Does anyone have experience modifying an existing Security Module from non-encrypted PW to MD5 encryption? And, any advice on the best way to add PW complexity script requiring number of characters, upper/lower case, number, symbol, etc., to run onValidate? This would need to be server-side validation, not JS (or not just JS.)
Thanks in advance.
Well if your talking about scriptcase security is already MD5 look at the add or edit user and the before update and before add should be setting md5.
as far as password complexity i would suggest looking at something like this:
Just googled php password complexity
http://stackoverflow.com/questions/10752862/password-strength-check-in-php
A little function i use for password complexity …
if (preg_match("#.^(?=.{8,20})(?=.[a-z])(?=.[A-Z])(?=.[0-9])(?=.\W).$#", {Test})){
//
} else {
$error_message = 'Password needs to be:<BR>
Between 8 and 20 characters long<BR>
Must include at least 1 number<BR>
Must include at least 1 letter<BR>
Must include at least 1 CAPS<BR>
Must include at least 1 Symbol'; // Error message
sc_error_message($error_message);
}
Thanks, guys. I will check out these solutions.
So, I was trying to use existing Security applications generated which didn’t use encryption to apps that DID use MD5. And I needed to have a password complexity check done to include one lowercase, one uppercase, one symbol, one number and at least 8 characters…
I was able to update my Security applications to use MD5 (there are a couple of places in the PHP Methods and Events where the password field needs to be changed from pwd to md5(pwd) and the email sent had to be updated to include the act_code). And william@victus-vsku.co.uk - THANKS! Your function worked like a charm when used as-is in the onValidate event in the sec_change_pswd app as the last bit. Cheers!
6 months later MD5 in add-user form is still not working