Force change password extension

Looking for an Extension? Have an Extension request? Post your request here for help. (Note: This forum is community supported; while there is an Extensions Development Team, said team does not dedicate itself to handling requests in this forum)
Ideas Centre
Post Reply
User avatar
John connor
Registered User
Posts: 1579
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Force change password extension

Post by John connor » Tue Feb 13, 2018 4:20 pm

Is there such an extension? I would like to have something like that in case I discover my database has been hacked.

Ah! Think I found my solution: https://www.phpbb.com/support/docs/en/3 ... al_server/

Press Control + F and type password and you will find the relevant Info. I guess I could set it to a day? But then if others come in, change their password, log out and other users have not, those same users will be forced to change their password yet again. So it does seem prudent to have an extension that I can enable/disable when I need to have each member change their password. This ext would have to make a note of each user that changed their password so it doesn't ask him again.

User avatar
GanstaZ
Registered User
Posts: 331
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: Force change password extension

Post by GanstaZ » Tue Feb 13, 2018 5:40 pm

Well.. two-factor authentication like in github sounds the best.

User avatar
david63
Jr. Extension Validator
Posts: 14324
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Force change password extension

Post by david63 » Tue Feb 13, 2018 6:33 pm

Forcing users to change their passwords has been part of the core for years
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
John connor
Registered User
Posts: 1579
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Force change password extension

Post by John connor » Tue Feb 13, 2018 7:09 pm

david63 wrote:
Tue Feb 13, 2018 6:33 pm
Forcing users to change their passwords has been part of the core for years
That's what I was talking about. Read what I said about that.

Bermudez
Registered User
Posts: 81
Joined: Mon Aug 15, 2011 11:56 pm
Location: Spain
Name: Juan Antonio
Contact:

Re: Force change password extension

Post by Bermudez » Tue Feb 13, 2018 7:12 pm

Edit: Not applicable

User avatar
tojag
Registered User
Posts: 327
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Force change password extension

Post by tojag » Sun Feb 18, 2018 5:19 pm

John Connor, I understand you. While the regular user will not usually use it, it should be mandatory for administrators to enforce changing the password. I tried to do it and it worked in part up to time.
viewtopic.php?f=72&t=2264461
It is not working in 3.2.

2FA is good idea to. I see You vote on my idea. Thanks.

Best regards.

User avatar
tojag
Registered User
Posts: 327
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Force change password extension

Post by tojag » Thu Mar 15, 2018 11:50 am

Is there any flag in the database indicating that the password must be changed or maybe the password change request is a non-zero value? (I've found this - user_passchg).
In my opinion, there is no need for extension but an additional function built into the core in future versions - one button "One time force the password change for everyone", which sets this flag once. Unfortunately, if there is no such flag, it should be added to the base table in future version. This function should not depend on the existing periodically password change enforcement as it is a one-time forcing change.

unsigned user_passchg // >0 periodically change password
bool user_passchflaf //1-enforce password change

Of course, this can be more extensive, with a more extensive interface, for example with the selection of user groups (I want this). In this case, it can be an extension. Look here viewtopic.php?f=496&t=2463656

It really seems appropriate in the case you described.
If you report such an idea, I will support it.

Post Reply

Return to “Extension Requests”

Who is online

Users browsing this forum: Andimp3, DWFII, SovereignGrace and 10 guests