I forgot my password

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Suggested Hosts
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
Locked
User avatar
Abraham54
Registered User
Posts: 26
Joined: Sun Feb 15, 2015 9:59 am
Contact:

I forgot my password

Post by Abraham54 » Fri Feb 27, 2015 5:36 pm

When a member on my forum uses I forgot my password he/she gets an e-mail with a new login-pasword.

Only: standard my forum asks for registration a password of minimum 12 signs en the return e-mail gives a password with less signs than standard is asked for.

How can I change this, in order that the forgot my password e-mail contains a password consisting of 12 signs.
Member of Unite against malware and ASAP - Alliance of Security Analysis Professionals

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51347
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: I forgot my password

Post by Brf » Fri Feb 27, 2015 5:39 pm

That password is only designed to be a temporary password. Your users should be changing it afterward anyway.

User avatar
Abraham54
Registered User
Posts: 26
Joined: Sun Feb 15, 2015 9:59 am
Contact:

Re: I forgot my password

Post by Abraham54 » Fri Feb 27, 2015 5:47 pm

Brf wrote:That password is only designed to be a temporary password. Your users should be changing it afterward anyway.
Yes, I know.
Only the user can not log in with that password, because it does not meet the requirements of consisting 12 signs.
Member of Unite against malware and ASAP - Alliance of Security Analysis Professionals

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51347
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: I forgot my password

Post by Brf » Fri Feb 27, 2015 5:48 pm

The requirements are only checked when you change your password, not when you are logging in.

User avatar
Abraham54
Registered User
Posts: 26
Joined: Sun Feb 15, 2015 9:59 am
Contact:

Re: I forgot my password

Post by Abraham54 » Fri Feb 27, 2015 6:21 pm

I received a complaint from a member, that he could not login with the supplied password.
Hence this topic.
Member of Unite against malware and ASAP - Alliance of Security Analysis Professionals

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51347
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: I forgot my password

Post by Brf » Fri Feb 27, 2015 6:32 pm

'min_pass_chars' is not checked by the login routine, only by the password create and change routines.

Actually, the forgotten password routine checks it too:

Code: Select all

			// Make password at least 8 characters long, make it longer if admin wants to.
			// gen_rand_string() however has a limit of 12 or 13.
			$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));

User avatar
Abraham54
Registered User
Posts: 26
Joined: Sun Feb 15, 2015 9:59 am
Contact:

Re: I forgot my password

Post by Abraham54 » Fri Feb 27, 2015 6:44 pm

In which file/where is the above mentioned in code to be found?
Member of Unite against malware and ASAP - Alliance of Security Analysis Professionals

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51347
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: I forgot my password

Post by Brf » Fri Feb 27, 2015 6:45 pm

The forgotten password routine is /includes/ucp/ucp_remind.php

User avatar
Abraham54
Registered User
Posts: 26
Joined: Sun Feb 15, 2015 9:59 am
Contact:

Re: I forgot my password

Post by Abraham54 » Fri Feb 27, 2015 7:05 pm

Thank you.
I found this:

Code: Select all

// Make password at least 8 characters long, make it longer if admin wants to.
// gen_rand_string() however has a limit of 12 or 13.
$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));

// For the activation key a random length between 6 and 10 will do.
$user_actkey = gen_rand_string(mt_rand(6, 10));
Is this the right change:

Code: Select all

// Make password at least 8 characters long, make it longer if admin wants to.
// gen_rand_string() however has a limit of 12 or 13.
$user_password = gen_rand_string_friendly(max(12, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));

// For the activation key a random length between 6 and 10 will do.
$user_actkey = gen_rand_string(mt_rand(12));
Last edited by Mick on Fri Feb 27, 2015 7:16 pm, edited 1 time in total.
Reason: Changed [c] to [code]
Member of Unite against malware and ASAP - Alliance of Security Analysis Professionals

Locked

Return to “[3.1.x] Support Forum”

Who is online

Users browsing this forum: No registered users and 22 guests