Re: [qmailtoaster] password complexity and length
Perfect, that worked!! Thanks very much. Gary On 4/5/2018 11:01 AM, Jeff Koch wrote: For that section: The original code was this: ##X092: ##X110: ##X091 ##tq ##X249: ##ta ##X251 . .. The modified code looks like this: ##X092: ##X110: ##X091 Password strength: Password not entered Passwords must be at least eight characters and include three of the following four types: upper case letters, lower case letters, numbers and special characters. ##tq ##X249: ##ta ##X251 ... .. Jeff On 4/5/2018 10:39 AM, Gary Bowling wrote: Also, does the code below replace the old "password1" section? Which looked like this. ##X110: And I assume the password2 section remains the same, which looked like this. ##X091 Thanks and sorry for all the questions, I'm not a coder (obviously!) which of course is why I have a toaster in the first place. But I can follow directions! Gary On 4/5/2018 10:04 AM, Jeff Koch wrote: Sorry - I left out this piece of code - goes right before the code that says password2. It's been 10 years since we looked at this. ##X110: Jeff On 4/5/2018 9:55 AM, Jeff Koch wrote: Hi Gary: Only affects new passwords entered in mod_user.html. You'll need to
Re: [qmailtoaster] password complexity and length
For that section: The original code was this: ##X092: maxlength="128" size="32" value="##i7"> ##X110: maxlength=128 size=16> ##X091 maxlength=128 size=16> ##tq ##X249: ##ta value="##q"> ##X251 . .. The modified code looks like this: action="##C/com/modusernow"> value="ChangePassword"> border="0"> class="style1">##X092: maxlength="128" size="32" value="##i7"> class="style1">##X110: name="password1" maxlength=128 size=16 id="pass" onkeyup="passwordStrength(this.value)"> class="style1">##X091 name="password2" maxlength=128 size=16> Password strength: id="passwordDescription">Password not entered Passwords must be at least eight characters and include three of the following four types: upper case letters, lower case letters, numbers and special characters. ##tq ##X249: ##ta maxlength="128" size="16" value="##q"> ##X251 ... .. name="##X111" value="##X111"> Jeff On 4/5/2018 10:39 AM, Gary Bowling wrote: Also, does the code below replace the old "password1" section? Which looked like this. ##X110: maxlength=128 size=16> And I assume the password2 section remains the same, which looked like this. ##X091 maxlength=128 size=16> Thanks and sorry for all the questions, I'm not a coder (obviously!) which of course is why I have a toaster in the first place. But I can follow directions! Gary On 4/5/2018 10:04 AM, Jeff Koch wrote: Sorry - I left out this piece of code - goes right before the code that says password2. It's been 10 years since we looked at this. class="style1">##X110: name="password1" maxlength=128 size=16 id="pass" onkeyup="passwordStrength(this.value)"> Jeff On 4/5/2018 9:55 AM, Jeff Koch wrote: Hi Gary: Only affects new passwords entered in mod_user.html. You'll need to add similar javascript.to 'add_user.html'. You can do the same in squirrelmail if you can find the correct place to slug in the javascript. The code analyzes text entered in the input field 'password' and grays out the submit button until the password meets the test criteria. It's pretty basic code and I'm sure javascript experts could do a lot to improve it and give more clues to the users. Once of the problems with messing with the templates is that there is no table defining the hash mark codes like ##tt ##tu ##X251. If anyone has a cheat sheet please share. Jeff On 4/5/2018 7:42 AM, Gary Bowling wrote: Thanks Jeff. Just to make sure, if I do that edit it doesn't affect any existing passwords? Only inputting any new passwords or changing any passwords? Also, I guess a user can still change their password via squirrelmail and bypass these rules? That rarely happens on my server, but just want to make sure I understand. Thanks, Gary On 4/4/2018 11:03 PM, Jeff Koch wrote: You can insert javascript password rules in the html code templates for qmailadmin.
