AUser Manager
Version
1.5.14 (last update on Jan 3, 2011)
Rating
Compatibility
Votes
Favoured
49
License
GPLv2 or later
Non-Commercial
Type
Views
72235
Date Added
1 July 2008
Editor's Note
- This extension requires registration to download.
There are two levels of antispam tecnique, the classic Captcha form protection using the accessible ajax captcha plugin,
and the second level track harvesters and other malicious web robots using these free project: HoneyPot Project,StopForumSpam,Botscout.
A geolocation free service from ipinfodb.com made available for each user geolocation information, helping us to put user on googlemap.Password management include: password lifetime, password generator, the registration process requiry to agree site Terms, registered user can delete their account directly from frontend, and registration may require admin approval.
No hack to the core are needed. AUser Manager use the same mysql table as the core user manager, so you don't need to import/export any user and can switch back to core user component always without loosing data.
This function of being able to accept the registration after reviewing the registration is a must on club-base sites. This give the clients a change to create their own username and password and still give the site admin a change to check the registration before accepting it. Very good function! Thanks Alikon!
Nice add-on for the User Management but the "Expire" function needs changes:
Security issue:
If password is expired, the old password will be displayed to anyone who tries to login with this account and anyone is able to set a new password and hijack th account.
Failure:
Fortunatly the reset of the password will not work in on the expired site. So hijacking is not possible, but the account is not longer usable.
My recommendation for the developer (I am not able to do it) is to ask for the old password an verify it.
Security issue:
If password is expired, the old password will be displayed to anyone who tries to login with this account and anyone is able to set a new password and hijack th account.
Failure:
Fortunatly the reset of the password will not work in on the expired site. So hijacking is not possible, but the account is not longer usable.
My recommendation for the developer (I am not able to do it) is to ask for the old password an verify it.
Owner's reply
You must be logged for accessing expired password layout, the old password is showed cause you canno't use the old one.
I really liked that extension, and I’m using it, but there is a lot o form templates with problems or needing an update. For example:
- The form for complete the reset of the password, don't display the password strength correctly, has wrong/missing classes in the form html and don't has captcha (I have the Secureform plugin). Clearly it is outdated compared with the user registration form template.
I think you should look at your templates and correct/update them. Just a constructive critic.
- The form for complete the reset of the password, don't display the password strength correctly, has wrong/missing classes in the form html and don't has captcha (I have the Secureform plugin). Clearly it is outdated compared with the user registration form template.
I think you should look at your templates and correct/update them. Just a constructive critic.
Owner's reply
Constructive critic are always wellcomed.
Reset Password layout issue fixed in the 158, consider to upgrade
