HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Force password change on first time login?

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#93644 (In Topic #18714)
Avatar

Honoured member

I think I read something before about a OcPortal system to have/force members to create/reset their password on a first time login. If this exists, where can it be found? And if it doesn't exist, can it be made?
Back to the top
 
Posted
Rating:
#93648
Avatar

No such feature yet (think you imagined reading about it ;)), but could be done in 2.5 hours. Added to tracker:
0000926: Forced password setting - ocPortal feature tracker


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93693
Avatar

Honoured member

I have added credits to my account to cover the devlopment of this addon. Should i sponsour or make a ticket?
Back to the top
 
Posted
Rating:
#93704
Avatar

It's okay, I'm on it. I'll reply with the changes in the tracker issue :). Feel free to open a ticket if you want to discuss anything in private regarding this.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93705
Avatar

Note that sources/ocf_members_action2.php will be edited by this mod, and I mentioned editing this in another topic -- so apply this mod first, then make the extra edit in there I explained.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93716
Avatar

Community saint

If adding in the option to choose hashing algorythim is possible without to much extra work could you please cosider it Chris?
Back to the top
 
Posted
Rating:
#93717
Avatar

Community saint

Also if you could zip up any and ALL files related to this mod and send it to me when done Chris I willl look into adding in another Password option change myself and having all the files that needed working on could save me a ton of time from trying to track em down.
Back to the top
 
Posted
Rating:
#93718
Avatar

Community saint

Opps Thanks
Back to the top
 
Posted
Rating:
#93721
Avatar

Hi Duck,

I completed this earlier today, and a zip was attached to the issue.

Hashing algorithm changes wouldn't really match up with this. The tracker topic for that is:
0000414: Switch from md5 to SHA-512 hashing - ocPortal feature tracker
Although I see you are monitoring it.

If you look in the description you'll see it does mention where the hashing happens in the code. It really should be abstracted to be neater, but it kind of evolved without a realisation that md5 was going to get less secure over time.

It is quite possible to add new algorithms, you'll see sources/forum/ocf.php supports quite a few. You could probably change the f_members table's m_password_compat field for existing members to have say 'legacy' as its value, make ocf.php support that in the same way the existing works, and then change all the default hashing code in the mentioned code spots to use some new algorithm.

For us to deploy in an ocP release is tricker, I would need to think more carefully about legacy issues, what is a baseline on our minimum requirements (or if they need changing), as well as tidy up the code.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93723
Avatar

Community saint

I forgot I was monitoring that! hehe. I added a note.
Back to the top
 
Posted
Rating:
#93737
Avatar

Honoured member

Module sends me to edit screen no matter what i change the password to on an admin account. have not tested with other lower privilege users yet.
Back to the top
 
Posted
Rating:
#93745
Avatar

I'll be making an update to this later on tonight, I've found another issue too, plus I'm going to incorporate something for another of your topics.

Regards
Chris


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93746
Avatar

Actually same bug as you found – I'd forgotten to test the restriction does not happen to someone with a non-temporary password. Whoops!


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93749
Avatar

Zip re-uploaded.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93756
Avatar

Honoured member

In addition to this, it does not seem apparent why a person is redirected. Can there be a popup informing the user why they have been redirected to the page example: You are logged in with a temporary password, please change your password to continue.

Otherwise the user has no idea why they are being redirected to their profile edit and leads to confusion.
Back to the top
 
Posted
Rating:
#93758
Avatar

It should be doing that already. Doesn't it show that at the top?


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93759
Avatar

Honoured member

I will re test shortly, if it did show it was not clearly apperant. A pop up like the confirm zone change one, would be ideal. Let me have another look and report back.
Back to the top
 
Posted
Rating:
#93761
Avatar

Honoured member

Installing the new zip has resulted in no redirections of users currently in the database with temporary passwords. Is there someplace i need to identify what the temporary password(s) are for it to apply to an account? Or is this an issue with records existing before the addon was applied?

Also on create member page there are lots of errors: Do i need to clear cache or is this a bug?
A language entry is missing: FORCE_TEMPORARY_PASSWORD
 A language entry is missing: FORCE_TEMPORARY_PASSWORD
 A language entry is missing: DESCRIPTION_FORCE_TEMPORARY_PASSWORD
 A language entry is missing: FORCE_TEMPORARY_PASSWORD
 A language entry is missing: FORCE_TEMPORARY_PASSWORD
 A language entry is missing: DESCRIPTION_FORCE_TEMPORARY_PASSWORD
 A language entry is missing: FORCE_TEMPORARY_PASSWORD
 A language entry is missing: FORCE_TEMPORARY_PASSWORD
 A language entry is missing: DESCRIPTION_FORCE_TEMPORARY_PASSWORD
 A language entry is missing: FORCE_TEMPORARY_PASSWORD
 A language entry is missing: FORCE_TEMPORARY_PASSWORD
 A language entry is missing: DESCRIPTION_FORCE_TEMPORARY_PASSWORD
Back to the top
 
Posted
Rating:
#93762
Avatar

Those lang strings should be in lang/EN/ocf.ini, did that definitely get replaced? You can check by looking inside the file and "FORCE_TEMPORARY_PASSWORD" should be in it.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#93763
Avatar

Honoured member

A cache clear fixed the errors.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Expand