Incorrect password shown in log

[orange]

Being a new YabbSE admin I am quite impressed, but I discovered one thing today that has put me off registering at any YaBB boards anywhere.

In the forum error log, when a user gets their password wrong, their incorrect attempt is written in the log.

Since the majority of the time this is just a simple typo by the user, it is very easy to work out what the user's real password is.

Many people probably use the same password to register on forums as they do for other things, and I find it quite disturbing that the board's admin has a free run of the passwords if I make a minor error typing it in.

Could this be changed for the next version?


One other question - is it possible to disable user signatures on specific forums? I have a serious discussion forum, where I don't want people's sigs getting in the way - this was really easy to do with ezboard but I can't see a yabb option or mod to do it.

[David]

Please use the search feature before posting.  This has been discussed many times.

[Jeff Lewis]

To be more welcoming...

I will probably add some sort of option for the password thing. People don't like it, I LOVE it.

As for signatures, you'd need to alter some code.

[David]

To be more welcoming...

Sorry, I was in a rotten mood at that time.

Read this thread, http://www.yabb.info/community/index.php?board=140;action=display;threadid=6336

[orange]

For the record, I did do a search for "password shown" but it gave no results.

Thanks for the link btw.

[sylvester]

Open the file LogInOut.php
Search for:

Code Select Expand

   $attempt = $passwrd;
Replace with:

Code Select Expand

   $attempt = str_repeat("*",strlen($passwrd));
Voila