User ID Creation

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

6/14/2011 4:47:47 AM

Princesse

Total Posts 70

View Posts

Creating New User - Validations

Hi,

I am currently adding user on my website I noticed

creation of username with special characters was allowed -How can restrict special characters in Usernames?
username can be the same as user password. -I want to put validations on this this should not be allowed username should be different from password.
when I reset my password I can used the old password - How can I set this to validate the old password cannot be used again when setting new password.
how to set my session to timeout in 15 minutes of idle time.

What files am I going to edit on this concerns? I need to implement this on my existing project.

Your help on this is greatly appreciated.

Thanks.

Cesse

6/14/2011 5:21:08 AM

germandb

Total Posts 108

View Posts

Re: User ID Creation

To restrict the characters used in the user name creation you can add this to your user.config

"You can specify a regular expression to constrain what characters may be used for the
         User ID. This is also used for the Display Name when a user registers. If you leave it
         blank, no validation will occur. For instance, to limit it to alpha numeric characters and
         underscore, you could use an expression like:
               ^[a-zA-Z0-9_]{5,20}$
         This requires a user id with minumum length 5, and max length 20, that can only use
         alphanumeric characters and underscore. Make sure you do not enter an invalid regular
         expression or it can cause an error. Also make sure the UserNameValidationWarning setting has
         a message that can help the user correct the problem if they enter something invalid"

And add this for show a message to the users

if your using forms authentication change the timeout

6/15/2011 1:06:56 AM

Princesse

Total Posts 70

View Posts

Re: User ID Creation

Thanks for your quick reply.

Can you please address also this issue or any idea how will I implement these items.

username can be the same as user password. -I want to put validations on this this should not be allowed username should be different from password.
when I reset my password I can used the old password - How can I set this to validate the old password cannot be used again when setting new password.

Thanks.

Your help is greatly appreciated.

Cesse

6/15/2011 10:00:11 AM

Jamie E

Total Posts 1203

View Posts

Help support mojoPortal!
Add-on modules

Re: User ID Creation

For #1, I don't think there's a direct way to do it, but as a workaround you can use the same idea that German outlined for username validation, but for the password. Navigate to Administration, Site Settings, Security. Either set "Minimum Password Non-Alphanumeric Characters Required" or add a "Password Strength Regular Expression" and "Password Strength Error Message" that forces the use of special characters in the password. That will ensure that the username and password don't match.

#2 will be an enhancement request, as far as I know. I'm not sure how useful that option will be, since there is no password expiration ability. Typically a "password must be different than the last X passwords" option is used in conjunction with a timed password expiration option. In mojoPortal, a password reset will only happen if someone forgets their password and requests a new one, or an administrator manually changes their password so they can't get in without a reset.

Hope that helps,

Jamie

6/15/2011 10:12:27 AM

Joe Audette

Total Posts 18439

View Posts

Re: User ID Creation

There is also a setting in Site Settings for "Require Password Change after Recovery or Reset".

If this is enabled then the user will be forced to change their password after recovery or reset (which is good since the recovery or reset password is sent via email). It does not let the user use the same password as was recovered or reset. But we don't keep history of passwords so it can't prevent someone from re-using all passwords they may have used in the past, but only forces them to change from the current password.

So the flow is.

User does recover or reset and gets a password by email

User signs in with the password sent to him but is immediately forced to change it and it cannot be the same as the current one.

Of course with hashed password the current password is randomly generated by recovery/reset since the original cannot be decrypted. So in this case nothing prevents the user from using the same password they had before since the current password is random and not the one they had before. But typically reset/recovery is initiated by a user who can't remember his password so it is less likely that the new one will be the same as the old one.

Hope that helps,

Joe

6/17/2011 4:24:01 AM

Princesse

Total Posts 70

View Posts

Re: User ID Creation

Thank you. :D

You must sign in to post in the forums. This thread is closed to new posts.