Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
9 - 2 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
     

Re: xoops Password rules and password expiry
by Mamba on 2018/12/30 5:33:39

You might also take a look at the tad_login module that is using the OpenID:
https://github.com/tad0616/tad_login

Maybe you'll find some ideas there...
Re: xoops Password rules and password expiry
by sarahmx on 2018/12/19 1:39:31

Thank you geekwright

Will try the temporary..active directory solution

Btw is there any up to date active directory connection documentation with xoops 2.5.9

I just made some random check of the password used by users of the intranet ...most of it using their username (which we set as employee number) as their password

Xoops or any upcoming password module should also prevent this password cant be the same as username
Re: xoops Password rules and password expiry
by geekwright on 2018/12/16 17:26:01

XOOPS could really use some modern password policy management tools.

My first impulse was to suggest expanding the profile module, but on closer inspection, using existing events and adding a few new ones would allow us to support a module(s) dedicated just to enhanced password policy. Unfortunately, that solution isn't available to deploy today

I will make sure that we have all the events needed to support such a module in place very soon.

Meanwhile, the fastest "hack" I can think of would be to tap into an existing Active Directory, using it as the authentication option for your XOOPS system. I don't know it that would be possible or practical for your environment.

As to resetting all passwords, you could update the "pass" column on the users table with some garbage string for all the users you want to reset. Each user would then have to go through the lost password mechanism to set a new password.
Re: xoops Password rules and password expiry
by sarahmx on 2018/12/14 9:18:58

Thank you for the answer Mamba

Im not sure if i can do this myself ..thinking of creating a custom module just to make this work using jquery validation or something else

Any other pointers will be great
Re: xoops Password rules and password expiry
by Mamba on 2018/12/14 5:20:30

I don't think that there would be an easy hack for it.

a) to keep track of the 6-months interval, you would have to record the date for each user. Maybe you could add an extra field in the Profile and make visible only to the admin. Then you would have hack the core to check at login when user changed that login last time and force him/her to change it.
Or you could add a field to Profile for a reset, and then run a cron every six months to reset all users to yes, and thus force the user to change the password.

b) you could set the check in your new hack as a field validation

c) while checking for the reset, if it is on, you could then save the current password and compare it to the new one, to make sure that they don't match

Another way that might be easier, would be to run a cron job that would use the "lostpass.php" to fake for each user a request for a new password, sending them a new password and forcing them to use it, and to change to whatever they want.

Richard is the guru in this area, so maybe he could come up with better...

Who's Online

188 user(s) are online (155 user(s) are browsing Support Forums)


Members: 0


Guests: 188


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits