Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Password Security Tweaks
 New Topic  Reply to Topic
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

muzishun
Senior Member

United States
1079 Posts

Posted - 22 January 2008 :  16:27:14  Show Profile  Visit muzishun's Homepage  Reply with Quote
I've packaged up a couple of the security tweaks Shaggy and I discussed in the Password Salting thread, and I've added a bit of flair to them. The admin can now configure the minimum/maximum length of the passwords from the Main Forum Configuration. They can also toggle alphanumeric passwords on and off from there as well.

From the readme:
quote:
This miniMOD adds a few security enhancements to users' passwords. It gives the forum owner the ability to specify minimum and maximum password lengths, as well as other features.

Download from SnitzBitz.<

Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)

Edited by - muzishun on 22 January 2008 16:27:54

MarcelG
Retired Support Moderator

Netherlands
2625 Posts

Posted - 22 January 2008 :  16:34:35  Show Profile  Visit MarcelG's Homepage  Reply with Quote
Nice one!<

portfolio - linkshrinker - oxle - twitter
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts

Posted - 22 January 2008 :  17:27:20  Show Profile  Visit muzishun's Homepage  Reply with Quote
Thanks much. I'm really loving the amount of time that I can spend working on "side code" like Snitz while I'm at work. There is a lot of self-management, and as long as I'm getting all of my work done, I have a fair amount of leeway. It has definitely helped me start to catch up on "The List". <

Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

MarcelG
Retired Support Moderator

Netherlands
2625 Posts

Posted - 23 January 2008 :  01:18:54  Show Profile  Visit MarcelG's Homepage  Reply with Quote
I was in that position too for a while ; loved every day of it! (20+ hours of Snitz in worktime a week, since the department I worked at had a Snitz based CMS system plus Snitz forum (which was btw caused by me too as I installed it between xmas and newyear ))<

portfolio - linkshrinker - oxle - twitter
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts

Posted - 23 January 2008 :  04:37:34  Show Profile  Reply with Quote
Nicely done, Muz' Definitely one I'd recommend for inclusion in the base code once it's had a few test drives.

<

Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts

Posted - 23 January 2008 :  08:26:16  Show Profile  Visit muzishun's Homepage  Reply with Quote
Thanks much, Shaggy. As I said, I've had a lot more time to work on stuff lately, so I have been keeping track of the different threads where people talk about things that don't/should have MODs and using those as fuel for my coding energy.<

Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

PPSSWeb
Junior Member

312 Posts

Posted - 23 January 2008 :  10:27:39  Show Profile  Reply with Quote
Great Idea! I can't wait until I have time to test it out. Thanks!<
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts

Posted - 23 January 2008 :  10:51:22  Show Profile  Visit muzishun's Homepage  Reply with Quote
You're welcome.<

Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

thelodger
Junior Member

United Kingdom
296 Posts

Posted - 23 January 2008 :  14:29:37  Show Profile  Reply with Quote
Can I add this retrospective, I don’t want to add this excellent mod if it will affect the current members.<
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts

Posted - 23 January 2008 :  16:34:02  Show Profile  Visit muzishun's Homepage  Reply with Quote
It will only affect current members if they change their password. It checks to see if they are changing their password in pop_profile.asp, and if they are, the new security measures are enforced. If not, their old password remains.<

Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

thelodger
Junior Member

United Kingdom
296 Posts

Posted - 23 January 2008 :  16:49:21  Show Profile  Reply with Quote
Great cheers, I will add it asap.<
Go to Top of Page

modifichicci
Average Member

Italy
787 Posts

Posted - 23 February 2008 :  17:23:58  Show Profile  Visit modifichicci's Homepage  Reply with Quote
I have tested it now.
It works quite well, but there are some redundant error messages if a password is too short or if there is a number in the beginning..
so I have changed the routine checkink password in register and pop proile to avoid redundant error messages

I have changed
If strPassNum = 1 Then
boolPwnumeric = 0
For i = 0 To 9
If InStr(strTempPass,i) <> 0 Then
boolPwNumeric = 1
Exit For
End If
Next
End If
If boolPwNumeric = 1 or strPassNum = 0 Then
For i = 97 To 122
If LCase(Left(strTempPass,1)) = Chr(i) Then
boolPwletter = 1
boolPwalpha = 1
Exit For
End If
Next
End If


to:

If strPassNum = 1 Then
boolPwnumeric = 0
For i = 0 To 9
If LCase(Left(strTempPass,1)) = Chr(i) Then
boolPwnumeric = 0

Exit For
elseIf InStr(strTempPass,i) <> 0 Then
boolPwNumeric = 1
Exit For
End If
Next
For i = 97 To 122
If LCase(Left(strTempPass,1)) = Chr(i) Then
boolPwletter = 1
boolPwalpha = 1
' Exit For
elseif InStr(strTempPass,Chr(i)) <> 0 Then
boolPwalpha = 1
End If
Next
else
If boolPwNumeric = 1 or strPassNum = 0 Then
For i = 97 To 122
If LCase(Left(strTempPass,1)) = Chr(i) Then
boolPwletter = 1
boolPwalpha = 1
Exit For
elseif InStr(strTempPass,Chr(i)) <> 0 Then
boolPwalpha = 1
End If
Next
End If
end if


it seems working, but if someone has some better ideas he is welcome...<

Ernia e Laparocele
Forum di Ernia e Laparocele
Acces - MySql Migration Tutorial
Adamantine forum
Go to Top of Page

modifichicci
Average Member

Italy
787 Posts

Posted - 24 February 2008 :  01:24:03  Show Profile  Visit modifichicci's Homepage  Reply with Quote
In pop_profile we have to change lines 1365 - 1371 (around..) also, for admin password modification
if strAuthType = "db" then
if trim(Request.Form("Password")) <> "" then
if Len(Request.Form("Password")) > 25 then
Err_Msg = Err_Msg & "<li>The Password can not be greater than 25 characters</li>"
end if
end if
end if


<

Ernia e Laparocele
Forum di Ernia e Laparocele
Acces - MySql Migration Tutorial
Adamantine forum
Go to Top of Page

philsbbs
Junior Member

United Kingdom
397 Posts

Posted - 24 February 2008 :  05:33:41  Show Profile  Reply with Quote
Installed and tested and works a treat.

Keep up the great work.<

Phil
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts

Posted - 24 February 2008 :  19:07:42  Show Profile  Visit muzishun's Homepage  Reply with Quote
Thanks modifichicci and phil. Hopefully I will have time this week to make some updates to this and re-release it. Till then, I will assume the changes you have above are kosher and work well. <

Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

Astralis
Senior Member

USA
1218 Posts

Posted - 04 March 2008 :  15:32:10  Show Profile  Send Astralis a Yahoo! Message  Reply with Quote
Muzishun,

Am I correct that this will only make new accounts have stronger passwords? While that's important, my real problem are the old accounts with weak passwords.<
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.37 seconds. Powered By: Snitz Forums 2000 Version 3.4.07