BoardMod Mirror - Password Security SP1.1/SP1.2/SP1.3

(UTC)

Choose Language:

BoardMod Mirror › YaBB 1 Mods › FINAL Mods for YaBB 1 SP1.3/1.3.1/1.3.2 › Password Security SP1.1/SP1.2/SP1.3

‹ Previous Topic | Next Topic ›

Page Index Toggle

Pages: [1] 2 3 ... 5

Very Hot Topic (More than 25 Replies)

Password Security SP1.1/SP1.2/SP1.3 (Read 30408 times)

Dummy Proof God Member Offline I hate Bosses! Now get to work! Posts: 991 Location: Outside L.A. Joined: Aug 8^th, 2002 Gender:	Password Security SP1.1/SP1.2/SP1.3 Jun 7^th, 2003 at 9:50am	Print Post
	Password Security SP1.1/SP1.2/SP1.3 Eliminate all plain ASCII storage of members' passwords. Admin screen contains option to "Repair Passwords" which will automatically upgrade all existing plain passwords to encrypted versions, skipping the passwords which are already encrypted. Adds "Secret Question / Answer" to Registration, Profile, and Forget Password sections. Forget password function has one more layer, after they enter their username they are presented with their secret question. If they answer correctly, a new password will be emailed to them. All Passwords and Secret Question answers are stored encrypted, no more plain ascii passwords anywhere! Original Mod by Matthew C. Veno Version History: Version 1.1 Update - Bug Fix Fixed bug where when Admin modifies users' profile the users' password and secret answer were changed and unusable. Version 1.1SP1.1 (by Chrishartmann) Mod modified for use with YaBB 1 Gold - SP1.1 Version 1.2SP1.2 (by DummyProof) Mod modified for use with YaBB 1 Gold - SP1.2 Corrected Reminder Answer screen that would not show if "No Guest Access" was used. Version 1.3SP1.3 (by DummyProof) Mod modified for use with YaBB 1 Gold - SP1.3 For detailed installation information please open yabbpass.html included in the zip file. DummyProof
	« Last Edit: Jun 7^th, 2003 at 12:43pm by Dummy Proof »
	PasswordSecurity.zip ( 18 KB \| Downloads ) Ya can Idiot proof it... Ya can Dummy proof it... But ya can never... ...Blonde proof it!
	WWW IP Logged

Jake God Member Offline Posts: 1265 Location: asia Joined: Jun 22^nd, 2002 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #1 - Jun 7^th, 2003 at 10:45am	Print Post
	Just wondering inthe mod instruction file saying that Quote: You're all set to go! Turn off maintenance mode to re-open your YaBB board. You will want to instruct all your users to update their profile to enter a Secret Question and Answer so encase they ever forget their passwords. My forum has more than 400 members how can i instruct all my users. Actually i love this mod, i've once installed into my forum but almost all my users complained thatthey couldn't logg in. And finally i gave up and took this mod out. In this case how can i do @Dummy you usually give me the better solution and also this one what're you going to do in this case. Thanks


	IP Logged

Dummy Proof God Member Offline I hate Bosses! Now get to work! Posts: 991 Location: Outside L.A. Joined: Aug 8^th, 2002 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #2 - Jun 7^th, 2003 at 11:34am	Print Post
	A "cheap and dirty" way would be to force them to make the entry valid or they don't get to go any further than their Modify Profile page. In YaBB.pl find this Code &banning; # Check for banned people And add after it this Code if ($username ne 'Guest' && !$settings[21] && $action ne 'profile' && $action ne 'profile2' && $action ne 'logout'){ $mandatorytext = qq~Please modify your profile so that the "Secret Question" and "Answer" entries are valid.~; &fatal_error($mandatorytext); } After logging in they will go to the Board Index as usual, but if they try to go anywhere other than the their profile page they will get an error telling them: "Please modify your profile so that the "Secret Question" and "Answer" entries are valid." As you may or may not know, new users would be unaffected by this, as they are required to provide that info upon registering. Dummy

	Ya can Idiot proof it... Ya can Dummy proof it... But ya can never... ...Blonde proof it!
	WWW IP Logged

gwyden New Member Offline Posts: 45 Location: Dallas Joined: Jun 2^nd, 2003 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #3 - Jun 7^th, 2003 at 11:41am	Print Post
	would this technically be v1? I like to keep track so if a mod is released in the future I know which is the most current =)


	ICQ YIM AIM IP Logged

Dummy Proof God Member Offline I hate Bosses! Now get to work! Posts: 991 Location: Outside L.A. Joined: Aug 8^th, 2002 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #4 - Jun 7^th, 2003 at 11:48am	Print Post
	Technically v1 was released by Matthew C. Veno. Subsequent bug fixes and update versions are listed above. Dummy

	Ya can Idiot proof it... Ya can Dummy proof it... But ya can never... ...Blonde proof it!
	WWW IP Logged

wayland Full Member Offline I love YaBB 1G - SP1! Posts: 135 Location: Nashville Joined: Jan 28^th, 2002	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #5 - Jun 7^th, 2003 at 4:52pm	Print Post
	Dummy, Is the javacrypt.js file included in the mod zip file the Password Encryption tool? Also, just to be clear, is there any difference between the final version and the 1.3BETA version I already have installed?


	WWW AIM IP Logged

Dummy Proof God Member Offline I hate Bosses! Now get to work! Posts: 991 Location: Outside L.A. Joined: Aug 8^th, 2002 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #6 - Jun 7^th, 2003 at 7:33pm	Print Post
	No difference from the last SP1.3beta. The javacrypt.js is only for the yabbpass.html, not to be installed with the mod. Dummy

	Ya can Idiot proof it... Ya can Dummy proof it... But ya can never... ...Blonde proof it!
	WWW IP Logged

Jake God Member Offline Posts: 1265 Location: asia Joined: Jun 22^nd, 2002 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #7 - Jun 8^th, 2003 at 7:49am	Print Post
	Quote: As you may or may not know, new users would be unaffected by this, as they are required to provide that info upon registering. Yes i know the over 400 members are the old members.


