netcarver Posted November 16, 2020 Share Posted November 16, 2020 Single Site, Developer and Agency Licenses are available via our LemonSqueezy Store >>> Please get in contact after purchasing, citing your license key & forum username, so we can add you to our support area. <<< This is a module pack by Nifty Solutions for Processwire CMF/CMS version 3.0.149 or later (running on PHP 7.2+) that extends the core features for password recovery making them more flexible and easy to use. Features Can send just the verification code in emails (removing the clickable link), and immediately show the reset verification page. This forces the reset to be completed in the same session it was started from. Allow the password reset to be initiated in one session and completed in another. You no longer have to complete the reset from the same browser and tab. There are options to allow you to still require reset completion from the same IP address. Prevention of incorrect data entry in the reset initiation step, users are warned if they enter an email in a username field. Optional customisation of the verification code. Can make manual and/or mouse-based copy-and-paste from the email easier. Optional auto-completion of the verification code field in the password reset step. This makes things easier for users as they don't have to copy-and-paste from their email client. Be warned, however, that this can facilitate automated reset attempts. Control how long reset links are valid for (sometimes an hour is much too long) and update the text of outgoing emails and reset screens to report the new value. Optionally allowing automatic user login following a successful password reset. This is not recommended but is supported. This option is never available to Superusers or users with 2-factor authentication requirements on their accounts. You can additionally limit this to users with specific roles. Allows the reset process to require input of the user's Time-based one-time (TOTP) value - if they have TOTP setup on their account. You can also mandate the entry of a valid TOTP in order to complete a password reset. The TOTP field extends ProcessForgotPassword and operates with or without NiftyPasswordsPlus. Works by extending the core ProcessForgotPassword module so it works on the Admin login page and your custom LoginRegisterPro pages. You'll also get access to NiftyHashedTokens in your template and module files - a HMAC-Hashed key-to-value store, providing tamper-detection of the key and controlling how many times it may be accessed in a given period along with IP address checking. Pre-Requisites This requires PHP7.2 or better and a recent copy of Processwire with the ProcessForgotPassword and InputfieldSelect modules installed. Installation After purchase you will have access to the latest version of the pack as a single zip file.If this is your first Nifty installation: simply unzip the file in a temporary location and transfer the resulting Nifty folder into the site/modules directory of your site. Then refresh the modules in Processwire and install the NiftyPasswordsPlus module.If you already have other Nifty products installed: unzip the file in a temporary location and look in the Nifty folder you unpacked. Copy any new subdirectories from there into your existing site/modules/Nifty directory. Log in to Processwire, refresh your modules and install NiftyPasswordsPlus. You will need to acknowledge the disclaimer, enabling the module in order to proceed. Refunds We offer a no-questions-asked refund policy in the first 14 days from the date and time of your purchase. Settings Step 1: Step 2: Gives options changing how the reset link works. Verification code customisation options: This can lead to much simpler codes in the reset emails... Step 3: If you install FieldtypeUserTOTPValue as well, you also have additional options to require TOTP 2FA for reset. Step 4: Additional settings: FieldtypeUserTOTPValue allows you to add TOTP as a confirm field in ProcessForgotPassword: Which then requires the user doing the reset to enter their TOTP 2FA code (if set on their account) in order to reset their password: If the user does not have TOTP set up on their account, they just leave this blank. If they do have TOTP set up, they need to enter the current value. If you are using this along with NiftyPasswordsPlus, then you can additionally enforce role-based requirements for entry of a correct TOTP value in order for password reset to work. It does this by hooking FieldtypeUserTOTPValue's RequireTfa() method. You can do the same from your site/ready.php file to add any additional checks you'd like for your particular site. We currently only support TOTP 2FA as it is simple, avoids sending another email (in case email is compromised) and the bar to user adoption is quite low. Finally, we have NiftyHashedTokens: Single Site, Developer and Agency Licenses are available via our LemonSqueezy Store >>> Please get in contact after purchasing, citing your license key & forum username, so we can add you to our support area. <<< 16 Link to comment Share on other sites More sharing options...
netcarver Posted November 22, 2020 Author Share Posted November 22, 2020 Just to update everyone: in case you missed it, we intend to release this as a commercial module sometime this coming week, testing feedback permitting. 1 Link to comment Share on other sites More sharing options...
netcarver Posted November 25, 2020 Author Share Posted November 25, 2020 Pete and I can finally announce the availability of a discounted "Early-Bird" batch of NiftyPasswordsPlus. Once this batch is gone, we will be offering one further discounted batch before the pricing reverts to normal. Details in the opening post above this. Please feel free to ask any questions you may have about the module here. 2 Link to comment Share on other sites More sharing options...
Jozsef Posted November 27, 2020 Share Posted November 27, 2020 Hi, does this support the front-end password reset option in LoginRegisterPro? I need to support the option to complete the reset on a different device for one site. 1 Link to comment Share on other sites More sharing options...
netcarver Posted November 27, 2020 Author Share Posted November 27, 2020 @Jozsef Yes, this works by extending ProcessForgotPassword which is used by LoginRegisterPro to handle password resets. 1 Link to comment Share on other sites More sharing options...
alexm Posted November 27, 2020 Share Posted November 27, 2020 Nice I’ll purchase this in the morning me thinks. A very nice extension of functionality. Good work chaps! 1 Link to comment Share on other sites More sharing options...
Jozsef Posted November 29, 2020 Share Posted November 29, 2020 @netcarver Thanks for that and for the great work, just at the right time. ? A nice companion to LoginRegisterPro. 1 Link to comment Share on other sites More sharing options...
netcarver Posted November 29, 2020 Author Share Posted November 29, 2020 I take it that everything is working for you as needed, @Jozsef? Please let me know if there is anything wrong or needing correction. Link to comment Share on other sites More sharing options...
netcarver Posted November 29, 2020 Author Share Posted November 29, 2020 Thank you to everyone who purchased at the Early-Bird rate, all those licenses are now sold-out. Link to comment Share on other sites More sharing options...
netcarver Posted November 29, 2020 Author Share Posted November 29, 2020 Version 1.4.0 released: improves translation tools compatibility. Link to comment Share on other sites More sharing options...
netcarver Posted December 4, 2020 Author Share Posted December 4, 2020 Version 1.4.1 released: Cleaned up HTML email output and more translation/multilanguage improvements. Link to comment Share on other sites More sharing options...
netcarver Posted December 11, 2020 Author Share Posted December 11, 2020 Version 1.5.0 is on the way, with customisable verification code formatting, which allows you to make the code more mobile-friendly and/or more easily selectable using mouse double clicks. So you can now have codes like this: Link to comment Share on other sites More sharing options...
netcarver Posted December 12, 2020 Author Share Posted December 12, 2020 Version now up to 1.5.1. Link to comment Share on other sites More sharing options...
netcarver Posted December 17, 2020 Author Share Posted December 17, 2020 Down to the last 2 discounted licenses. Link to comment Share on other sites More sharing options...
netcarver Posted December 22, 2020 Author Share Posted December 22, 2020 Version 2.0.0 released. This has updated the Processwire version constraints. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now