Re: [qmailtoaster] password complexity and length
Also, does the code below replace the old "password1" section? Which looked like this. ##X110: And I assume the password2 section remains the same, which looked like this. ##X091 Thanks and sorry for all the questions, I'm not a coder (obviously!) which of course is why I have a toaster in the first place. But I can follow directions! Gary On 4/5/2018 10:04 AM, Jeff Koch wrote: Sorry - I left out this piece of code - goes right before the code that says password2. It's been 10 years since we looked at this. ##X110: Jeff On 4/5/2018 9:55 AM, Jeff Koch wrote: Hi Gary: Only affects new passwords entered in mod_user.html. You'll need to add similar _javascript_.to 'add_user.html'. You can do the same in squirrelmail if you can find the correct place to slug in the _javascript_. The code analyzes text entered in the input field 'password' and grays out the submit button until the password meets the test criteria. It's pretty basic code and I'm sure _javascript_ experts could do a lot to improve it and give more clues to the users. Once of the problems with messing with the templates is that there is no table defining the hash mark codes like ##tt ##tu ##X251. If anyone has a cheat sheet please share. Jeff On 4/5/2018 7:42 AM, Gary Bowling wrote: Thanks Jeff. Just to make sure, if I do that edit it doesn't affect any existing passwords? Only inputting any new passwords or changing any passwords? Also, I guess a user can still change their password via squirrelmail and bypass these rules? That rarely happens on my server, but just want to make sure I understand. Thanks, Gary On 4/4/2018 11:03 PM, Jeff Koch wrote: You can insert _javascript_ password rules in the html code templates for qmailadmin. Here's a simple password strength _javascript_ that goes in the top of mod_user.html
function passwordStrength(password)
{
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 7 give 1 point
if (password.length > 7) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special characther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
document.getElementById("passwordDescription").innerHTML = desc[score];
document.getElementById("passwordStrength").className = "strength" + score;
if (score > 2 ) {
document.getElementById("btnSubmit").disabled = false;
}else{
document.getElementById("btnSubmit").disabled = true;
Re: [qmailtoaster] password complexity and length
Thanks, I made the modifications and I get the note in qmailadmin and it lists whether my password is weak,strong,etc. However, it still allows me to put in a non-secure password and accepts it. How do I make it "fail" on a password that doesn't meet the requirements? By the way, I think this should be the default in the qmailadmin code. Thanks, Gary On 4/5/2018 10:04 AM, Jeff Koch wrote: Sorry - I left out this piece of code - goes right before the code that says password2. It's been 10 years since we looked at this. ##X110: Jeff On 4/5/2018 9:55 AM, Jeff Koch wrote: Hi Gary: Only affects new passwords entered in mod_user.html. You'll need to add similar _javascript_.to 'add_user.html'. You can do the same in squirrelmail if you can find the correct place to slug in the _javascript_. The code analyzes text entered in the input field 'password' and grays out the submit button until the password meets the test criteria. It's pretty basic code and I'm sure _javascript_ experts could do a lot to improve it and give more clues to the users. Once of the problems with messing with the templates is that there is no table defining the hash mark codes like ##tt ##tu ##X251. If anyone has a cheat sheet please share. Jeff On 4/5/2018 7:42 AM, Gary Bowling wrote: Thanks Jeff. Just to make sure, if I do that edit it doesn't affect any existing passwords? Only inputting any new passwords or changing any passwords? Also, I guess a user can still change their password via squirrelmail and bypass these rules? That rarely happens on my server, but just want to make sure I understand. Thanks, Gary On 4/4/2018 11:03 PM, Jeff Koch wrote: You can insert _javascript_ password rules in the html code templates for qmailadmin. Here's a simple password strength _javascript_ that goes in the top of mod_user.html
function passwordStrength(password)
{
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 7 give 1 point
if (password.length > 7) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special characther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
document.getElementById("passwordDescription").innerHTML = desc[score];
document.getElementById("passwordStrength").className = "strength" + score;
if (score > 2 ) {
document.getElementById("btnSubmit").disabled = false;
}else{
document.getElementById("btnSubmit").disabled = true;
}
return score;
}
Re: [qmailtoaster] password complexity and length
