+ Post New Thread
Page 2 of 19 FirstFirst 12345612 ... LastLast
Results 16 to 30 of 274
EduGeek Self Service Password Reset Thread, Self Service Password Reset in Projects:; Irazmus: From what I can remember and I do need to revisit the code is that I think the remaingin ...
  1. #16

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    Irazmus: From what I can remember and I do need to revisit the code is that I think the remaingin 2 things that need doing to make it usable is too not allow null answers and I have a really good javascript at work for that and to also not allow them to pick the same 3 questions to answer.

    What also might need to be considered is to have the reset user account auto logoff after a specified amount of time just to stop someone being logged in as it and trying to hack or trying to tie up a workstation.

    Cheers,

    Ben

  2. #17

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    http://www.javascript-coder.com/html...lidation.phtml is the form validator I've been using.

    Ben

  3. #18

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    Ok just changed register.html to need to have answers filled in and to not allow you to pick the same question more than once using the javascript validator.

    I wrote the question checking as seperate functions i.e check question 1 and 2, 1 and 3, 2 and 1, 2 and 3 etc... but if that can be tidied up then fine.

    Ben
    Attached Files Attached Files

  4. Thanks to plexer from:

    RoyaMarie (5th November 2013)

  5. #19

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    Other things that need doing to finish this off are there is a counter field in the db this could be used to count the number of times a person tries to answer the questions. Up to say 3 attempts are allowed before they aren't allowed to try anymore counter is reset on a successfull set of answers.

    Maybe add date of birth as an additional check.

    Need to add in validation rules to make sure they pick a question and can't leave it at the default "pick a question" selection, this can be done with the validation .js that's now there.

    Form to allow them to update their details.

    Form to allow an admin to lookup their semi secret question used to confirm identity.

    Ben

  6. #20
    Irazmus's Avatar
    Join Date
    Feb 2006
    Location
    Suffolk
    Posts
    313
    Thank Post
    13
    Thanked 19 Times in 14 Posts
    Rep Power
    22

    Re: Self Service Password Reset

    Right, Self Service Password Reset version 2 is done.

    New features include:
    [list][*]Easily reskinable front-end template[*]Client-side and server-side form validation[*]Lockout counter to prevent malicious use[*]Multiple methods for new password selection
    [list=1][*]Static password used for all users[*]CSV file containing user/password pairs[*]A random alphanumeric string of fixed or variable length[*]A password chosen at random from a TXT file of possibilities[*]A password chosen by the user[/list][*]Admin section for looking up user details, resetting user passwords, resetting user lockout counter, removing users answers from database, and verifying user identity with their semi-secret question[*]Update section allowing users to remove themselves from database so they can reregister[*]Ability to automatically remove user from database when they reset their password to force reregistration[*]Two levels of admin access controlled by AD security group membership[*]Config file containing all implementation specific variables[/list]

    Full setup details are included in the zip.

    If there are any more features you'd still like to see in this, let me know and I'll look into doing a 2.1.
    Attached Files Attached Files

  7. #21

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    8 downloads and no comments?
    People said this was something they wanted any feedback guys?

    Ben

  8. #22

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Self Service Password Reset

    I guess it's perfect and bugfree.

  9. #23

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    That would be one way of looking at it Geoff

    Ben

  10. #24

    Join Date
    Jul 2005
    Location
    Rugby
    Posts
    432
    Thank Post
    17
    Thanked 66 Times in 61 Posts
    Rep Power
    35

    Re: Self Service Password Reset

    Aaah, just got around to setting it up, took no more than an hour.

    Thought i'd thank you guys and let you know that we'll be using it from september. Anybody that approaces us to get their passwords reset when we have this in place will be charged for the privilege.

    Thanks very much.

    Matt

  11. #25
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Self Service Password Reset

    Will be trialling in the hols - will let U guys know

    Thanks in advance

  12. #26
    Irazmus's Avatar
    Join Date
    Feb 2006
    Location
    Suffolk
    Posts
    313
    Thank Post
    13
    Thanked 19 Times in 14 Posts
    Rep Power
    22

    Re: Self Service Password Reset

    It's nice to know that others are finding this useful, you'll still get some muppets who forget their answers too, but that's inevitable.
    But if you can get away with charging for resets (I can't), it'll help with the weekly biscuit (or beer) fund

  13. #27

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    Thanks for the feedback guys I'm going to put the current version in place during the summer as well after I've rejigged my servers and stuff.

    @Irazmus: Is it now complete or was there any other bit we were going to add?

    Cheers,

    Ben

  14. #28
    Irazmus's Avatar
    Join Date
    Feb 2006
    Location
    Suffolk
    Posts
    313
    Thank Post
    13
    Thanked 19 Times in 14 Posts
    Rep Power
    22

    Re: Self Service Password Reset

    I'm pretty sure we'd finalised on v2.0, but I'm planning one more small update during the summer anyway. I'm going to stop storing answers MD5 hashed and simpy store them as plain text. It's less secure, but it's annoying when they not only forget their password, but 1 or 2 of their reset answers too (or at least how they spelled them). And sods law dictates if they can only remember 1 reset answer, it won't be the one you didn't hash >_<

    But like most other changes I've made, there'll be a switch in the config file so you can have whichever method you prefer.

    Unless anyone has any other suggestions (or bugs), I think that'll be it.

  15. #29

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    Ok cool thanks for all the work you've put into the project mate. I think I hashed them originally because I'd found a security issue where you could dump someones answers and hashing them removed this problem.

    Ben

  16. #30

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,272
    Thank Post
    614
    Thanked 1,567 Times in 1,407 Posts
    Rep Power
    412

    Re: Self Service Password Reset

    I've knocked up a couple of pdf's that you can print out to display in rooms giving instructions on using this system.

    Ben
    Attached Thumbnails Attached Thumbnails Self Service Password Reset-sspr_reset.pdf   Self Service Password Reset-sspr_registration.pdf  

SHARE:
+ Post New Thread
Page 2 of 19 FirstFirst 12345612 ... LastLast

Similar Threads

  1. Password Reset form for ICT staff
    By Rozzer in forum Windows
    Replies: 21
    Last Post: 30th January 2013, 10:01 AM
  2. apc powerchute buisness ed reset password
    By russdev in forum Windows
    Replies: 7
    Last Post: 8th November 2011, 12:35 PM
  3. bulk password reset
    By Jonny_sims in forum Windows
    Replies: 10
    Last Post: 26th September 2011, 10:12 PM
  4. Cisco Switch Password Reset
    By FN-GM in forum Wireless Networks
    Replies: 6
    Last Post: 10th October 2007, 09:15 AM
  5. Need to reset a local account's password
    By timbo343 in forum Scripts
    Replies: 1
    Last Post: 21st September 2007, 01:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •