Passwords

[Spaceman-Spiff]

i still don't see why you need to throw away the crypt just to give out password to your members
as an admin you have the ability to edit/change each user's password in his/her profile

[habby]

Do you know how long that will take with hundreds of members?

Look either you help me or you dont! If you are willing to help me please send me a PM and I will be very grateful!  Otherwise please give me an answer then I can go to sleep and then try to work on it myself in the morning

[Iridium]

One quick question before I continue: Why the hell have you spent money on stamps, when you could've used e-mail? (My first argument when asked this question would be security, however, you can't really use that seeing as you're obviously not concerned enough to worry about it for the passwords in the database)

Anyway, back to the point.

My thought is that in order to maintain security, and as you are obviously averse to exerting any energy to pre-create the accounts, maybe it would be better to keep the crypt() as is, and write a separate script to do the checking. This script would take a text file listing each users name, and the password that they are supposed to use as its input. It would then crypt()s the password from the file, finds the user that that password belongs to in the database, and compares it to the crypt()ed password in the database. It could then notify you of all the people who aren't using the correct password.

This not only maintains security of the passwords in the database, but would also be much faster than what I would imagine you were going to do to check the passwords, which would be to go through the database, and check each one manually against your "master password list".

[Jack.R.Abbit]

I'm confused... so I'll jump in here.

Let me get it all straight:
You already sent unique passwords (via snail-mail) to hundreds of friends but none of those accounts are actually created because they are suppose to use this password you've provided when they register.  You want to remove crypt so that once they have registered, you can look into the DB to make sure they used the password that you told them to.

If I am correct here... I think you somehow created a lot more work for yourself no matter how you cut it.  And now you are mad at us for not helping you apply a retarded "fix" to an already retarded problem.

I can see why noone is interested in assisting.  

-Jack

[Iridium]

Well said.

[Spaceman-Spiff]

Yes, the mistake is doing it the hard way, when u can actually do the easier way
i'm trying to assist this guy now via IM without having to remove the crypt

[Anguz]

if you took the time it takes to mail "hundreds" of friends their passwords, can't you take the time to create their accounts?

you'll still have to go through the trouble of checking that they used the password you gave them! it'll probably be a lot tougher to do that...

still, you gave your reasons, they gave their reasons, they won't change their mind cause they have a strong reason... they gave you a solution, but if you don't like it, solve it yourself

I don't think it's fair that you say that "no one in yabbse is helpful", I think that's pretty rude and you should watch your manners... these guys are doing A LOT of work on a daily basis to help hundreds of ppl without getting a penny for it

[[Unknown]]

By the way, another solution is to check by logging in as them with the password you gave.

-[Unknown]

[Anguz]

By the way, another solution is to check by logging in as them with the password you gave.

-[Unknown]

but then he'd have to login and logout "hundreds" of times!  


lol