Check user password hack Ver 1.0
 

//////////////////////////////////////////////////////////////
\\
\\ Check user password hack Ver 1.1
\\ Latest version: 1.10 (7-18-2002)
\\ tested with vb 2.2.6
\\ by Birdie501
\\ ----------------------------------------------------------
\\
\\ Description:
\\ ============
\\ You can set a time period (x days) in your admin cp how long
\\ a user password is valid until the user has to change it
\\ due to security reasons!
\\ If the time is over the user see a screen each time he logs in
\ which forces him to change the password.
\\
\\ At the moment this hack doesn't work if the user uses cookies
\\ for logging in. Maybe some of you can help me with that
\\ because i have no knowledge about the cookie thing!
\\
\\ Support: as good as i can
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\

Hi,

i thought this hack might be usefull for some of you :)
I attached a german and an english version.
Screens will follow!

Please consider that this hack is still in beta version! I would be happy if some of you can improve the functionality.

Please click install!
Thanks!

Updated: Ver 1.1
Now the message will not be shown as admin, moderator or Supermoderator! zip changed!

german version:

admin screen 1:

admin screen 2:

user screen: (german language)

Very good hack. Is there a way you can make it so you can select what groups this affect? this would be great for my Admin and Mod groups. User groups i don't care that much about.

Nice! Very meaningful for admins and mods.
"Our forum is to become safer..." ;)

I will try but maybe bad_madman can help! He is an expert! :)

*cough* Stealing my idea from vb.com :\

ohh well guess I will still release mine with all the extra addons :p

hehe :)

I requested this hack on 05-24-02 10:23 AM!!
-> https://vborg.vbsupport.ru/showthrea...threadid=38982

*pushes him* I am just messing with you man. Nice job thanks for making it.. I have so much to do and sooooo little time. Now all you need to have is if they dont change it within X amount of days it updates to a random one and emails it to them.

Hi pal ;)

Are you sure your installfile is correct?

because you replace section
// ############################### start update password ###############################

with a section
// ############################### start login ###############################

ok i think i'll talk in german now, its easier for me and you ;)

F?r die cookie sache h?tte ich vielleicht was f?r dich:
In der global.php bevor die $header geparsed wird kannste ne abfrage reinmachen ob die zeitspanne ?berschritten ist. wenn dem so ist kannste ja in den header ne variable einf?gen mit nem Link und dem hinweis das das pw ge?ndert werden muss ;)

Excellent hack! I just read the thread over at vb.com regarding this being implemented in vB3. I'd have to agree with a few points made here already:

This should be optionally definable by usergroup. For some sites, this may only be useful with moderators.

Once the period of time for an expired password has past, an option to set a new "strong" password (consisting of lower and upper case letters, numbers, and symbols--i.e. "Fe93Fdksi#@fksDF") which is randomly generated and e-mailed to the user automatically.

For really superb security, in addition to the above, xx previous passwords should be remembered and prevented from being used for xx password changes. There should also be an option to limit the amount of time between password changes (so that a user doesn't change a password xx times to be able to use the same one again--perhaps one password change per day?)

"Locking out" the account for a specified amount of time or until an administrator unlocks the account would be terrific as well.

I am thinking of mirroring the Windows 2000 Active Directory security model, for those who might be familiar with that. What a great addition this would be for vB!

Paul

Ups, sorry mad a mistake in the installation instructions! Thanks Xenon! File is updated! Should work now!

Quote:

ok i think i'll talk in german now, its easier for me and you ;) F?r die cookie sache h?tte ich vielleicht was f?r dich: In der global.php bevor die $header geparsed wird kannste ne abfrage reinmachen ob die zeitspanne ?berschritten ist. wenn dem so ist kannste ja in den header ne variable einf?gen mit nem Link und dem hinweis das das pw ge?ndert werden muss ;)

mmmh,
kannste das mal genauer beschreiben, z.B. mit Code :)

To which thread are you guys refering to? :)

k ich versuchs mal :)

in der global.php finde die zeilen:
und davor hau irgendsowas rein:
dann hauste das $pwreminder irgendwo in deinen header und erstellst ein sch?nes template pwreminder in das de den link zum pw ?ndern reinmachst und gro? sagst das es schon viel zu lange her ist das das pw ge?ndert wurde ;)

http://www.vbulletin.com/forum/showt...threadid=50268

:)

P.S. mind translating all that German? I don't understand a word of it :D

it's just a small install hint like find replace and do .....
but in german ;)

Should have read that before writing the hack :)