PDA

View Full Version : Password Expiration Policies


JulianD
17 Nov 2002, 23:23
Here's a hack requested here (http://www.vbulletin.org/forum/showthread.php?s=&threadid=45020) by kreatiV.

What it does?
- The users will be prompted to change their password every XX days (configured using Admin CP)
before browsing the forums. You have the option to store old password in the DB to prevent
users to reuse them.
- You can customize the password expiration date using the Admin CP when editing a user.
Useful if you want to set the password expiration time for a user to NOW.
- Usergroup driven (new in 1.01)

What to do?
- 5 files to edit
- 4 new templates
- 3 queries to run
- 4 new settings in vBulletin Options

New Versión 1.01 (attachment updated):
The script is now Usergroup driven. You can specify what groups to apply the policy in Admin CP > User Groups > Modify > usergroup you want to edit > Password expires.

If you want to upgrade the script, follow the steps at the end of the file.



You can find some screenshots in the next post.

If you have any problem, suggestion, bug report, please post them here.

Enjoy.

KelteN
17 Nov 2002, 23:28
Its kind of like the windows xp professional concept of changing your pass every month :D

JulianD
17 Nov 2002, 23:32
Yes, you can use it for that purpose. Personally, I won't use it in my forums, but it might be useful to others :)

JulianD
17 Nov 2002, 23:32
Here's the screen that appears when your password is expired

JulianD
17 Nov 2002, 23:33
And Some Admin CP options.

Link14716
17 Nov 2002, 23:45
Good hack, but I hope that nobody installs it on any board that I go to. I like having the same password. ;)

Mephisteus
18 Nov 2002, 10:49
I don't know about installing it, it might be usefull for some forums... I don't know about mine though...

Brad
18 Nov 2002, 10:54
Nice idea, wont use it myself tho.

Bison
18 Nov 2002, 11:25
What do you guys mean? This is a hack EVERYONE should use! This would help in preventing someone from from stealing users Login info. I used to have a problem where someone would steal a users Nick Name cause they may have registered the same password at another board!

Great job!

Mephisteus
18 Nov 2002, 12:32
It would increase security, but lots and lots of people find this very annoying

Neo
18 Nov 2002, 18:11
Thank god. I requested this like 4-5 months ago.

Dean C
18 Nov 2002, 18:43
Excellent idea...

But it could be unpractial and a nuiscance for some members :)

Excellent hack nevertheless

- miSt

Bison
19 Nov 2002, 18:04
Is it possible to modify this to alert certain user groups instead? I would like to assign this for the moderator group...

JulianD
19 Nov 2002, 18:43
Yes, it is possible... Let me see what can I do...

Bison
19 Nov 2002, 20:45
Thanks Julian! :p

N9ne
19 Nov 2002, 20:50
This is a nice hack and would be useful if it was usergroup driven.

It would add security if your mods and admins had to change their password every so often :)

JulianD
20 Nov 2002, 03:22
Originally posted by N9ne
This is a nice hack and would be useful if it was usergroup driven.

It would add security if your mods and admins had to change their password every so often :)

Done. Check the 1st post.

Bison
20 Nov 2002, 04:21
Youda Man Julian! I'll install and test!

Mike11212
20 Nov 2002, 04:36
is there a way i can set it so only admins and mods are forced to change passwords?

JulianD
20 Nov 2002, 05:27
Originally posted by Mike11212
is there a way i can set it so only admins and mods are forced to change passwords?

You can configure the admin and moderator usergroups to force the password change.

Mephisteus
20 Nov 2002, 15:49
Finally, upload the file admin/expiry.php to your admin directory.

Where is this file?

JulianD
20 Nov 2002, 18:37
Originally posted by DarkSSJ3


Where is this file?

Damn, I really hate when I forgot something.

The ZIP has been uploaded in the first post.

Bison
20 Nov 2002, 20:26
I used the old one anyway ... working fine so far!

Mephisteus
21 Nov 2002, 16:08
Originally posted by JulianD


Damn, I really hate when I forgot something.

The ZIP has been uploaded in the first post.

thx :)

partang2
23 Nov 2002, 20:55
Might be usefull....

spaceb
24 Nov 2002, 15:53
hmm I have a little problem i installed the hack and it seems to work fine but now i added a new member from the control panel and he cant login he changed his pssword at least 10 times and still its asking him to change the pass and he cant do anything alway he only see the expire message :?

JulianD
24 Nov 2002, 16:05
Uhmm... Might be a bug... Let me check.

Obi-Wan
24 Nov 2002, 19:04
Kewl job man.

Definetly *install

vwvitek
24 Nov 2002, 23:06
I would like to use this hack for an online classroom, visited by my students from overseas, but I need an option which is not included in this hack yet: After expiration of the initial password, user MUST contact Admin to renew, otherwise he/she does not get into his account anymore. Under this option, the renewal should be following sequence of steps: (1) user with expired password gets a link to PM addressed to Admin with default text, requesting permission to renew password (2) Admin manually checks user's account as "eligible for one-time renewal" (3) After checking user's account, at the next login user's login screen changes from "Sorry, contact Admin ..." to regular password renewal screen (4) User logs into his account and renews his password.

Can you add this "no-renewal" option to your hack? I understand this add-on may not be attractive for everybody, so please contact me via e-mail if you would rather settle this add-on as a private project. Thanx for your good work, by the way!

JulianD
24 Nov 2002, 23:12
Hi vwvitek, it would require some modification to the hack, but let me see what can I do for you.

vwvitek
24 Nov 2002, 23:19
Originally posted by JulianD
Hi vwvitek, it would require some modification to the hack, but let me see what can I do for you.

OK, thanks!

JulianD
24 Nov 2002, 23:30
Originally posted by spaceb
hmm I have a little problem i installed the hack and it seems to work fine but now i added a new member from the control panel and he cant login he changed his pssword at least 10 times and still its asking him to change the pass and he cant do anything alway he only see the expire message :?

NOp, it's working for me when I manually add an user. Maybe you missed some step?

spaceb
28 Nov 2002, 18:42
hmm I dont think so but maybe it happens because another hack that i have installed? or something like this?

JulianD
28 Nov 2002, 19:00
Yeah, it is possible... If you need any help, I'd need to know what hacks you've installed.

Jadelit
30 Nov 2002, 08:29
This is a great hack!

What would make it even better, is an option that can show you who hasn't re-activated there password in XX days.

Jadelit
01 Dec 2002, 12:36
bump.

JulianD
01 Dec 2002, 16:51
hehe Thanks for your comments Jadelit. It's a good option to the hack... I might do it :)

Jadelit
01 Dec 2002, 22:56
=] Great to hear!

Bison
06 Jan 2003, 18:20
Just wanted to say that this is a fine hack, and it works very well! :)

Thank Again Julian!

ahiggs
16 Jan 2003, 15:25
I cant get it to work with vbb 2.2.9 I have no other hacks installed at the moment.

Admin CP shows everything correct but it try to force a user to change password it doesnt happen just acts like it isnt even in there I have redone the install procedure 3-4 times now and same thing.

Is it because of vbb 2.2.9?

any help is appriciated

thanks

Alan Higgs

http://www.prophecyguild.com/vbb

JulianD
19 Jan 2003, 04:36
I don't think it's related to the vb version. Let me see anyway, i'll install this on a clean 2.2.9 and I'll tell you how it goes.

ahiggs
21 Jan 2003, 17:56
k thanks not sure why I cant get it to work.

Graphics
24 Jan 2003, 21:09
Looks great, everyone should use this. Just set the amount of days to 31 or summin'. Your members can't complain about changing their password at least once a month. ;)

ahiggs
28 Jan 2003, 19:48
JulianD just wondering if you found anything out?

JulianD
29 Jan 2003, 00:19
Yeah.. I installed it on a clean 2.2.9 and it didn't work hehehe But then I realized that this hack is usergroup based, so I went to my usergroup, activated the option to allow the password to expire, and it did work...

Try and see if it works for you.

ahiggs
29 Jan 2003, 15:53
cool thanks. Will let you know if it works ok here.

JulianD
29 Jan 2003, 15:58
No problem, If you still have problems, just let me know so I can see what's going on with your installation.

ahiggs
29 Jan 2003, 17:53
JulianD,

Works great, was the group function that was getting me I went into the usergroups and changed the settings and it all works

Thanks for the Help,

Alan Higgs

great hack btw

Mu5icMan
26 Mar 2004, 12:36
i've just noticed that the Day Before Warning feature doesn't work, please advice

Logan70
11 Aug 2004, 16:26
I was reading through this. I think this a great feature for tight security.

But, will this work in v3.x.x

Later

JulianD
11 Aug 2004, 17:42
Hi.

I think this feature has been implemented on vBulletin 3 standard features.

Logan70
11 Aug 2004, 17:46
Thks Julian.

I will look at the admin features.

Logan70
12 Aug 2004, 04:28
Went looking for it and can not find it.

Is there something I missed? Can anyone point me in the right direction?

Thanks