Eliminate all plain ASCII storage of members' passwords. New Admin screen contains option to "Repair Passwords" which will automatically upgrade all existing plain passwords to encrypted versions, skipping the passwords which are already encrypted. Adds secret question / answer to registration, profile, and forget password sections. Forget password function has one more layer, after they enter their username they are presented with their secret question. If they answer correctly, a new password will be emailed to them. All Passwords and Secret Question answers are stored encrypted, no more plain ASCII passwords anywhere!

Version History
1.0    - 5/26/01 Initial Release by Matthew C. Veno
1.0.1 - 5/27/01 Minor Change, removed extra search term at end
1.1    - 6/01/01 Bug Fix, Fixed bug where when Admin modifies users' profile the users' password and secret answer were changed and unusable.
YaBB SP1 - 12/31/01 - Upgrade/modifications taken over by Chris Hartmann, please read This Thread for more information.
2/6/03 - Chris Hartmann no longer supporting this mod. - This Thread
1.2 - 2/21/03 DummyProof issues SP1.2 compatible release - This Thread
1.3 - 6/7/03 DummyProof issues SP1.3 compatible release - Here

How do You Install and Use this MOD?

I can not stress enough the importance of making a backup of your entire YaBB directory before you continue!!!

Since there will be a small time period in which your users will not be able to login during the transition I would suggest putting your board into Maintenance mode.

Download the BoardMOD file from above or head over to BoardMod to get it. Use the BoardMOD application to apply the MOD.

You will need to update your Admin password by hand. Download your /Members/admin.dat file and open it up with Notepad. The first line of the file is your password. You can either replace it with the default(YaBB SP1.1 and later) encrypted password "yyQcHB.blpxnI" which is the equivalent of "admin". Or you can use the Simple password encryption tool below to get your encrypted version of your password. Which ever method you choose, replace the first line inside admin.dat with the encrypted password and upload it (in ASCII).

Jump back into your Admin screen after you have uploaded all the modified files and you will see a new link under Maintenance, Repair All Passwords. Click on this once to have YaBB go through and update all your users' passwords to an encrypted version. This function will skip any user which already has an encrypted password. You should only have to use this feature once ever.

You're all set to go! Turn off maintenance mode to re-open your YaBB board.

You will want to instruct all your users to update their profile to enter a Secret Question and Answer so encase they ever forget their passwords.

From this time on any new registrations will be required to enter a Secret Question and Answer to successful sign-up for your YaBB Board.

Thanks! And enjoy!

PLEASE NOTE: The password encyption is one-way.
There is no way to decrypt your users' passwords. No exceptions!!