What also might need to be considered is to have the reset user account auto logoff after a specified amount of time just to stop someone being logged in as it and trying to hack or trying to tie up a workstation.
I wrote the question checking as seperate functions i.e check question 1 and 2, 1 and 3, 2 and 1, 2 and 3 etc... but if that can be tidied up then fine.
RoyaMarie (5th November 2013)
Other things that need doing to finish this off are there is a counter field in the db this could be used to count the number of times a person tries to answer the questions. Up to say 3 attempts are allowed before they aren't allowed to try anymore counter is reset on a successfull set of answers.
Maybe add date of birth as an additional check.
Need to add in validation rules to make sure they pick a question and can't leave it at the default "pick a question" selection, this can be done with the validation .js that's now there.
Form to allow them to update their details.
Form to allow an admin to lookup their semi secret question used to confirm identity.
Right, Self Service Password Reset version 2 is done.
New features include:
[list][*]Easily reskinable front-end template[*]Client-side and server-side form validation[*]Lockout counter to prevent malicious use[*]Multiple methods for new password selection
[list=1][*]Static password used for all users[*]CSV file containing user/password pairs[*]A random alphanumeric string of fixed or variable length[*]A password chosen at random from a TXT file of possibilities[*]A password chosen by the user[/list][*]Admin section for looking up user details, resetting user passwords, resetting user lockout counter, removing users answers from database, and verifying user identity with their semi-secret question[*]Update section allowing users to remove themselves from database so they can reregister[*]Ability to automatically remove user from database when they reset their password to force reregistration[*]Two levels of admin access controlled by AD security group membership[*]Config file containing all implementation specific variables[/list]
Full setup details are included in the zip.
If there are any more features you'd still like to see in this, let me know and I'll look into doing a 2.1.
8 downloads and no comments?
People said this was something they wanted any feedback guys?
I guess it's perfect and bugfree.
That would be one way of looking at it Geoff
Aaah, just got around to setting it up, took no more than an hour.
Thought i'd thank you guys and let you know that we'll be using it from september. Anybody that approaces us to get their passwords reset when we have this in place will be charged for the privilege.
Thanks very much.
Will be trialling in the hols - will let U guys know
Thanks in advance
It's nice to know that others are finding this useful, you'll still get some muppets who forget their answers too, but that's inevitable.
But if you can get away with charging for resets (I can't), it'll help with the weekly biscuit (or beer) fund
Thanks for the feedback guys I'm going to put the current version in place during the summer as well after I've rejigged my servers and stuff.
@Irazmus: Is it now complete or was there any other bit we were going to add?
I'm pretty sure we'd finalised on v2.0, but I'm planning one more small update during the summer anyway. I'm going to stop storing answers MD5 hashed and simpy store them as plain text. It's less secure, but it's annoying when they not only forget their password, but 1 or 2 of their reset answers too (or at least how they spelled them). And sods law dictates if they can only remember 1 reset answer, it won't be the one you didn't hash >_<
But like most other changes I've made, there'll be a switch in the config file so you can have whichever method you prefer.
Unless anyone has any other suggestions (or bugs), I think that'll be it.
Ok cool thanks for all the work you've put into the project mate. I think I hashed them originally because I'd found a security issue where you could dump someones answers and hashing them removed this problem.
I've knocked up a couple of pdf's that you can print out to display in rooms giving instructions on using this system.
There are currently 1 users browsing this thread. (0 members and 1 guests)