Hi, Ok I have a major problem when i checked amember this morning. Every single one of my 500 members have had their password changed to "password" Is this a problem with amember ? or has someone hacked my amember ? Has this happend to anyone else ? Regards josh,
Hey Josh, Just checked, all is well on my sites. This sounds like either: a) someone ran a SQL script (PHPAdmin) to bulk update the password for all users (SET password = "password") b) your UI is caching information and all of your users do not really have a password of "password" Have you tried to log in as one of the affected users to verify the password is actually changed? Have you, or any of your Admins, done any work in SQL recently? Do you have a backup?
Skippy, Thanks for your reply to answer some of your questions I am using the admin account for amember No one has done anywork on the script for months We do have backup but the prob is its 1 week old and theres a few people we would loose going back 1 week. I'm 100% sure its not the UI cache as I have tried logging into a few clients accounts successfully using "password" as the password. So far amember support have been useless, I wish they had a bloody phone number . its taken 4 days via emails to get absolutely no where.. If i had a choice to pick this forum for support or the actual support I would choose here
One option is to take your backup and restore just the user passwords (update password where user = ) This will at least correct the password for those users (which I'm hoping is the bulk of them)
Skippy, See thats the kinda help that would have taken 30 seconds on the phone Can u just give me a very very brief run through of replacing the passwords only ? Do I do it in the amember control pannel or in the sites ftp ? Thanks for your response again josh
Depending on what kind of back up you have, restoring it to a separate DB and extracting out the information into a SQL script. Essentially your SQL command for each record will look like: Code: UPDATE [b]amember_members[/b] SET pass = '[b]oldpassword[/b]' WHERE login = '[b]username[/b]' where amember_members is your DB, oldpassword is the backed up user password and username is the correlated user name.