Thread Rating:
  • 2 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Password Expiration
03-12-2016, 04:38 AM, (This post was last modified: 03-12-2016, 04:54 AM by agaluski.)
Password Expiration
I have added some new feature in my branch. 2 new parameters are added to the system
1) Password change days. Default value is 0. If 0, no password expiration check. If positive, passwords must be changed every N days
2) Password Length, default 5 to keep current behavior. Allows long. If set then password changes MUST be at least N characters long.
A new check is done in UserSettings.php to ensure new password entered is not the same as current password (in future will prevent re-use - new param)
Every page checks password expiration and if password is expired redirects to UserSettings.php with a message that password must be changed.

Since I am a few versions behind I can't just check in the code to the project (Biggest difference is $db parm - I still have it).
I can contribute it if anybody else wants the code or wants to merge it with main project. Just contact me directly.
I am currently doing some final testing

Caveat - uses date_diff, php 5.3 required for that to work.
03-12-2016, 05:00 AM,
RE: Password Expiration
I have had customers requesting password expiration but personally i don't like it. I feel it encourages simple passwords. For instance i have a 14 chracter password containing mixed case letters numbers and symbols which i can type in but even somebody watching me would have great trouble memorising. However if I had to change it frequently i would have to choose something much simpler as i would have problems with my aging memory.

Just my 2 cents
03-12-2016, 05:14 AM,
RE: Password Expiration
Sometimes it is required based on industry, customers etc
03-14-2016, 05:23 AM,
RE: Password Expiration
I think its a good idea - to have it as an option
Phil Daintree
webERP Admin
Logic Works Ltd

Forum Jump:

Users browsing this thread: 1 Guest(s)