NATS stores members' unencrypted and encrypted passwords by default. However, it also offers a feature that makes NATS only store a member's encrypted password for additional security. You can do this by going to the NATS4 Configuration Admin and going to the "Surfer Configuration" section. There, you will find an setting called MEMBERS_NO_UNENCRYPTED. Simply check this setting if you only want to store encrypted member passwords.
Note: This means that NATS will not have this information to send to billers. If you are using a biller that requires password information to be sent to them from NATS, you will need to allow the specific billers' join page to enter the username and password information. When the biller sends this information back, we will still not store the password, but rather update the cryptpass accordingly so that authentication for the member still works.
You can also use additional Surfer Configuration settings to set further restrictions or permissions on member passwords and usernames. These settings include:
- MEMBERS_NO_ACTIVE_UNENCRYPTED - Does not store unencrypted passwords for active members only.
- USER_PASS_MATCHOK - Allows the member to have a matching username and password.
- REUSE_MATCHING_USERNAME - Allows the member to add a new subscription to an existing account when the username and e-mail address match.
- If a Username is taken, but status is expired or not signed up for more then 1 day:
- If the surfer signing up can match the email a new subscription is created in the existing member record.
- If the surfer signing up can not match the email, the existing member record gets renamed and a new member record is created.
- If a Username is taken, and is active:
- If the surfer can match the email with the original username, a new subscription gets created in the member record.
- If the surfer can not match the email, they will be prompted with an error that the name is already taken.
- REUSE_WITH_MATCHING_PASSWORD - Allows the member to add a new subscription to an existing account when the password matches.
- NO_RANDOM_PASSWORDS - Does not allow NATS to create a random password for members signing up without passwords.
- UNIQUE_MEMBER_NAMES - Determines whether or not members on separate sites can have the same username. For more information, please see our UNIQUE_MEMBER_NAMES writeup.
- MEMBER_GET_NEW_USERNAME - Allows NATS to recommend new usernames to surfers if their chosen name is already in use. For more information please see our MEMBER_GET_NEW_USERNAME writeup.
- RANDOM_USERPASS_DISALLOW_LIST - Sets disallowed characters for random username and password generation.
- NEVER_RENAME_EXPIRED_MEMBERS - Disallows NATS from renaming any expired members. This will prevent members from signing back up unless REUSE_MATCHING_USERNAME is on.
Limiting Username & Password Length
To limit a member's username and password length, find the following code on the pre-join form template:
<TD class="join_name">Username:</TD><TD class="join_value"><input class="join_input" type="text"
name="signup[username:1:6:16:::username_check]" value="{$vars.username}">...
An important section to note is the following: [username:1:6:16:::username_check]
The fields between the colons above are: $name, $required, $min, $max, $compare, $ses_compare, $special, and $convert. Simply change the $max field to the maximum number of characters you would like to be accepted as a username or password.
Detailed Username & Password Checks
You can set more detailed limitations on both usernames and passwords by altering the section enclosed in brackets to look like this:
[username:1:6:16:::username_check_detailed;1|4|9|0|0|0]
[password:1:6:16:::password_check_detailed;1|0|0|5|3|1|0]
The details after the "username_check_detailed;" separated by a pipe "|" define the specific settings:
- (Flag 1 or 0) - Defines whether or not the first character MUST be a letter
- (Numeric) - Defines the minimum number of upper case characters there needs to be
- (Numeric) - Defines the minimum number of lower case characters there needs to be
- (Numeric) - Defines the minimum number of Numbers (0-9) there needs to be
- (Flag 1 or 0) - Defines whether or not all characters MUST be upper case (This overrides the numeric lower case check)
- (Flag 1 or 0) - Defines whether or not all characters MUST be lower case (This overrides the numeric upper case check)
In the example:
[username:1:6:16:::username_check_detailed;1|4|9|0|0|0]
The limitations set here say that for the Username:
- The first character must be a letter
- There must be at least 4 upper case letters
- There must be at least 9 lower case
For the "password_check_detailed" check, the details after the "password_check_detailed;" separated by a pipe "|" define the specific settings:
- (Flag 1 or 0) - Defines whether or not the first character MUST be a letter.
- (Numeric) - Defines the minimum number of upper case characters there needs to be.
- (Numeric) - Defines the minimum number of lower case characters there needs to be.
- (Numeric) - Defines the minimum number of Numbers (0-9) there needs to be.
- (Numeric) - Defines the minimum number of Special Characters there needs to be (Anything that is not a letter or a number).
- (Flag 1 or 0) - Defines whether or not all characters MUST be upper case (This overrides the numeric lower case check).
- (Flag 1 or 0) - Defines whether or not all characters MUST be lower case (This overrides the numeric upper case check).
In the example:
[password:1:6:16:::password_check_detailed;1|0|0|5|3|1|0]
The limitations set here say that for the Password:
- The first character must be a letter
- There must be at least 5 Numeric Characters
- There must be at least 3 Special Characters
- Any Alphabetic characters must be uppercase
More check functions that can be used on username and password inputs are described in this article:
Form Validation
Reusing Old Usernames
NATS also allows you to reuse old usernames by adding the following variable to your join form template:
<input type="hidden" name="signup[rename_old_member]" value="1">
Random Usernames and Passwords on Join Forms
If you want to use a minimal join form, you should set the member's username and password to be automatically generated by NATS. You can do so by inputting the following code:
<input type="hidden" name="signup[random_userpass]" value="10:1:5">
- The first parameter sets the character length for both the username and password field.
- The second parameter can be set to either 0 to allow for uppercase, lowercase letters, and numbers, or 1 to allow only lowercase letters and numbers.
- The third parameter sets the number of attempts to generate the random username and password.
- The above example would specify a random username and password that are 10 characters long, allowing only lowercase letters and numbers, over 5 attempts.
On older NATS versions, you can only use this if you want both a random username and a random password generated for the member. On NATS versions 4.1.10.1 and above, if either username or password is blank on the join page submit and signup[random_userpass] was used, NATS will generate random values for the field that is blank.