NATS stores members' unencrypted and encrypted passwords by default. However, it also offers a feature that makes NATS only store a member's encrypted password for additional security. You can do this by going to the NATS4 Configuration Admin and going to the "Surfer Configuration" section. There, you will find an setting called MEMBERS_NO_UNENCRYPTED. Simply check this setting if you only want to store encrypted member passwords.
Note: This means that NATS will not have this information to send to billers. If you are using a biller that requires password information to be sent to them from NATS, you will need to allow the specific billers' join page to enter the username and password information. When the biller sends this information back, we will still not store the password, but rather update the cryptpass accordingly so that authentication for the member still works.
You can also use additional Surfer Configuration settings to set further restrictions or permissions on member passwords and usernames. These settings include:
- MEMBERS_NO_ACTIVE_UNENCRYPTED - Does not store unencrypted passwords for active members only.
- USER_PASS_MATCHOK - Allows the member to have a matching username and password.
- REUSE_MATCHING_USERNAME - Allows the member to add a new subscription to an existing account when the username and e-mail address match.
- If a Username is taken, but status is expired or not signed up for more then 1 day:
- If the surfer signing up can match the email a new subscription is created in the existing member record.
- If the surfer signing up can not match the email, the existing member record gets renamed and a new member record is created.
- If a Username is taken, and is active:
- If the surfer can match the email with the original username, a new subscription gets created in the member record.
- If the surfer can not match the email, they will be prompted with an error that the name is already taken.
- REUSE_WITH_MATCHING_PASSWORD - Allows the member to add a new subscription to an existing account when the password matches.
- NO_RANDOM_PASSWORDS - Does not allow NATS to create a random password for members signing up without passwords.
- UNIQUE_MEMBER_NAMES - Determines whether or not members on separate sites can have the same username. For more information, please see our UNIQUE_MEMBER_NAMES writeup.
- MEMBER_GET_NEW_USERNAME - Allows NATS to recommend new usernames to surfers if their chosen name is already in use. For more information please see our MEMBER_GET_NEW_USERNAME writeup.
- RANDOM_USERPASS_DISALLOW_LIST - Sets disallowed characters for random username and password generation.
- NEVER_RENAME_EXPIRED_MEMBERS - Disallows NATS from renaming any expired members. This will prevent members from signing back up unless REUSE_MATCHING_USERNAME is on.
Limiting Username & Password Length
To limit a member's username and password length, find the following code on the pre-join form template:
<TD class="join_name">Username:</TD><TD class="join_value"><input class="join_input" type="text"
name="signup[username:1:6:16:::username_check]" value="{$vars.username}">...
An important section to note is the following: [username:1:6:16:::username_check]
The fields between the colons above are: $name, $required, $min, $max, $compare, $ses_compare, $special, and $convert. Simply change the $max field to the maximum number of characters you would like to be accepted as a username or password.
Reusing Old Usernames
NATS also allows you to reuse old usernames by adding the following variable to your join form template:
<input type="hidden" name="signup[rename_old_member]" value="1">