First of all, I would like to ask for excuses me for my very poor English. I am strengtheing itself to be able to share with you some of my works.
Security is primordial nowadays. And as everything in the Internet that has a minimum of security demands the use of passwords, is necessary that uses safe passwords to keep its security and the security of the information of the site.
It is known that the majority of the users uses the same password for the majority of the sites that registers and that in the great majority these passwords are not very safe, therefore is short passwords, that remember some thing of the user, at last, this is a risk for you, its site and its users.
But, how to force the users of its site to use safe passwords?
It is simple, installs a quality passwords meter in your site and only allows registers that they reach definitive level of security defined for you.
In the last days some XOOPS sites in Brasil had been hacked and know, at least what it consists, that this invasion was made possible because the invader discovered the password of some user who possessed a weak password.
Was thinking about this that I developed this hack and I hope that with this I can help them to make more difficult the life of this type of person who invades sites to cause the chaos, it at least a little.
Well, go to start.
The first step is make backup of the files that you go edit to install the hack.
The files are:
- include/registerform.php
- edituser.php
- language/your_language/user.php
- modules/system/language/your_language/admin/preferences.php
Made backup, click
here and download the necessary files.
Open the files include/registerform.php and edituser.php text editor and only substitutes the code of creation of password field for this:
Quote:
##################################################################################################
# Password Quality Meter
# Type: Core Hack
# Description: This hack creates a Password Quality Meter for the user in the register or edition
# profile form. It only enable the send form button case the typed password reach the level of
# security defined for you in the administration (System Admin=>Preferences=>Users Config).
##################################################################################################
# Rodrigo Pereira Lima aka TheRplima
# therplima@gmail.com
# Last Update: 16/09/2006
# See the hack in my site http://www.xoops.net.br/register.php
##################################################################################################
include_once XOOPS_ROOT_PATH."/include/passwordquality.php";
##################################################################################################
# End of Hack
##################################################################################################
Original password form field creation code in include/registerform.php:
Quote:
$reg_form->addElement(new XoopsFormPassword(_US_PASSWORD, "pass", 10, 32, $myts->htmlSpecialChars($pass)), true);
Original password form field creation code in edituser.php:
Quote:
$pwd_text = new XoopsFormPassword('', 'password', 10, 32);
Made this, the next step is to include the used texts in hack in the definitions of language of xoops.
Opens the file language/your_language/user.php and in the end of the file, before ?> includes the stretch below:
Quote:
##################################################################################################
# Password Quality Meter
# Type: Core Hack
# Description: This hack creates a Password Quality Meter for the user in the register or edition
# profile form. It only enable the send form button case the typed password reach the level of
# security defined for you in the administration (System Admin=>Preferences=>Users Config).
##################################################################################################
# Rodrigo Pereira Lima aka TheRplima
# therplima@gmail.com
# Last Update: 16/09/2006
# See the hack in my site http://www.xoops.net.br/register.php
##################################################################################################
define('_US_REGFORM_NOJAVASCRIPT', 'To register in this site the Javascript of your browser must be enable. Enable it and try again!');
define('_US_REGFORM_WARNING', 'To register in this sitee you will be use a safe password. Try to create your passwords using a mix of letters (case sensitive), numbers and symbols.');
##################################################################################################
# End of Hack
##################################################################################################
Open now modules/system/language/your_language/admin/preferences.php and in the end of the file, before ?> includes the stretch below:
Quote:
##################################################################################################
# Password Quality Meter
# Type: Core Hack
# Description: This hack creates a Password Quality Meter for the user in the register or edition
# profile form. It only enable the send form button case the typed password reach the level of
# security defined for you in the administration (System Admin=>Preferences=>Users Config).
##################################################################################################
# Rodrigo Pereira Lima aka TheRplima
# therplima@gmail.com
# Last Update: 16/09/2006
# See the hack in my site http://www.xoops.net.br/register.php
##################################################################################################
define("_MD_AM_PASSLEVEL","Minimun password security");
define("_MD_AM_PASSLEVEL_DESC","Define which the minimum level of security for the passwords of the users.");
define("_MD_AM_PASSLEVEL1","Unsafe");
define("_MD_AM_PASSLEVEL2","Weak");
define("_MD_AM_PASSLEVEL3","Fair");
define("_MD_AM_PASSLEVEL4","Strong");
define("_MD_AM_PASSLEVEL5","Safe");
define("_MD_AM_PASSLEVEL6","Not rated");
##################################################################################################
# End of Hack
##################################################################################################
Soon, the alterations are made, copy the files passwordquality.php, passwordquality.js and percent_bar.js for inside of the folder include of its site.
We now go effectively to install hack in xoops. Copy the file Securitypasshack_install.php for the root of its site. Make a login as admin and access XOOPS_URL/securitypasshack_install.php.
It is very fast and if everything ok you will receive a success message and will be redirected for the main page of its site.
Erase the file Securitypasshack_install.php to prevent problems.
The installation is complete, it goes now in System Admin=>Preferences=>Users Config and sees if the length of the password and the level of security are in accordance with its necessities and are felt safer!
I hope that they have liked.
Here the link of original post in my site (Portuguese).
TheRplima