This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.

For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Eggdrop TCL Password Emailer wanted!

Old posts that have not been replied to for several years.
Locked
[
[NUT]

Eggdrop TCL Password Emailer wanted!

Post by [NUT] »

I was wondering if anyone has any idea about how to make this work?

I run an eggdrop for my clan's channels, and want to expand it into doing more then opserving, i added a lot of scripts to it wich make it a happy critter and well used. :D but we (a mate of me and meself) are working on some scripts of our own and hope to make it an eggdrop people want on their channels! 8) The idea is that people can request forgotten passwords to be delivered by email, previously set into his/her user info.

Anyone know a script that does just that? or is there a way to make it work? i am no TCL programmer pursang, to be exact i just started. but people nag me about passwords they forgot and that anoys me. :evil: Most functions on my eggdrop work through authentication only. :roll:

Can anyone help me please! :-?
Top
p
ppslim
Revered One
Posts: 3914
Joined: Sun Sep 23, 2001 8:00 pm
Location: Liverpool, England

Post by ppslim »

Am I right is asuming that the authentication is hostname and password based? And that the password is that saved in eggdrops userfile?

If so, then the answer is no.
This is simply due to the fact that the password is encrypted when stored (encrypted full stop).

This encryption is a one way encryption, as such that it uses the plain text password as the text, and the plain text password as the key. As such, only having the plain text password can produce a password match.

There is simply no secure method of storing password in plain text, so that they can be sent to the user should he/she forget them.

There is another way around it.

Once a owner/master (who ever you pick to do the deed, but lets call him/her A) has varified that person B is who he/she ways they are, then a script can be set to dot he following.

Person A verifies who person B is.
Person A types a command on the bot, for example ".issuepass B". This will tell the bot that B is to be issued witha new password.
The bot will then generate a new random password (EG J4dDJD8e7), save it to the userfile, and either msg or e-mail person B to tell them (e-mail recomended).
Top
[
[NUT]

Post by [NUT] »

ppslim wrote:Am I right is asuming that the authentication is hostname and password based? And that the password is that saved in eggdrops userfile?
If so, then the answer is no.
This is simply due to the fact that the password is encrypted when stored (encrypted full stop).
sh*t :cry:

isn't there a way to store text based passwords in a file besides(next to) the encrypted one? (in a secure location)

[cut]
There is another way around it.

Once a owner/master (who ever you pick to do the deed, but lets call him/her A) has varified that person B is who he/she ways they are, then a script can be set to dot he following.

Person A verifies who person B is.
Person A types a command on the bot, for example ".issuepass B". This will tell the bot that B is to be issued witha new password.
The bot will then generate a new random password (EG J4dDJD8e7), save it to the userfile, and either msg or e-mail person B to tell them (e-mail recomended).
well, thats exactly what i DON'T want to do, because i want to be rid of this, thats just the whole idea :-?
Top
p
ppslim
Revered One
Posts: 3914
Joined: Sun Sep 23, 2001 8:00 pm
Location: Liverpool, England

Post by ppslim »

Quite smply, yes you could do this.

It would not be secure though. Any system using plain text passwords is not secure.

Another option (or feature) to the second option I gave, is to provide a command fore the user to get the password changed himself.

EG, he sends a message to the bot "/msg bot neednewpass", the bot makes a new password, and e-mails it to him.

By all means use the first method, as it's perfectly possible, however, each user would have to give there e-mail address and re-give you there password. This is so it can be stored in plain text, seeing as there is no way to decrypt it.

Another option is to fish about in the modules directory on the eggdrop FTP server (ftp://ftp.eggheads.org/), there used to be a module, that would replace blowfish, so that plaintext passwords could be stored. However, this would 100% leave even global owners (and perminant) at risk.
Top
g
guppy
eggdrop engineer
Posts: 199
Joined: Mon Sep 24, 2001 8:00 pm
Location: Canada
Contact:
Contact guppy

Post by guppy »

You could hack up blowfish to not encrypt passwords :)

Not that hard ... just gotta make the password encryption function return the plaintext password.
Top
Locked

Return to “Archive”