🌍
English
Announcement
- [2024-04-17] Piwigo 14.4.0
- [2024-04-01] Piwigo in Hobbit runes
- [2024-03-01] Piwigo 14.3.0
- [2024-01-30] Piwigo 14.2.0
- [2023-12-29] Piwigo 14.1.0
#1 2013-10-23 17:38:27
- Eric
- Former Piwigo Team
- VALENCE (FR)
- 2005-03-25
- 1768
[Plugin] Password Policy - Official support topic
Hi !
Here is a new plugin about "securing access to the gallery and passwords" : [extension by Eric] Password Policy.
[edit] Initial release 2.5.0 available [/edit]
Important: Some features have been migrated from the UserAdvManager plugin (version < 2.50.x ) . This plugin is therefore only compatible with the 2.51.x and upper UserAdvManager versions.
List of plugin features :
* Complexity of passwords chosen by users (or admin) when registering
If enabled, a password complexity score must be set. All passwords chosen not respecting this score will be rejected. The administration module of the plugin allows to test the complexity configuration.
* Renewal passwords policy
Adds a new column and action in the users management interface of Piwigo to manually initiate a renewal of the password of one or more registered users.
At their next login , they will be automatically redirected to their profile page and prompted to change their password. And this, until the action is performed.
* Management of failed login attempts due to incorrect password
Allows to define a maximum number of login attempts with incorrect password. Beyond this limit, the user account is locked and can no longer connect to the gallery. He should contact the administrator to request the unlocking.
The administrator can then perform the unlocking in the users management interface of Piwigo where a symbol will show locked accounts.
This topic will be the official English support.
Last edited by Eric (2013-10-23 17:45:21)
Offline
#2 2019-03-11 19:21:33
- FotofuchsWW
- Member
- 2019-02-11
- 4
Re: [Plugin] Password Policy - Official support topic
Hello Eric,
thank you for your Piwigo-plugin "Password Policy". I'm using ist in the newest version 2.8.0 and I'm very convinced by it's functionality.
I'm not sure, if you are still revise and renew this plugin, but I hope so.
Today, I guess I found a security-bug by using the plugin:
I set the security level for passwords to a minimal score with 120.
If an user now tries to renew his password over the function "password forgotten" he receipts an E-Mail with a hyperlink to renew his password. By this link the user is able to chose any kind of password, ignoring the minimal score of 120.
I hope I could explain the problem anyhow understandable, with my broken English. ;-)
I would be glad to hear from you or someone else, if there is any way to (special settings) so close the described security gap.
Thanks for your help! With best regards - Daniel
Offline
#3 2019-03-12 19:07:49
- Eric
- Former Piwigo Team
- VALENCE (FR)
- 2005-03-25
- 1768
Re: [Plugin] Password Policy - Official support topic
Hi Daniel (are you French ?),
Thank you for your advice of this security bug. Unfortunatly, I've no free time to support this plugin. If you have any php skills, you can try to fix this. Source codes are ever free ;-)
Or if anyone here would be interested to review the code, feel free !
Offline
#4 2021-12-26 20:20:38
- maxima
- Member
- 2021-11-26
- 24
Re: [Plugin] Password Policy - Official support topic
Piwigo 12-1-0 error
Settings/Management/ click on Profile:
Fatal error: Uncaught --> Smarty: Unable to load template 'file:profile.tpl' <-- thrown in C:\AppServ\www\avs\include\smarty\libs\sysplugins\smarty_internal_template.php on line 195
Offline