Force password allows a user to not actually change their password.

Force password allows a user to not actually change their password.

I see your point that the password is one way encrypted as to why you cannot force the user to change it.

But all that your component would need to do is validate the form differently with javascript.(the user also could easily just cancel out the process) I agree that this is a handy tool to try and get people to change passwords but without this final verification it is not so good. Im suggesting a way to make it better.

I have posted in the actual joomla forum to make the password verification better in the core and no reply for a long time.

landed
useravatar
Offline
1 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: Force password allows a user to not actually change their password.

landed,
I'm not sure what you mean by validate the form differently? In general though, yes, there are ways that we could do additional checks on the password in order to ensure that the user has changed it. However, going down that route would take a bit of effort and also cause the plugin to pretty much have to grow into a component (much more complex). Once we were to do some sort of verification the user changed their password, the next (obvious) suggestion would be to implement a security check of x-days and you must change the password.

All are noble goals and things we'd love to implement and use ourselves. Unfortunately, security isn't our area of expertise. This plugin was created for a previous client of ours and their goals were just a simple on-login reminder to change the password. We haven't done much development on it since because a) we don't have the time to do everything we'd love to do and b) we don't want it to have to grow large enough that either we can't support it or would have to start charging for it. We like have some free extensions out there as it's a great way to give back, but we can't focus all the time on them as we can to our paid extensions, as that's what pays the bills.

Hope you understand and hope that, even if limited, the FPW plugin fulfills some of your needs. Still curious about the Javascript checks you mention. If they're easy, we'd gladly look into them.. but couldn't give a timeline for when it could be done.

Thanks again for the feedback, and best of luck!
Alex

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
23810 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.
There are 0 guests also viewing this topic
There are 0 users also viewing this topic

Board Info

Board Stats
 
Total Topics:
11497
Total Polls:
0
Total Posts:
48402
Posts today:
1
User Info
 
Total Users:
47468
Newest User:
hannatee
Members Online:
1
Guests Online:
957

Online: 
lstecker
Social Stream
Refer and Earn

Like our extensions? You're not alone! That's why they're used on tens of thousands of websites. Now you can earn 20% of any sale you refer to SourceCoast.com.

We provide excellent documentation, well laid out sales pages and great support. All you need to do is spread the word and we'll take care of the rest.

Learn About Our Affiliate Program