<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 14 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:Wingdings;

        panose-1:5 0 0 0 0 0 0 0 0 0;}

@font-face

        {font-family:Wingdings;

        panose-1:5 0 0 0 0 0 0 0 0 0;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri","sans-serif";

        mso-fareast-language:EN-US;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph

        {mso-style-priority:34;

        margin-top:0cm;

        margin-right:0cm;

        margin-bottom:0cm;

        margin-left:36.0pt;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri","sans-serif";

        mso-fareast-language:EN-US;}

span.EmailStyle17

        {mso-style-type:personal-compose;

        font-family:"Verdana","sans-serif";

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-family:"Calibri","sans-serif";

        mso-fareast-language:EN-US;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:72.0pt 72.0pt 72.0pt 72.0pt;}

div.WordSection1

        {page:WordSection1;}

/* List Definitions */

@list l0

        {mso-list-id:1120611874;

        mso-list-type:hybrid;

        mso-list-template-ids:-388563942 134807553 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}

@list l0:level1

        {mso-level-number-format:bullet;

        mso-level-text:\F0B7;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Symbol;}

@list l0:level2

        {mso-level-number-format:bullet;

        mso-level-text:o;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:"Courier New";}

@list l0:level3

        {mso-level-number-format:bullet;

        mso-level-text:\F0A7;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Wingdings;}

@list l0:level4

        {mso-level-number-format:bullet;

        mso-level-text:\F0B7;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Symbol;}

@list l0:level5

        {mso-level-number-format:bullet;

        mso-level-text:o;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:"Courier New";}

@list l0:level6

        {mso-level-number-format:bullet;

        mso-level-text:\F0A7;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Wingdings;}

@list l0:level7

        {mso-level-number-format:bullet;

        mso-level-text:\F0B7;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Symbol;}

@list l0:level8

        {mso-level-number-format:bullet;

        mso-level-text:o;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:"Courier New";}

@list l0:level9

        {mso-level-number-format:bullet;

        mso-level-text:\F0A7;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Wingdings;}

@list l1

        {mso-list-id:1726562386;

        mso-list-type:hybrid;

        mso-list-template-ids:2109477396 134807567 134807577 134807579 134807567 134807577 134807579 134807567 134807577 134807579;}

@list l1:level1

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l1:level2

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l1:level3

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l1:level4

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l1:level5

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l1:level6

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l1:level7

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l1:level8

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l1:level9

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

ol

        {margin-bottom:0cm;}

ul

        {margin-bottom:0cm;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-GB" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Hi all,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">If you are running a CQPweb server accessible via the wide open internet, please read the following.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">This week, a

<i>catastrophic</i> security issue affecting OpenSSL has been reported, called <b>

Heartbleed</b>.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">For further info see:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><a href="http://heartbleed.com">http://heartbleed.com</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><a href="https://www.schneier.com/blog/archives/2014/04/heartbleed.html">https://www.schneier.com/blog/archives/2014/04/heartbleed.html</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">and many assorted articles in various media.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">(NB &#8220;catastrophic&#8221; is Scheier&#8217;s choice of adjective not mine!)<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">The site I&#8217;ve been using to check for vulnerabilities is

<a href="http://possible.lv/tools/hb/">http://possible.lv/tools/hb/</a> . There are others out there including

<a href="http://filippo.io/Heartbleed/">http://filippo.io/Heartbleed/</a> .<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">If you run your CQPweb server over HTTP, then your users&#8217; credentials are totally insecure anyway. In that case, move along. Nothing to see here. Ignore the rest of this

 message.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">If you run your CQPweb server over HTTPS, and you are running an OS/web-daemon version affected by Heartbleed, then there is a very high probability that Heartbleed has been

 used to compromise your server (in the article linked above Schneier says &#8220;<i>the odds are close to one</i>&#8221;). To restore security, you need to (a) patch the software; (b) change your public / private keys and certificates; change all CQPweb passwords.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">FIRST &#8211; make whatever software updates are necessary to your machine to get to the point where you are running CQPweb in an environment without the vulnerability (or ask

 your system administrator to do so, and then wait till they have done it). Exactly what you need to do will depend on what OS etc. you are running.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">SECOND &#8211; get a new public/private key pair and update your SSL certificate (or bundle if you&#8217;re using a bundle) (or ask your system administrator to do so, and then wait

 till they have done it).<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">THIRD &#8211; make all your users change their passwords.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal" style="margin-left:36.0pt"><i><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Note it is essential to do these steps in order: there is for example no point changing passwords till after you change your certificates, since

 anyone who has swiped your old private key/certificate info while the Heartbleed hole existed could then swipe the new passwords.<o:p></o:p></span></i></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">That last step is a bit of a pain because the planned tools that would allow you to do this quickly and easily through the sysadmin control panel have not been written yet.

