This Password Control FAQ (Frequently Asked Questions) is intended to assist you in providing answers to some of the most commonly asked questions. It is intended to supplement the Password Control documentation.

Where is the documentation?

The full product documentation is available in PDF format at this web link. It covers all releases.

Does it work with Joomla 3.x?

Yes. All releases version 0.0.5 and above works with Joomla 3.x.

Does it support the new encryption mechanism in Joomla 3.3?

Yes. Release version 0.1.1 and above works with the new PHPass encryption mechanism.

I do not want users to change anything other than the password!

This is possible since this is a Joomla configuration option.

In the User profile the settings are in two categories: Profile, which includes username and password, and Basic Settings, which include editor, time zone, front end language.

In the back end if you navigate to User Manager -> Options, under Component (Users Configuration) you will see two options 'Front End User Parameters' and 'Front End User Language'.

Set 'Front End User Parameters to "Hide" and that will hide the 'Basic Settings' in the Users profile.

  • Front-end Language
  • User Editor
  • Time Zone


I have installed and enabled the plugin but users are not being asked to change their passwords?

If this is a fresh install, then the first time existing users who have logged in before, will have the date for their next password change set to be the number of days specified in the 'periodic change days' parameter in the configuration menu, after the date they next connect. i.e. If they connect today their next change date will be the number of days after today. If you desire them to change it earlier you may either a) set a single change date or b) use a low setting for the periodic changes and increase it later when the users have made their initial change. New users who have never logged on will be forced to change their password immediately if the plugin is configured to change on the initial logon, or in the periodic number of days time. Release 0.0.3 and over.

Does the plugin check passwords?

Yes the plugin has the ability to check the users specified password with their previous password.  In release 0.0.2/0.0.3 only the previous password is saved for checking. In release 0.0.4 the administrator specifies how many previous passwords are saved and checked. The previous passwords are saved in encrypted form only, not plain text. Release 0.0.2.

Does the plugin check the strength of a specified password?

Yes, release 0.1.0 implements password strength checks. It also enables the specification of the password criteria such as: the number of numerics, number of upper case characters, number of special characters etc.

Can a password change be forced for new users?

Yes, new users (defined as users who have never logged in before) can be forced to change their passwords upon their initial connection.

Can a user be forced to change their password periodically?

Yes this is a administration configuration parameter.  Specify the number of days for which the password is valid.

Can all existing users be forced to change their passwords from a specific date?

Yes there is a administrator option to specify a date when users should change their passwords. If a future date is specified the users will be forced to change their password when they login for the first time after the specified date. If a earlier date is specified, i.e. yesterday, then the next time the user logs on they will be forced to change their password.

Can a new password be auto generated?

Yes, release 0.1.0 introduced the ability for the generation of a password that meets the site criteria. This works in the back end when users may be created or the front end where teh user registers themselves.

Can the user be prompted to change their password before it expires?

Yes, this is an optional administration option.

Can a user account be blocked if their password is not changed within the specified period?

Yes, this is an administration option.  Note that administrator users are specifically not blocked.

Are administrator users blocked?

No, administrator and super administrator users are not blocked, but will be required to change their passwords, unless they are specifically marked as exempt.  They are still subject to the password reuse rules.

What are exempt users?

Exempt users are users indicated by the administrators as not being subject to the password control rules.  The administrator enters the ids of the users in the plug-in parameters.  Typically such users would be administrators and super administrators, although any valid user id is permitted.

Exempt users are still subject to the rules concerning re-use of passwords. Exempt users are not forced to change their passwords, but any voluntary changes are recorded and reuse prevented.

Does the plugin impact guest users?

No, guest users by their definition are not required to register upon the site and therefore do not require any password specification.

Why are there two password checking routines?

For performance reasons it is desirable to perform the checks as 'close' to the data as possible, which means within the database itself.  This is especially true when a lot of passwords are being saved.  If the number of saved passwords is small, then the performance gain is marginal.  The administrator is provided with the option of choosing which ever routine they are most comfortable with for their site.  Both routines produce the same result and use the same basic checking mechanisms.

NOTE: Certain hosting providers do not permit users to create anything other than MySQL tables, hence attempts to create or use custom procedures can cause database errors. In these situations use the supplied PHP routines.

NOTE: The introduction of the PHPass encryption mechanism in Joomla 3.2 broke the plugin database checking mechanism and it has been disabled in release 0.1.1. It may be reintroduced if the implementation is deemed worthwhile.

Problem routine #__updcontroltable not found.

A problem has been identified where on a site restored from a backup the database function '#__updcontroltable' is not found in the database. This is the same problem as explained in more detail in the 'Issue Tracker' Forum. It is caused by the backup component not including the database function in the backup, hence when restored, the function cannot be found. The backup component must be configured to backup up database procedures, functions and triggers, in order for them to be included in the backed up file.

In addition be aware that not all 'host' providers grant the appropriate database privileges to accounts, which means that the Joomla user connecting to the database may not even be able to see the function in order to back it up.  The easiest solution is to reinstall the plug-in in the restore database, and the procedure will be recreated.

I am experiencing problems with the database password checking routine, what do I do?

As described in the documentation this is likely to be related to the underlying database version. Let us know the version of the MySQL database being used and we will investigate further. The plug-in has been tested upon 5.0 and 5.1 databases. In the meantime please use the supplied php checking routine (chosen from the parameter settings).

NOTE: Certain hosting providers do not permit users to create anything other than MySQL tables, hence attempts to create or use custom procedures can cause database errors. In these situations use the supplied PHP routines.

Does the plugin use cookies?

The password control plug-in does not itself use cookies.

Are other languages supported?

The base language supplied is English.  However the component has been written specifically to be able to support other languages. There are a number of submitted translations available. The list of available translations is show in the Translations area of the site.

We welcome any submitted language translations that users might like to contribute. These would then be made available to the whole community. We mainly use Transifex for managing component translations.

There is also a article upon our web site with details upon Transifex and how one can contribute as well as instructions upon how to package up a language translation for the a component.

Do I need to install the User Profile Plug-in?

No the Password Control User Profile Plug-in is entirely optional. It is provided as an additional feature to provide some extra details to users and an aid for site administrators.

Do I have to have the Password Control System plugin in order to use the User Profile Plug-in?

Strictly speaking no, but there is little point in using the Password Control User Profile Plug-in without the System Plug-in since the information it displays is meaningless without it. So it really does not make any sense to do so.

What does the Password Control User Profile plug-in do?

This plug-in provides two additional pieces of information to the user profile, the date of the last password change, and the scheduled date of the next mandatory password change. Each of these is optionally configured and the information displayed will depend upon the system plug-in configuration.
It also provides the administrator with similar details and the ability to configure the next password change, again dependant upon system plug-in settings. See the documentation for more details.

Go To Top

The Macrotone Consulting Web site would like to use cookies to store information on your computer, to improve our website. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site.