Skip to content

Password Management 2

Jump to bottom Edit New page
Yannick Warnier edited this page Aug 2, 2024 · 1 revision

Note: This page is useful for all Chamilo 2.* versions.

Every once in a while, we have to deal with passwords encryption and, because the password generation mechanism depends on deeply nested Symfony security code, we lose quite some time trying to remember how that stuff works.

For example, you might need to write a script that will generate new temporary passwords for your users, or you might want to check if passwords cannot be guessed too easily, for example comparing them to the string "12345678".

In order to do that, you need to understand how passwords work and how you can reproduce the hashing algorithm.

Password generation

To be completed

Password comparison

To be completed

Default password check

To be completed

Minimum password requirements

To be completed

Characters

A $_configuration['password_requirements'] parameter in app/config/configuration.php allows you to define minimum requirements like number of lowercase, uppercase, numeric and special characters as well as a minimum length.

Password change requirements

In the platform settings, you will find a setting called password_requirements. This offers you a text box and an example:

                [
                    'min' => [
                        'lowercase' => 2,
                        'uppercase' => 2,
                        'numeric' => 2,
                        'length' => 8
                    ]
                ]

This array allows you to make sure users set a different password than the previous one when requested to change password. This will not affect current passwords, only new generated or modified passwords.

If you need to enforce these requirements for all users immediately, you can either change the password change field for all users (in their profile) or just change all passwords and force users to ask for a new one as if they had forgotten theirs.

Individual passwords

To ensure each user has an individual password, let the system generate passwords. It will automatically generate a random string that matches the password_requirements.

Lockout for failed login attempts

The platform setting login_max_attempt_before_blocking_account allows you to set a maximum number of login attempts

Once the user is locked out, only an admin can reactivate their account.

Change password on first login

You can require users to change their password during their first login by enabling the force_renew_password_at_first_login setting. The extra field (checkbox) ask_new_password in the user profile can then be changed by admins, and all new users connecting for the first time will be requested to change their password.

Password max lifetime

Not implemented yet.

Preventing well-known passwords

Not implemented yet.

Multi-Factor Authentication

Not implemented yet.

Accessing a portal as admin when you lost your password

One "easy" way to remediate a lost password as admin when an e-mail reminder is not a solution is to copy the password and salt fields from the user table in another Chamilo 2 installation where you do remember your password.

Add a custom footer

Chamilo LMS

Clone this wiki locally