Page 1 of 1
OC 3.0.2.0 - Password Length & Complexity
Posted: Tue Jul 03, 2018 6:05 pm
by Karonia69
Hi,
I'm looking to make the customer passwords more secure, by say making the password a minimum of 8 characters and having UPPER / lower case characters plus numbers and specials or some combination of these. Is there something in open cart ( using 3.0.2.0 ) that allows for this or does anyone know of an extension ? I'm sure I can't be the first person who wanted to do something like this
TIA
Re: OC 3.0.2.0 - Password Length & Complexity
Posted: Wed Jul 04, 2018 7:54 pm
by ostechnologies
Go to file catalog/view/YOUR-THEME/default/template/account/register.php,
Search for the line :
<input type="password" name="password" value="{{ password }}" placeholder="{{ entry_password }}" id="input-password" class="form-control" />
Replace It with :
<input type="password" name="password" value="{{ password }}" placeholder="{{ entry_password }}" id="input-password" class="form-control" pattern="^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}" title="Minimum eight characters, at least one uppercase letter, one lowercase letter, one number and one special character" />
Re: OC 3.0.2.0 - Password Length & Complexity
Posted: Wed Jul 04, 2018 7:59 pm
by straightlight
The only downside by adding patterns is they are visible through the source.
Re: OC 3.0.2.0 - Password Length & Complexity
Posted: Thu Jul 05, 2018 9:21 pm
by Karonia69
OK, being naive, what do you mean when you say - The only downside by adding patterns is they are visible through the source. ?
Visible to who ? when ? isn't it secure once the account has been created and the password stored/encrypted ?
Re: OC 3.0.2.0 - Password Length & Complexity
Posted: Thu Jul 05, 2018 9:25 pm
by straightlight
Karonia69 wrote: ↑Thu Jul 05, 2018 9:21 pm
OK, being naive, what do you mean when you say - The only downside by adding patterns is they are visible through the source. ?
Visible to who ? when ? isn't it secure once the account has been created and the password stored/encrypted ?
Using pattern structures that way are visible through the source from the browser which means those regular expressions are visible through the view-source.
Re: OC 3.0.2.0 - Password Length & Complexity
Posted: Thu Jul 05, 2018 10:11 pm
by Karonia69
OK, I get that someone could see the structure used to enforce the password format, but would it help anyone actually work out what someone had entered ?
Re: OC 3.0.2.0 - Password Length & Complexity
Posted: Thu Jul 05, 2018 10:18 pm
by Karonia69
ostechnologies wrote: ↑Wed Jul 04, 2018 7:54 pm
Go to file catalog/view/YOUR-THEME/default/template/account/register.php,
Search for the line :
<input type="password" name="password" value="{{ password }}" placeholder="{{ entry_password }}" id="input-password" class="form-control" />
Replace It with :
<input type="password" name="password" value="{{ password }}" placeholder="{{ entry_password }}" id="input-password" class="form-control" pattern="^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}" title="Minimum eight characters, at least one uppercase letter, one lowercase letter, one number and one special character" />
Great, how would this be applied for customers wanting to chang their password, as well as new customers registering accounts ? TIA