Force Strong Passwords - Appgini V5.81

Got something cool to share with AppGini users? Feel free to post it here!
peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.92

Post by peebee » 2020-12-23 04:43

For anybody interested, you can try the attached files for V5.92

THESE ARE CORE APPGINI FILES - NOT HOOKS! They WILL be overwriten and need to be replaced if you regenerate your app.

There is no removal of any generated code - just minimal additional code added. Search for "Strong Password" in the comments in each file and you will see what's been added. There are no additional new files to load - just the edited core files.

Instructions: Extract and overwrite existing generated files.

BACKUP YOUR OWN EXISTING FILES FIRST! I have tested for myself but I offer no guarantee or warranty.

You WILL need to edit one file prior to overwriting: in membership_signup.php at line 2 and 3 you will see

Code: Select all

//Strong Password - change $app_name variable to your own App name
$app_name = 'YourAppName';
You need to replace 'YourAppName' with your actual app name.

Just be aware that this is a hack of core files which is NOT the recommended way to go about things. I absolutely require strong passwords, as should every database on the internet in my opinion. A minimum requirement of ANY 4 characters without an option for Admins to override that is just unsafe.

My feature request: (at a minimum) an option for Admins to be able to apply a strong password policy.
Attachments
strong_passwords_v592.zip
(34.37 KiB) Downloaded 394 times

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2020-12-26 08:43

Thank you for your effort. I also think that this should be a must have. In my opinion, a system administrator should not use an appgini app without secure passwords.

I have one more suggestion for improvement. You show an error when trying to create a member account without a secure password. It would be even better if the submit button was disabled as long as no secure password is entered :-)

Many greetings, kai

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: Force Strong Passwords - Appgini V5.81

Post by jsetzer » 2020-12-26 11:57

@Ahmed, if you consider changing the password restrictions, please make it configurable and not mandatory.

I agree strong passwords are important for production environments, but please do not make them mandatory for every demo-, test- or localhost-project we create.

Just imagine if we had to use strong passwords for each and every account in our localhost development environments and for all our demo environments. Even our beloved admin/admin would no longer be possible (not even on localhost) nor demo users like user/user. From my point of view, this would be a step backwards in terms of simplicity.

I would prefer an option like "Force strong passwords". It could be enough to have it in config.php.

If you can spend more time on this, I think minimum password lengths (configurable) and the existence of certain characters/special characters (configurable) would be interesting options, too.
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2020-12-26 18:30

And it would also be important to provide secure passwords for the setup routine too.

Thanks in advance :-)

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.81

Post by peebee » 2021-01-04 06:01

I would prefer an option like "Force strong passwords". It could be enough to have it in config.php.

If you can spend more time on this, I think minimum password lengths (configurable) and the existence of certain characters/special characters (configurable) would be interesting options, too.
Sure, I agree entirely.

User avatar
aarlauskas
Veteran Member
Posts: 127
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-01-20 20:16

And yet nothing is done in 5.93 :(

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-01-21 08:53

Hi,

I also use the Strong Passwords in my app an like it.

Can I use the files just like that also in version 5.93?

Thanks much, Kai

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-01-30 22:14

Please, anyone using strong password successfully in 5.94 ?

Thanks very much!

User avatar
aarlauskas
Veteran Member
Posts: 127
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-01-31 17:34

I guess so. Peebee posted earlier all files for 5.92, if you use these then should not be an issue on 5.94. I,ve stuck with 5.84 as nothing is being done regarding security part. I know for some security means nothing as apps are running localy. But I just dont understand why can't be this made as an option to select security level in Appgini before generating new app, all it takes to replace them core files on selection..

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.81

Post by peebee » 2021-02-01 07:29

V5.94 attached. Same routine to install - replace generated core files with attached.

Most files to replace have minor changes from 5.92 to 5.94 except for admin/pageSettings.php which looks to have had a major rebuild.

Done forget to edit the $app_name = 'YourAppName'; variable in membership_signup.php (line 3). Replace 'YourAppName' with your actual app name.

MAKE SURE YOU TAKE A BACKUP OF YOUR ORIGINAL GENERATED FILES BEFORE REPLACING THEM No guarantee - no warranty.

I have not actually tested these files yet for myself although I'm pretty certain they'll work. Please let me know if you experience any problems.
Attachments
v594.zip
(36.17 KiB) Downloaded 406 times

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-01 10:28

Thank you sooooo much!!!

Kai

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-04 20:11

Hi, I tested it.

There is a translation error. In pageEditMember.php the following note is not translated per language file.

Error: Weak password. Make sure password has UPPER CASE letters, numbers, and special characters, and is at least 8 characters long.

Otherwise it seems to work :-)

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-07 10:07

Attached is a little changed version. In pageEditMember.php the integration of the language files was missing. I have also adjusted the language text. Please check, as I am not a native speaker ;-)
Attachments
Strong-Passwords for V5.94 Rev.1.zip
(36.32 KiB) Downloaded 380 times

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-07 13:24

Please use this. Changed another place where the language file was also not bound and an error in my language file.
Attachments
Strong-Passwords for V5.94 Rev.2.zip
(36.84 KiB) Downloaded 392 times

User avatar
aarlauskas
Veteran Member
Posts: 127
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-02-07 14:17

Thanks Kai.

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-02-07 19:03

Thanks go to peebee. I only fixed a little language file issue :-)

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.96 attached

Post by peebee » 2021-06-04 04:35

Appgini Version 5.96 strong passwords attached.

Same overwriting of generated files required as per previous instructions - please read previous posts and be aware.

Important Note: These are NOT hook files. You will be replacing generated core Appgini files and they will need to be replaced again if you regenerate your app. Keep that in mind before using please.

Don't forget to edit the $app_name = 'YourAppName'; variable in membership_signup.php (line 3). Replace 'YourAppName' with your actual app name.
Attachments
Strong-Passwords-V5.96.zip
(36.65 KiB) Downloaded 367 times

User avatar
aarlauskas
Veteran Member
Posts: 127
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-06-05 17:43

Thanks for keeping this up to date Buddy, much apreciated.

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.98

Post by peebee » 2021-11-05 05:20

Appgini Version 5.98 strong passwords attached.

Bascially the same overwriting of generated files required as per previous instructions except there's no need to replace the $app_name = 'YourAppName'; variable in membership_signup.php in this version, as was the case in previous versions.

I've tested on my own applications and things work just fine but I do not make any warranty. Please read previous posts and be aware.

Important Note: These are NOT hook files. You will be replacing generated core Appgini files and they will need to be replaced again if you regenerate your app. Keep that in mind before using please and take a backup of your original files in case you need to replace.

PS: There is a BIG difference between Version 5.98 files and previous Versions. Version 5.98 in many ways is a major rebuild from what I can see. These Strong Password files will ONLY work with Version 5.98
Strong-Passwords-V5.98.zip
Strong Passwords Version 5.98
(36.71 KiB) Downloaded 354 times

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2021-11-06 06:27

Thank you so much for sharing!

User avatar
aarlauskas
Veteran Member
Posts: 127
Joined: 2019-04-28 18:03
Location: Medway, UK

Re: Force Strong Passwords - Appgini V5.81

Post by aarlauskas » 2021-11-06 21:09

Many thanks for keeping us up to date!

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V22.11

Post by peebee » 2022-01-27 06:42

Strong Passwords for AppGini V22.11 attached below

Please read original instructions for use. These files are not hooks and will be overwritten if app is regenerated.
Strong Passwords V22-11.zip
(37.28 KiB) Downloaded 369 times

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2022-05-10 06:07

Does this still work with 22.13? Thank you!

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Force Strong Passwords - Appgini V5.81

Post by peebee » 2022-05-12 04:34

Yes, all included files the same from 22.11 to 22.13 - other than you need to add these additional strings to the bottom of the language.php file

Code: Select all

	// Added in 22.12
	'query logs older than 2 month auto cleared' => 'Query logs older than 2 months are automatically cleared. You can manually clear logs through the clear buttons below.',
	'clear slow queries' => 'Clear slow queries',
	'clear error queries' => 'Clear error queries',
	'confirm clear logs' => 'This will clear specified query logs. Please confirm!',
	'query logs cleared' => '<TYPE> query logs cleared.',

	// Added in 22.13
	'unicode error' => 'Unicode misconfiguration',
	'unicode needs fixing' => 'The unicode encoding for the database and/or some tables needs to be fixed.',
	'unicode fix details' => 'Tables encoded using the utf8 encoding will be adjusted to the more superior utf8mb4 encoding, which supports all unicode character sets.',
	'fix unicode' => 'Fix unicode',
	'Messages' => 'Messages',
];

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force Strong Passwords - Appgini V5.81

Post by SkayyHH » 2022-05-12 05:30

Thank you very much!

Post Reply