I am using Joomla 1.7 with Hikashop. That's why I want new registered users to have a secure password.
Is it possible to set password guidelines in Joomla, so that it isn't possible to register a user with a password like "12345" or "qwerty"?
You can do that on clientside via additional Javascript or on serverside via an custom/extended authentification plugin.
Related
I've set a Joomla site password policy via users > options.
If I add a new user via the backend and try to set an insecure password, the policy seems to work and I get the appropriate error message.
If the user logs in, goes to their profile and changes their password, the password policy is still enforced.
However, if the user goes to the login screen, chooses 'Forgot your password' they are able to choose a new password which doesn't pass the policy.
I'm using the default Joomla login and registration extensions and as far as I can see, there's nothing else that could be causeing a conflict.
Does anyone have some suggestions on where to look?
EDIT
Site is using Joomla! 3.3.6 Stable, which is currently the latest version of Joomla
Thanks a lot!
We have a weird problem with password encryption at our website beta1.iamyogi.com.
We register a user at the website. There is a full registration possible with activation link in the e-mail. It is working till I want to log in. Even with a simple user "John" and password "12345".
If I change the password for "John" in the CMS to "12345" and save
the user account, I can login on the front with John/12345.
If I look at the database, the only change there is it the password field xxxx_users. First it was something like:
ad2630323c070b40776acc011b5c5116 then after the CMS change of password:
$P$DXe2T/Ceh3PeRAxdsFdwfYhKEndxIg.
It looks way different in type of encryption.
Do you know how this is possible?!
Joomla 3.2.1 and joomla 3.2.2 joomla 3.2.3, all tested same problem
jomsocial 3.1
I'm working on a site that requires the user have a unique username to use all services on the site. They cannot self-change this username for community fairness.
We would like to allow users the simplicity of registering/logging in using their facebook accounts, but this username requirement is obviously a hurdle.
The only idea I have come up with is after the connect process, send the user to a final step page where they enter a username. The only downside to this is that the user has the ability to navigate away before entering a username, meaning we need to add further layers of checks to several site functions to ensure a user has a username, and prompt for one if not.
Any ideas on how to streamline this during the connect process? Any site examples of similar implementations where auxillary info is required to use some or all site features?
Have you looked at Facebook's registration plugin?
The Registration plugin allows users to easily sign up for your
website with their Facebook account. The plugin is a simple iframe
that you can drop into your page. When logged into Facebook, users see
a form that is pre-filled with their Facebook information where
appropriate.
https://developers.facebook.com/docs/plugins/registration/
The plugin also allows you to add custom fields so you could simply add your username field.
There are a load of advanced features including validation, here's an example in the Facebook documentation that includes the username field and checks to see if it's available
https://developers.facebook.com/docs/plugins/registration/advanced/#async
I have a website based on Joomla 1.5.22. I want users to change the password on the frontend. Using the menumanager i can bring up the page but i want to show only username, email, password and verify password. But it's bringing more info like change backend language.
You should use the User Form menu item you mentioned, as that is the native interface for allowing users to change their password. However, since you want to avoid the other fields, you can simply disable "Front end user parameters" in Global Configuration > System.
This did it for me:
http://www.dummies.com/how-to/content/how-to-let-users-manage-their-own-accounts-in-joom.html
Concretely, the URL for the user to edit her details is here:
index.php?option=com_user&view=user&layout=form
Joomla 1.5
I have a GWT application that I would like to integrate with the Joomla login system. Everytime an AJAX request is sent to the server, the application should check that the user is authenticated (username and password pass)
Any ideas of how to implement this?
I had these ideas but don't like them for the reasons mentioned:
Ask the user for there username and password (again...) and then save it in a cookie. (Security is an issue and I have to ask them for the username and password after they have already logged into the main joomla system.
Save the username and password in a PHP session variable. (This might work but what would happen if the sesson timed out, the user may take some time configuring the GWT data structures, so it would not be nice for an error like this to occur).
Does anyone have better ideas?
Will users be authenticating against the GWT application? If so, you might want to create an Authentication plugin for Joomla that backfills users from GWT into Joomla.