By default, ProcessMaker passwords will never expire and they only need to contain a minimum of 5 characters which can be all lowercase letters. Many organizations, however, store very sensitive data in ProcessMaker and need to ensure that their passwords are not easily cracked.
In order ensure greater password security, define constants in the file /shared/sites/<WORKSPACE>/db.php, which will change the types of allowed passwords and their expiration date.
The db.php file for the default "workflow" workspace is generally found in Linux/UNIX at:
In Windows, before ProcessMaker version 1.6-4260, it is generally located at:
- C:\Program Files\ProcessMaker\apps\processmaker\shared\workflow_data\sites\workflow\db.php
In Windows, ProcessMaker version 1.6-4260 and later, it is generally located at:
- C:\Program Files\ProcessMaker\processmaker\shared\sites\workflow\db.php
By default the minimum password length is 5 characters. To set the minimum password length to 8 characters, add the line:
By default the maximum password length is 20 characters, but this can be a problem for some people importing users with long passwords from LDAP. To set the maximum password length to 40 characters, add the line:
To require passwords to contain at least one numerical character, add the line:
To require passwords to contain at least one uppercase character, add the line:
To require that passwords contain at least one symbol character (such as @#$%*), add the line:
To force users to change their passwords periodically, set the numbers of hours until the password will expire. For instance to require that users change their passwords every 90 days (90*24 hours), then add the line:
To force all users to change their password on the next login, add the line:
To set maximum password attempts, add the line:
Where 3 is the number of attempts before ProcessMaker will block the user
Login after Customizing Authentication
The next time users login after an one of the above authentication parameters has been changed, ProcessMaker will check if their passwords conform to the new configuration. If the current password does not conform, then after login, a dialog will appear asking for the user to enter a new password.
Enter a new password and then retype it a second time, then click on Save. At the next login, use the new password.
Adding Custom Code
If you would like to add custom PHP code to check passwords, edit the file <INSTALL-DIRECTORY>/workflow/engine/classes/model/UsersProperties.php
In Linux/UNIX, it can generally be found at:
In Windows, with ProcessMaker before version 1.6-4260, it can generally be found at:
- C:\Program Files\ProcessMaker\apps\processmaker\htdocs\workflow\engine\classes\model\UsersProperties.php
In Windows, with ProcessMaker 4260 and later, it can generally be found at:
- C:\Program Files\ProcessMaker\processmaker\workflow\engine\classes\model\UsersProperties.php
This file, however, may be over-written every time a new upgrade patch is applied to ProcessMaker, so be sure to make a backup copy of your custom code and reapply it after an upgrade.