vicidial.org

A client of mine requested a new password policy to be used in their Vicidial servers. He requested that passwords must have a 30 day expiration date and must comply with some typical requirements (8 char lenght, only a-zA-Z0-9, etc)

I modified the source files to be able to make this. The modifications were as follows:

Added a new field in System Settings table which sets the password_expiration_days to a number. If 0, then its disabled. If > 0, then it must run every X days.
Added a new field in Users table, which holds the last datetime of the modified password.

Modified vicidial/functions.php to have a function to test whether or not the password_modified_date is less than NOW() + password_expiration_days.
Modified vicidial/admin.php to run the previous test.
- If true, redirect to a new file called password_change.php
- If false, continue as normal
Modified agc/vicidial.php to run the same test as admin.php as soon as the password has been tested for expiration.
- If true, redirect to password_change.php
- If false, continue as normal.

The password_change.php contains a simple script which forces you to update the password and comply with the policies. After password has been changed, you are redirected back to the welcome page so user can try to login again either as admin or agent.

Obviously it needs to be perfectioned, but I think this is a good first step towards new clients who want to force their agents/supervisors to update their passwords every one in a while.

Is this a feature which could be useful? If you find it so, I can glady provide the patches (based on current trunk version) and any extra files I created in the process.

This sounds great! Could you post it to the Issue Tracker please?

That sounds great! I have had this on my list of items to write for about a year now. The changing of an agent password has been talked about, but no one written it and I just have not got around to it. If I get time this weekend I may dig in and have a look! I was thinking of doing it almost the same way you did. The only difference in my approach was that I was going to implement the change_password directly into the vicidial.php script so that it would look like the phone login and force a password change.

You may also want to have the change_passoword function run on the timeclock so that you get all 3 login points covered.

This also would lend itself to doing password resets that would then force the user to change their password. That was another thing on my list.

You make any progress on this?

Indeed. Actually, development is complete, but since I´m also doing changes in CSS for Vicidial, there are quite some lines that changed, so I´m first cleaning up the diff file so that Matt doesn´t think I´m hacking all of his code at once.

In short, this feature implies the following:

- Adding 1 field to system_settings table
- Adding 1 field to vicidial_users table
- Modify vicidial/admin.php and agc/vicidial.php to check for passwords after login
- Create a password_change.php where users are redirected either from AGC or from Vicidial admin pages in case their password is expired
- Add a function to functions.php to handle password expiry check and redirection
- Add QXZ phrases so this feature is properly translated

If time allows I´ll post this to Mantis this week for its inclusion.

Regards.

For the admin side, it would probably be easier to add it to the existing Force Change Password page($ADD==999997) instead of redirecting to a new page.

Any news about this new feature?