Nulled Scripts Community

Best Scripts Site In The World

Resource icon

xF2 Add-on Password Tools 3.12.2

No permission to download
Overview FAQ Updates (28) History

3.12.2 - Bugfix update

  • Fix internal server error when registering an account without an email address (requires 3rd party addon to trigger)
Click to expand...

3.11.1 - Feature update

  • php 8.4+ compatibility fixes
  • Rename option "Password check types" to "New password validation rules"
  • Add "On login; consider known-bad passwords as compromised" option (default false)
  • Add new password validation rule "Prevent passwords which contain the user's email or username, and the site's domain/name." (default false)

3.10.1 - Bugfix update

  • Fix javascript error when using XF2.3
Click to expand...

3.10.0 - XenForo 2.3 support

  • Require standardLib v1.20.0+
  • Restore XF2.1 support, note front-end Zxcvbn requires XF2.2+
  • Support XF2.3+
  • php 8.4+ compatibility

3.9.0 - Feature update

  • Add "Force password reset on compromised password" option
    • This option is likely overkill for most sites, and is not generally recommended

3.8.2 - Bugfix & Maintenance update

  • Fix changing user entity while a write is pending in some cases
  • Add "Use rejected password fragments in password meter" option (default disabled).
    Take rejected password fragments into consideration when showing the password strength meter to the user.
    Security note: this makes the full list of rejected password fragments visible to end users; ensure that there aren't any sensitive password fragments before enabling.

3.8.0 - Feature update

This add-on is now avaliable on atelieraphelion.com
  • Require StandardLib v1.18.0+
  • Add new "User-group for compromised passwords" option, which adds uses to the selected user-group when it is detected they have a compromised password on login.
    Defaults to disabled. Useful for targeting with notices

3.7.5 - Bugfix update

  • Fix "Minimum time between triggering compromised password alerts on login" operating in seconds instead of hours
  • Fix cases where email 2fa would not be forced enabled on the first login request after a password is discovered as compromised
  • Rename various options to be better searchable
  • Adjust various option defaults to be more robust.
    • 'Minimum password length' from 8 => 10 characters
    • 'Minimum password strength' from 'very weak' to 'weak'
    • 'Pwned password minimum count (soft)' from 1 to 0
    • 'Pwned password minimum count (hard)' from 2 to 1
    • 'Pwned password cache time' from 7 to 3 days

2.7.4 - Bugfix update

  • Fix password checks could incorrectly apply when resetting a user's password
Click to expand...

3.7.2 - Bugfix update

  • Improve detection of admin/automated edits for the "Enforce password complexity for admins" feature.
Click to expand...

738Threads
2,302Messages
66,699Members
XauxausaurusLatest member
Back