Sorry - I left out this piece of code - goes right before the code that says password2. It's been 10 years since we looked at this. class="style1">##X110: name="password1" maxlength=128 size=16 id="pass" onkeyup="passwordStrength(this.value)"> Jeff On 4/5/2018 9:55 AM, Jeff Koch wrote: Hi Gary: Only affects new passwords entered in mod_user.html. You'll need to add similar javascript.to 'add_user.html'. You can do the same in squirrelmail if you can find the correct place to slug in the javascript. The code analyzes text entered in the input field 'password' and grays out the submit button until the password meets the test criteria. It's pretty basic code and I'm sure javascript experts could do a lot to improve it and give more clues to the users. Once of the problems with messing with the templates is that there is no table defining the hash mark codes like ##tt ##tu ##X251. If anyone has a cheat sheet please share. Jeff On 4/5/2018 7:42 AM, Gary Bowling wrote: Thanks Jeff. Just to make sure, if I do that edit it doesn't affect any existing passwords? Only inputting any new passwords or changing any passwords? Also, I guess a user can still change their password via squirrelmail and bypass these rules? That rarely happens on my server, but just want to make sure I understand. Thanks, Gary On 4/4/2018 11:03 PM, Jeff Koch wrote: You can insert javascript password rules in the html code templates for qmailadmin. Here's a simple password strength javascript that goes in the top of mod_user.html function passwordStrength(password) { var desc = new Array(); desc[0] = "Very Weak"; desc[1] = "Weak"; desc[2] = "Better"; desc[3] = "Medium"; desc[4] = "Strong"; desc[5] = "Strongest"; var score = 0; //if password bigger than 7 give 1 point if (password.length > 7) score++;//if password has both lower and uppercase characters give 1 point if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;//if password has at least one number give 1 point if (password.match(/\d+/)) score++; //if password has at least one special characther give 1 point if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++; //if password bigger than 12 give another 1 point if (password.length > 12) score++; document.getElementById("passwordDescription").innerHTML = desc[score];document.getElementById("passwordStrength").className = "strength" + score;if (score > 2 ) { document.getElementById("btnSubmit").disabled = false; }else{ document.getElementById("btnSubmit").disabled = true; } return score; } then further along in the code we have: name="password2" maxlength=128 size=16> class="style1">Password strength: id="passwordDescription">Password not entered class="style1"> class="strength0"> Passwords must be at least eight characters and include three of the following four types: upper case letters, lower case letters, numbers and special characters. Regards, Jeff On 4/4/2018 6:51 PM, Gary Bowling wrote: Last time I checked it was either not possible or not easy to implement password rules one the toaster. But that was a long time ago. Has anything changed in that regard? -- Gary Bowling - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] password complexity and length
Hi Gary: Only affects new passwords entered in mod_user.html. You'll need to add similar javascript.to 'add_user.html'. You can do the same in squirrelmail if you can find the correct place to slug in the javascript. The code analyzes text entered in the input field 'password' and grays out the submit button until the password meets the test criteria. It's pretty basic code and I'm sure javascript experts could do a lot to improve it and give more clues to the users. Once of the problems with messing with the templates is that there is no table defining the hash mark codes like ##tt ##tu ##X251. If anyone has a cheat sheet please share. Jeff On 4/5/2018 7:42 AM, Gary Bowling wrote: Thanks Jeff. Just to make sure, if I do that edit it doesn't affect any existing passwords? Only inputting any new passwords or changing any passwords? Also, I guess a user can still change their password via squirrelmail and bypass these rules? That rarely happens on my server, but just want to make sure I understand. Thanks, Gary On 4/4/2018 11:03 PM, Jeff Koch wrote: You can insert javascript password rules in the html code templates for qmailadmin. Here's a simple password strength javascript that goes in the top of mod_user.html function passwordStrength(password) { var desc = new Array(); desc[0] = "Very Weak"; desc[1] = "Weak"; desc[2] = "Better"; desc[3] = "Medium"; desc[4] = "Strong"; desc[5] = "Strongest"; var score = 0; //if password bigger than 7 give 1 point if (password.length > 7) score++;//if password has both lower and uppercase characters give 1 point if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;//if password has at least one number give 1 point if (password.match(/\d+/)) score++; //if password has at least one special characther give 1 point if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++; //if password bigger than 12 give another 1 point if (password.length > 12) score++; document.getElementById("passwordDescription").innerHTML = desc[score];document.getElementById("passwordStrength").className = "strength" + score;if (score > 2 ) { document.getElementById("btnSubmit").disabled = false; }else{ document.getElementById("btnSubmit").disabled = true; } return score; } then further along in the code we have: name="password2" maxlength=128 size=16> Password strength: id="passwordDescription">Password not entered class="strength0"> Passwords must be at least eight characters and include three of the following four types: upper case letters, lower case letters, numbers and special characters. Regards, Jeff On 4/4/2018 6:51 PM, Gary Bowling wrote: Last time I checked it was either not possible or not easy to implement password rules one the toaster. But that was a long time ago. Has anything changed in that regard? -- Gary Bowling - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] password complexity and length
