Banned Passwords in osCommerce
Put simply, my client wanted to stop people from using passwords that are too obvious or too easy to crack. So…he found a list of passwords that Twitter has banned and wanted me to ban them also. He also wanted to ban any passwords below 6 characters and any passwords made of numbers only.
Note that for the purpose of this Blog Post, I changed the password input to a 2tep_draw_input_field” rather than a “tep_draw_password_field” in order to show the passwords in the images.
Note also that this script does not check for the “strength” of the password – I suppose that this could be achieved rather easily by checking if the password has at least 1 number and perhaps 1 or more upper-case characters. That may be something I blog about another time.
The I-Metrics CMS is a complete dynamic content management system that can be used for start-up businesses, blogs and personal sites. One of the objectives of the project is to further expand the MS2.2 framework covering other types of websites.
The package includes features to create, group and associate text pages and image lists, effective SEO modules, scalable via a Plugins manager and uses the engine of osCommerce MS2.2 simplified without e-commerce features.
Several adminn tools allow the site owner to monitor traffic, backup the database, personalize the site, manage the website content, send/receive emails and optionally manage multiple websites via a single administration control panel.
I-Metrics CMS is extremely light, very easy to learn and it is expandable and suitable for both novice and advanced web-developers. Novice programmers can easily learn the basics of the framework as the core structure is basically osCommerce – changes to the core files are very simple, while advanced developers can use object oriented programming and the benefits of he integrated Plugin manager to expand or modify the framework according to their website requirements. Only a handful of files control the layout of website front, making template integration trivial.
The built-in Plugins manager is independent of the core functionality, individual Plugins can take advantage of the core functions or implement their own.
Just sparked up the latest rc3 and notice some more new features;
This shows the latest osCommerce Addons. You can subscribe to the RSS feed by clicking on the orange button. I don’t know if this is much use, as the addons area is a complete mess with all sorts of rubbish being added (such as updates that do nothing, support requests and so on).
Latest osCommerce News box. Kind of interesting to have so long as it will be regularly updated by ALL of the team! By regular, I mean at least a couple of times a week.
Version and Update checker. Again, an interesting possibility to allow people to easily see if an update is available. The only real problem is that it’s impossible to update an osC store at this moment unless it is completely standard and unchanged – and who runs an unmodified osC store? Anyone?? Well yes, but not many! However, with future updates in mind (hooks á la WordPress maybe?) this will be a good addition.
In the osCommerce forum, someone asked about the possibility of only allowing customers from 1 domain to be able to sign up to their shop. I suppose a typical example might be some shop set up solely for employees of a given company…
Anyway, with a bit of thinking, I came up with the idea of placing the allowed email domains into an array, like this:
This works well, but doesn’t give the person trying to create an account any idea that his or her email address is unallowed until they’ve actually filled out the form and submitted – how annoying is that.
So, with a bit more thinking, I used a piece of jQuery to check the inputted email address on the fly. It looks like this;
And by video;
You can easily see that at first I used @gmail.co.uk which is NOT in the allowed list of good emails. I then changed it to @gmail.com and it turned green “on the fly”. A good way to show the potential buyer immediately of any problem.
Had they NOT changed to an allowed email address and gone on to create the account, they would see this;
Notice the error message? I used sprintf to throw back the error message along with the email address they tried to use.