Force password reset 90 days after last change

The recommended method of customizing your AppGini-generated application is through hooks. But sometimes you might need to add functionality not accessible through hooks. You can discuss this here.
Post Reply
peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Force password reset 90 days after last change

Post by peebee » 2019-05-08 05:14

For purposes of a security audit, I'm looking to implement a function to force a password reset for all users, 90 days after their last password change.

How exactly to achive that with minimum fuss and hopefully not requiring further tables/fields is the problem?

I'm thinking a cron script might do the job but that would reset everybody at the same time every 90 days regardless, rather than 90 days after their own last reset? That would probably do for my purposes but what to put in that cron script is also a problem?

Anybody possibly already implemented such a function or have any idea of the best way to go? Thanks.

bescott53

Re: Force password reset 90 days after last change

Post by bescott53 » 2019-05-10 09:34

Hi, you need to setup a few things first

if you have a `logins` table that records who/when a user last logs in. look at this link here - https://forums.appgini.com/phpbb/viewto ... g+in#p6121

then you can create a view by selecting those members whose login is > 90days, something like this below

Code: Select all

SELECT 
        `membership_users`.`memberID` AS `memberID`,
        `membership_users`.`email` AS `email`,
        `YOURVIEW OR TABLE`.`Latest_LogIn_Time` AS `Latest_LogIn_Time`
    FROM
        (`membership_users`
        LEFT JOIN `YOURVIEW OR TABLE` ON ((`membership_users`.`memberID` = `YOURVIEW OR TABLE`.`Username`)))
    WHERE
        (`YOURVIEW OR TABLE`.`Latest_LogIn_Time` < (`YOURVIEW OR TABLE`.`Latest_LogIn_Time` - 90))

You can then set up a login event that directs them to a change password page on login if they are in the view above?

hope this helps you

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Force password reset 90 days after last change

Post by peebee » 2019-05-17 07:43

Sory for late reply. Have been sidetracked on another project.

Sounds like a great and relatively simple plan for what I need to achieve. I'll give it a go as soon as time permits. Thanks! Much appreciated.

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Force password reset 90 days after last change

Post by SkayyHH » 2020-11-17 07:32

Hello everybody,

maybe someone has already implemented it and has a finished file (view) for it and can say how to embed it?

Thank you very much, Kai

Post Reply