0 Members and 1 Guest are viewing this topic.

*

BeRightBack

  • *
  • 5
  • osDate Version: osDate Evo v1.0
password policy
« on: April 03, 2017, 07:47:43 AM »
I would like to set my password policy for the customer registration to full instead of alphanum tho can't find a way, tried to configure signup.tpl but doesn't work

*

Pharg

  • *****
  • 2,789
    • OsDateFourm
  • osDate Version: osDate Evo v1.2
Re: password policy
« Reply #1 on: April 03, 2017, 10:01:20 AM »
Hi BeRightBack,

I am just trying to work out what you mean here, password policy there is none.

If you mean alphanumeric password then this has be answered before but still need to know what you mean.

If you want to add more characters to the password this is all in the lang_main.php files in the languages.
It will look like this in English:
Code: [Select]
$lang['entrycode_chars'] = "0123456789AÁBCDEÉFGHIÍJKLMNOÓÖŐPQRSTUÚÜŰVWXYZaábcdeéfghiíjklmnoóöőpqrstuúüűvwxyz";
$lang['alphanumeric'] = "0123456789.+-_#,/AÁBCDEÉFGHIÍJKLMNOÓÖŐPQRSTUÚÜŰVWXYZaábcdeéfghiíjklmnoóöőpqrstuúüűvwxyz ()_";
$lang['alphanum'] = "0123456789_AÁBCDEÉFGHIÍJKLMNOÓÖŐPQRSTUÚÜŰVWXYZaábcdeéfghiíjklmnoóöőpqrstuúüűvwxyz ";
$lang['text'] = "AÁBCDEÉFGHIÍJKLMNOÓÖŐPQRSTUÚÜŰVWXYZabcdeéfghiíjklmnoópqrstuúüűvwxyz '";
$lang['full_chars'] = "0123456789.+-_#,/AÁBCDEÉFGHIÍJKLMNOPQRSTUÚVWXYZaábcdeéfghiíjklmnoóöőpqrstuúüűvwxyz() _$+=;:?'";



After editing the lang file you must go to the Admin Language manager and load the changes so it goes into the database and takes affect.

Hope this helps.
« Last Edit: April 03, 2017, 11:12:44 AM by Pharg »
Regards,
Pharg ( Phill )

REMEMBER: ALWAYS BACKUP BEFORE YOU MAKE ANY CHANGES!!

osDateEvo v1.2 | PHP: 5.3.42 & PHP: 5.6.18 | MySQL: 5.5.35

*

BeRightBack

  • *
  • 5
  • osDate Version: osDate Evo v1.0
Re: password policy
« Reply #2 on: April 03, 2017, 05:25:14 PM »
Thanks for keeping up this forum, I should have post this on osdate_evo instead tho it's still relevant.
I used to be active in osdate community ten years ago, back to v119, the communnity was very active at the time.

i've read other's post in this forum and haven't found a solution to my problem, so i'll clarify what I mean:

when a new member register, I want him to be able to have a more secure password : full_chars rather than alphanum but recive an error.

"Only letters, numbers and underscores \'_\' are allowed in the password."

I changed the value alphanum to full in signup.tpl but still doesn't work:

function validateme(form)
{ldelim}
   var tz=form.txttimezone.value;
   var tos_ok = form.accept_tos.checked;

   ErrorCount=0;
   ErrorMsg = new Array();
   /* log details */
   {if $config.spam_code_length > 0}
      CheckFieldString("noblank",form.spam_code,"{lang mkey='errormsgs' skey='120'}");
   {/if}
   CheckFieldString("noblank",form.txtusername,"{lang mkey='signup_js_errors' skey='username_noblank'}");
   CheckFieldString("noblank",form.txtpassword,"{lang mkey='signup_js_errors' skey='password_noblank'}");

   /*log details*/
   CheckFieldString("alphanum",form.txtusername,"{lang mkey='signup_js_errors' skey='username_charset'}");
   CheckFieldString("full",form.txtpassword,"{lang mkey='signup_js_errors' skey='password_charset'}");

...