 Here&#8217;s how to do it manually in versions greater than 3.1:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">1.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Use the MySQL command line client to connect to your CQPweb database (either as root or with the account used by CQPweb itself).<o:p></o:p></span></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">2.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Force all users to log out by deleting all persistent login tokens:<o:p></o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">a.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span></b><![endif]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">delete from user_cookie_tokens;<o:p></o:p></span></b></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">3.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Delete all existing passwords (quickly after doing the previous step so no one has time to log in again).<o:p></o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">a.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span></b><![endif]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">update user_info set passhash= &quot;$2a$10$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&quot; ;<o:p></o:p></span></b></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">4.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">You now need to send an email message to your users to instruct them to change their passwords. To get a list of email addresses:<o:p></o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">a.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span></b><![endif]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">select email from user_info where email IS NOT NULL AND email != &quot;&quot; INTO OUTFILE &quot;/specify/some/path/here&quot;;<o:p></o:p></span></b></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">b.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Send an email to all these addresses, explaining why their passwords no longer work, and pointing them to the page where they can re-set the password.

<o:p></o:p></span></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">5.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Now, find out if you have any users who do not have email addresses connected to their accounts:<o:p></o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">a.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span></b><![endif]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">select username from user_info where email IS NULL or email = &quot;&quot; ;<o:p></o:p></span></b></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">b.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">(only accounts created in pre-3.1.0 with no email specified can be of this kind.)<o:p></o:p></span></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">6.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">You will need to change the password for each of these users manually. (To log in, you will of course need to change your own password first!)<o:p></o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">a.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">You can do this via the &#8220;Manage users&#8221; screen in admin control panel; then tell each user what their new password is.<o:p></o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">b.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">To automate this for many users: write a script hitting this URL (whilst logged in as yourself):<o:p></o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">c.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">https://server.net/path/to/cqpweb/adm/index.php?userForPasswordReset=<b><u>USERNAME_HERE</u></b>&amp;newPassword=<b><u>NEW_PASSWORD_HERE</u></b>&amp;admFunction=resetUserPassword&amp;uT=y<o:p></o:p></span></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">7.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">ALTERNATIVE to step 6: add an email for these to the database:<o:p></o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">a.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span></b><![endif]><b><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">update user_info set email=&quot;something@somewhere.net&quot; where username=&quot;USERNAME&quot;;<o:p></o:p></span></b></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l1 level2 lfo1">

<![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><span style="mso-list:Ignore">b.<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">&#8230; and then they will be able to change their passwords themselves via the web interface as per above.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">In versions before 3.1.0:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">&middot;<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">If you are

<u>not</u> using CQPweb&#8217;s Apache-based username management&#8230; then you need to give each user a new password via the appropriate tools for {whatever username/password system you are using}, and inform them of what it is.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">&middot;<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">If you

<u>are</u> using CQPweb&#8217;s Apache-based username management&#8230; then you need to use the &#8220;Create new user (or reset user password)&#8221; function under &#8220;Manage users&#8221; in the admin control panel. Again, give each user a new password, then inform them of what it is.<o:p></o:p></span></p>

<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">&middot;<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">To automate use of that web-form for a large number of users, write a script to hit this URL once for each user:<o:p></o:p></span></p>

<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoListParagraph" style="margin-left:72.0pt;text-indent:-18.0pt;mso-list:l0 level2 lfo2">

<![if !supportLists]><span style="font-size:10.0pt;font-family:&quot;Courier New&quot;"><span style="mso-list:Ignore">o<span style="font:7.0pt &quot;Times New Roman&quot;">&nbsp;&nbsp;&nbsp;

</span></span></span><![endif]><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">https://<b><u>YOUR_USERNAME</u></b>:<b><u>YOUR_PASSWORD</u></b>@server.net/path/to/cqpweb/adm/index.php?newUsername=<b><u>USERNAME_HERE</u></b>&amp;newPassword=<b><u>NEW_PASSWORD_HERE</u></b>&amp;admFunction=newUser&amp;uT=y<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Please note</span></i><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"> that all the above procedures are untested. (I haven&#8217;t been able to do it on my

 own v3.1.5 server yet because I am still at the stage of getting my certificates changed&#8230; and I no longer have any machines running 3.0.x.) So - if you spot any problems, please let the list know.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Phew! That&#8217;s it!<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">best<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,&quot;sans-serif&quot;">Andrew.<o:p></o:p></span></p>

</div>

</body>

</html>