Issue #275 has been updated by Jason Shugart.
Sounds good. The complex change to a number would mean 1, 2, 3, or 4 different character types required, I assume. That is easy. I agree 60 seconds may be too small, but 1 hour seems pretty long. I wanted it short for me so it would be less likely to be used again or by someone else. I'll set it to an hour by default and will change it for my own install. For the .SID, I fought with that for awhile. I think the issue came down to having a session defined by a cookie using PHPSESSID. If somehow a session was set with this instead of token, nothing would show up when I used .SID. Using session_id seemed to be the most reliable way to get the id on the URL. I'll upload another patch when I get the changes made. ---------------------------------------- Feature #275: Added a couple of features http://tools.lsc-project.org/issues/275 Author: Jason Shugart Status: Assigned Priority: Normal Assigned to: Clément Oudot Category: Self Service Password Target version: self-service-password-0.5 I ran across the Self Service Password tool and really liked it. However, there were a couple of items that I thought might be useful. I coded the changes and have tested them a bit. Feel free to adjust as needed to throw out entirely. My changes: 1. Email notification whenever your password is changed. I added a $notify_on_change to the config, and if true sends an email to the user letting them know their password was changed. 2. Added a $mail_from variable to the config. This way any emails will have a valid return address. 3. Token expiration The previous code could potentially allow someone else to reset your password if they found the link in their email. I added an expiration time (default to 60 seconds) so any request after the 60 seconds to change the password will result in an invalid token. 4. Added a complex password check Much like the windows complexity check for 3 of the 4 character types (upper, lower, digits, special). 5. Fixed a couple of bugs in the check_password_strength function calls I'll attach the patch files. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
