vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=264515

Minimum Password Length
by Eric
31 May 2011 19:52

7 Attachment(s)
What is this?
This mod will allow you to force user passwords to be at least a certain length.


Features
  • Force minimum length on:
    • Registration
    • Edit Password
    • Reset Password

I've only tested this mod on vB 4.1.4/4.1.5 (alpha). It should work with previous versions, however I am not sure. If it works for you on an older version, let me know.


Installation
1. Download the `product-password_minlength.xml` file. (* may differ in name based on version)
2. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
3. Import the product using the `product-password_minlength.xml` file. (* may differ in name based on version)
4. Configure the mod in AdminCP -> Settings -> Options -> User Registration Options


Upgrading
In many cases, all you'll need to do to upgrade is follow the installation instructions above, but set "Allow Overwrite" to "Yes".


Changelog
Version 1.0.2, 07/05/2011
  • Changed the "Check Method" choice from a drop down to radio buttons (Boofo ;) )
  • Changed how the "UserId" "Check Method" works - it now is used for escluding User ID's
  • Fixed a bug in the plugin for updating profile - was not checking if a new password had been entered.

Version 1.0.1, 06/07/2011
  • Introduced three new options and one new plugin.
  • The new options are based around a "Check Method". You can choose to enforce the min. password length by userid, usergroup, or 'none' (all).

Version 1.0.0, 05/31/2011
  • Initial release.

Eric 31 May 2011 19:54

Reserved.

Special Pages 31 May 2011 22:31

Thank you Eric! :D

Lynne 01 Jun 2011 00:14

Nice idea, Eric!

just.b.jealous 01 Jun 2011 01:58

Works on vB 4.1.3,.. I did notice while importing it- that it gave an error of some sort but it finished importing to quickly before I had a chance to actually read the error. Everyting seems to be working fine though. Thanks, marked "Installed".

Eric 01 Jun 2011 02:02

Quote:

Originally Posted by Lynne (Post 2202258)
Nice idea, Eric!

Thanks Lynne. :) I've seen a few folks request this several times so I finally decided to give it a go. I also thought it would be something useful given what is happening with passwords etc recently :)

Quote:

Originally Posted by just.b.jealous (Post 2202279)
Works on vB 4.1.3,.. I did notice while importing it- that it gave an error of some sort but it finished importing to quickly before I had a chance to actually read the error. Everyting seems to be working fine though. Thanks, marked "Installed".

That is odd. I will see if I can get my hands on 4.1.3 and see what that error might have been. There is not really anything in the file that should cause an error. :/

sulasno 01 Jun 2011 02:37

tagged and thanks

can the mod dictate that a minimum of 1 Capital letter and I Digit must be used ?

vglobal 01 Jun 2011 05:45

Tag for future. It would be great if we have a complex password mod.

Thanks

Boofo 01 Jun 2011 07:49

Excellent idea, sir. ;)

Boofo 01 Jun 2011 09:54

What is a good default setting for the length? I think 14 might be a little too long for some users to accept without whining. ;)

Also, I saw no error on importing the product on 4.1.3. Maybe another mod was not playing nice with the OP setup.

Eric 01 Jun 2011 11:59

Quote:

Originally Posted by sulasno (Post 2202289)
tagged and thanks

can the mod dictate that a minimum of 1 Capital letter and I Digit must be used ?

Quote:

Originally Posted by vglobal (Post 2202325)
Tag for future. It would be great if we have a complex password mod.

Thanks

It is not possible to do that with this mod... at least, not yet. I will see what I can do. :)

Quote:

Originally Posted by Boofo (Post 2202342)
Excellent idea, sir. ;)

Thank you :)
Quote:

Originally Posted by Boofo (Post 2202357)
What is a good default setting for the length? I think 14 might be a little too long for some users to accept without whining. ;)

Also, I saw no error on importing the product on 4.1.3. Maybe another mod was not playing nice with the OP setup.

A good, secure, password is typically 12-16 (roughly) characters. But, I can understand some users having difficulty with that. I would say a good compromise would be 8 characters.

As for 4.1.3, that is what I was thinking - that maybe another mod was conflicting with it. Hopefully it is not an error with this mod itself. :)

Boofo 01 Jun 2011 17:59

I compromised and set it at 10.

I didn't see anything in the code that would cause an error on import. I wouldn't worry about it unless you get anyone else having the same issues.

I would suggest maybe adding a setting for certain userids that could bypass the length check.

Eric 02 Jun 2011 17:23

Quote:

Originally Posted by Boofo (Post 2202432)
I compromised and set it at 10.

I didn't see anything in the code that would cause an error on import. I wouldn't worry about it unless you get anyone else having the same issues.

I would suggest maybe adding a setting for certain userids that could bypass the length check.

That is a good idea Boofo, will implement it in the next release.

BirdOPrey5 04 Jun 2011 14:05

Quote:

Originally Posted by Boofo (Post 2202432)
I compromised and set it at 10.

I didn't see anything in the code that would cause an error on import. I wouldn't worry about it unless you get anyone else having the same issues.

I would suggest maybe adding a setting for certain userids that could bypass the length check.

I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.

Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.

Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.

Just my opinion.

Boofo 04 Jun 2011 14:27

Quote:

Originally Posted by BirdOPrey5 (Post 2203393)
I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.

Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.

Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.

Just my opinion.

I totally disagree.


All times are GMT. The time now is 23:46.

Powered by vBulletin® Version 3.8.12
Copyright © 2019, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.