vTiger Customizations – Part 3 – Enforcing strong passwords in the Customer Portal

By On October 14, 2010 · Leave a Comment · In CRM, Development, General, Information Security, vtiger CRM

This is a continuation from Part 2 – Enforcing strong passwords in vTiger.

I submitted the updates to the Trac site for vTiger as diff updates to the 5.2.0 code, which might be easier to use to update the code.

Implementing the enforcement of strong passwords in the vTiger Customer Portal is easy to do. Again, I’ll divide this up into 2 sections, the Front end (Javascript) code and the Back end (PHP) code:

1.) Customer Portal Front end password enforcement (Customer Portal Javascript)
2.) Customer Portal Back end password enforcement (Customer Portal PHP code)

1.) Customer Portal Front end password enforcement to vtiger/customerportal/MySettings.php –> F/E
Line: 134

-confirmpw = trim(form.confirm_password.value);

var passwordCheckRegex = new RegExp(“^(?=.{7,})(((?=.*[A-Z])(?=.*[a-z]))|((?=.*[A-Z])(?=.*[0-9]))|((?=.*[a-z])(?=.*[0-9]))).*$”, “g”);

-if(oldpw == ”)
-{

Line 149:

else if (passwordCheckRegex.test(trim(newpw)) == false) {
alert(“Password not strong enough. Please enter a password 8 characters or more, 1 upper case letter, 1 lower case letter and 1 number”);
return false;
}

2.) Customer Portal Back end password enforecment in vtigercrm/customerportal/HelpDesk/Utils.php –> B/E
Line: 115

-if(strcasecmp($newpw,$confirmpw) == 0)
-{

if (preg_match(‘/^(?=.{7,})(((?=.*[A-Z])(?=.*[a-z]))|((?=.*[A-Z])(?=.*[0-9]))|((?=.*[a-z])(?=.*[0-9]))).*$/’, $newpw, $matches) >= 1) {

-$customerid = $result[0]['id'];
-// $customerid = $_SESSION['customer_id'];
-$sessionid = $_SESSION['customer_sessionid'];

… // WRAP THE IF AROUND THE PASSWORD UPDATE CODE

}
else
{
$errormsg .= ‘Password not strong enough. Please enter a password 8 characters or more, 1 upper case letter, 1 lower case letter and 1 number’;
}

-}
-else
-{
-$errormsg .= getTranslatedString(‘MSG_ENTER_NEW_PASSWORDS_SAME’);
-}

NOTE: As I stated in the last post, I did not create this regex. I used the medium regex created found by Doug in his post found here.

Now, you can rest a little better knowing that your customers are using strong passwords on your Customer Portal site. I hope you found this helpful!

Resources: Check Password Strength with Javascript and Regular Expressions

 
If you enjoyed this article, please consider sharing it!
Reddit Facebook Twitter Delicious StumbleUpon Digg

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Set your Twitter account name in your settings to use the TwitterBar Section.