Force change password extension

Looking for an Extension? Have an Extension request? Post your request here for help. (Note: This forum is community supported; while there is an Extensions Development Team, said team does not dedicate itself to handling requests in this forum)
Suggested Hosts
Post Reply
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Force change password extension

Post by 2600 »

Is there such an extension? I would like to have something like that in case I discover my database has been hacked.

Ah! Think I found my solution: https://www.phpbb.com/support/docs/en/3 ... al_server/

Press Control + F and type password and you will find the relevant Info. I guess I could set it to a day? But then if others come in, change their password, log out and other users have not, those same users will be forced to change their password yet again. So it does seem prudent to have an extension that I can enable/disable when I need to have each member change their password. This ext would have to make a note of each user that changed their password so it doesn't ask him again.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
GanstaZ
Registered User
Posts: 1187
Joined: Wed Oct 11, 2017 10:29 pm
Location: GZOverse

Re: Force change password extension

Post by GanstaZ »

Well.. two-factor authentication like in github sounds the best.
Usus est magister optimus! phpBB pre-Triton & latest php environment.
When answer lies in the question, question becomes redundant!
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: Force change password extension

Post by david63 »

Forcing users to change their passwords has been part of the core for years
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Force change password extension

Post by 2600 »

david63 wrote: Tue Feb 13, 2018 6:33 pm Forcing users to change their passwords has been part of the core for years
That's what I was talking about. Read what I said about that.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
Bermudez
Registered User
Posts: 171
Joined: Mon Aug 15, 2011 11:56 pm
Location: Spain
Name: Juan Antonio
Contact:

Re: Force change password extension

Post by Bermudez »

Edit: Not applicable
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Force change password extension

Post by tojag »

John Connor, I understand you. While the regular user will not usually use it, it should be mandatory for administrators to enforce changing the password. I tried to do it and it worked in part up to time.
viewtopic.php?f=72&t=2264461
It is not working in 3.2.

2FA is good idea to. I see You vote on my idea. Thanks.

Best regards.
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Force change password extension

Post by tojag »

Is there any flag in the database indicating that the password must be changed or maybe the password change request is a non-zero value? (I've found this - user_passchg).
In my opinion, there is no need for extension but an additional function built into the core in future versions - one button "One time force the password change for everyone", which sets this flag once. Unfortunately, if there is no such flag, it should be added to the base table in future version. This function should not depend on the existing periodically password change enforcement as it is a one-time forcing change.

unsigned user_passchg // >0 periodically change password
bool user_passchflaf //1-enforce password change

Of course, this can be more extensive, with a more extensive interface, for example with the selection of user groups (I want this). In this case, it can be an extension. Look here viewtopic.php?f=496&t=2463656

It really seems appropriate in the case you described.
If you report such an idea, I will support it.
Post Reply

Return to “Extension Requests”