JavierCN Posted December 21, 2022 Share Posted December 21, 2022 Hello: We have installed a passwords expiration system in our WHMCS. We want the clients use a different password when they change it (they're redirected to the recovery page). Is there any security configuration to active this protection (force to use a different password)? If not, do you know a hook executed when the client is changing the password on the recovery page? Thank you , Regards. 0 Quote Link to comment Share on other sites More sharing options...
steven99 Posted December 21, 2022 Share Posted December 21, 2022 Do not think that is built in but would be a good feature for that password expiration addon you mentioned. Would require at least the ClientChangePassword hook. I do not believe that provides the old password and so you would need another hook, like the ClientAreaPageChangePassword, to capture the old password and store it, still hashed, in the session. Then on ClientChangePassword, check that session variable against the new password hash. If it matches, well then you have to force them to password change page via a ClientAreaPage hook and complain that they match. 0 Quote Link to comment Share on other sites More sharing options...
JavierCN Posted December 27, 2022 Author Share Posted December 27, 2022 (edited) Great! Thank you @steven99 Edited December 27, 2022 by JavierCN 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.