NB> Can you not convert them "as-is?" If someone has created a password in
 NB> the past with CaSe.SeNsItIvE even though it never took in the past..
 NB> Converting them as-is would at least make it work in the future.. Or is
 NB> this not an option?

No I can't unfortunately.  Mystic converts all passwords to upper case before
it stores them (a mistake I made 20 years ago when I wrote the code).  This
means that Mystic has no idea if the user entered "PaSsWoRd" or any other
variation, because it convered it to "PASSWORD" upon storage.

I'm going to have to build in code to support both ways and add the option to
flag accounts to force a password change on login, as someone else suggested.
This gives us the best options.  We can force users to change their password or
just allow them to use their old case insensitive password until they change it
next on their own.

I wanted to build in a solid password policy as well, which would allow the
SysOp to define a bunch of restrictions on passwords.  It would even have the
option to use HunSpell to refuse known dictionary words, for example.

Baby steps I guess... I think I should just get the encryption out of the way
first rather than try to do too much at once.

--- Mystic BBS v1.11 A3 (Windows)