"Change password" feature

Mika · Post by **Mika** » Tue Sep 28, 2004 11:15 am

User, who has no rights to User Management, can not change their passwords. This calls for users some disadvantages.
If I didn't miss anything in an application, this needs only one line change (add word "Change Passwd" and href into auth_passwdchange php file) in two files: top_header.php and top_graph_header.php.

Would it be possible to include this feture into next releases?
Is there any more things which needs to be chcanged/added into application in order to have "Change psswd" feature?

Best regards,
Mika

Mika · Post by **Mika** » Fri Nov 12, 2004 5:01 pm

Here are two patch files which allows to have "change password" feature close to "Logout" link.
Sorry, I didn't merged these two patch files into one, but eother way - this works at least for me)

By the way, this is done for cacti-0.8.5 version

Mika · Post by **Mika** » Fri Nov 12, 2004 5:05 pm

I don't knwo why, but attachement doesn't work, so I will print these files out here.
First file (cacti-0.8.5-ChangePassword-Top_Header.patch):

Code: Select all

--- top_header.php.bak	Wed Sep 29 15:35:01 2004
+++ top_header.php	Wed Sep 29 15:53:57 2004
@@ -65,7 +65,7 @@
 					</td>
 					<td align="right">
 						<?php if (read_config_option("global_auth") == "on") { ?>
-						Logged in as <strong><?php print db_fetch_cell("select username from user_auth where id=" . $_SESSION["sess_user_id"]);?></strong> (<a href="logout.php">Logout</a>)&nbsp;
+						Logged in as <strong><?php print db_fetch_cell("select username from user_auth where id=" . $_SESSION["sess_user_id"]);?></strong> |<a href="auth_changepassword.php"> Change password </a>|<a href="logout.php"> Logout </a>| &nbsp;
 						<?php } ?>
 					</td>
 				</tr>

And this is a (cacti-0.8.5-ChangePassword-Top_Graph_Header.patch) file's output:

Code: Select all

--- top_graph_header.php.bak	Wed Sep 29 15:35:08 2004
+++ top_graph_header.php	Wed Sep 29 15:54:48 2004
@@ -121,7 +121,7 @@
 					</td>
 					<td align="right">
 						<?php if ((isset($_SESSION["sess_user_id"])) && ($using_guest_account == false)) { ?>
-						Logged in as <strong><?php print db_fetch_cell("select username from user_auth where id=" . $_SESSION["sess_user_id"]);?></strong> (<a href="logout.php">Logout</a>)&nbsp;
+						Logged in as <strong><?php print db_fetch_cell("select username from user_auth where id=" . $_SESSION["sess_user_id"]);?></strong> |<a href="auth_changepassword.php"> Change password </a>|<a href="logout.php"> Logout </a>|&nbsp;
 						<?php } ?>
 					</td>
 				</tr>

Post by **rony** » Fri Nov 12, 2004 5:12 pm

I was just thinking about this today. I have been working on revamping the loging and user systems. I will add this suggestion to the next release.

Thanks,

Post by **TheWitness** » Sat Nov 13, 2004 10:16 am

Rony,

Please incorporate password aging in your code. Don't care if it's a dropdown iwth 30, 60, 90, 120 days or a textbox. It would be optional and applicable at the user level.

Password rotation would be optional and at your discretion.

The first involves only a change to a table, the second may be a little more difficult especially if we are interested in maintaining privacy.

TheWitness

Post by **rony** » Sat Nov 13, 2004 10:53 am

Password rotation really isn't a privacy issue, the password are not stored in clear text. I would tend to tell people to use LDAP so that there is other means handle this. But that's just my opinion.

Expiration is easy, just have to add 2 columns to support it. Something to store when the password was last changed and the interval it is changed.

Also, need to intergrate a method of informing the user that a password change is coming up soon.

All and all, I don't see an issue intergrating this, just don't want to have to much feature creep...

I'd like to be done with the auth code by the end of the year.

Post by **TheWitness** » Sat Nov 13, 2004 5:11 pm

Post by **TheWitness** » Sat Nov 13, 2004 5:14 pm

Oh, one more thing, now that you are adding "change password" feature. There are some users who should not have authority to do so. Therefore, you need another bitty field in the user's table for the setting "User Can Not Change Password" (a.k.a. Guest).

Larry

Post by **rony** » Sat Nov 13, 2004 5:39 pm

*cough*

Go download the latest CVS and try it....

You have to give the user permissions to even get to the form. If they don't have permissions they will get an Access Denied. It also works properly when guests are redirected to the graph_view.php and attempt to access the change password.

And if it really is a guest, when viewing graph_view.php you will not get the link to change the password.

Post by **TheWitness** » Sat Nov 13, 2004 6:08 pm

Sorry you are still not feeling well...

Post by **rony** » Fri Nov 26, 2004 1:57 am

Password expiration has been added to cacti 0.8.7.

Although it is still alpha, it there..

Mika · Post by **Mika** » Tue Feb 08, 2005 3:13 pm

Thanks for this feature.
Didn't tried 0.8.7 yet but hopefully will do so soon

Post by **rony** » Tue Feb 08, 2005 3:26 pm

It works, accually annoyed myself yesterday, my admin password expired on me and it forced me to change it. And it wouldn't let me use the old one!!

Cacti

"Change password" feature

"Change password" feature

Who is online