Chit-Chat

Password Policies

Permalink August 09, 2010 at 11:07 AM

Is there a way to establish password policies for users (i.e. min length, at least one number and one letter, etc)?

If not has anyone implemented this before? I could write the code, but I am not sure where to put it while maintaining upgrade compatibility.

To the best of my knowledge I need to enfore this in two locations:
1. The default lost password page
2. In the user change password page I created for our users (this one is easy as I control it)

Still, the best way would be to enforce policy in the back end.

Thanks in advance,
Jon

Mnkras replied on Aug 9, 2010 at 12:36 pm Permalink Best Answer Reply

currently these are the only ones implemented, you can stick them in your site.php,

define('USER_USERNAME_MINIMUM', 3);
define('USER_PASSWORD_MINIMUM', 5);
define('USER_USERNAME_MAXIMUM', 64);
define('USER_PASSWORD_MAXIMUM', 64);
define('SESSION_MAX_LIFETIME', 7200); // 2 hours
define('USER_CHANGE_PASSWORD_URL_LIFETIME',  7200);

you would most likely have to customize the register singlepage

jmcguire replied on Aug 9, 2010 at 1:43 pm Permalink Reply

Thanks for the quick response. I was afraid of this. Does anyone know off hand where the logic for these settings is implemented? I hope it is not in the individual pages?

Jon

stylemaster replied on Jun 26, 2012 at 10:59 am Permalink Reply

Did you ever get an answer to this question.

have the same problem

stylemaster replied on Jun 26, 2012 at 11:00 am Permalink Reply

Hi

in witch file could i change this settings?

best regards paul

Judder replied on Aug 7, 2012 at 5:41 am Permalink Reply

Add them into your /config/site.php

For example to make the URL to change your password valid for two days you would add:

define('USER_CHANGE_PASSWORD_URL_LIFETIME',  172800);

Forums

Chit-Chat

Password Policies

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?