Ah, answered one of my own questions. Squirrelmail calls qmailadmin, so it would change there as well. I don't believe it would do anything to existing users passwords, but just want to confirm before giving it a try. Thanks, Gary On 4/5/2018 7:42 AM, Gary Bowling wrote: Thanks Jeff. Just to make sure, if I do that edit it doesn't affect any existing passwords? Only inputting any new passwords or changing any passwords? Also, I guess a user can still change their password via squirrelmail and bypass these rules? That rarely happens on my server, but just want to make sure I understand. Thanks, Gary On 4/4/2018 11:03 PM, Jeff Koch wrote: You can insert _javascript_ password rules in the html code templates for qmailadmin. Here's a simple password strength _javascript_ that goes in the top of mod_user.html
function passwordStrength(password)
{
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 7 give 1 point
if (password.length > 7) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special characther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
document.getElementById("passwordDescription").innerHTML = desc[score];
document.getElementById("passwordStrength").className = "strength" + score;
if (score > 2 ) {
document.getElementById("btnSubmit").disabled = false;
}else{
document.getElementById("btnSubmit").disabled = true;
}
return score;
}
then further along in the code we have: Password strength: Password not entered Passwords must be at least eight characters and include three of the following four types: upper case letters, lower case letters, numbers and special characters. Regards, Jeff On 4/4/2018 6:51 PM, Gary Bowling wrote: Last time I checked it was either not possible or not easy to implement password rules one the toaster. But that was a long time ago. Has anything changed in that regard? -- Gary Bowling - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
Re: [qmailtoaster] password complexity and length
Thanks Jeff. Just to make sure, if I do that edit it doesn't affect any existing passwords? Only inputting any new passwords or changing any passwords? Also, I guess a user can still change their password via squirrelmail and bypass these rules? That rarely happens on my server, but just want to make sure I understand. Thanks, Gary On 4/4/2018 11:03 PM, Jeff Koch wrote: You can insert _javascript_ password rules in the html code templates for qmailadmin. Here's a simple password strength _javascript_ that goes in the top of mod_user.html
function passwordStrength(password)
{
var desc = new Array();
desc[0] = "Very Weak";
desc[1] = "Weak";
desc[2] = "Better";
desc[3] = "Medium";
desc[4] = "Strong";
desc[5] = "Strongest";
var score = 0;
//if password bigger than 7 give 1 point
if (password.length > 7) score++;
//if password has both lower and uppercase characters give 1 point
if ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;
//if password has at least one number give 1 point
if (password.match(/\d+/)) score++;
//if password has at least one special characther give 1 point
if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++;
//if password bigger than 12 give another 1 point
if (password.length > 12) score++;
document.getElementById("passwordDescription").innerHTML = desc[score];
document.getElementById("passwordStrength").className = "strength" + score;
if (score > 2 ) {
document.getElementById("btnSubmit").disabled = false;
}else{
document.getElementById("btnSubmit").disabled = true;
}
return score;
}
then further along in the code we have: Password strength: Password not entered Passwords must be at least eight characters and include three of the following four types: upper case letters, lower case letters, numbers and special characters. Regards, Jeff On 4/4/2018 6:51 PM, Gary Bowling wrote: Last time I checked it was either not possible or not easy to implement password rules one the toaster. But that was a long time ago. Has anything changed in that regard? -- Gary Bowling - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] password complexity and length
You can insert javascript password rules in the html code templates for qmailadmin. Here's a simple password strength javascript that goes in the top of mod_user.html function passwordStrength(password) { var desc = new Array(); desc[0] = "Very Weak"; desc[1] = "Weak"; desc[2] = "Better"; desc[3] = "Medium"; desc[4] = "Strong"; desc[5] = "Strongest"; var score = 0; //if password bigger than 7 give 1 point if (password.length > 7) score++; //if password has both lower and uppercase characters give 1 pointif ( ( password.match(/[a-z]/) ) && ( password.match(/[A-Z]/) ) ) score++;//if password has at least one number give 1 point if (password.match(/\d+/)) score++; //if password has at least one special characther give 1 point if ( password.match(/.[!,@,#,$,%,^,&,*,?,_,~,-,(,)]/) ) score++; //if password bigger than 12 give another 1 point if (password.length > 12) score++;document.getElementById("passwordDescription").innerHTML = desc[score]; document.getElementById("passwordStrength").className = "strength" + score;if (score > 2 ) { document.getElementById("btnSubmit").disabled = false; }else{ document.getElementById("btnSubmit").disabled = true; } return score; } then further along in the code we have: name="password2" maxlength=128 size=16> Password strength: id="passwordDescription">Password not entered Passwords must be at least eight characters and include three of the following four types: upper case letters, lower case letters, numbers and special characters. Regards, Jeff On 4/4/2018 6:51 PM, Gary Bowling wrote: Last time I checked it was either not possible or not easy to implement password rules one the toaster. But that was a long time ago. Has anything changed in that regard? -- Gary Bowling - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
