User ID Creation

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
6/14/2011 4:47:47 AM
Gravatar
Total Posts 70

Creating New User - Validations

Hi,

I am currently adding user on my website I noticed 

  • creation of username with special characters was allowed -How can restrict special characters in Usernames?
  • username can be the same as user password. -I want to put validations on this this should not be allowed username should be different from password. 
  • when I reset my password I can used the old password - How can I set this to validate the old password cannot be used again when setting new password.
  • how to set my session to timeout in 15 minutes of idle time.

What files am I going to edit on this concerns? I need to implement this on my existing project.

Your help on this is greatly appreciated.

 

Thanks.

Cesse

6/14/2011 5:21:08 AM
Gravatar
Total Posts 108
Community Expert

Re: User ID Creation

To restrict the characters used in the user name creation you can add this to your user.config

<add key="UserNameValidationExpression" value="" />

"You can specify a regular expression to constrain what characters may be used for the
         User ID. This is also used for the Display Name when a user registers. If you leave it
         blank, no validation will occur. For instance, to limit it to alpha numeric characters and
         underscore, you could use an expression like:
               ^[a-zA-Z0-9_]{5,20}$
         This requires a user id with minumum length 5, and max length 20, that can only use
         alphanumeric characters and underscore. Make sure you do not enter an invalid regular
         expression or it can cause an error. Also make sure the UserNameValidationWarning setting has
         a message that can help the user correct the problem if they enter something invalid"

And add this for show a message to the users

<add key="UserNameValidationWarning" value="User ID must use only alpha numeric characters and underscores" />

if your using forms authentication change the timeout

<authentication mode="Forms">
      <forms name=".mojochangeme" protection="All" timeout="50000000" path="/" cookieless="UseCookies"/>
    </authentication>

 

 

6/15/2011 1:06:56 AM
Gravatar
Total Posts 70

Re: User ID Creation

Thanks for your quick reply.

Can you please address also this issue or any idea how will I implement these items.

 

  1. username can be the same as user password. -I want to put validations on this this should not be allowed username should be different from password.
  2. when I reset my password I can used the old password - How can I set this to validate the old password cannot be used again when setting new password.

Thanks.

Your help is greatly appreciated.

Cesse


 

6/15/2011 10:00:11 AM
Gravatar
Total Posts 1204
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: User ID Creation

For #1, I don't think there's a direct way to do it, but as a workaround you can use the same idea that German outlined for username validation, but for the password. Navigate to Administration, Site Settings, Security. Either set "Minimum Password Non-Alphanumeric Characters Required" or add a "Password Strength Regular Expression" and "Password Strength Error Message" that forces the use of special characters in the password. That will ensure that the username and password don't match.

#2 will be an enhancement request, as far as I know. I'm not sure how useful that option will be, since there is no password expiration ability. Typically a "password must be different than the last X passwords" option is used in conjunction with a timed password expiration option. In mojoPortal, a password reset will only happen if someone forgets their password and requests a new one, or an administrator manually changes their password so they can't get in without a reset.

Hope that helps,

Jamie

6/15/2011 10:12:27 AM
Gravatar
Total Posts 18439

Re: User ID Creation

There is also a setting in Site Settings for "Require Password Change after Recovery or Reset".

If this is enabled then the user will be forced to change their password after recovery or reset (which is good since the recovery or reset password is sent via email). It does not let the user use the same password as was recovered or reset. But we don't keep history of passwords so it can't prevent someone from re-using all passwords they may have used in the past, but only forces them to change from the current password.

So the flow is.

User does recover or reset and gets a password by email

User signs in with the password sent to him but is immediately forced to change it and it cannot be the same as the current one.

Of course with hashed password the current password is randomly generated by recovery/reset since the original cannot be decrypted. So in this case nothing prevents the user from using the same password they had before since the current password is random and not the one they had before. But typically reset/recovery is initiated by a user who can't remember his password so it is less likely that the new one will be the same as the old one.

Hope that helps,

Joe

6/17/2011 4:24:01 AM
Gravatar
Total Posts 70

Re: User ID Creation

 

Thank you. :D

 

 

You must sign in to post in the forums. This thread is closed to new posts.