Member Usernames & Passwords

From TMM Wiki
Jump to navigationJump to search
NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
Skins and Templates Admin
The Skins and Templates Admin
Skins
Templates
Site Templates
Language Skins
Language Files
custom_errors.php
Join Page Variables
Skipping NATS Join Form
Post URL Variables
Member Usernames & Passwords
Form Validation
Username Recommendations
Password Retrieval
Post-Biller Templates
Geo-Target Join Options
Random Usernames and Passwords
Smarty
Smarty print array
Smarty Plugins
Available Smarty Functions
Affiliate Support Template
Adding a Verification Image
Custom Program and Campaign Selection Pages
Output An Affiliate's Last Paid Date
Affiliate Signup Email
Affiliate Join Page Linkcodes
Approval/Upgrade/Denial Variables
Approval/Upgrade/Denial Template Variables
CSS Theme Builder
NATS 3
Skins & Templates Admin
Smarty Plugins
Skins
Editing Skins
Creating Skins
Switching Skins
Templates
nats_code
Affiliate Stats Template
Affiliate Support Template
Affiliate Login Template
custom errors.php
Template Array Variable
Detailed Stats
NATS Variables
Dialer Statistics
Affiliate Signup
Post URL Variables
Member Usernames & Passwords
Output An Affiliate's Last Paid Date
Custom Program and Campaign Selection Pages
CAPTCHA Removal
Username Recommendations
Password Retrieval
Post-Biller Templates
Geo-Target Join Options
Template Caching
Random Usernames and Passwords
Base Templates
Protecting Template Data
Mail Reseller Signup Template Variable Names
Smarty
Smarty print array
News Section Templating
Affiliate Signup Email
Getting The NATSCode
Checking for Usernames on All Sites
Adding Stats to Affiliate Pages
Affiliate Join Page Linkcodes

NATS stores members' unencrypted and encrypted passwords by default. However, it also offers a feature that makes NATS only store a member's encrypted password for additional security. You can do this by going to the NATS4 Configuration Admin and going to the "Surfer Configuration" section. There, you will find an setting called MEMBERS_NO_UNENCRYPTED. Simply check this setting if you only want to store encrypted member passwords. Note: This means that NATS will not have this information to send to billers. If you are using a biller that requires password information to be sent to them from NATS, you will need to allow the specific billers' join page to enter the username and password information. When the biller sends this information back, we will still not store the password, but rather update the cryptpass accordingly so that authentication for the member still works.

You can also use additional Surfer Configuration settings to set further restrictions or permissions on member passwords and usernames. These settings include:

  • MEMBERS_NO_ACTIVE_UNENCRYPTED - Does not store unencrypted passwords for active members only.
  • USER_PASS_MATCHOK - Allows the member to have a matching username and password.
  • REUSE_MATCHING_USERNAME - Allows the member to add a new subscription to an existing account when the username and e-mail address match.
    • If a Username is taken, but status is expired or not signed up for more then 1 day:
      • If the surfer signing up can match the email a new subscription is created in the existing member record.
      • If the surfer signing up can not match the email, the existing member record gets renamed and a new member record is created.
    • If a Username is taken, and is active:
      • If the surfer can match the email with the original username, a new subscription gets created in the member record.
      • If the surfer can not match the email, they will be prompted with an error that the name is already taken.
  • REUSE_WITH_MATCHING_PASSWORD - Allows the member to add a new subscription to an existing account when the password matches.
  • NO_RANDOM_PASSWORDS - Does not allow NATS to create a random password for members signing up without passwords.
  • UNIQUE_MEMBER_NAMES - Determines whether or not members on separate sites can have the same username. For more information, please see our UNIQUE_MEMBER_NAMES writeup.
  • MEMBER_GET_NEW_USERNAME - Allows NATS to recommend new usernames to surfers if their chosen name is already in use. For more information please see our MEMBER_GET_NEW_USERNAME writeup.
  • RANDOM_USERPASS_DISALLOW_LIST - Sets disallowed characters for random username and password generation.
  • NEVER_RENAME_EXPIRED_MEMBERS - Disallows NATS from renaming any expired members. This will prevent members from signing back up unless REUSE_MATCHING_USERNAME is on.