	IP Logged

wayland Full Member Offline I love YaBB 1G - SP1! Posts: 135 Location: Nashville Joined: Jan 28^th, 2002	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #8 - Jun 8^th, 2003 at 9:00pm	Print Post
	Dummy, I've discovered a compatibility issue between Password Security and Automatic Flood Protection. Here's the link to thread discussing the issue. http://boardmod.yabbforum.com/yabb/YaBB.pl?board=modbugs;action=display;num=1054...


	WWW AIM IP Logged

gwyden New Member Offline Posts: 45 Location: Dallas Joined: Jun 2^nd, 2003 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #9 - Jun 9^th, 2003 at 12:25am	Print Post
	so the real question is does every mod have to be workable with every other mod or is it the responsibility of the person wanting the mod to fix? I know many mods come with combatability versions(which is kewl) but I would hope most people using the open source code would take advantage and get their hands dirty...


	ICQ YIM AIM IP Logged

Outlaw Full Member Offline I love YaBB 1G - SP1.2! Posts: 191 Location: Essex County Joined: Apr 9^th, 2003 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #10 - Jun 9^th, 2003 at 3:24am	Print Post
	gwyden said: Quote: so the real question is does every mod have to be workable with every other mod or is it the responsibility of the person wanting the mod to fix? I know many mods come with combatability versions(which is kewl) but I would hope most people using the open source code would take advantage and get their hands dirty... I reply... BWAHAHAHAHA! Forgive my laughter, but I asked almost the same question a little while back, and have close to 100 mods installed, and all had to done manually after about the first 10 or so. MOST mods have to be individually tailored to work, trust me. Thank the good Lord above for the great and selfless mod writers and users of this forum, because without them, most of us would have nothing but a basic YaBB, or another script. I just found out that I may have to start over on my entire near 2 month to build script, due to a few minor problems that are just impossible (so i am told) to find and fix in my heavily modified script, so hang in there and learn all you can as you go Ask your questions, and these good folks will surely help you find the answers.


	IP Logged

Dummy Proof God Member Offline I hate Bosses! Now get to work! Posts: 991 Location: Outside L.A. Joined: Aug 8^th, 2002 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #11 - Jun 9^th, 2003 at 9:17am	Print Post
	wayland wrote on Jun 8^th, 2003 at 9:00pm: Dummy, I've discovered a compatibility issue between Password Security and Automatic Flood Protection. Here's the link to thread discussing the issue. http://boardmod.yabbforum.com/yabb/YaBB.pl?board=modbugs;action=display;num=1054... Unless Ron makes his mod compatible with this one I see three options: 1) Use this mod and don't use reg flood mod. 2) Use reg flood mod and don't use this one. 3) Install this mod, then remove the steps in reg flood mod that change the LogInOut.pl file, then install that mod. This of course will be removing the flood protection from the password reminder function. I kinda doubt the mod author will return just to make it compatible with that mod . The only reason I released this was because there were requests for SP1.2/SP1.3.x versions for those who had this mod installed upon those YaBB releases. There was also a step that needed to be added to the SP1.1 version of the mod. Dummy

	Ya can Idiot proof it... Ya can Dummy proof it... But ya can never... ...Blonde proof it!
	WWW IP Logged

wayland Full Member Offline I love YaBB 1G - SP1! Posts: 135 Location: Nashville Joined: Jan 28^th, 2002	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #12 - Jun 9^th, 2003 at 2:42pm	Print Post
	Quote: I see three options: 1) Use this mod and don't use reg flood mod. 2) Use reg flood mod and don't use this one. 3) Install this mod, then remove the steps in reg flood mod that change the LogInOut.pl file, then install that mod. Thanks Dummy, I think it would be rather inconvenient to uninstall the Password Security mod at this point, as it is not possible to automatically decode the encrypted passwords in the process. Once encrypted, always enrypted. Correct?


	WWW AIM IP Logged

DocRST God Member Offline Dont get use to it! Posts: 1846 Location: Oklahoma City Joined: Aug 24^th, 2002 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #13 - Jun 9^th, 2003 at 2:45pm	Print Post
	Is it posible to ad a Password Policy, like must be at least ?? chars, Must have ??, ?? and ?? in the password. This may be a fix to hacks.

	Doc Cowles Web Master YourWebSpace.com - Free YaBB hosting docrst@yahoo.com
	WWW ICQ YIM AIM IP Logged

Spikecity God Member Offline Beer anyone ? Posts: 2630 Location: New York Joined: Apr 16^th, 2002 Gender:	Re: Password Security SP1.1/SP1.2/SP1.3 Reply #14 - Jun 9^th, 2003 at 2:56pm	Print Post
	Quote: Unless Ron makes his mod compatible with this one I see three options: Hé, Dummy, don't know who wrote password protection for SP1.3.1, but why is it always me who has to be compatible with everyone else, I comply to YaBB standard code which is enough! I did not invent an extra step into the registration sequence and merely add code to standard YaBB code. So my suggestion is that the one now taking care of PW prot mod should bend a little and be compatible with flooding protection Ron

	Nothing to add here
	IP Logged

Page Index Toggle

Pages: [1] 2 3 ... 5

‹ Previous Topic | Next Topic ›

« Board Index ‹ Board Top

Top

BoardMod Mirror » Powered by YaBB 2.6.12!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid XHTML

Valid CSS

Powered by Perl

Source Forge