Password Control

As release Joomla only provides some rudimentary control of user's passwords. The basic Joomla authentication of the user's password is whether the two entries match. If they match the user can continue. What is required is control over the specification of the password itself?  Must it contain upper and lower case letters?  Should it also contain numbers and/or special characters' such as underscore (_), hash (#) etc?  Also how many of each should it contain?  Should there be checks upon real words? Password Control tries to address some of these questions.

Translation Credits

Release Versions

Frequently Asked Questions

Password Control Overview

The documentation in PDF format and also as web pages is available upon the site. [Please see links under 'Joomla Extensions' on the site.] This document only presents a brief overview of the functionality.

Currently the existing capability is provided by a system plug-in. The plugin addresses the more pressing issues:

  •  Forcing the user to change their password on initial logon

  • Forcing the users to periodically change their passwords every 'n' days, where 'n' is an administrator defined variable, typically set to 30 days.

  • Ability to optionally block users.

  • Ability to store up to 999 previous passwords for a user.

  • Supports Joomla update functionality.

  • Ability to specify site password criteria that must be met and provide user with feedback on how their password fails.

  • Inbuilt password generator that creates passwords matching the site specified criteria.

More details can be found in the Password Control Documentation

An additional optional capability is provided by the Password Control User Profile Plug-in. This is described in the documentation, but permits the site user to see details of their most recent password change and the next scheduled password change. It also allows the site administrator to view this information and edit the next password change date if required.

Translation Credits

We would like to thank all the people who have donated their time and effort in providing translations for our extensions, either individually or as part of a translation team, so that they may be used by the wider community.

Release Versions

Password Control System Plug-in

Release 0.1.4

Minor enhancement release to extend the control over who is required to change their email address upon initial login. Also add an additional check for Joomla 3.4 where we are in edit mode but the layout field is set to null.

Release 0.1.3

This release adds a new requested optional feature which is to force the user to change their email address upon their initial login. Some components such as eshop virtuemart, have a situation where sites such as cosmetics saloons will give their customers free logins. They create a number of logins with usernames such as the name of salon + number of client, password 12345 and with a created email similar to When the user logs in there is a need to force the customer to change their password, and we have introduced the option that forces the mandatory email change on first login.

Release 0.1.2

This release supports the use Joomla 3.3 which introduced more encryption mechanisms. If also has been modified to allow for Joomla 3 user password reset required flag. Other changes include altering the defaults to use JQuery-ui version 1.10.4, and jQuery 1.11.0. Modifications were also made to the checks when a password change is required.
It also introduces the ability to hide some of the other user profile fields such as the email, username and name fields, and permits the addition of an informative text area field to display some helpful text to assist the user in entering their password.
Due to a coding conflict between jQuery-UI dialog windows and mmenu (a jQuery plugin for mobile menus) the ability to use an alternative jQuery bootstrap dialog plugin was also added.
Another change is to extend the exemption checks in the onAfterUserSave event to permit password reuse for exempt users.

Release 0.1.1

This release supports the use of the 'new' PHPass encryption mechanism present within Joomla 2.5.18 and Joomla 3.2.x. It also fixes the placement of the generator button to the revised 'User Profile Edit' screen in Joomal 3.2.

Release 0.1.0

This release adds the long awaited checks upon users password in terms of the password specification criteria. It also incorporates an optional Password Generator that uses the site specified password criteria to derive a suitable password which the user can then select and which will be automatically entered into the password fields upon the form, without the need for the user to perform a 'cut and paste' action.
There is one fix incorporated in this release which addresses the usage of the users 'old' passwords stored in the control table when the PHP supplied routine is used. The database supplied routine is unaffected.The is the initial release of the component.

Release 0.0.9

This release adds a few enhancements such as the ability to specify exemption groups and the change to specify the exempt users from a select list rather than providing the user ids specifically. The release reworks the 'single change' option to be more robust and also adds a PHP routine to update the control table for those users who cannot use the supplied database routine due to difficulties with thier hosting providers. The password checks are now performed in the onBeforeUserStore method so that the #__users tables is not undated if the password checking fails. There is also integration with Akeeba System Restore Points.

Release 0.0.8

This release corrects a few minor problems and allows the specification of the redirection link. If also changes the database based password checking routine to be 'deterministic' which resolves a problem of the password checks failing if the underlying database binary logging is not set to 'row' or 'mixed' format.

Release 0.0.7

This was never publicly released. It was a special one off release for a client running Joomla 1.5 and as such was specific to that version of Joomla.

Release 0.0.6

This release corrects an error when displaying information about encountered database errors. It also changes the changelog display to use a modal window.

Release 0.0.5

This release introduces Joomla 3.0 compatibility as well as correcting an unrequired 'feature' (resulting in a forced password change request when an administrator edits a users profile) and meeting 'Strict' PHP coding standards, thus removing warning messages displayed when the site reporting is set to 'development'. The documentation remains unchanged as no new functionality as been introduced other than the presence of a changelog in the description of the plugin.

Release 0.0.4

This release was intended to mainly be a stabilisation release. There are however a few new features included. The main addition is to incorporate Joomla update functionality and an installation script. There is an enhancement to permit unlimited (well up to 999) previous passwords for a user, each of which is checked to prevent reuse. There is also the ability to not check the previous password at all if that is the sites policy. A minor addition is to allow integration with the Password Control component which is currently under development, and a few minor fixes required to resolve problems encountered with the 0.0.3 release.


Password Control User Profile Plug-in

The Password Control User Profile Plug-in is an optional piece of functionality that may be installed to provide the user will details of their most recent password change and the next scheduled forced change. It also provides the site administrator with similar visibility and and allows the next password change date to be set for an individual user. Certain restrictions apply. More details can be found in the Password Control documentation (see above).

Release 0.0.4

This minor cosmetic update cleans up the code a little. Functionally unchanged.

Release 0.0.3

This minor update changes the changelog display to use a modal window

Release 0.0.2

This release supports Joomla 3.x as well as meeting 'Strict' PHP coding standards, thus removing warning messages displayed when the site reporting is set to 'development'.


These plug-ins will become part of the Password Control Component (currently under development), but are intended to be retained as separate stand alone plug-ins for those who do not require additional functionality.

Go To Top

The Macrotone Consulting Web site would like to use cookies to store information on your computer, to improve our website. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site.