Bug customizing authentication

From pmusers
Jump to: navigation, search

There is a bug in versions 3.2.2 through 3.3.0 that prevents the customization of authentication. Defining PPP_MINIMUM_LENGTH, PPP_MAXIMUM_LENGTH, PPP_NUMERICAL_CHARACTER_REQUIRED, PPP_UPPERCASE_CHARACTER_REQUIRED, PPP_SPECIAL_CHARACTER_REQUIRED and PPP_EXPIRATION_IN in the shared/sites/{workspace}/db.php file does not have any effect.

To fix this bug, edit workflow/engine/classes/model/UsersProperties.php and change lines 183-4 from:

            $fDays = $oCalendar->calculateDuration( date( 'Y-m-d H:i:s' ), $sLastUpdate );
            if ($fDays > (PPP_EXPIRATION_IN * 24) || $nowLogin) {

To:

            //convert from seconds to days:
            $fDays = $oCalendar->calculateDuration( date( 'Y-m-d H:i:s' ), $sLastUpdate ) / (24*60*60);
            
            if ($fDays > PPP_EXPIRATION_IN || $nowLogin) {

(The problem is that calculateDuration() returns the difference in seconds, so it has to be converted to days.)

Then, edit workflow/engine/methods/login/authentication.php and change lines 298-300 from:

    $aErrors       = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'], true);
    
    if (!empty($aErrors) && in_array("ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN", $aErrors)) {

To:

    $aErrors       = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'], false);

    if (!empty($aErrors)) {

Now, when you login, you should see a screen like: PasswordNoncomplianceScreen.png