115
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,289
Likes: 115
Passwords are stored in an unsalted MD5 Hash. The notification from the user signup presents the password the user had just set, prior to it entering the database (again, as an unsalted MD5 hash).

So basically:
1. User Registers
2. EMail is dispatched with the password they just entered into the registration page.
3. Password is MD5 encoded and inserted into the database
4. User clicks activation link to validate their email

Feel free to fire up PHPMyAdmin on your server and browse the _USERS table, all you'll see in the "PASSWORD" cell is an MD5 string (with the exception of the "guest" user, whos password is an invalid [not MD5 encoded] entry, since that user is a placeholder).


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jun 2006
Posts: 16,289
Likes: 115
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,289
Likes: 115
FYI, if you remove the password string from your templates, you'll be unable to use the "Add New User" feature in the Control Panel, as the password is created by the admin and mailed to the user; all users will have to be created through the standard registration page.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Feb 2007
Posts: 1,294
Likes: 2
Veteran
Veteran
Joined: Feb 2007
Posts: 1,294
Likes: 2
I like when I get the user information in an email. I can save it and refer to it at a later time if needed. I once too use to make extrem changes to accommodate the .5% of the user population in my communities but gave up. When you start trying to please everyone then the only thing you will be doing in your community is pleasing a small part.

Just reassure them that no one can gain access to that information and that the way your website operates is pretty much the way every website operates.

Joined: Jun 2016
Posts: 5
G
stranger
stranger
G Offline
Joined: Jun 2016
Posts: 5
Thanks for the quick responses. It basically confirms how I thought the software stored the passwords. We don't ever add users from the Control Panel, so I don't think that will be an issue.


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Forum Privacy Policy
by ECNet - 02/26/2024 11:58 AM
Who's Online Now
2 members (Geoff, domspeak), 353 guests, and 190 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)