Password Expiration
I have added some new feature in my branch. 2 new parameters are added to the system
1) Password change days. Default value is 0. If 0, no password expiration check. If positive, passwords must be changed every N days
2) Password Length, default 5 to keep current behavior. Allows long. If set then password changes MUST be at least N characters long.
A new check is done in UserSettings.php to ensure new password entered is not the same as current password (in future will prevent re-use - new param)
Every page checks password expiration and if password is expired redirects to UserSettings.php with a message that password must be changed.
Since I am a few versions behind I can't just check in the code to the project (Biggest difference is $db parm - I still have it).
I can contribute it if anybody else wants the code or wants to merge it with main project. Just contact me directly.
I am currently doing some final testing
Caveat - uses date_diff, php 5.3 required for that to work.
|