PDA

View Full Version : Check user password hack Ver 1.0


Birdie501
18 Jul 2002, 15:11
//////////////////////////////////////////////////////////////
\\
\\ Check user password hack Ver 1.1
\\ Latest version: 1.10 (7-18-2002)
\\ tested with vb 2.2.6
\\ by Birdie501
\\ ----------------------------------------------------------
\\
\\ Description:
\\ ============
\\ You can set a time period (x days) in your admin cp how long
\\ a user password is valid until the user has to change it
\\ due to security reasons!
\\ If the time is over the user see a screen each time he logs in
\ which forces him to change the password.
\\
\\ At the moment this hack doesn't work if the user uses cookies
\\ for logging in. Maybe some of you can help me with that
\\ because i have no knowledge about the cookie thing!
\\
\\ Support: as good as i can
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Hi,

i thought this hack might be usefull for some of you :)
I attached a german and an english version.
Screens will follow!

Please consider that this hack is still in beta version! I would be happy if some of you can improve the functionality.

Please click install!
Thanks!

Updated: Ver 1.1
Now the message will not be shown as admin, moderator or Supermoderator! zip changed!

Birdie501
18 Jul 2002, 15:12
german version:

Birdie501
18 Jul 2002, 15:22
admin screen 1:

Birdie501
18 Jul 2002, 15:23
admin screen 2:

Birdie501
18 Jul 2002, 15:23
user screen: (german language)

DemiNeo0101
18 Jul 2002, 15:46
Very good hack. Is there a way you can make it so you can select what groups this affect? this would be great for my Admin and Mod groups. User groups i don't care that much about.

bad_madman
18 Jul 2002, 15:52
Nice! Very meaningful for admins and mods.
"Our forum is to become safer..." ;)

Birdie501
18 Jul 2002, 16:08
Originally posted by DemiNeo0101
Very good hack. Is there a way you can make it so you can select what groups this affect? this would be great for my Admin and Mod groups. User groups i don't care that much about.

I will try but maybe bad_madman can help! He is an expert! :)

Neo
18 Jul 2002, 16:49
*cough* Stealing my idea from vb.com :\

ohh well guess I will still release mine with all the extra addons :p

Birdie501
18 Jul 2002, 16:56
Originally posted by Neo
*cough* Stealing my idea from vb.com :\

ohh well guess I will still release mine with all the extra addons :p

hehe :)

I requested this hack on 05-24-02 10:23 AM!!
-> http://www.vbulletin.org/forum/showthread.php?s=&threadid=38982

Neo
18 Jul 2002, 16:59
*pushes him* I am just messing with you man. Nice job thanks for making it.. I have so much to do and sooooo little time. Now all you need to have is if they dont change it within X amount of days it updates to a random one and emails it to them.

Xenon
18 Jul 2002, 21:59
Hi pal ;)

Are you sure your installfile is correct?

because you replace section
// ############################### start update password ###############################

with a section
// ############################### start login ###############################

ok i think i'll talk in german now, its easier for me and you ;)

Für die cookie sache hätte ich vielleicht was für dich:
In der global.php bevor die $header geparsed wird kannste ne abfrage reinmachen ob die zeitspanne überschritten ist. wenn dem so ist kannste ja in den header ne variable einfügen mit nem Link und dem hinweis das das pw geändert werden muss ;)

Paul
19 Jul 2002, 04:43
Excellent hack! I just read the thread over at vb.com regarding this being implemented in vB3. I'd have to agree with a few points made here already:

This should be optionally definable by usergroup. For some sites, this may only be useful with moderators.

Once the period of time for an expired password has past, an option to set a new "strong" password (consisting of lower and upper case letters, numbers, and symbols--i.e. "Fe93Fdksi#@fksDF") which is randomly generated and e-mailed to the user automatically.

For really superb security, in addition to the above, xx previous passwords should be remembered and prevented from being used for xx password changes. There should also be an option to limit the amount of time between password changes (so that a user doesn't change a password xx times to be able to use the same one again--perhaps one password change per day?)

"Locking out" the account for a specified amount of time or until an administrator unlocks the account would be terrific as well.

I am thinking of mirroring the Windows 2000 Active Directory security model, for those who might be familiar with that. What a great addition this would be for vB!

Paul

Birdie501
19 Jul 2002, 06:56
Originally posted by Xenon
Hi pal ;)

Are you sure your installfile is correct?

because you replace section
// ############################### start update password ###############################

with a section
// ############################### start login ###############################



Ups, sorry mad a mistake in the installation instructions! Thanks Xenon! File is updated! Should work now!


ok i think i'll talk in german now, its easier for me and you ;)

Für die cookie sache hätte ich vielleicht was für dich:
In der global.php bevor die $header geparsed wird kannste ne abfrage reinmachen ob die zeitspanne überschritten ist. wenn dem so ist kannste ja in den header ne variable einfügen mit nem Link und dem hinweis das das pw geändert werden muss ;)

mmmh,
kannste das mal genauer beschreiben, z.B. mit Code :)

Birdie501
19 Jul 2002, 07:23
Originally posted by LoveShack
Excellent hack! I just read the thread over at vb.com regarding this being implemented in vB3.
Paul

To which thread are you guys refering to? :)

Xenon
19 Jul 2002, 11:15
k ich versuchs mal :)

in der global.php finde die zeilen:
// parse css, header & footer ##################
eval("\$headinclude = \"".gettemplate('headinclude')."\";");
eval("\$header .= \"".gettemplate('header')."\";");
eval("\$footer .= \"".gettemplate('footer')."\";");


und davor hau irgendsowas rein:
if((time()-$bbuserinfo[pwdate])>($pwdays*3600*24)) {
eval("\$pwreminder .= \"".gettemplate('pwreminder')."\";");
} else {
$pwreminder="";
}

dann hauste das $pwreminder irgendwo in deinen header und erstellst ein schönes template pwreminder in das de den link zum pw ändern reinmachst und groß sagst das es schon viel zu lange her ist das das pw geändert wurde ;)

Paul
19 Jul 2002, 17:17
Originally posted by Birdie501


To which thread are you guys refering to? :)

http://www.vbulletin.com/forum/showthread.php?s=&threadid=50268

:)

P.S. mind translating all that German? I don't understand a word of it :D

Xenon
19 Jul 2002, 23:35
it's just a small install hint like find replace and do .....
but in german ;)

Birdie501
20 Jul 2002, 17:19
Originally posted by LoveShack


http://www.vbulletin.com/forum/showthread.php?s=&threadid=50268

:)

P.S. mind translating all that German? I don't understand a word of it :D

Should have read that before writing the hack :)