and in function.js, I have this:

function CheckFieldString(type, formField, strMsg) {

   var checkOK;
   var checkStr = formField.value;
     var allValid = true;
   var flagDot  = false;
   var namestr, domainstr;
   
   if (type == 'noblank')
   {
      if (checkStr == "")
        {
           ErrorCount++;
             ErrorMsg[ErrorCount] = strMsg  ;
        }
   } else    {
      if (type == 'integer')   {
           checkOK = "0123456789";
        } else if (type == 'decimal'){   
           checkOK = "0123456789.";
      } else if (type == 'text') {
/*         checkOK = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz "; */
         checkOK = text_chars;
      } else if (type == 'alphanumeric') {
/*         checkOK = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ()_"; */
         checkOK = alphanumeric_chars;
      } else if (type == 'full') {
/*         checkOK = "0123456789.,[]{}=+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ()_:;'\\*^%$@<>?'\"\'"; */
         checkOK = full_chars;
      } else if (type == 'alphanum') {
/*         checkOK = "0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz "; */
         checkOK = alphanum_chars;
      }
...


cleaned templatec folder just in case

any Idea? when I create a new user from admin area I can give an full_chars password


*

Pharg

  • *****
  • 2,789
    • OsDateFourm
  • osDate Version: osDate Evo v1.2
Re: password policy
« Reply #3 on: April 03, 2017, 10:40:45 PM »
Hi BeRightBack,

Quote
"Only letters, numbers and underscores \'_\' are allowed in the password."

I am not sure if you tested the latest version before making changes as I just made this
password: pStxEsTc!#$%^&*(_)+\/<>?:'+`~ for a user and it logs in perfectly.
No errors at all, only ones you can't use are {}|@][ it would seem
« Last Edit: April 03, 2017, 10:48:56 PM by Pharg »
Regards,
Pharg ( Phill )

REMEMBER: ALWAYS BACKUP BEFORE YOU MAKE ANY CHANGES!!

osDateEvo v1.2 | PHP: 5.3.42 & PHP: 5.6.18 | MySQL: 5.5.35

*

BeRightBack

  • *
  • 5
  • osDate Version: osDate Evo v1.0
Re: password policy
« Reply #4 on: April 03, 2017, 10:51:47 PM »
I will downlond a fresh osdateevo and install it on another domain and see what happens, tho the one installed already is pretty recent,

I'll let you know if it works or how I fixed it

thanks

*

Pharg

  • *****
  • 2,789
    • OsDateFourm
  • osDate Version: osDate Evo v1.2
Re: password policy
« Reply #5 on: April 03, 2017, 11:14:01 PM »
Hi BeRightBack,

I don't know if you noticed that the code below, they are committed out so they aren't even working at all.

Code: [Select]
} else if (type == 'text') {
/* checkOK = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz "; */
checkOK = text_chars;
} else if (type == 'alphanumeric') {
/* checkOK = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ()_"; */
checkOK = alphanumeric_chars;
} else if (type == 'full') {
/* checkOK = "0123456789.,[]{}=+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ()_:;'\\*^%$@<>?'\"\'"; */
checkOK = full_chars;
} else if (type == 'alphanum') {
/* checkOK = "0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz "; */
checkOK = alphanum_chars;
}

This isn't done in the js anymore they all set in the language  lang_main.php using the code I gave you before on line 1604.
Code: [Select]
$lang['alphanumeric'] = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ()_";
$lang['alphanum'] = "0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
$lang['text'] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz /'";
$lang['full_chars'] = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz() _$+=;:?'";

This is where you add more characters  ;)

Regards,
Pharg ( Phill )

REMEMBER: ALWAYS BACKUP BEFORE YOU MAKE ANY CHANGES!!

osDateEvo v1.2 | PHP: 5.3.42 & PHP: 5.6.18 | MySQL: 5.5.35

*

BeRightBack

  • *
  • 5
  • osDate Version: osDate Evo v1.0
Re: password policy
« Reply #6 on: April 03, 2017, 11:50:25 PM »
just did a fresh install, same problem, https://adlib.online, try to register with a question mark in password, gives error message

these lines are in my main language file:
$lang['alphanumeric'] = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ()_";
$lang['alphanum'] = "0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
$lang['text'] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz /'";
$lang['full_chars'] = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz() _$+=;:?'";
/* Additions  in Version 2.0 */

as for the commented out lines it only means it put a variable containing the characters instead of inserting the characters directly

/*         checkOK = "0123456789.,[]{}=+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ()_:;'\\*^%$@<>?'\"\'"; */
         checkOK = full_chars;

full_chars is a variable defined somewhere containing "0123456789.,[]{}=+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ()_:;'\\*^%$@<>?'\"\'"

full_chars is sent into the varable checkOK

when I troubleshoot with dev tools, I can see those variables `full_chars`,"alphanum"... are defined

But if the js are not use then they're useless. may be I have to use "full_chars" instead of "full" on this line?

signup.tpl :
 CheckFieldString("full",form.txtpassword,"{lang mkey='signup_js_errors' skey='password_charset'}");



*

Pharg

  • *****
  • 2,789
    • OsDateFourm
  • osDate Version: osDate Evo v1.2
Re: password policy
« Reply #7 on: April 04, 2017, 12:40:46 AM »
Hi BeRightBack,

I also just tested the password with !#$%^&*[(_)+\/>?:'+<`~!-@ and I can log in no problems or errors.

