| T O P I C R E V I E W |
| muzishun |
Posted - 22 January 2008 : 16:27:14
I've packaged up a couple of the security tweaks Shaggy and I discussed in the Password Salting thread, and I've added a bit of flair to them. The admin can now configure the minimum/maximum length of the passwords from the Main Forum Configuration. They can also toggle alphanumeric passwords on and off from there as well.
From the readme:
quote:
This miniMOD adds a few security enhancements to users' passwords. It gives the forum owner the ability to specify minimum and maximum password lengths, as well as other features.
Download from SnitzBitz.< |
| 15 L A T E S T R E P L I E S (Newest First) |
| AnonJr |
Posted - 28 April 2008 : 09:30:55
Run through some of the tutorials here: http://www.w3schools.com/asp/
The "&" is used to concatenate two strings together. The "_" is used to indicate that the current line of instruction continues on the next line. So "& _" tells the interpreter that you want it to treat the next line like its part of this line.< |
| natty |
Posted - 26 April 2008 : 13:22:00
okay, i fixed this by removing the &_ from the line above and adding Response.Write to the line below '### start PWORD MOD###
" <a href=""#top"">" & getCurrentIcon(strIconGoUp,"Go To Top Of Page","align=""right""") & "</a></font></td>" & vbNewLine '& _
'### start PWORD MOD### (commented out &_ above per this mod)
Response.Write " </tr>" & vbNewLine & _
I did the same at the end of the MOD. This solved the problem.
However, I only did this because someone suggested I do this same thing when I was having a similar problem with another piece of code. I don't know ASP or VB and have no idea what this means or what I did. I'm glad I worked, but could someone please write on whether this is a viable solution? It fixed the problem, but I just want to make sure this was the correct thing to do in this case.< |
| natty |
Posted - 26 April 2008 : 13:12:14
cool mod, but I'm getting the following error:
Microsoft VBScript compilation error '800a03ea'
Syntax error
/forums/admin_config_system.asp, line 245
'### start PWORD MOD###
^< |
| AnonJr |
Posted - 04 March 2008 : 17:31:18
quote:
Originally posted by modifichicci
you reset each password not all the same, one by one.. you can invent so many password as you need.
That's what I thought you meant. Gets kinda cumbersome after member 25....   < |
| StephenD |
Posted - 04 March 2008 : 17:02:24
I suppose you could also rehash the existing password one time only with a code change.< |
| modifichicci |
Posted - 04 March 2008 : 16:31:11
you reset each password not all the same, one by one.. you can invent so many password as you need.< |
| AnonJr |
Posted - 04 March 2008 : 16:13:54
I'm not sure I'd want to go that route... someone may take advantage of it if you reset everyone's password to the same thing. And I'm not sure I'd want to reset that many unique passwords. < |
| modifichicci |
Posted - 04 March 2008 : 16:09:36
or you can install password reset and change password of users
An email will be sent with new password and user can change it if he wants and the new one will be according to new settings
http://www.snitzbitz.com/mods/details.asp?Version=All&mid=105< |
| AnonJr |
Posted - 04 March 2008 : 15:57:26
Someone else has been working towards the same end. He'd added an extra field to the members table to record who's updated and who hasn't. In inc_header.asp he checked to see if they'd updated, and if they hadn't, they were re-directed to the profile page to update their profile.
You might want to look into something similar....< |
| Astralis |
Posted - 04 March 2008 : 15:32:10
Muzishun,
Am I correct that this will only make new accounts have stronger passwords? While that's important, my real problem are the old accounts with weak passwords.< |
| muzishun |
Posted - 24 February 2008 : 19:07:42
Thanks modifichicci and phil. Hopefully I will have time this week to make some updates to this and re-release it. Till then, I will assume the changes you have above are kosher and work well.  < |
| philsbbs |
Posted - 24 February 2008 : 05:33:41
Installed and tested and works a treat.
Keep up the great work.< |
| modifichicci |
Posted - 24 February 2008 : 01:24:03
In pop_profile we have to change lines 1365 - 1371 (around..) also, for admin password modification
< |
| modifichicci |
Posted - 23 February 2008 : 17:23:58
I have tested it now.
It works quite well, but there are some redundant error messages if a password is too short or if there is a number in the beginning..
so I have changed the routine checkink password in register and pop proile to avoid redundant error messages
I have changed
to:
it seems working, but if someone has some better ideas he is welcome...< |
| thelodger |
Posted - 23 January 2008 : 16:49:21
Great cheers, I will add it asap.< |
