Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2010-03-13 19:35:32

Gocom
Developer Emeritus
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Option to disable / plugable "Lost Password"

Could it be possible that the “password reset” feature gets callback that plugins can use, or an option that can be used to disable it?

Sometimes I feel like the “insert username here” field needs some love and security, for example in a case where your email account has been hacked, co-worker read your mails or you just want to stop the spam you get when bots find the field and your account name.

Mainly I just personally want to disable the feature altogether, but making it plugin aware might help more ppl (securing it with quiz etc). If the retrieving procedure and login form are kept seperate, it shouldn’t break the login form when plugin malfunctions.

Altho, we all could just use redicilously long names and keep them in our very secret place, but as the names are used for everything… ;-)

Last edited by Gocom (2010-03-13 19:36:40)

Offline

#2 2010-03-14 20:46:09

monkeyninja
Plugin Author
From: Sheffield, UK
Registered: 2008-10-14
Posts: 239
Website

Re: Option to disable / plugable "Lost Password"

I’m all for the inclusion of a callback for this; not that I have particular need for it myself, but I feel the more we can interact with as developers the more innovation we will see for Textpattern.

Offline

#3 2010-03-14 21:08:14

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,448
Website GitHub

Re: Option to disable / plugable "Lost Password"

Kinda related, it’d also be nice to be able to offer the option of PAM on the login screen, but two things are currently in the way; neither easily fixable (at least, not by me!) :

  1. No plugins can presently run on the login page — that kinda scuppers any ability to remove the “lost password” thing
  2. If TXP is opened up to allow 3rd party authentication modules, it adds flexibility and perhaps greater security, but I wonder if the potential for getting it wrong is also greater. That might impact the perceived security of TXP as a whole

I don’t know enough about it to make an informed decision but that’s my gut instinct. Willing to be proved wrong by those more knowledgeable.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Board footer

Powered by FluxBB