I have made some changes as above, go to your languange and edit lang_main.php and find line 1607:
Change this:
Code: [Select]
$lang['full_chars'] = "0123456789.+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz() _$+=;:?'";

To this:
Code: [Select]
$lang['full_chars'] = "0123456789.<>`~+-_#,/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz()[]|!@#$%^&*_$+=;:?'";

You might also want to change line 1101:
Code: [Select]
'password_charset' => 'Only letters, numbers and underscores \'_\' are allowed in the password.',

Change to:
Code: [Select]
'password_charset' => 'Please use Uppercase and lowercase letters with any other charactor in the password to be more secure.',

Save and then go to the admin/ Manage Languages, select your Language in this case English the click load so all the changes also take place in the database also. [ ReLoad the Language to reflect the Edited changes ]

That's it, all done.

You cannot use {} in it as that's a smarty tag
« Last Edit: April 04, 2017, 06:09:38 AM by Pharg »
Regards,
Pharg ( Phill )

REMEMBER: ALWAYS BACKUP BEFORE YOU MAKE ANY CHANGES!!

osDateEvo v1.2 | PHP: 5.3.42 & PHP: 5.6.18 | MySQL: 5.5.35

*

Pharg

  • *****
  • 2,789
    • OsDateFourm
  • osDate Version: osDate Evo v1.2
Re: password policy
« Reply #8 on: April 04, 2017, 12:54:40 AM »
Hi BeRightBack,

Just tested it again with this password !#$%^&*[(_)+\/>?:'+<`~!-@??? with no errors or problems.  ;)

You might also want to change the password length from 20 to 40 or more in the User Controls under Site Global settings
« Last Edit: April 04, 2017, 12:57:07 AM by Pharg »
Regards,
Pharg ( Phill )

REMEMBER: ALWAYS BACKUP BEFORE YOU MAKE ANY CHANGES!!

osDateEvo v1.2 | PHP: 5.3.42 & PHP: 5.6.18 | MySQL: 5.5.35

*

Pharg

  • *****
  • 2,789
    • OsDateFourm
  • osDate Version: osDate Evo v1.2
Re: password policy
« Reply #9 on: April 04, 2017, 03:24:29 AM »
Hi BeRightBack,

I also have noticed your running osDateEvo on PHP Version 7.0.17 while looking at your site under the Dev tools.

In the download area it says osDateEvo will not work in PHP 7, it must be PHP 5.6 at the max this will be one of the reasons your getting errors.

The above fix I gave you works perfectly in the correct PHP versions.
Regards,
Pharg ( Phill )

REMEMBER: ALWAYS BACKUP BEFORE YOU MAKE ANY CHANGES!!

osDateEvo v1.2 | PHP: 5.3.42 & PHP: 5.6.18 | MySQL: 5.5.35

*

BeRightBack

  • *
  • 5
  • osDate Version: osDate Evo v1.0
Re: password policy
« Reply #10 on: April 04, 2017, 05:54:36 AM »
php70 may be wrong tho I have tried many test sites with different php version and had the same problem.

that said I did a fresh install again with php 5.6, modified the language file like you said above, but most importantly I guess, reload the file.

now it works, I registered from the front page with a secured password,great! :)

I beleive that reloading the language file is the key

but did many thing like clearing  templatec and a cache feature I have on my server prior to the install, so can't be sure

thanks  for guiding me thru this, I really apreciate it

*

Pharg

  • *****
  • 2,789
    • OsDateFourm
  • osDate Version: osDate Evo v1.2
Re: password policy
« Reply #11 on: April 04, 2017, 06:04:44 AM »
Hi BeRightBack,

Your welcome  ;)

It always pays to follow the help and things will start working lol  8)

I also have been doing osDate since it first started out and had the same username then as I do now.

We have been working on a PHP 7 version, but it's no easy task and there are many things that have to change.
Regards,
Pharg ( Phill )

REMEMBER: ALWAYS BACKUP BEFORE YOU MAKE ANY CHANGES!!

osDateEvo v1.2 | PHP: 5.3.42 & PHP: 5.6.18 | MySQL: 5.5.35