Resource icon

Password Tools 3.9.0

No permission to download
Xon updated Password Tools with a new update entry:

3.7.5 - Bugfix update

  • Fix "Minimum time between triggering compromised password alerts on login" operating in seconds instead of hours
  • Fix cases where email 2fa would not be forced enabled on the first login request after a password is discovered as compromised
  • Rename various options to be better searchable
  • Adjust various option defaults to be more robust.
    • 'Minimum password length' from 8 => 10 characters
    • 'Minimum password strength' from 'very weak' to 'weak'
    • 'Pwned password...

Read the rest of this update entry...
 
I'm using this add-on now for one of my sites. And yes, I'm getting users who are contacting me when trying to reset their password, letting me know that the email on file for their account is no longer accessible. Does the system show them what that old email address is without them being logged in? Or is it only displaying it to the user when they're logged in?

If it's displaying it to them when they're not logged in, via the password recovery process for example, that would be a problem. What's to prevent anyone from trying to login to another person's user account, which would allow them to see what email address is on file for that account? That's typically the one piece of information I can use to have someone confirm before helping them regain access to their account. Hopefully that's not how the system works.
 
Hi,
If after intalling this add-on I decide to desinstall it.
Will it be a mess or will it be a clean desinstall?

Will I have to perform any manual clean up?
Thx
 
Like any XF add-on the uninstall process should remove everything, and it is a bug to be fixed if it doesn't
 
Xon, here's a feature request - can you put in a checkbox where, when enabled, if someone's password has been changed in the last [x] number of days, their profile shows a banner or flag saying "RECENTLY UPDATED" or similar?
 
I'm having a few members tell me that they are being forced to reset their pw every time they log out. I don't see a setting for that. Why would that be happening?
 
Check the user-change log an see if anyone has set the security flag requiring the password be changed.

Otherwise they might be using compromised passwords and this triggers the email 2fa flow which could be mistaken as the email reset flow
 
No security flag has been set in the user-change log. But I see that he's had to change his pw twice today, twice yesterday, and once each day for the few days before that. The system shouldn't allow him to choose a pw that would be triggered for another change, would it?
 
No security flag has been set in the user-change log. But I see that he's had to change his pw twice today, twice yesterday, and once each day for the few days before that. The system shouldn't allow him to choose a pw that would be triggered for another change, would it?
Any ideas? The user had to reset their pw again today.
 
I recently got this in my error log
Code:
[LIST]
[*]Error: Call to undefined method SV\PasswordTools\XF\Entity\User::canViewImsQuestions()
[*]src/addons/XenAddons/LD/Pub/Controller/Item.php:111
[*]Generated by: Unknown account
[*]June 7, 2023 at 5:10 PM
[/LIST]
[HEADING=2]Stack trace[/HEADING]
#0 src/XF/Mvc/Dispatcher.php(352): XenAddons\LD\Pub\Controller\Item->actionLatestQuestions(Object(XF\Mvc\ParameterBag))
#1 src/XF/Mvc/Dispatcher.php(259): XF\Mvc\Dispatcher->dispatchClass('XenAddons\\LD:It...', 'LatestQuestions', Object(XF\Mvc\RouteMatch), Object(XenAddons\LD\Pub\Controller\Item), NULL)
#2 src/XF/Mvc/Dispatcher.php(115): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XenAddons\LD\Pub\Controller\Item), NULL)
#3 src/XF/Mvc/Dispatcher.php(57): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#4 src/XF/App.php(2487): XF\Mvc\Dispatcher->run()
#5 src/XF.php(524): XF\App->run()
#6 index.php(20): XF::runApp('XF\\Pub\\App')
#7 {main}
[HEADING=2]Request state[/HEADING]
array(4) {
  ["url"] => string(32) "/link-directory/latest-questions"
  ["referrer"] => bool(false)
  ["_GET"] => array(1) {
    ["/link-directory/latest-questions"] => string(0) ""
  }
  ["_POST"] => array(0) {
  }
}
It's not the first error I've gotten from one of your add-ons that are similar with a few of Bob's add-ons. I've reported this issue on his support site also.
 
canViewImsQuestions is unrelated to any of my add-ons.

You are often better looking at the first few lines of the stack-trace:
Code:
src/addons/XenAddons/LD/Pub/Controller/Item.php:111
#0 src/XF/Mvc/Dispatcher.php(352): XenAddons\LD\Pub\Controller\Item->actionLatestQuestions(Object(XF\Mvc\ParameterBag))
 
canViewImsQuestions is unrelated to any of my add-ons.

You are often better looking at the first few lines of the stack-trace:
Code:
src/addons/XenAddons/LD/Pub/Controller/Item.php:111
#0 src/XF/Mvc/Dispatcher.php(352): XenAddons\LD\Pub\Controller\Item->actionLatestQuestions(Object(XF\Mvc\ParameterBag))
Yep... and as I said, I've reported it over there also. Just thought you might like to know about it.
 
Top Bottom