ATutor

Learning Management Tools


  1. Home



Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


CHANGING PASSWORD COMPLEXITY REQUIREMENTS



  • 2006-08-01 14:03:48

    CHANGING PASSWORD COMPLEXITY REQUIREMENTS

    Hello, I recently installed ATutor and would like to alter the password complexity requirements. I would like to allow users to have a minimum 6 digit password rather than 8. Is this accomplished through the database table or can it be done through ATutor somehow?

    Thanks,
    Erik

    Here is my configuration:
    operating system - Win 2K3 Server
    version of ATutor - 1.5.3.1
    versions of php - 5.1.4
    version of mysql - 5.0.22
    webserver & version - Apache 2.0.58
    web browser being used - IE 6+
    :)


  • 2006-08-02 08:49:50

    Re: CHANGING PASSWORD COMPLEXITY REQUIREMENTS

    Tou can change the password length in the registration.php file about line 61

    [php]


    if (strlen($_POST['password']) < 8) {
    $msg->addError('PASSWORD_LENGTH');
    }

    [/php]

    You'll also need to update the language, via the language manager, to reflect the change, and make the same change at about line 118 in the password_remonder.php file.


  • 2010-10-28 15:32:44

    Re: CHANGING PASSWORD COMPLEXITY REQUIREMENTS

    Hi there -

    For our environment, we need to beef up the pw complexity requirements.

    Realizing that this thread is old, I just wanted to check in with you first to see if the method to alter the complexity requirement is still the same as Greg posted previously in this thread.

    Thanks!
    Bryan

    Things to describe:
    Operating system ATutor is installed on - SuSe Enterprise
    ATutor version - 2.0
    Patch #s applied - not sure
    ATutor theme name - standard
    PHP version - 5.2.14
    MySQL version - 5.1.51
    Webserver & version - Apache
    Copies of error messages -
    Changes to default settings -
    Web browser being used -
    ...and anything else relevant -


  • 2010-10-29 19:38:48

    Re: CHANGING PASSWORD COMPLEXITY REQUIREMENTS

    password strength is controlled in sha-1factory.js


  • 2010-12-02 19:24:03

    Re: CHANGING PASSWORD COMPLEXITY REQUIREMENTS

    Greg,

    We went to the sha-1factory.js file and found the code that was controlling the pw complexity. Looked like it was going to be a pretty easy edit and we'd be done.

    To test it out, we made just a simple modification to change the min length from 8 to 14.

    When we went to test it, the old 8 character length was enforced, but not the 14.

    We then removed that .js file from the ATutor directory expecting the registration to error out when submitted, but it did not - it functioned normally. When viewing the page source, it was still calling sha-1factory.js and apparently still finding it even though it was no longer there.

    When viewing the registration.php source code, we clicked on the link for that .js file and it opened up. The URL in the title bar showed http://10.3.20.25/ATutor/sha-1factory.js but that file is not there any more. When viewing the content of the .js file that came up in the window, it still showed min length was 8 (not 14, which we had changed it to).

    I dumped my web cache, closed my Firefox browser, tried it again and got the same results.

    Summary - the registration.php page appears to be calling the file you referred to, and enforcing based on that file in it's original state, but we think we edited that file and moved it so we are a bit baffled about where registration.php is finding sha-1factory.js.

    Any ideas about what might be happening and what we need to do to successfully modify the pw complexity requirements? FYI - there is another product competing for this "business" here, and believe it or not, this pw complexity is one of the more significant issues to the decision makers. The competitor product allows for the administrator to easily specify pw complexity rules. If I can't implement this enhanced complexity here, it could jeopardize the continued use of this system which would be unfortunate, because I think ATutor is better.

    Any guidance would be much appreciated . . .

    Bryan

    Things to describe:
    Operating system ATutor is installed on - Ubuntu Svr
    ATutor version - 2.0.1
    Patch #s applied - None
    ATutor theme name - ATutor (standard)
    PHP version - 5
    MySQL version - 5
    Webserver & version - Apache
    Copies of error messages -
    Changes to default settings -
    Web browser being used - Firefox 3.6.12


  • 2010-12-02 20:38:05

    Re: CHANGING PASSWORD COMPLEXITY REQUIREMENTS

    The behaviour of the registration page at the absence of sha-1factory.js has been confirmed as a bug. It has been reported into our bug tracker. Will be fixed soon.

    For your track-down of the issue: http://atutor.ca/atutor/mantis/view.php?id=4636

    Thanks for the discovery.

    The change on password verification such as extending the password length is in sha1-factory.js, function verify_password()

    Another issue is as you said "...it still showed min length was 8 (not 14, which we had changed it to)...". This requires the language adjustment: login as atutor admin -> link "language" -> tab "translate" -> follow the instruction at the top to make yourself a translator -> button "translate" -> search phase "AT_ERROR_PASSWORD_LENGTH" -> adjust the language.