Password length

Support for WG3 3.x for NT
Post Reply
hdt
Posts: 5
Joined: Fri Feb 12, 2021 12:27 pm

Password length

Post by hdt »

Hi All,

Just a quick one. Is there a way to increase the length and add case sensitivity on the password on 3.30? I need to use this since I'll be heavily using ActiveHTML so I can't upgrade to MBBS v10.

Any ideas will be good.

User avatar
Duckula
Posts: 359
Joined: Wed Jul 22, 2020 1:19 am

Re: Password length

Post by Duckula »

Hi,

Out of the box no, they are not configurable. There have been third party approaches to doing this, I believe Dan Spain has/had an option for two factor authentication at some point - might be worth sending him a PM or seeing if he replies here.
-- Duckula

// Site admin
// Galacticomm IP owner

daniel_spain
Posts: 395
Joined: Sun Aug 09, 2020 2:39 am

Re: Password length

Post by daniel_spain »

hdt wrote:
> Hi All,
>
> Just a quick one. Is there a way to increase the length and add case
> sensitivity on the password on 3.30? I need to use this since I'll be
> heavily using ActiveHTML so I can't upgrade to MBBS v10.
>
> Any ideas will be good.

so few ways you could implement this....... first to increase password size you could need to modify the file USTRUCTS.H and change the constant PSWSIZ from 10 to whatever you wanted.
secondly for case sensitivity you want to edit majorbbs.c and find the function dftpsw which will look like this:

[code]
INT /* returns 1=ok, 0=bad password */
dftpsw( /* check password */
CHAR *psword) /* proposed password */
{
if (sameas(psword,usaptr->psword)) {
shochl(usaptr->userid,'',baudat(usrptr->baud,0));
updcal();
return(1);
}
else {
return(0);
}
}
[/code]

and you want to change "if(sameas(psword,usaptr->psword))" to "if(strcmp(psword,usaptr->psword)==0)"

the galacticomm library function "sameas" ignores case whereas the C library function strcmp looks for an exact match.

so if you increased the ustructs.h constant PSWSIZ to say 65 (that is with trailing zero so that would be 64 characters max)
and the password was "3EgVVVekpouy!%f" it would have to be typed exactly like that.

another thing you can do is also modify majorbbs.c and add a 3rd factor after password verification to either say a text message or email address
and could throw em to another prompt while awaiting for the correct answer and you can ever set up an addition to the function "inirel" which
controls the idle channel disconnect stuff and add in a feature to accept the input within X seconds ot they get disconnected and can even
do some security stuff to alert the sysop, ban the account, suspend the account, etc......

Post Reply