[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] Setting a users password without being logged in
Thanks for your reply,
".cory.trese." wrote:
> ****** message to minivend-users from ".cory.trese." <digital@specialty-books.com> ******
>
> using the [data area field key "value" * increment*] tag (as mention in the
> docs) and the [export database file*type*] tag you can force updates of the
> user's password in the database (I think!) and then export the database to it's
> source file to make the update.
>
I have this part working but the password needs to be encrypted before writing to the userdb
otherwise the user cannot log in.
I am not keen on using non encrypted passwords in the userdb.
>
> If this actually works (which it very well may not) you should be very careful
> generating random passwords with minivend (or even generating random password
> lists and then reading them from a file with minivend) for security reasons.
>
It work fine!
The passwords are created on the fly and are not set in variables or passed in form fields so the
user will not be able to see it from a view source or similar. They are not held anywhere after
they are created, just set in the userdb, and mailed to the user. hopefully, there will be no way
of people abusing this but I will go through this when i have it working.
I just need to know how to encrypt the new password before writing it.
Many Thanks,
macky..
>
> On Thu, 28 Oct 1999, you wrote:
> >****** message to minivend-users from macky@staktrading.com ******
> >
> >Hi All,
> >
> >I need to be able to write to the password field of the userdb without
> >knowing the password and without being logged in.
> >
> >Why?
> >
> >I have many users logging in, purchasing then forgetting the password. I
> >plan to find their email address and assign a new (random) password to
> >them, then send it by email.
> >
> >All works except, I need to encrypt the password before writing it to
> >the userdb.
> >I know about the userdb function for changing passwords but this
> >requires the old password (which i dont know).
> >
> >Using mv3.15 beta.
> >
> >Any ideas to do this??
> >
> >Macky..
> >
> >
> >-
> >To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
> >email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
> >Archive of past messages: http://www.minivend.com/minivend/minivend-list
> --
> ========================================
> Cory Trese
> email : digital@specialty-books.com
> fone : (740) 594 - 2274, ext 223
> phax : (740) 593 - 3045
> ========================================
> Mail Sent from
>
> Specialty Books,
> Athens Ohio, 45701
> www.specialty-books.com
>
> RedHat Linux, Hedwig
> P][ / 2.3.5
> ========================================
> -
> To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
> email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
> Archive of past messages: http://www.minivend.com/minivend/minivend-list
--
*----------------------------------------------------------------*
Stak Trading Networking and Internet Department
Tel: +44 (0)8704 420 445 Fax: +44 (0)8704 420 447
URL: http://www.staktrading.com E-mail: networking@staktrading.com
