Advanced Password Rules

This hack allows you to set advanced rules for user passwords to increase member account security. You can enable/disable:

• The password cant be same with username
• The password cant be shorter than X characters
• The password must include both numbers and letters
• The password cant be all consecutive like 111111 or aaaaaa
• The password cant be years (eg. birth years) or the character sets you banned like 'qwerty' or '0000'

individually. Advanced password rules apply to new registering members and existing members who change their passwords.

The hack is Admin CP integrated so you can configure its options inside your Admin CP. (See screenshots below) It's compatible with all VB versions I know, feel free to try..

I coded this hack as a part of my "Advanced Board Protection Hack" (not released yet), however it become too complex, so I seperated this and make it an independent hack.

Click INSTALL if you install the hack, thx.

Enjoy...

Logician \\=^))

[globalwin]

Logician: Can you please make me an uninstall file for the install file you made because I want to cleanly uninstall this hack.

Thanks,

[Logician]

Quote:

Originally posted by globalwin
Logician: Can you please make me an uninstall file for the install file you made because I want to cleanly uninstall this hack.

Thanks,

globalwin, it does not harm you if you leave it intact but not use it. So if you disable options in the Admin CP, the hack will be disabled automatically. You can also delete text editing section from member.php and register.php and the hack will again be disabled.

But if you want to delete the hack from your the database section anyway you need to edit 2 tables via PHPmyAdmin or any other SQL tools. (once again: this is not necessary!) You need to edit 2 tables in your database:

1- edit table "settinggroup" and delete the record where title = "Advanced Password Rules". It will be probably the last record in the table..

2- Edit table "setting" and delete 6 records (again probably will be the last 6) with varnames= bbuser_pass_same_name, bbmin_pass_length, bbpassword_alphanum_check, bbpassword_repetitive, bbpassword_complexity and bbp_basic_unallowed

Backup db before taking actions just in case..

[Xenon]

you can also open your admin/config.php and add $debug=1; into it.

then go to your acp and you see new options in the navmenu. click on edit settings and then remove the settings for this hack

be sure after doing so to set $debug=0; again

[alibaba]

help me!

add hack OK but register new not active

[kreatiV]

I wonder if this hack can be extended?

1.) Force a Password change every XX Days ( configured via AdminCP )

2.) Force Password change - NOW - meaning on the next login the users have to change their password.

3.) Countdown 3 days before the password must be changed, saying something like " In 3 days you have to change your password - change it now? " " In 2 days, etc. "

4.) DeluxeVersion: store last 10 passwords and do not let user use any of those 10 Passwords.

Can this be done? I think it would be a nice security addon....

[Bison]

Gonna give this a try ...

[Chris M]

@kreatiV - 10 last passwords? Some people, like myself, dont have that many passwords, and they may forget new ones they have to make...

Why not the last 3?

Satan

[kreatiV]

Okay, last 3 is okay as well

[nugfoo]

What about enforcing the use of non-alphanumeric characters? I don't see an option for that. Could it be added?

Thanks! Great work!

[Mr. Brian]

Great work! Logician ".) :lick: