sNews Forum

sNews 1.6 (previous version) => Suggestions => Topic started by: henrich on January 17, 2008, 07:08:54 pm

Title: Ability to use long passwords
Post by: henrich on January 17, 2008, 07:08:54 pm
If i'm know well, then in the sNews can be used 4-8 long characters usernames and passwords.

Why is needed this user/pass limitation?

My suggestion is to give the possibility to the snews webmasters, programmers or just simple users to have the ability to choose between:

1.

user/pass limit 4-8 alphanumeric characters (as it is now)

2.

user limit: 4 - 12 (or even 15)
pass limit: 4 - 18

Nowadays, script (some)holes and idiot hackers have softwares which help them to find passwords and i personally have seen such a program. Well the program can generate usernames and passwords, it is easy for him to generate between 4-6 or 4-8 characters, symbols or numbers or mixed. So i think it is very necesary to make possible to use longer passwords on sNews.

I personally like to use 12+ passwords with characters, numbers and symbols.

One of my passwords at a site is looking like this:

00000000111100000000

where 0 = numbers, 1 = characters

Thank you :)
Title: Re: Ability to use long passwords
Post by: lessismore on January 17, 2008, 07:25:25 pm
In the MU version - you can change the length of usernames and passwords in the "settings" panel.

http://snewscms.com/forum/index.php?topic=5742.msg37077#msg37077

I changed the software to accept periods as an example of how to support special symbols.
Title: Re: Ability to use long passwords
Post by: henrich on January 17, 2008, 09:49:27 pm
Yeah, but the thing is that i don't want to use MU, i started from the very simple sNews 1.6 and added step by step the MOD's i needed and the ones written by me, that i needed, you can find them on the mod's section.

So for such sNews version i didn't see any check user or pass function. My question is still the same, how can i remove this limitation?
Title: Re: Ability to use long passwords
Post by: Keyrocks on January 17, 2008, 10:37:55 pm
I don't have an easy answer. Perhaps Bakercad might have a suggestion. Perhaps that feature in the MU package can be taken and applied in the single-user version.
Title: Re: Ability to use long passwords
Post by: Joost on January 17, 2008, 10:46:30 pm
Look for function checkUserPass($input)
Underneath in the line:
Code: [Select]
if (ctype_alnum($output) === true && strlen($output) > 3 && strlen($output) < 9) {return $output;}Change <9 to the length you want.
Title: Re: Ability to use long passwords
Post by: henrich on January 17, 2008, 11:07:22 pm
Ah Joost, you are the SAVER :), i have missed that function, it's at the end of my snews file :) THANK YOU, ah better karma for you! :) I will chage that value to 20 hahahahaha.
Title: Re: Ability to use long passwords
Post by: henrich on January 24, 2008, 11:21:35 pm
So, today a made last verifications on this issue and i changed the function checkUserPass to this:

Quote
function checkUserPass($input) {
   $output = clean(cleanXSS($input));
   $output = strip_tags($output);
   if (ctype_alnum($output) === true && strlen($output) > 9 && strlen($output) < 21) {return $output;}
   else {return null;}
}

This means that my login limit language variable will show like this:

Quote
$l['login_limit'] = 'User/pass limitations: 10-20 alphanumeric characters only';

Right?  ;D
Title: Re: Ability to use long passwords
Post by: Patric Ahlqvist on August 28, 2008, 01:01:58 pm
Perhaps wrong place, but I stump it a tad, so it gets in to focus for 1.7

Mhm, this tends not to work with the 131 version of the 1.7 snews.php... All I get when trying to edit that function is... well, nothing really. Can't change anything nor can I login if logged out. Prolly due to changes since this post, but are there any way of making it possible to have longer passwords ?

I second Bob's suggestion to be the case with 1.7.
Title: Re: Ability to use long passwords
Post by: Joost on August 28, 2008, 02:10:04 pm
Try this one (http://snewscms.com/forum/index.php?topic=7630.msg54471#msg54471), Patric
Title: Re: Ability to use long passwords
Post by: Patric Ahlqvist on August 28, 2008, 03:46:28 pm
Looking good, Joost... I too want to be able to use good, long, hard, almost not even to me remeberable, passwords ;)

Cheers, mate.
Title: Re: Ability to use long passwords
Post by: Joost on August 29, 2008, 04:52:18 am
Looking good, Joost... I too want to be able to use good, long, hard, almost not even to me remeberable, passwords ;)

It makes me wonder why these restrictions were built in.  How can someone be against strong passwords?  ???
Title: Re: Ability to use long passwords
Post by: Patric Ahlqvist on August 29, 2008, 02:22:07 pm
Mhm, if you by strong means that they are harder to crack, I agree... It would be more logic if the passwords was set to a minimum of 8 and all characters allowed, so that everyone could really make safest possible passwords...