Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons

Reply
 
Thread Tools
Minimum Password Length Details »»
Minimum Password Length
Version: 1.0.2, by Eric Eric is offline
Developer Last Online: Jun 2023 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 4.x.x Rating:
Released: 05-30-2011 Last Update: 07-04-2011 Installs: 56
Uses Plugins Auto-Templates
Re-useable Code Translations  
No support by the author.

What is this?
This mod will allow you to force user passwords to be at least a certain length.


Features
  • Force minimum length on:
    • Registration
    • Edit Password
    • Reset Password

I've only tested this mod on vB 4.1.4/4.1.5 (alpha). It should work with previous versions, however I am not sure. If it works for you on an older version, let me know.


Installation
1. Download the `product-password_minlength.xml` file. (* may differ in name based on version)
2. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
3. Import the product using the `product-password_minlength.xml` file. (* may differ in name based on version)
4. Configure the mod in AdminCP -> Settings -> Options -> User Registration Options


Upgrading
In many cases, all you'll need to do to upgrade is follow the installation instructions above, but set "Allow Overwrite" to "Yes".


Changelog
Version 1.0.2, 07/05/2011
  • Changed the "Check Method" choice from a drop down to radio buttons (Boofo )
  • Changed how the "UserId" "Check Method" works - it now is used for escluding User ID's
  • Fixed a bug in the plugin for updating profile - was not checking if a new password had been entered.

Version 1.0.1, 06/07/2011
  • Introduced three new options and one new plugin.
  • The new options are based around a "Check Method". You can choose to enforce the min. password length by userid, usergroup, or 'none' (all).

Version 1.0.0, 05/31/2011
  • Initial release.

Download Now

File Type: xml product-password_minlength-1.0.1.xml (9.8 KB, 53 views)
File Type: xml product-password_minlength-1.0.2.xml (9.8 KB, 280 views)

Screenshots

File Type: png editpassword.png (12.2 KB, 0 views)
File Type: png editpassword_notlongenough.png (5.2 KB, 0 views)
File Type: jpg register.jpg (26.1 KB, 0 views)
File Type: jpg register_noglongenough.jpg (54.2 KB, 0 views)
File Type: jpg admincp_options.jpg (83.7 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
2 благодарности(ей) от:
BCP Hung, TheLastSuperman

Comments
  #12  
Old 06-01-2011, 10:59 AM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by sulasno View Post
tagged and thanks

can the mod dictate that a minimum of 1 Capital letter and I Digit must be used ?
Quote:
Originally Posted by vglobal View Post
Tag for future. It would be great if we have a complex password mod.

Thanks
It is not possible to do that with this mod... at least, not yet. I will see what I can do.

Quote:
Originally Posted by Boofo View Post
Excellent idea, sir.
Thank you
Quote:
Originally Posted by Boofo View Post
What is a good default setting for the length? I think 14 might be a little too long for some users to accept without whining.

Also, I saw no error on importing the product on 4.1.3. Maybe another mod was not playing nice with the OP setup.
A good, secure, password is typically 12-16 (roughly) characters. But, I can understand some users having difficulty with that. I would say a good compromise would be 8 characters.

As for 4.1.3, that is what I was thinking - that maybe another mod was conflicting with it. Hopefully it is not an error with this mod itself.
Reply With Quote
  #13  
Old 06-01-2011, 04:59 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I compromised and set it at 10.

I didn't see anything in the code that would cause an error on import. I wouldn't worry about it unless you get anyone else having the same issues.

I would suggest maybe adding a setting for certain userids that could bypass the length check.
Reply With Quote
  #14  
Old 06-02-2011, 04:23 PM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
I compromised and set it at 10.

I didn't see anything in the code that would cause an error on import. I wouldn't worry about it unless you get anyone else having the same issues.

I would suggest maybe adding a setting for certain userids that could bypass the length check.
That is a good idea Boofo, will implement it in the next release.
Reply With Quote
  #15  
Old 06-04-2011, 01:05 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
I compromised and set it at 10.

I didn't see anything in the code that would cause an error on import. I wouldn't worry about it unless you get anyone else having the same issues.

I would suggest maybe adding a setting for certain userids that could bypass the length check.
I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.

Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.

Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.

Just my opinion.
Reply With Quote
  #16  
Old 06-04-2011, 01:27 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by BirdOPrey5 View Post
I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.

Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.

Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.

Just my opinion.
I totally disagree.
Reply With Quote
  #17  
Old 06-04-2011, 03:53 PM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by BirdOPrey5 View Post
I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.

Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.

Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.

Just my opinion.
I would disagree, actually. I think every member should have as secure a password as possible. These days when you have things like KeePass, etc - and browsers that will save the password... what is an extra 2-3 characters? Besides, the limit in this mod is configurable.

I may add a usergroup option though, we'll see.
Reply With Quote
  #18  
Old 06-04-2011, 04:01 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Eric View Post
I would disagree, actually. I think every member should have as secure a password as possible. These days when you have things like KeePass, etc - and browsers that will save the password... what is an extra 2-3 characters? Besides, the limit in this mod is configurable.

I may add a usergroup option though, we'll see.
I think a userid option would be better.
Reply With Quote
  #19  
Old 06-04-2011, 04:24 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well obviously it's your mod... I'm just saying I think putting a 10 or 14 character minimum on regular user account on most forums is like putting a bank vault door on an empty shed in a rural area... Yeah it's more protection, but for what?

You have to balance security vs. the user experience and most forums don't need this type of security on their standard accounts. Admins need to realize IMO most of their sites aren't all that important in the scheme of things. If it was a bank account or medical history then yeah, by all means, enforce strong passwords... but a forum to talk about cars or art or video games? I'd be more concerned about frustrating new and existing members with password requirements far surpassing any bank account I've ever used and having them stop coming.

I use KeePass myself but I'm not going to go through the effort of making a new entry for every single forum I'm a member of. LOL.

Anyway, my suggestion is an option to enforce for mods and admins only... all other opinions aside.
Reply With Quote
  #20  
Old 06-04-2011, 05:58 PM
jgt58 jgt58 is offline
 
Join Date: May 2010
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
I think a userid option would be better.
This would be great if you could enforce this on a usergroup basis and not the regular members
Reply With Quote
  #21  
Old 06-04-2011, 06:13 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by jgt58 View Post
This would be great if you could enforce this on a usergroup basis and not the regular members
That makes absolutely no sense. Why even use it then?
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:51 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05947 seconds
  • Memory Usage 2,358KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (11)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (2)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (7)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete