Email Password Hack

You are not logged in. [Log In] ubbDev » Forums » Vintage Modifications » UBB.Classic 6.4 - 6.7 Mods » UBB.Classic V6.0 - 6.3.x Modifications
» V5 Modifications » Email Password Hack

Topic Options

#37174 - 03/31/00 11:31 AM Email Password Hack
Parker Clack Member Registered: 01/11/00 Posts: 98 Loc: Midwest Missouri Add to del.icio.us Digg it	Some of the people that sign up on our board know that they can click on the "Forgot your password?" link and have their password emailed to them. We check all registrations to our board as we require the use of real names instead of handles. We do not send them a password until we check out the username they sign up with. Some people know that after they register they can go to the link to have their password emailed to them even though they might not have their username accepted. So to get around this I have added the following code: In Ubbmisc.cgi Look for: sub PWRequest { # Find the right registration &GetMemberListArray; &GetEmails; # returns @EmailList array $Found = ""; #lowercase the email input $sendto = lc($in{'sendto'}); $CountIt = 0; foreach $emailline(@EmailList) { ($theemail, $thenumber) = split(/??/, $emailline); $theemail = lc("$theemail"); if ($theemail eq "$sendto") { chomp($thenumber); @thisprofile = &OpenProfile("$thenumber.cgi"); $YourName = "$thisprofile[0]"; $YourPassword = "$thisprofile[1]"; $CountIt = $CountIt + 1; $Found = "yes"; } } if ($CountIt >= 2) { &StandardHTML("<center>Sorry, we cannot process your request because more than one person is using that email address.</center>"); exit; } and replace it with: sub PWRequest { # Find the right registration &GetMemberListArray; &GetEmails; # returns @EmailList array $Found = ""; #lowercase the email input $sendto = lc($in{'sendto'}); $CountIt = 0; foreach $emailline(@EmailList) { ($theemail, $thenumber) = split(/??/, $emailline); $theemail = lc("$theemail"); if ($theemail eq "$sendto") { chomp($thenumber); @thisprofile = &OpenProfile("$thenumber.cgi"); $YourName = "$thisprofile[0]"; $YourPassword = "$thisprofile[1]"; $MessageCount = "$thisprofile[7]"; $CountIt = $CountIt + 1; $Found = "yes"; } } if ($CountIt >= 2) { &StandardHTML("<center>Sorry, we cannot process your request because more than one person is using that email address.</center>"); exit; } if ($MessageCount <=0) { &StandardHTML("<center>Sorry, we cannot process your request because you have not posted a message yet!</center>"); exit; } The italisized lines being the ones to add to the original code. Parker
Top