XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. Beginner's Corner 
  4.  / User passwords
Register
1
_ysva_
User passwords

  • 2005/8/16 15:21

  • _ysva_

  • Just popping in

  • Posts: 5

  • Since: 2005/6/24


I know I can change my users passwords,
but how can I view them without changing them?
2
m0nty
Re: User passwords

  • 2005/8/16 16:57

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


u can't for security and privacy reasons.
3
Cheeze
Re: User passwords

  • 2005/8/16 16:58

  • Cheeze

  • Just popping in

  • Posts: 38

  • Since: 2004/11/16


I don't think there is this option as far as I know.
4
_ysva_
Re: User passwords

  • 2005/8/16 19:09

  • _ysva_

  • Just popping in

  • Posts: 5

  • Since: 2005/6/24


"For privacy reasons" is something which i include in my disclaimer, so that's not up to XOOPS i think. But what are the "security reasons"?
5
Mithrandir
Re: User passwords

Generally, we don't see any reason why you should know the passwords of your users. It is very common to use the same password on several sites - and even though it is not recommended to do, with all the places one needs a password nowadays, it is futile to think that users will use a unique password everywhere.

Therefore, "Security reasons" could be that your users are safe from you (or anyone else, who can read the database) using their passwords on other sites that you know, they frequent (perhaps far-fetched, but you know how many immoral people are out there)

Why do you want to read your users' passwords? What do you need it for?
"When you can flatten entire cities at a whim, a tendency towards quiet reflection and seeing-things-from-the-other-fellow's-point-of-view is seldom necessary."

Cusix Software
6
_ysva_
Re: User passwords

  • 2005/8/17 18:31

  • _ysva_

  • Just popping in

  • Posts: 5

  • Since: 2005/6/24


We have a team of several sites (i can't give names srry) which are made to stop certain people who try to "bring down" CMSs. Those people often register before they try to bring it down, because they don't have access to certain areas. There names get on "banlists" and those lists are shared amongst several sites, with their ip-address. But people can have proxies and can change their name. The only mistake they make is to use the same password everywhere. ...if they could read this... so the only way for us to find them, is to try to find them before they do it, and to delete them if they start an account, so they can't do any harm. We know it's risky to delete people because they have the same passwords as others, but some are really hard to have them "accidentally" the same... so that's why we need to be able to view passwords. Of course this will only be available for the webmaster (not the moderators) and it will be used with firstly agreeing to a license.
7
Dave_L
Re: User passwords

  • 2005/8/17 21:29

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


The passwords are one-way encrypted, and it's not possible to decrypt them. If the other sites use the same method of encyption (MD5 message digest), then you could accomplish your goal by comparing the encypted passwords. Or if the user's password at one site isn't encypted, you could compute its MD5 and compare that with the user's XOOPS password.

The passwords are encrypted with the PHP function md5(), and there's an equivalent MySQL function MD5().
8
_ysva_
Re: User passwords

  • 2005/8/18 7:44

  • _ysva_

  • Just popping in

  • Posts: 5

  • Since: 2005/6/24


Sorry, but that's not a very good idea. Thanks for all your help though. We will try to find an other way to stop them. We were thinking of comparing all the other things, because most people just want honour for it, and will leave a recognizable mark for that, but not all do and it's harder to complete. Thank you anyway XOOPS Core Team and XOOPS users.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

174 user(s) are online (103 user(s) are browsing Support Forums)

Members: 0

Guests: 174

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits