Check user password hack Ver 1.0

//////////////////////////////////////////////////////////////
\\
\\ Check user password hack Ver 1.1
\\ Latest version: 1.10 (7-18-2002)
\\ tested with vb 2.2.6
\\ by Birdie501
\\ ----------------------------------------------------------
\\
\\ Description:
\\ ============
\\ You can set a time period (x days) in your admin cp how long
\\ a user password is valid until the user has to change it
\\ due to security reasons!
\\ If the time is over the user see a screen each time he logs in
\ which forces him to change the password.
\\
\\ At the moment this hack doesn't work if the user uses cookies
\\ for logging in. Maybe some of you can help me with that
\\ because i have no knowledge about the cookie thing!
\\
\\ Support: as good as i can
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\

Hi,

i thought this hack might be usefull for some of you
I attached a german and an english version.
Screens will follow!

Please consider that this hack is still in beta version! I would be happy if some of you can improve the functionality.

Please click install!
Thanks!

Updated: Ver 1.1
Now the message will not be shown as admin, moderator or Supermoderator! zip changed!

[Neo]

*pushes him* I am just messing with you man. Nice job thanks for making it.. I have so much to do and sooooo little time. Now all you need to have is if they dont change it within X amount of days it updates to a random one and emails it to them.

[Xenon]

Hi pal

Are you sure your installfile is correct?

because you replace section
// ############################### start update password ###############################

with a section
// ############################### start login ###############################

ok i think i'll talk in german now, its easier for me and you

F?r die cookie sache h?tte ich vielleicht was f?r dich:
In der global.php bevor die $header geparsed wird kannste ne abfrage reinmachen ob die zeitspanne ?berschritten ist. wenn dem so ist kannste ja in den header ne variable einf?gen mit nem Link und dem hinweis das das pw ge?ndert werden muss

[Paul]

Excellent hack! I just read the thread over at vb.com regarding this being implemented in vB3. I'd have to agree with a few points made here already:

This should be optionally definable by usergroup. For some sites, this may only be useful with moderators.

Once the period of time for an expired password has past, an option to set a new "strong" password (consisting of lower and upper case letters, numbers, and symbols--i.e. "Fe93Fdksi#@fksDF") which is randomly generated and e-mailed to the user automatically.

For really superb security, in addition to the above, xx previous passwords should be remembered and prevented from being used for xx password changes. There should also be an option to limit the amount of time between password changes (so that a user doesn't change a password xx times to be able to use the same one again--perhaps one password change per day?)

"Locking out" the account for a specified amount of time or until an administrator unlocks the account would be terrific as well.

I am thinking of mirroring the Windows 2000 Active Directory security model, for those who might be familiar with that. What a great addition this would be for vB!

Paul

[Birdie501]

Quote:

Originally posted by Xenon
Hi pal

Are you sure your installfile is correct?

because you replace section
// ############################### start update password ###############################

with a section
// ############################### start login ###############################

Ups, sorry mad a mistake in the installation instructions! Thanks Xenon! File is updated! Should work now!

Quote:

ok i think i'll talk in german now, its easier for me and you

F?r die cookie sache h?tte ich vielleicht was f?r dich:
In der global.php bevor die $header geparsed wird kannste ne abfrage reinmachen ob die zeitspanne ?berschritten ist. wenn dem so ist kannste ja in den header ne variable einf?gen mit nem Link und dem hinweis das das pw ge?ndert werden muss

mmmh,
kannste das mal genauer beschreiben, z.B. mit Code

[Birdie501]

Quote:

Originally posted by LoveShack
Excellent hack! I just read the thread over at vb.com regarding this being implemented in vB3.
Paul

To which thread are you guys refering to?

[Xenon]

k ich versuchs mal

in der global.php finde die zeilen:

PHP Code:

// parse css, header & footer ##################
eval("\$headinclude = \"".gettemplate('headinclude')."\";");
eval("\$header .= \"".gettemplate('header')."\";");
eval("\$footer .= \"".gettemplate('footer')."\";"); 


und davor hau irgendsowas rein:

PHP Code:

if((time()-$bbuserinfo[pwdate])>($pwdays*3600*24)) {
  eval("\$pwreminder .= \"".gettemplate('pwreminder')."\";");
} else {
  $pwreminder="";
} 


dann hauste das $pwreminder irgendwo in deinen header und erstellst ein sch?nes template pwreminder in das de den link zum pw ?ndern reinmachst und gro? sagst das es schon viel zu lange her ist das das pw ge?ndert wurde

[Paul]

Quote:

Originally posted by Birdie501


To which thread are you guys refering to?

http://www.vbulletin.com/forum/showt...threadid=50268



P.S. mind translating all that German? I don't understand a word of it

[Xenon]

it's just a small install hint like find replace and do .....
but in german

[Birdie501]

Quote:

Originally posted by LoveShack


http://www.vbulletin.com/forum/showt...threadid=50268



P.S. mind translating all that German? I don't understand a word of it

Should have read that before writing the hack