Force Strong Passwords - Appgini V5.81

Got something cool to share with AppGini users? Feel free to post it here!
peebee
AppGini Super Hero
AppGini Super Hero
Posts: 255
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.92

Post by peebee » 2020-12-23 04:43

For anybody interested, you can try the attached files for V5.92

THESE ARE CORE APPGINI FILES - NOT HOOKS! They WILL be overwriten and need to be replaced if you regenerate your app.

There is no removal of any generated code - just minimal additional code added. Search for "Strong Password" in the comments in each file and you will see what's been added. There are no additional new files to load - just the edited core files.

Instructions: Extract and overwrite existing generated files.

BACKUP YOUR OWN EXISTING FILES FIRST! I have tested for myself but I offer no guarantee or warranty.

You WILL need to edit one file prior to overwriting: in membership_signup.php at line 2 and 3 you will see

Code: Select all

//Strong Password - change $app_name variable to your own App name
$app_name = 'YourAppName';
You need to replace 'YourAppName' with your actual app name.

Just be aware that this is a hack of core files which is NOT the recommended way to go about things. I absolutely require strong passwords, as should every database on the internet in my opinion. A minimum requirement of ANY 4 characters without an option for Admins to override that is just unsafe.

My feature request: (at a minimum) an option for Admins to be able to apply a strong password policy.
Attachments
strong_passwords_v592.zip
(34.37 KiB) Downloaded 43 times

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2020-12-26 08:43

Thank you for your effort. I also think that this should be a must have. In my opinion, a system administrator should not use an appgini app without secure passwords.

I have one more suggestion for improvement. You show an error when trying to create a member account without a secure password. It would be even better if the submit button was disabled as long as no secure password is entered :-)

Many greetings, kai

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1080
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: Force Strong Passwords - Appgini V5.81

Post by jsetzer » 2020-12-26 11:57

@Ahmed, if you consider changing the password restrictions, please make it configurable and not mandatory.

I agree strong passwords are important for production environments, but please do not make them mandatory for every demo-, test- or localhost-project we create.

Just imagine if we had to use strong passwords for each and every account in our localhost development environments and for all our demo environments. Even our beloved admin/admin would no longer be possible (not even on localhost) nor demo users like user/user. From my point of view, this would be a step backwards in terms of simplicity.

I would prefer an option like "Force strong passwords". It could be enough to have it in config.php.

If you can spend more time on this, I think minimum password lengths (configurable) and the existence of certain characters/special characters (configurable) would be interesting options, too.
Kind regards,
<js />

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2020-12-26 18:30

And it would also be important to provide secure passwords for the setup routine too.

Thanks in advance :-)

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 255
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.81

Post by peebee » 2021-01-04 06:01

I would prefer an option like "Force strong passwords". It could be enough to have it in config.php.

If you can spend more time on this, I think minimum password lengths (configurable) and the existence of certain characters/special characters (configurable) would be interesting options, too.
Sure, I agree entirely.

User avatar
aarlauskas
Veteran Member
Posts: 112
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-01-20 20:16

And yet nothing is done in 5.93 :(

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-01-21 08:53

Hi,

I also use the Strong Passwords in my app an like it.

Can I use the files just like that also in version 5.93?

Thanks much, Kai

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-01-30 22:14

Please, anyone using strong password successfully in 5.94 ?

Thanks very much!

User avatar
aarlauskas
Veteran Member
Posts: 112
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-01-31 17:34

I guess so. Peebee posted earlier all files for 5.92, if you use these then should not be an issue on 5.94. I,ve stuck with 5.84 as nothing is being done regarding security part. I know for some security means nothing as apps are running localy. But I just dont understand why can't be this made as an option to select security level in Appgini before generating new app, all it takes to replace them core files on selection..

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 255
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.81

Post by peebee » 2021-02-01 07:29

V5.94 attached. Same routine to install - replace generated core files with attached.

Most files to replace have minor changes from 5.92 to 5.94 except for admin/pageSettings.php which looks to have had a major rebuild.

Done forget to edit the $app_name = 'YourAppName'; variable in membership_signup.php (line 3). Replace 'YourAppName' with your actual app name.

MAKE SURE YOU TAKE A BACKUP OF YOUR ORIGINAL GENERATED FILES BEFORE REPLACING THEM No guarantee - no warranty.

I have not actually tested these files yet for myself although I'm pretty certain they'll work. Please let me know if you experience any problems.
Attachments
v594.zip
(36.17 KiB) Downloaded 36 times

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-01 10:28

Thank you sooooo much!!!

Kai

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-04 20:11

Hi, I tested it.

There is a translation error. In pageEditMember.php the following note is not translated per language file.

Error: Weak password. Make sure password has UPPER CASE letters, numbers, and special characters, and is at least 8 characters long.

Otherwise it seems to work :-)

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-07 10:07

Attached is a little changed version. In pageEditMember.php the integration of the language files was missing. I have also adjusted the language text. Please check, as I am not a native speaker ;-)
Attachments
Strong-Passwords for V5.94 Rev.1.zip
(36.32 KiB) Downloaded 28 times

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-07 13:24

Please use this. Changed another place where the language file was also not bound and an error in my language file.
Attachments
Strong-Passwords for V5.94 Rev.2.zip
(36.84 KiB) Downloaded 31 times

User avatar
aarlauskas
Veteran Member
Posts: 112
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-02-07 14:17

Thanks Kai.

SkayyHH
Veteran Member
Posts: 322
Joined: 2015-04-27 21:18
Location: Germany

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-07 19:03

Thanks go to peebee. I only fixed a little language file issue :-)

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 255
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.96 attached

Post by peebee » 2021-06-04 04:35

Appgini Version 5.96 strong passwords attached.

Same overwriting of generated files required as per previous instructions - please read previous posts and be aware.

Important Note: These are NOT hook files. You will be replacing generated core Appgini files and they will need to be replaced again if you regenerate your app. Keep that in mind before using please.

Don't forget to edit the $app_name = 'YourAppName'; variable in membership_signup.php (line 3). Replace 'YourAppName' with your actual app name.
Attachments
Strong-Passwords-V5.96.zip
(36.65 KiB) Downloaded 6 times

User avatar
aarlauskas
Veteran Member
Posts: 112
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-06-05 17:43

Thanks for keeping this up to date Buddy, much apreciated.

Post Reply