Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest sNews - sNews 1.7 - with its own forums - for discussion and user mods.

Author Topic: Ability to use long passwords  (Read 6143 times)

henrich

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 381
  • Passion for quality and excellence!
    • My personal blog and portofolio
Ability to use long passwords
« on: January 17, 2008, 07:08:54 PM »

If i'm know well, then in the sNews can be used 4-8 long characters usernames and passwords.

Why is needed this user/pass limitation?

My suggestion is to give the possibility to the snews webmasters, programmers or just simple users to have the ability to choose between:

1.

user/pass limit 4-8 alphanumeric characters (as it is now)

2.

user limit: 4 - 12 (or even 15)
pass limit: 4 - 18

Nowadays, script (some)holes and idiot hackers have softwares which help them to find passwords and i personally have seen such a program. Well the program can generate usernames and passwords, it is easy for him to generate between 4-6 or 4-8 characters, symbols or numbers or mixed. So i think it is very necesary to make possible to use longer passwords on sNews.

I personally like to use 12+ passwords with characters, numbers and symbols.

One of my passwords at a site is looking like this:

00000000111100000000

where 0 = numbers, 1 = characters

Thank you :)
Logged
By(e) Henrich :)
------------------------------
IT related blog

lessismore

  • Jr. Member
  • **
  • Karma: 0
  • Posts: 67
Re: Ability to use long passwords
« Reply #1 on: January 17, 2008, 07:25:25 PM »

In the MU version - you can change the length of usernames and passwords in the "settings" panel.

http://snewscms.com/forum/index.php?topic=5742.msg37077#msg37077

I changed the software to accept periods as an example of how to support special symbols.
« Last Edit: January 17, 2008, 07:34:42 PM by lessismore »
Logged

henrich

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 381
  • Passion for quality and excellence!
    • My personal blog and portofolio
Re: Ability to use long passwords
« Reply #2 on: January 17, 2008, 09:49:27 PM »

Yeah, but the thing is that i don't want to use MU, i started from the very simple sNews 1.6 and added step by step the MOD's i needed and the ones written by me, that i needed, you can find them on the mod's section.

So for such sNews version i didn't see any check user or pass function. My question is still the same, how can i remove this limitation?
Logged
By(e) Henrich :)
------------------------------
IT related blog

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
Re: Ability to use long passwords
« Reply #3 on: January 17, 2008, 10:37:55 PM »

I don't have an easy answer. Perhaps Bakercad might have a suggestion. Perhaps that feature in the MU package can be taken and applied in the single-user version.
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Joost

  • Guest
Re: Ability to use long passwords
« Reply #4 on: January 17, 2008, 10:46:30 PM »

Look for function checkUserPass($input)
Underneath in the line:
Code: [Select]
if (ctype_alnum($output) === true && strlen($output) > 3 && strlen($output) < 9) {return $output;}Change <9 to the length you want.
Logged

henrich

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 381
  • Passion for quality and excellence!
    • My personal blog and portofolio
Re: Ability to use long passwords
« Reply #5 on: January 17, 2008, 11:07:22 PM »

Ah Joost, you are the SAVER :), i have missed that function, it's at the end of my snews file :) THANK YOU, ah better karma for you! :) I will chage that value to 20 hahahahaha.
Logged
By(e) Henrich :)
------------------------------
IT related blog

henrich

  • Sr. Member
  • ****
  • Karma: 23
  • Posts: 381
  • Passion for quality and excellence!
    • My personal blog and portofolio
Re: Ability to use long passwords
« Reply #6 on: January 24, 2008, 11:21:35 PM »

So, today a made last verifications on this issue and i changed the function checkUserPass to this:

Quote
function checkUserPass($input) {
   $output = clean(cleanXSS($input));
   $output = strip_tags($output);
   if (ctype_alnum($output) === true && strlen($output) > 9 && strlen($output) < 21) {return $output;}
   else {return null;}
}

This means that my login limit language variable will show like this:

Quote
$l['login_limit'] = 'User/pass limitations: 10-20 alphanumeric characters only';

Right?  ;D
Logged
By(e) Henrich :)
------------------------------
IT related blog

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • I'm a self-made man and worships my creator.
    • p-ahlqvist.com
Re: Ability to use long passwords
« Reply #7 on: August 28, 2008, 01:01:58 PM »

Perhaps wrong place, but I stump it a tad, so it gets in to focus for 1.7

Mhm, this tends not to work with the 131 version of the 1.7 snews.php... All I get when trying to edit that function is... well, nothing really. Can't change anything nor can I login if logged out. Prolly due to changes since this post, but are there any way of making it possible to have longer passwords ?

I second Bob's suggestion to be the case with 1.7.
« Last Edit: August 28, 2008, 01:03:37 PM by Patric Ahlqvist »
Logged
"It's only dead fish that goes with the flow... "
Updated

Joost

  • Guest
Re: Ability to use long passwords
« Reply #8 on: August 28, 2008, 02:10:04 PM »

Try this one, Patric
Logged

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • I'm a self-made man and worships my creator.
    • p-ahlqvist.com
Re: Ability to use long passwords
« Reply #9 on: August 28, 2008, 03:46:28 PM »

Looking good, Joost... I too want to be able to use good, long, hard, almost not even to me remeberable, passwords ;)

Cheers, mate.
Logged
"It's only dead fish that goes with the flow... "
Updated

Joost

  • Guest
Re: Ability to use long passwords
« Reply #10 on: August 29, 2008, 04:52:18 AM »

Looking good, Joost... I too want to be able to use good, long, hard, almost not even to me remeberable, passwords ;)

It makes me wonder why these restrictions were built in.  How can someone be against strong passwords?  ???
Logged

Patric Ahlqvist

  • Nobodys perfect, but Im pretty effing close
  • ULTIMATE member
  • ******
  • Karma: 65
  • Posts: 4867
  • I'm a self-made man and worships my creator.
    • p-ahlqvist.com
Re: Ability to use long passwords
« Reply #11 on: August 29, 2008, 02:22:07 PM »

Mhm, if you by strong means that they are harder to crack, I agree... It would be more logic if the passwords was set to a minimum of 8 and all characters allowed, so that everyone could really make safest possible passwords...
Logged
"It's only dead fish that goes with the flow... "
Updated