Details

    • Type: Feature Requests Feature Requests
    • Status: Open (View Workflow)
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Core - Users/Devices
    • Labels:
      None
    • Backend Engine:
      All
    • Confirmation:
      Confirmed

      Description

      There has been a lot of security questions raised regarding the terrible habits of people setting their extension or device password to be ing their extension, or 1234, etc.

      It then struck me that there should be a password gebnerator in freepbx that will generate a password automatically if you dont enter one. Or perhaps you could turn that off in Amportal config.

      I dug up a little PHP code on the net and found this that might be able to be used to generate this for Freepbx. but I think it would be a huge hit with people. Especially with some of the auto provisioning that is going on with some of the IP endpoints out there now.

      Anyways, we absolutely love freepbx, and especially how stable and reliable it is. But I think this would be an awesome feature that keeps us unimaginative from have to think of extension passwords everytime we install a server.

      <?php
       
      function random_string($length = 8, $chars = null) {
          if( empty($chars) ) $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
          while( strlen($s) < $length) {
              $s .= substr($chars, rand(0, strlen($chars) - 1), 1);
          }
          return $s;
      }
       
      // Example
      echo random_string(10);
       
      ?>

        Activity

        Hide
        Moshe Brevda added a comment -

        You probably want this to be optional
        - say a link next to the password box that will insert a strong password, and it will be best to do this in js

        Show
        Moshe Brevda added a comment - You probably want this to be optional - say a link next to the password box that will insert a strong password, and it will be best to do this in js
        Hide
        dodgly added a comment -

        This is so easy to implement I'm not quite sure why it keeps getting pushed out. Putting my money where my mouth is I'll say that my method requires just TWO new lines and TWO modified lines in core/functions.inc.php plus one small file that contains the password generator.

        My theory of operation is very simple and ideal for the perpetually lazy user--no options to fiddle with. Let's just help them out and create the password, then if they want to change it they can blank the generated password and enter some lame password. But let's nudge them in the right direction creating ultra-secure random passwords. It's 2012 and we quit using out-houses decades ago. Ok, enough hyperbole here's the work three easy steps:

        1. Yank http://pastebin.com/ERkdwq25 to /var/www/html/admin/modules/core/generatePassword.php

        That code is GPL 3 from https://www.dougv.com/2010/03/23/a-strong-password-generator-written-in-php/

        2. ADD the following two lines anywhere in /var/www/html/admin/modules/core/functions.inc.php:

        #!php
              include('generatePassword.php');
              $sGeneratedPassword=generatePassword(12,3,3,3);
        

        That generates a 12 character password, composed of 3 upper-case alpha, 3 numbers, 3 symbols, plus an implied 3 lower-case alpha. I added those two lines around line 7175 (Core 2.10.0.8) just before the // iax2

        3. MODIFY the two $tmparr['secret'] lines adding $sGeneratedPassword as follows:

        #!php
              $tmparr['secret'] = array(
                'value' => $sGeneratedPassword, 
                'tt' => $tt, 
                'level' => 0, 
                'jsvalidation' => $secret_validation, 
                'failvalidationmsg' =>$msgInvalidSecret);
        

        Easy, strong, no-fuss, no-muss. May not solve it for auto-provisioned devices and some of the symbols may not be ideal but that's easily changed.

        All the best!

        Show
        dodgly added a comment - This is so easy to implement I'm not quite sure why it keeps getting pushed out. Putting my money where my mouth is I'll say that my method requires just TWO new lines and TWO modified lines in core/functions.inc.php plus one small file that contains the password generator. My theory of operation is very simple and ideal for the perpetually lazy user--no options to fiddle with. Let's just help them out and create the password, then if they want to change it they can blank the generated password and enter some lame password. But let's nudge them in the right direction creating ultra-secure random passwords. It's 2012 and we quit using out-houses decades ago. Ok, enough hyperbole here's the work three easy steps: 1. Yank http://pastebin.com/ERkdwq25 to /var/www/html/admin/modules/core/generatePassword.php That code is GPL 3 from https://www.dougv.com/2010/03/23/a-strong-password-generator-written-in-php/ 2. ADD the following two lines anywhere in /var/www/html/admin/modules/core/functions.inc.php: #!php include('generatePassword.php'); $sGeneratedPassword=generatePassword(12,3,3,3); That generates a 12 character password, composed of 3 upper-case alpha, 3 numbers, 3 symbols, plus an implied 3 lower-case alpha. I added those two lines around line 7175 (Core 2.10.0.8) just before the // iax2 3. MODIFY the two $tmparr ['secret'] lines adding $sGeneratedPassword as follows: #!php $tmparr['secret'] = array( 'value' => $sGeneratedPassword, 'tt' => $tt, 'level' => 0, 'jsvalidation' => $secret_validation, 'failvalidationmsg' =>$msgInvalidSecret); Easy, strong, no-fuss, no-muss. May not solve it for auto-provisioned devices and some of the symbols may not be ideal but that's easily changed. All the best!
        Hide
        sesekongkong added a comment -
        Show
        sesekongkong added a comment - Cheap Jordan Sneakers Cheap Jordans

          People

          • Assignee:
            Philippe Lindheimer
            Reporter:
            itiliti
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Development