webERP Forum
Password Expiration - Printable Version

+- webERP Forum (
+-- Forum: webERP Discussion (
+--- Forum: Development Discussion & Specification (
+--- Thread: Password Expiration (/showthread.php?tid=2724)

Password Expiration - agaluski - 03-12-2016

I have added some new feature in my branch. 2 new parameters are added to the system
1) Password change days. Default value is 0. If 0, no password expiration check. If positive, passwords must be changed every N days
2) Password Length, default 5 to keep current behavior. Allows long. If set then password changes MUST be at least N characters long.
A new check is done in UserSettings.php to ensure new password entered is not the same as current password (in future will prevent re-use - new param)
Every page checks password expiration and if password is expired redirects to UserSettings.php with a message that password must be changed.

Since I am a few versions behind I can't just check in the code to the project (Biggest difference is $db parm - I still have it).
I can contribute it if anybody else wants the code or wants to merge it with main project. Just contact me directly.
I am currently doing some final testing

Caveat - uses date_diff, php 5.3 required for that to work.

RE: Password Expiration - TimSchofield - 03-12-2016

I have had customers requesting password expiration but personally i don't like it. I feel it encourages simple passwords. For instance i have a 14 chracter password containing mixed case letters numbers and symbols which i can type in but even somebody watching me would have great trouble memorising. However if I had to change it frequently i would have to choose something much simpler as i would have problems with my aging memory.

Just my 2 cents

RE: Password Expiration - agaluski - 03-12-2016

Sometimes it is required based on industry, customers etc

RE: Password Expiration - phil - 03-14-2016

I think its a good idea - to have it as an option