Register_XH

Third Party Plugins to CMSimple - how to install, use and create plugins

Moderator: Tata

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Register_XH

Post by cmb » Tue Jun 12, 2012 1:49 pm

Hello Community,

I've just released Register_XH 1.4rc1.

Register was developed in 2007 by Carsten Heinelt. In 2010 he gave permission to Gert Ebersbach to adapt it to CMSimple_XH and to further improve it. The plugin was then distributed as Register_mod_XH. In 2012 Gert Ebersbach discontinued the developement, and gave me the permission to maintain and distribute the plugin. Many thanks to Carsten Heinelt and Gert Ebersbach for their good work and the permission to further maintain the plugin!

If you have Register_mod_XH 1.2.3 or 1.3 up and running, there's probably no need to update. But of course I'm interested in feedback from testing, and particularly about the removal of the possibility to switch to admin mode (did anybody use this?).

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Fri Sep 07, 2012 11:55 am

Hello Community,

I've just released Register_XH 1.4rc2.

Besides fixing some minor issues, adding a system check, adding Danish and Russian translations (thanks to maeg resp. Old for contributing them), I've removed the passwords from all emails (except, of course, the password reminder email, which is not sent to the admin any more). So if you stick with the encrypted passwords, the password privacy of your members will be respected.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Wed Sep 12, 2012 6:59 pm

Hello Community,

I've just released Register_XH 1.4rc3.

I've added a config option (fix_mail_headers), which is only necessary to fix the behavior of some buggy mail transfer agents (such as the one on my webspace). These MTAs don't handle RFC 2822 well regarding line endings. This results in some header information being displayed in the body of the email, and in the worst case, the mail will not be received.

And I'm proud to announce, that Register_XH now has a Czech user manual! :) Kudos to oldnema :!:

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Thu Sep 13, 2012 4:38 pm

Hello Community,

today I received an email with my Register_XH account settings from my domain, but I had not requested them! :? What had happened? Somebody had clicked the "password forgotten" link, and submitted the form with my email address! :!: It's no problem, that this mail was sent to me, but as I have password encryption enabled (what I strongly recommend generally), the password was automatically reset to a new one! But of course nobody should be able to reset any user's password, if he's not authorized.

So I have enhanced the "password forgotten" functionality. If password encryption is enabled, submitting the "password forgotten" form sends the email with the account settings without changing the password. But in the email there's additionally a link, which has to be clicked to reset the password (similar to the activation link). Then a second email will be sent including the new password.

So I've just released Register_XH 1.4rc4.

Any feedback is welcome!

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Sun Sep 16, 2012 2:20 pm

Hello Community,

I've just released Register_XH 1.4rc5.

I've fixed an arbitrary code execution vulnerability. Upgrading is strongly recommended.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Wed Oct 17, 2012 6:19 pm

Hello Community,

I've just released Register_XH 1.4.

Nothing has changed since the latest RC (besides the version number and the warning in the help file).

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Wed Oct 17, 2012 8:54 pm

Hello Community,

I've just released Register_XH 1.5beta1.

This is a beta version with an improved user administration.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Sat Nov 24, 2012 12:49 pm

Hello Community,

I've just released Register_XH 1.5beta2.
  • The user administration now uses a selectbox for the state, a button to change the password, and has a feature to send an ad-hoc email to a user (requires a properly configured email client).
  • There's a new config option to disable the "password forgotten" link.
  • The "special pages" of Register_XH are now documented.
A long time ago basingse requested the possibility to assign the login for each user individually. IMO that's a bit overkill, but it might be reasonable to be able to assign a login page for each group. Do you think this is useful?

Any further comments, suggestions and other feedback is welcome.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Wed Dec 05, 2012 12:28 am

Hello Community,

I've just released Register_XH 1.4pl1 and 1.5beta3. Updating is strongly recommended.

kmsmei reported, that he was able to log in to a user account by using a password similar to the required one. I found out, that the password hashing algorithm of Register is indeed very weak, so I decided to change it to use the same algorithm as CMSimple_XH > 1.5.4.

Note that this renders all former passwords invalid! :(

Regarding 1.5: I have not yet implemented several of the latest suggestions as I considered a fast security fix more important. The only real improvement is the individual login page for each user group. So, if you don't run 1.5beta2 or earlier in a production environment (I'm sure you don't ;)) and don't need the new feature, you might just skip the update and wait for 1.5beta4.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Register_XH

Post by cmb » Thu Dec 06, 2012 7:25 pm

Hello Community,

as the upgrade to the latest versions of Register might be too hard a burden (as the password hash algorithm has changed), I've developed and released the RegisterPasswordMigrator 1.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply