Page 1 of 1

Force password reset 90 days after last change

Posted: 2019-05-08 05:14
by peebee
For purposes of a security audit, I'm looking to implement a function to force a password reset for all users, 90 days after their last password change.

How exactly to achive that with minimum fuss and hopefully not requiring further tables/fields is the problem?

I'm thinking a cron script might do the job but that would reset everybody at the same time every 90 days regardless, rather than 90 days after their own last reset? That would probably do for my purposes but what to put in that cron script is also a problem?

Anybody possibly already implemented such a function or have any idea of the best way to go? Thanks.

Re: Force password reset 90 days after last change

Posted: 2019-05-10 09:34
by bescott53
Hi, you need to setup a few things first

if you have a `logins` table that records who/when a user last logs in. look at this link here - https://forums.appgini.com/phpbb/viewto ... g+in#p6121

then you can create a view by selecting those members whose login is > 90days, something like this below

Code: Select all

SELECT 
        `membership_users`.`memberID` AS `memberID`,
        `membership_users`.`email` AS `email`,
        `YOURVIEW OR TABLE`.`Latest_LogIn_Time` AS `Latest_LogIn_Time`
    FROM
        (`membership_users`
        LEFT JOIN `YOURVIEW OR TABLE` ON ((`membership_users`.`memberID` = `YOURVIEW OR TABLE`.`Username`)))
    WHERE
        (`YOURVIEW OR TABLE`.`Latest_LogIn_Time` < (`YOURVIEW OR TABLE`.`Latest_LogIn_Time` - 90))

You can then set up a login event that directs them to a change password page on login if they are in the view above?

hope this helps you

Re: Force password reset 90 days after last change

Posted: 2019-05-17 07:43
by peebee
Sory for late reply. Have been sidetracked on another project.

Sounds like a great and relatively simple plan for what I need to achieve. I'll give it a go as soon as time permits. Thanks! Much appreciated.

Re: Force password reset 90 days after last change

Posted: 2020-11-17 07:32
by SkayyHH
Hello everybody,

maybe someone has already implemented it and has a finished file (view) for it and can say how to embed it?

Thank you very much, Kai