![]() |
Advanced Password Rules
This hack allows you to set advanced rules for user passwords to increase member account security. You can enable/disable:
The hack is Admin CP integrated so you can configure its options inside your Admin CP. (See screenshots below) It's compatible with all VB versions I know, feel free to try.. I coded this hack as a part of my "Advanced Board Protection Hack" (not released yet), however it become too complex, so I seperated this and make it an independent hack. Click INSTALL if you install the hack, thx. Enjoy... Logician \\=^)) |
Screenshot:
(Admin CP Settings Page where you configure your password rules) |
another great hack by you pal
/me thinks to nominate it a hack of the month |
Great work Logician
|
Brilliant:)
Just a Question : You know that characters like "11111111" cant be used... How about a password of the format : LLLnnNNN (LLL are different letters, nn is the same number, NNN are other numbers) Would the two "nn" numbers be blocked if you are using the Consecutive feature? (i.e. abc11234) Satan |
nice one.
|
Nice hack!
|
Great hack, applying to localboard first and testing it to the max to see if it still has an easy of use for the end-user.
|
@hellsatan:
Quote:
@xiphoid: please return me your test results and some feedback. I have tested it in 3 different boards and using it in my real board without any problems but I can always use some feedback especially from power-users like yourself, thx :) @rest: thx for the nice comments.. enjoy.. |
Logician, really the best hackers!
Good idea!!! Really hack of month! |
pro :)
not sure about hack of the month, but it's still very useful. |
Thanks Logican!:)
Satan |
Will this hack work with bira's "Send Random Password Instead of Activation Code (v2.0)" hack?
|
Nice work man, keep it up
Drk |
Quote:
|
It sends users a random password rather than an Activation Code when they register. It does modfiy the member.php in the editprofile section. Not safe to use then, I take it? :)
Quote:
|
Quote:
|
Ok, I instaklled it and have a question or two.
Here's the code you said to look for: PHP Code:
PHP Code:
Also, I have a question about the wording in the Admin CP. Quote:
Quote:
I just want to be 100 percent sure I'm not setting something wrong. :) |
Quote:
Quote:
Same applies to "Password Complexity": Yes enables it, while NO disables the check.. Quote:
|
Thank you, sir! :)
|
Logician: Can you please make me an uninstall file for the install file you made because I want to cleanly uninstall this hack.
Thanks, :) |
Quote:
But if you want to delete the hack from your the database section anyway you need to edit 2 tables via PHPmyAdmin or any other SQL tools. (once again: this is not necessary!) You need to edit 2 tables in your database: 1- edit table "settinggroup" and delete the record where title = "Advanced Password Rules". It will be probably the last record in the table.. 2- Edit table "setting" and delete 6 records (again probably will be the last 6) with varnames= bbuser_pass_same_name, bbmin_pass_length, bbpassword_alphanum_check, bbpassword_repetitive, bbpassword_complexity and bbp_basic_unallowed Backup db before taking actions just in case.. |
you can also open your admin/config.php and add $debug=1; into it.
then go to your acp and you see new options in the navmenu. click on edit settings and then remove the settings for this hack be sure after doing so to set $debug=0; again |
help me!
add hack OK but register new not active |
I wonder if this hack can be extended?
1.) Force a Password change every XX Days ( configured via AdminCP ) 2.) Force Password change - NOW - meaning on the next login the users have to change their password. 3.) Countdown 3 days before the password must be changed, saying something like " In 3 days you have to change your password - change it now? " " In 2 days, etc. " 4.) DeluxeVersion: store last 10 passwords and do not let user use any of those 10 Passwords. Can this be done? I think it would be a nice security addon.... |
Gonna give this a try ...
|
@kreatiV - 10 last passwords? Some people, like myself, dont have that many passwords, and they may forget new ones they have to make...
Why not the last 3? Satan |
Okay, last 3 is okay as well ;)
|
What about enforcing the use of non-alphanumeric characters? I don't see an option for that. Could it be added?
Thanks! Great work! |
Great work! Logician ".) :lick:
|
Will this work on version 2.3.0?
This would be PERFECT for my board! |
yes it should work on 2.3.0.. :)
|
OK. I just installed this. Everything is working...
Except the template. When I put a birthdate in as a password, it sends me to the advanced pasword rules template, but there is nothing there. I have checked the templates on both my template sets and they are both populated. Attached is a screenshot: |
I also went back to the instructions and reread them, but I can't see where I missed doing anything. wugh.
|
Nevermind. I figured it out. Somehow. lol
|
i would like some advice please. On our vbulletin we use .php3. In the APR_install.php would i need to rename it to APR_install.php3 and all content inside to *.php3. also this piece of code i'm not sure of inside this file. Where does this go konukdefteri.php and do i need to change the extension of that to php3 aswel.
|
Quote:
2- Edit file and change line include("./global.php"); to include("./global.php3"); 3- And line $file_name="APR_install.php"; to $file_name="APR_install.php3"; You don't need to make anychanges. konukdefteri.php is an obselete code which does not run anyway. It should work ok after these 3 changes. |
cheers, Logician, you da man
|
Logician,
Good work! Keep those users from complaining about their account being hacked. (hate it when it is a PEBKAC issue). Just a minor nitpick, it is "DISALLOWED" not "UNALLOWED". Might want to fix that minor error. As for the template, most of you can probably make your life a little easier by taking the global variables of the hack and put it in as part of your error message template, like: Code:
The password you have entered does not meet the password complexity requirements as set by the system administrator. Please go back and ensure that your password meets the complexity requirements. Logician may also want to adjust a few of those variables, or introduce an "enhanced" hack to allow those variables to be passed as "Yes" or "No" text string, so people can just put in the variables at the template and will automatically change with the settings. |
when i eventually get around to putting this hack on what will happen to the current passwords.
|
All times are GMT. The time now is 10:29 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|