Hi everybody, I am currently integrating aMember as membership administration tool for our system. So far, everything works fine and I am absolutely happy about this solution. My only question I have is about preventing weak user passwords. Is there a way to set a policy for this. I have seen minimum password length setting etc, but what about "username" und "password" should be different? Blacklisting "test", "admin", "secret" and some other well known passwords? Is there a possibility to set such rules?
This can be done in amember admin / setup / ban Denied usernames address list I was thinking about this too- it should be easy for amember to add this to the javascript code for the signup/profile pages. David
Thanks a lot for your reply. I think this feature would be worth integrating it. Maybe, this will come in the future. Cann you please tell me where I can find the javascript code you mentioned? I'll try to implement the feature myself in the meantime. Stefan
Just don't forget if the validation is not also done server side js validation can be circumnavigated.
I found that auto generated passwords in aMember are decent enough... but yea, people can always change those to something simple (then again, if they do that, and their account gets hacked in somehow, whose fault is it again?)
Thank for all your replies. I solved the problem by adding following lines to the function "check_payment_form()": This should be good enough for now. Code: if (strtolower($vars['pass0']) == strtolower($vars['login'])){ $error[] = _SIGNUP_INVALID_PASS_3; } Thanks, Stefan