If you have an older forum like mine and check the user_login_attempts column you are probably going to find it's at 99 for many older accounts. We have instances here on phpBB.com and other sites where spammers have successfully hijacked accounts. It's not an issue particular to phpBB, the usernames and passwords are already known.
See here for more information: https://haveibeenpwned.com/
The following will remove a users password that has no activity in 10 years where the registration date is also older than 10 years. They will need to to use "I forgot my password" link in the event they return. The one caveat is no indication to user it will not be possible to login without resetting the password. If you want to change the time edit both instances of
See here for more information: https://haveibeenpwned.com/
The following will remove a users password that has no activity in 10 years where the registration date is also older than 10 years. They will need to to use "I forgot my password" link in the event they return. The one caveat is no indication to user it will not be possible to login without resetting the password. If you want to change the time edit both instances of
10 YEAR. Code:
UPDATE phpbb_users SET user_password = '0' WHERE user_regdate < UNIX_TIMESTAMP(DATE_SUB(CURDATE(), INTERVAL 10 YEAR)) AND user_lastvisit < UNIX_TIMESTAMP(DATE_SUB(CURDATE(), INTERVAL 10 YEAR)) AND user_id != 1;Statistics: Posted by thecoalman — Sat Nov 16, 2024 10:25 am