TripLcixx
07-30-2004, 10:00 PM
Since VB3's expire function for passwords, you can now force your members to change password. But very often, people tend to forget their recently changed password.
Also, if you add the "history" option, people will have to come up with a new password everytime and that particular detail is not always appreciated.
One thing to do is random generate a password but you can be sure you users will never remember this one.
So I came up with the idea to random generate an "easy to remember" password.
A while back I read on php.net about a small piece of code that generates a "pronouncable" password which is easier to remember, so I decided to integrate this function into vB.
What the hack does is add a link in the "Change password" page which makes the page auto-generate a "pronounceable" password. Also, it changes the inputfields from passwordfields to regular textfields. In the first passwordfield, the generated password is placed. The second field will still be empty so the user will have to retype the password.
Changes to do:
-file edits (2)
-template edits (1)
-adding phrases (1)
Installation:
Open admincp/functions_user.php and look for:
return $word;
}
After that, add:
// ############ Extra function to create random pronouncable password ##########
function createpronouncepass() {
$array = array(
'ap','dus','tin','rog','sti','rev','pik','sty','le v','qot','rel','vid',
'kro','xo','pro','wia','axi','jer','foh','mu','ya' ,'zol','gu','pli','cra',
'den','bi','sat','ry','qui','wip','fla','gro','tav ','peh','gil','lot',
'azz','oi','sut','ury','kwi','owp','fli','ws','ava ','nou','gae','ing',
'132','you','789','buo','gro','mup','flo','alc','s pi','nku','gui','win',
'kal','zan','noc','bat','tev','lun','pal','hom','c un','wos','vox');
$num_letters = 7; //The number of letters
mt_srand((double)microtime()*1000000);
for($i=0; $i<$num_letters; $i++)
$pass .= $array[mt_rand(0, (count($array) - 1))];
for($i=1; $i<strlen($pass); $i++) {
if(substr($pass, $i, 1) == substr($pass, $i-1, 1))
$pass = substr($pass, 0, $i) . substr($pass, $i+1);
}
$pass = substr($pass, 0, $num_letters);
return $pass;
}
Save and upload functions_user.php
Open profile.php and look for:
// show Optional because password expired
$show['password_optional'] = !$show['passwordexpired'];
$templatename = 'modifypassword';
After that, add:
if ($_REQUEST['extra'] == 'genrandom') {
$randompass = createpronouncepass();
$passwordfield = "text";
} else {
$randompass = "";
$passwordfield = "password";
}
Save and upload profile.php
In the template "modifypassword", look for:
<input type="password" class="bginput" name="newpassword" size="50" maxlength="50" />
and replace it with:
<input type="$passwordfield" class="bginput" name="newpassword" size="50" maxlength="50" value="$randompass" />
look for:
<input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" />
and replace it with:
<input type="$passwordfield" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" />
<br />$vbphrase[generate_random_password]
Add the following phrase:
Phrase Type: User tools (global)
Varname: generate_random_password
Text: <a href="profile.php?s={$session['sessionhash']}&do=editpassword&extra=genrandom">Click here to have a random password generated for you.</a>
That's it!
Small note:
A 7 char "pronounceable" password is generated every time. If you want more or less characters, all you have to do is change this value in admincp/functions_user.php:
$num_letters = 7; //The number of letters
Also, if you add the "history" option, people will have to come up with a new password everytime and that particular detail is not always appreciated.
One thing to do is random generate a password but you can be sure you users will never remember this one.
So I came up with the idea to random generate an "easy to remember" password.
A while back I read on php.net about a small piece of code that generates a "pronouncable" password which is easier to remember, so I decided to integrate this function into vB.
What the hack does is add a link in the "Change password" page which makes the page auto-generate a "pronounceable" password. Also, it changes the inputfields from passwordfields to regular textfields. In the first passwordfield, the generated password is placed. The second field will still be empty so the user will have to retype the password.
Changes to do:
-file edits (2)
-template edits (1)
-adding phrases (1)
Installation:
Open admincp/functions_user.php and look for:
return $word;
}
After that, add:
// ############ Extra function to create random pronouncable password ##########
function createpronouncepass() {
$array = array(
'ap','dus','tin','rog','sti','rev','pik','sty','le v','qot','rel','vid',
'kro','xo','pro','wia','axi','jer','foh','mu','ya' ,'zol','gu','pli','cra',
'den','bi','sat','ry','qui','wip','fla','gro','tav ','peh','gil','lot',
'azz','oi','sut','ury','kwi','owp','fli','ws','ava ','nou','gae','ing',
'132','you','789','buo','gro','mup','flo','alc','s pi','nku','gui','win',
'kal','zan','noc','bat','tev','lun','pal','hom','c un','wos','vox');
$num_letters = 7; //The number of letters
mt_srand((double)microtime()*1000000);
for($i=0; $i<$num_letters; $i++)
$pass .= $array[mt_rand(0, (count($array) - 1))];
for($i=1; $i<strlen($pass); $i++) {
if(substr($pass, $i, 1) == substr($pass, $i-1, 1))
$pass = substr($pass, 0, $i) . substr($pass, $i+1);
}
$pass = substr($pass, 0, $num_letters);
return $pass;
}
Save and upload functions_user.php
Open profile.php and look for:
// show Optional because password expired
$show['password_optional'] = !$show['passwordexpired'];
$templatename = 'modifypassword';
After that, add:
if ($_REQUEST['extra'] == 'genrandom') {
$randompass = createpronouncepass();
$passwordfield = "text";
} else {
$randompass = "";
$passwordfield = "password";
}
Save and upload profile.php
In the template "modifypassword", look for:
<input type="password" class="bginput" name="newpassword" size="50" maxlength="50" />
and replace it with:
<input type="$passwordfield" class="bginput" name="newpassword" size="50" maxlength="50" value="$randompass" />
look for:
<input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" />
and replace it with:
<input type="$passwordfield" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" />
<br />$vbphrase[generate_random_password]
Add the following phrase:
Phrase Type: User tools (global)
Varname: generate_random_password
Text: <a href="profile.php?s={$session['sessionhash']}&do=editpassword&extra=genrandom">Click here to have a random password generated for you.</a>
That's it!
Small note:
A 7 char "pronounceable" password is generated every time. If you want more or less characters, all you have to do is change this value in admincp/functions_user.php:
$num_letters = 7; //The number of letters