Limiting Username & Password Length

To limit a member's username and password length, find the following code on the pre-join form template:

<TD class="join_name">Username:</TD><TD class="join_value"><input class="join_input" type="text"
name="signup[username:1:6:16:::username_check]" value="{$vars.username}">...

An important section to note is the following: [username:1:6:16:::username_check]

The fields between the colons above are: $name, $required, $min, $max, $compare, $ses_compare, $special, and $convert. Simply change the $max field to the maximum number of characters you would like to be accepted as a username or password.

Detailed Username & Password Checks

You can set more detailed limitations on both usernames and passwords by altering the section enclosed in brackets to look like this:

[username:1:6:16:::username_check_detailed;1|4|9|0|0|0]
[password:1:6:16:::password_check_detailed;1|0|0|5|3|1|0]


The details after the "username_check_detailed;" separated by a pipe "|" define the specific settings:

  1. (Flag 1 or 0) - Defines whether or not the first character MUST be a letter
  2. (Numeric) - Defines the minimum number of upper case characters there needs to be
  3. (Numeric) - Defines the minimum number of lower case characters there needs to be
  4. (Numeric) - Defines the minimum number of Numbers (0-9) there needs to be
  5. (Flag 1 or 0) - Defines whether or not all characters MUST be upper case (This overrides the numeric lower case check)
  6. (Flag 1 or 0) - Defines whether or not all characters MUST be lower case (This overrides the numeric upper case check)



In the example:
[username:1:6:16:::username_check_detailed;1|4|9|0|0|0]

The limitations set here say that for the Username:

  1. The first character must be a letter
  2. There must be at least 4 upper case letters
  3. There must be at least 9 lower case



For the "password_check_detailed" check, the details after the "password_check_detailed;" separated by a pipe "|" define the specific settings:

  1. (Flag 1 or 0) - Defines whether or not the first character MUST be a letter.
  2. (Numeric) - Defines the minimum number of upper case characters there needs to be.
  3. (Numeric) - Defines the minimum number of lower case characters there needs to be.
  4. (Numeric) - Defines the minimum number of Numbers (0-9) there needs to be.
  5. (Numeric) - Defines the minimum number of Special Characters there needs to be (Anything that is not a letter or a number).
  6. (Flag 1 or 0) - Defines whether or not all characters MUST be upper case (This overrides the numeric lower case check).
  7. (Flag 1 or 0) - Defines whether or not all characters MUST be lower case (This overrides the numeric upper case check).



In the example:
[password:1:6:16:::password_check_detailed;1|0|0|5|3|1|0]

The limitations set here say that for the Password:

  1. The first character must be a letter
  2. There must be at least 5 Numeric Characters
  3. There must be at least 3 Special Characters
  4. Any Alphabetic characters must be uppercase

More check functions that can be used on username and password inputs are described in this article: Form Validation

Reusing Old Usernames

NATS also allows you to reuse old usernames by adding the following variable to your join form template:

<input type="hidden" name="signup[rename_old_member]" value="1">

Random Usernames and Passwords on Join Forms

If you want to use a minimal join form, you should set the member's username and password to be automatically generated by NATS. You can do so by inputting the following code:

<input type="hidden" name="signup[random_userpass]" value="10:1:5">
  • The first parameter sets the character length for both the username and password field.
  • The second parameter can be set to either 0 to allow for uppercase, lowercase letters, and numbers, or 1 to allow only lowercase letters and numbers.
  • The third parameter sets the number of attempts to generate the random username and password.
  • The above example would specify a random username and password that are 10 characters long, allowing only lowercase letters and numbers, over 5 attempts.

On older NATS versions, you can only use this if you want both a random username and a random password generated for the member. On NATS versions 4.1.10.1 and above, if either username or password is blank on the join page submit and signup[random_userpass] was used, NATS will generate random values for the field that is blank.