Page 1 of 1

Password length

Posted: Mon Oct 04, 2021 2:18 am
by hdt
Hi All,

Just a quick one. Is there a way to increase the length and add case sensitivity on the password on 3.30? I need to use this since I'll be heavily using ActiveHTML so I can't upgrade to MBBS v10.

Any ideas will be good.

Re: Password length

Posted: Mon Oct 04, 2021 3:06 am
by Duckula
Hi,

Out of the box no, they are not configurable. There have been third party approaches to doing this, I believe Dan Spain has/had an option for two factor authentication at some point - might be worth sending him a PM or seeing if he replies here.

Re: Password length

Posted: Mon Oct 04, 2021 7:06 pm
by daniel_spain
hdt wrote:
> Hi All,
>
> Just a quick one. Is there a way to increase the length and add case
> sensitivity on the password on 3.30? I need to use this since I'll be
> heavily using ActiveHTML so I can't upgrade to MBBS v10.
>
> Any ideas will be good.

so few ways you could implement this....... first to increase password size you could need to modify the file USTRUCTS.H and change the constant PSWSIZ from 10 to whatever you wanted.
secondly for case sensitivity you want to edit majorbbs.c and find the function dftpsw which will look like this:

[code]
INT /* returns 1=ok, 0=bad password */
dftpsw( /* check password */
CHAR *psword) /* proposed password */
{
if (sameas(psword,usaptr->psword)) {
shochl(usaptr->userid,'',baudat(usrptr->baud,0));
updcal();
return(1);
}
else {
return(0);
}
}
[/code]

and you want to change "if(sameas(psword,usaptr->psword))" to "if(strcmp(psword,usaptr->psword)==0)"

the galacticomm library function "sameas" ignores case whereas the C library function strcmp looks for an exact match.

so if you increased the ustructs.h constant PSWSIZ to say 65 (that is with trailing zero so that would be 64 characters max)
and the password was "3EgVVVekpouy!%f" it would have to be typed exactly like that.

another thing you can do is also modify majorbbs.c and add a 3rd factor after password verification to either say a text message or email address
and could throw em to another prompt while awaiting for the correct answer and you can ever set up an addition to the function "inirel" which
controls the idle channel disconnect stuff and add in a feature to accept the input within X seconds ot they get disconnected and can even
do some security stuff to alert the sysop, ban the account, suspend the account, etc......