Difference between revisions of "Member Usernames & Passwords"
Tmm vincent (talk | contribs) |
|||
Line 39: | Line 39: | ||
The fields between the colons above are: $name, $required, $min, $max, $compare, $ses_compare, $special, and $convert. Simply change the $max field to the maximum number of characters you would like to be accepted as a username or password. | The fields between the colons above are: $name, $required, $min, $max, $compare, $ses_compare, $special, and $convert. Simply change the $max field to the maximum number of characters you would like to be accepted as a username or password. | ||
+ | |||
+ | == Detailed Username & Password Checks == | ||
+ | |||
+ | You can set more detailed limitations on both usernames and passwords by altering the section enclosed in brackets to look like this: | ||
+ | |||
+ | ''<nowiki>[username:1:6:16:::username_check_detailed;1|4|9|||]</nowiki>'' | ||
+ | |||
+ | ''<nowiki>[password:1:6:16:::password_check_detailed;1|4|9|||1|]</nowiki>'' | ||
+ | |||
+ | The fields between the pipes denote the following: | ||
+ | #First character must be a letter | ||
+ | #Minimum number of uppercase characters | ||
+ | #Minimum number of lowercase characters | ||
+ | #Required number of numbers | ||
+ | #Required number of special characters | ||
+ | For password_check_detailed only: | ||
+ | #All uppercase characters required | ||
+ | #All lowercase characters required | ||
== Reusing Old Usernames == | == Reusing Old Usernames == |
Revision as of 16:28, 13 July 2016
NATS 3
|
---|
NATS stores members' unencrypted and encrypted passwords by default. However, it also offers a feature that makes NATS only store a member's encrypted password for additional security. You can do this by going to the NATS4 Configuration Admin and going to the "Surfer Configuration" section. There, you will find an setting called MEMBERS_NO_UNENCRYPTED. Simply check this setting if you only want to store encrypted member passwords. Note: This means that NATS will not have this information to send to billers. If you are using a biller that requires password information to be sent to them from NATS, you will need to allow the specific billers' join page to enter the username and password information. When the biller sends this information back, we will still not store the password, but rather update the cryptpass accordingly so that authentication for the member still works.
You can also use additional Surfer Configuration settings to set further restrictions or permissions on member passwords and usernames. These settings include:
- MEMBERS_NO_ACTIVE_UNENCRYPTED - Does not store unencrypted passwords for active members only.
- USER_PASS_MATCHOK - Allows the member to have a matching username and password.
- REUSE_MATCHING_USERNAME - Allows the member to add a new subscription to an existing account when the username and e-mail address match.
- If a Username is taken, but status is expired or not signed up for more then 1 day:
- If the surfer signing up can match the email a new subscription is created in the existing member record.
- If the surfer signing up can not match the email, the existing member record gets renamed and a new member record is created.
- If a Username is taken, and is active:
- If the surfer can match the email with the original username, a new subscription gets created in the member record.
- If the surfer can not match the email, they will be prompted with an error that the name is already taken.
- If a Username is taken, but status is expired or not signed up for more then 1 day:
- REUSE_WITH_MATCHING_PASSWORD - Allows the member to add a new subscription to an existing account when the password matches.
- NO_RANDOM_PASSWORDS - Does not allow NATS to create a random password for members signing up without passwords.
- UNIQUE_MEMBER_NAMES - Determines whether or not members on separate sites can have the same username. For more information, please see our UNIQUE_MEMBER_NAMES writeup.
- MEMBER_GET_NEW_USERNAME - Allows NATS to recommend new usernames to surfers if their chosen name is already in use. For more information please see our MEMBER_GET_NEW_USERNAME writeup.
- RANDOM_USERPASS_DISALLOW_LIST - Sets disallowed characters for random username and password generation.
- NEVER_RENAME_EXPIRED_MEMBERS - Disallows NATS from renaming any expired members. This will prevent members from signing back up unless REUSE_MATCHING_USERNAME is on.
Limiting Username & Password Length
To limit a member's username and password length, find the following code on the pre-join form template:
<TD class="join_name">Username:</TD><TD class="join_value"><input class="join_input" type="text" name="signup[username:1:6:16:::username_check]" value="{$vars.username}">...
An important section to note is the following: [username:1:6:16:::username_check]
The fields between the colons above are: $name, $required, $min, $max, $compare, $ses_compare, $special, and $convert. Simply change the $max field to the maximum number of characters you would like to be accepted as a username or password.
Detailed Username & Password Checks
You can set more detailed limitations on both usernames and passwords by altering the section enclosed in brackets to look like this:
[username:1:6:16:::username_check_detailed;1|4|9|||]
[password:1:6:16:::password_check_detailed;1|4|9|||1|]
The fields between the pipes denote the following:
- First character must be a letter
- Minimum number of uppercase characters
- Minimum number of lowercase characters
- Required number of numbers
- Required number of special characters
For password_check_detailed only:
- All uppercase characters required
- All lowercase characters required
Reusing Old Usernames
NATS also allows you to reuse old usernames by adding the following variable to your join form template:
<input type="hidden" name="signup[rename_old_member]" value="1">
Random Usernames and Passwords on Join Forms
If you want to use a minimal join form, you should set the member's username and password to be automatically generated by NATS. You can do so by inputting the following code:
<input type="hidden" name="signup[random_userpass]" value="10:1:5">
By default, you can only use this if you want both a random username and a random password generated for the member. We have a feature available that let's you generate just random usernames or just random passwords, but it is not yet in a version. You can request this feature by asking for task 12893 in a support ticket. With this feature added, if either username or password is blank on the join page submit, and signup[random_userpass] was used, NATS will generate random values for the field that is blank.