Teacher/Staff Force Password Security v 3.1

Tue, 02/24/2009 - 9:57am •

Submitted by jtreadwell •

Login or register to post comments
send to friend

Pages to force password rules on teacher and admin passwords. Allows districts to force users to change passwords after a given number of days if they choose. Forces paswords to NOT contain first or last name of the user. Disctircts can choose to force a minimum number of characters for the password, at least 1 letter, at least 1 number, at least 1 upper case letter, and/or at least 1 non-alphanumeric character. A list of banned words can be created to also force certain words to NOT be included in the password. READ THE DOCUMENTATION VERY CAREFULLY!!

DEVELOPMENT NOTES:

UPDATE 10/25/2006(v. 1.0)
Initial version.

UPDATE 12/12/2006(v. 1.1)
- Updated some scripts to allow for a few more checks. Previously had been checking for a literal word, now checks for the word anywhere within the password.

UPDATE 06/30/2007(v. 1.2)
- Added a message in the admin/home.html page that displays a welcome upon the first successful (passed validation) visit to the home.html page for each session.

UPDATE 08/01/2007(v. 1.3)
- Removed message as hitting the “ok” button was deemed too time consuming. Only commented out the functionality. Uncomment out the message in the script embedded in the admin/home.html page to enable it.

UPDATE 10/11/2007(v. 1.4)
Initial public version.

UPDATE 10/30/2007(v. 2.0)
- MAJOR update!
- Added last password change for admin and teacher accounts
- Added running log of password activity
- Added ability to declare how many days before forcing a user to change the password
- Added ability to force a user to change passwords to a different word than the current password
- Added ability to declare minimum character requirements for passwords
- Added ability to turn on/off check for at least one letter
- Added ability to turn on/off check for at least one number
- Added ability to turn on/off check for at least one upper case letter
- Added ability to turn on/off check for at least one character that is not a letter, number or underscore
- Added ability for districts to declare as many “banned” words as they wish in a semicolon separated list
- Reduced the need for cookies

UPDATE 11/05/2008(v. 3.0)
- Converted to Oracle

UPDATE 02/24/2009(v. 3.1)
- Updated password login pages to not autofill the passwords
- Various minor page updates to catch the pages up to 5.2.0.10

Contributor:

Jason Treadwell

Pro:

Premier - 5.1.x:

Premier - 5.2.x:

Comments

Redirect

Submitted by nkowalchik on Mon, 01/25/2010 - 1:14pm

I setup a test server with 6.1 and still cannot get this custom option to work correctly.

The recurring problem is that after installing the necessary pages and you get the first prompt to change your password, it brings you right back to the password change screen.

It goes through the process of accepting the changed password, but keeps bringing the user back to the password screen.

I've tried restarting the application, restarting the server, taking customization off and on - can't get past this.

PowerSchool version 6

Submitted by haroldjones on Thu, 07/23/2009 - 8:58am

If we upgrade to version 6, will this cause any problems? Will the customization still work? If not, do you plan on posting an update?

Forced Password not working for view users.

Submitted by danberms on Fri, 03/20/2009 - 7:55am

I may have found a bug where admin user is not allowed to change their password if their group has view only rights.

I was able to get everything to work by using the Access to Page Permissions to give full rights to a couple of pages.

Admin/home.html - The redirect if password expired/needs to change would not work otherwise
Admin/userprefpassword.html - So they could submit the change.
Admin/passwordChanged.html - The password was changed, but stalled at the redirect, so the timestamp was not entered. That would make them expire the next login.

In case it matters, I'm on 5.2.0.3.0102

Dan

Similar