Ver 2.53, how to disable check against password list or use password anyway

4 posts by 3 authors in: Forums > CMS Builder
Last Post: April 12, 2013   (RSS)

By Codee - April 11, 2013

I have a client that just got upgraded to ver2.53. They have some user accounts that get disabled/reenabled from time-to-time. One of the users was just re-enabled and the new system will not allow the password (that they've always used) and is forcing a more secure password.  Customer would like this feature either: disabled completely or have it "allow password anyway". How can this be done...except maybe for deleting/modifying the 10,000 item password list?

Hi,

There isn't a way you can disable this feature within the CMS, or allow insecure passwords. But you can make a change to the CMS Builder core files to get around it. If you go to cmsAdmin\lib\login_functions.php and make the following change on line 142:

  // allow plugins to add additional password rules
  $errors = applyFilters('login_newPasswordErrors', $errors, $passwordText);

  // return error text, use nl2br(htmlencode($errors) to covert to html
  $errors = implode("\n", $errors);
  if ($errors) { $errors .= "\n"; }
  return ''; 

Then even if an insecure password is detected the error will not be returned.

I really wouldn't recommend disabling this feature, as it increases your CMS Admin areas vulnerability to being hacked. Also, as this is a change to a core CMS Builder file, the change will be lost if you upgrade CMS Builder.

Let me know if you have any questions.

Cheers

Greg

Greg Thomas







PHP Programmer - interactivetools.com

By Codee - April 12, 2013

Thanks to both of you - Greg and Jason.

I think for this client the best route is to remove the "offending" blocked password.

Cheers!