Post: XenForo Mass Pass Changer
Options
04-11-2016, 12:36 AM
#1
D4tabase
Haxor!
Well here is a script that I created that will help you do that. You must visit this script in a web browser and not use CLI to execute the script.
This script will keep refreshing itself updating every users password. Once it finishes you'll be alerted with a message. Make sure you put your board in maintenance when you do this to avoid issues. A log file will be in the same directory as the php file.
Requirements:
- SMTP Server Setup
- Directory of the board writable
- JavaScript Enabled [Browser]
<?php
/*
* General purpose of this script is to change all users
* passwords and sending them an email containing the password.
*
* This can be helpful to you or your forum if your users passwords
* have been compromised.
*
* Forum: XenForo
* Language: PHP
*/
$curFolder = dirname(__FILE__);
$libFolder = dirname(__FILE__) . '/library';
$perms = is_writable($curFolder);
if (!is_dir($libFolder)) {
die('Could not locate the library folder containing XenForo\'s installation!'
;
}
if (!$perms) {
die('The current directory is not writable. Please change the permissions so we could write the logs in it!';
}
if (file_exists(dirname(__FILE__) . '/logs.html')
echo file_get_contents(dirname(__FILE__) . '/logs.html';
$startTime = microtime(true);
$fileDir = dirname(__FILE__);
require($fileDir . '/library/XenForo/Autoloader.php';
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library';
XenForo_Application::initialize($fileDir . '/library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);
$dependencies = new XenForo_Dependencies_Public();
$dependencies->preLoadData();
XenForo_Session::startPublicSession();
$userModel = new XenForo_Model_User();
$defaultEmail = XenForo_Application::get('options'->defaultEmailAddress;
function _sendEmail(array $user, array $email, Zend_Mail_Transport_Abstract $transport)
{
if (!$user['email'])
{
return false;
}
$options = XenForo_Application::getOptions();
XenForo_Db::ping();
$mailObj = new Zend_Mail('utf-8';
$mailObj->setSubject($email['email_title'])
->addTo($user['email'], $user['username'])
->setFrom($email['from_email'], $email['from_name']);
$bounceEmailAddress = $options->bounceEmailAddress;
if (!$bounceEmailAddress)
{
$bounceEmailAddress = $options->defaultEmailAddress;
}
$toEmail = $user['email'];
$bounceHmac = substr(hash_hmac('md5', $toEmail, XenForo_Application::getConfig()->globalSalt), 0, 
;
$mailObj->addHeader('X-To-Validate', "$bounceHmac+$toEmail");
if ($options->enableVerp)
{
$verpValue = str_replace('@', '=', $toEmail);
$bounceEmailAddress = str_replace('@', "+$bounceHmac+$verpValue@", $bounceEmailAddress);
}
$mailObj->setReturnPath($bounceEmailAddress);
if ($email['email_format'] == 'html'
{
$replacements = array(
'{name}' => htmlspecialchars($user['username']),
'{email}' => htmlspecialchars($user['email']),
'{id}' => $user['user_id']
);
$email['email_body'] = strtr($email['email_body'], $replacements);
$text = trim(
htmlspecialchars_decode(strip_tags($email['email_body']))
);
$mailObj->setBodyHtml($email['email_body'])
->setBodyText($text);
}
else
{
$replacements = array(
'{name}' => $user['username'],
'{email}' => $user['email'],
'{id}' => $user['user_id']
);
$email['email_body'] = strtr($email['email_body'], $replacements);
$mailObj->setBodyText($email['email_body']);
}
if (!$mailObj->getMessageId())
{
$mailObj->setMessageId();
}
$thisTransport = XenForo_Mail::getFinalTransportForMail($mailObj, $transport);
try
{
$mailObj->send($thisTransport);
}
catch (Exception $e)
{
XenForo_Error::logException($e, false, "Email to $user[email] failed: ");
return false;
}
return true;
}
function genPass($length = 10) {
$ch = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_+-={}[]\\;:\'",.?/`~';
$len = strlen($ch);
$str = '';
for ($i = 0; $i < $length; $i++)
{
$str .= $ch[rand(0, $len-1)];
}
return $str;
}
// Start
$range = [];
$range[0] = (isset($_GET['l']) && intval($_GET['l']) != 0) ? intval($_GET['l']) : 0;
$range[1] = (isset($_GET['r']) && intval($_GET['r']) != 0) ? intval($_GET['r']) : 30;
$user_ids = $userModel->getAllUsers(array('user_id', 'limit' => 30, 'offset' => $range[0]));
ksort($user_ids, SORT_NUMERIC);
$db = XenForo_Application::get('db';
$last = $db->fetchRow('SELECT * FROM xf_user ORDER BY user_id DESC LIMIT 1';
foreach ($user_ids as $user) {
if ($user['user_id'])
{
$user['newPassword'] = genPass();
/** @var $writer XenForo_DataWriter_User */
$writer = XenForo_DataWriter::create('XenForo_DataWriter_User';
$writer->setExistingData($user['user_id']);
$writer->setOption(XenForo_DataWriter_User::OPTION_ADMIN_EDIT, true);
$writer->setPassword($user['newPassword'], false, null, true);
$writer->save();
$email = array();
$email['from_email'] = $defaultEmail;
$email['from_name'] = 'Support';
$email['email_title'] = 'Password has changed!';
$email['email_body'] = "Dear {name},
We have changed your password for security purposes!
Your new password is:
";
$email['email_body'] .= "{$user['newPassword']}";
$email['email_format'] = 'html';
$transport = XenForo_Mail::getTransport();
if (_sendEmail($user, $email, $transport))
file_put_contents('logs.html', "[{$user['user_id']}] => Sent email to " . htmlspecialchars($user['username']) . "<br />
", FILE_APPEND);
else
file_put_contents('logs.html', "[{$user['user_id']}] => Failed to send email to " . htmlspecialchars($user['username']) . "<br />
", FILE_APPEND);
}
if ($last['user_id'] == $user['user_id'])
{
die('Completed changing the passwords! Please check out the logs at logs.html file!';
}
}
// end
$range[0] = $range[0] + 30;
$range[1] = $range[1] + 30;
$location = basename(__FILE__, '.php' . ".php?l=" . $range[0] . '&r=' . $range[1];
echo "<script type='text/javascript'>window.location = '{$location}';</script>";
?>
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
