Not at all. It's 100% susceptible to a brute-force attack- there's no flood checking on logging in (which there should be).
AL, at the very least, do this to your files:
[code][/code]
And replace "viewpw" with something unique+non-guessable to you- "pilot", "tomato", whatever. Now, even if this guy hacks in, he's not going to be able to see all your members' passwords (which should be the default behaviour). But, YOU can see them, because you know what the secret "in" word is.. to view a members' password, open their profile as usual, and add "
&(yourword)=true" to the url of the profile, and hit enter.
So, if you didn't change my code, and if the URL looks like:
http://www.myubb.com/cp.cgi?ubb=get_profile_for_admin&u=00006479 Change it to:
http://www.myubb.com/cp.cgi?ubb=get_profile_for_admin&u=00006479[b]&viewpw=true[/b] This will reload the page, and let you see the users' password. (note that you should change "viewpw" to something else, just incase any potential hackers are reading this)
Obviously this won't stop him hacking in in the first place, but it does let you breate if/when he does, knowing that he's not able to get everyone elses' passwords. For this reason, I suggest that you don't tell ANY other admins/anyone else what your secret replacement word for "viewpw" is- they don't have any legitimate reason for needing a members password.
On another note, have you changed all the passwords on your admins' email accounts? If they were the same as the UBB passwords at any point, he may have access to your email, and so to get the latest admin password, he just needs to use the "forgot my password" feature, then check your email.
[ August 13, 2001: Message edited by: Borg ]
