gebeer

Get cleartext password in hook

Recommended Posts

Hello,

I am trying to get the cleartext password in a hook on saveReady in an autoload module. But I get the already hashed value of the password:

Session: pass: L1/CERxHKqXJCJkogk89O48b4bMnsqW

What I have

        protected $templates = ["user", "server"];

	public function init() {

		$this->pages->addHookAfter('saveReady', $this, 'hookSaveReady');

	}

	public function hookSaveReady(HookEvent $event) {

		$page = $event->arguments[0];
		
		if($page->isNew) return;

		if(!in_array($page->template, $this->templates)) return;

		if($page instanceof User)  $this->collectUserData($page);

	}

	public function collectUserData($page) {

		foreach ($page->fields as $field) {
			/*if( $page->isChanged($field) ) */$this->message($field->name . ": " . $page->$field);
		}

	}

I guess I am hooking too late in the process but have no idea where to place the hook instead.

EDIT: same with addHookBefore

Share this post


Link to post
Share on other sites

The password is never stored as plaintext, the latest hook you can get it Password::setPass, which does the hashing as soon as a password is set as field value.

  • Like 1

Share this post


Link to post
Share on other sites

That helped, thank you!

EDIT: For security reasons I don't post my solution here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By anttila
      We are developing an App that sends data over the Internet to ProcessWire (POST/JSON). We want password to be protected somehow when sending it, but I should be able to compare it to PW's passwords. We were thinking of using md5 encryption, but PW uses different encryption.
      How can I be sure that user has active account when they use the App?
    • By benbyf
      Hello, having trouble getting PW to save my user or field in cron hook.
      It seems to report the same field info each time unchanged. It should be counting down in seconds.
      public function init() { // set to every30Seconds in settings $this->defaultInterval = $this->cron_check; // add hooks to CRON $this->addHookAfter("LazyCron::{$this->defaultInterval}", $this, 'checkUserSubscription'); } public function ___checkUserSubscription(HookEvent $e){ // seconds since last lazycron $seconds = $e->arguments[0]; $log = wire('log'); $field = $this->exclusiveRole; // users with specific role and field $users = $this->users->find("roles=$field"); foreach ($users as $user) { // get stored time $currentTime = $user->get($this->fieldName); // if time not null if($currentTime){ // evalute stored time minus time past $resultTime = intval($currentTime) - intval($seconds); $log->message("result ".$resultTime); // save user page $user->set($this->fieldName, $resultTime); $this->users->save($user); } } }  
    • By kixe
      In a project I had to add the attribute 'disable' to some options of a select field (page reference) to show them but make them unselectable. Since I could not find an integrated solution, I wrote a tiny module and a hook. This could also be a POC to similar needs.
      Install module Add the Module to InputfieldPage in the module settings to make it selectable as Inputfield for page reference fields Create a hook in ready.php to manipulate attributes of the <option> tag for specified items
      Module
      <?php namespace ProcessWire; /** * POC Inputfield Select Hook Add Option -- Replacement for InputfieldSelect * * Selection of a single value from a select pulldown. Same like InputfieldSelect * except this version provides hookable addOption() function which allows to modify * attributes of the <option> tag (i. e. 'disabled' to show items but disallow to select them * * @author Christoph Thelen aka @kixe * */ class InputfieldSelectHookAddOption extends InputfieldSelect { /** * Return information about this module * */ public static function getModuleInfo() { return array( 'title' => __('Select Hookable Add Option', __FILE__), // Module Title 'summary' => __('Selection of a single value from a select pulldown. Same like InputfieldSelect. except this version provides hookable addOption() function which allows to modify attributes of the <option> tag (e.g. \'disabled\' to show items in dropdown but disallow to select', __FILE__), // Module Summary 'version' => 100, ); } /** * Hook in here to modify attributes */ public function ___addOptionAttributes($value, $label) { return array(); } /** * @see InputfieldSelect::addOption() * */ public function addOption($value, $label = null, array $attributes = null) { if (!is_array($attributes)) $attributes = array(); $attributes = array_merge($attributes, $this->addOptionAttributes($value, $label)); return parent::addOption($value, $label, $attributes); } }
      Hook
      /** * This example hook modifies the attributes of the selectable options of a Pagereference field named 'test'. * The selectable pages have the template 'test' assigned which includes a checkbox 'disallow'. * The attribute 'disabled' will be added to the selectable page if the user does not have the role 'user-extended' and 'disallow' is set. * */ $wire->addHookAfter('InputfieldSelectHookAddOption::addOptionAttributes', function($e) { // quick exit if ($e->object->name != 'test') return; if ($this->wire('user')->isSuperuser()|| $this->wire('user')->hasRole('user-extended')) return; // disable items (pages) in select $restrictedPageIDs = $this->wire('pages')->find('template=test,disallow=1')->each('id'); if (in_array($e->arguments[0], $restrictedPageIDs)) $e->return = array('disabled' => 'disabled'); });  
    • By louisstephens
      So I have a module that builds a dashboard (following the tutorial: https://processwire.com/blog/posts/building-custom-admin-pages-with-process-modules/#handling-user-input-using-forms-amp-inputfields). It all works great now that I have gotten some kinks worked out. However, the page is saved under admin which is hidden from users that are not superusers. Is there a way to allow the user, with a certain role, to view this newly created page, and only this page?
    • By hellomoto
      I was working on this:
      class PWCRM extends WireData implements Module { public static function getModuleInfo() { return array( 'title' => 'Client Relationship Management', 'version' => .001, 'singular' => true, 'autoload' => true ); } public function init() {} public function ready() { $this->pages->addHookBefore('render', $this, 'accessHook'); $this->pages->addHookAfter('render', $this, 'hookAfterPageRender'); } public function accessHook(HookEvent $event) { $page = $this->wire('page'); if (!strpos($page->template->tags, 'crm')) return; if (!$this->wire('user')->hasRole('crm')) $this->wire('session')->redirect($this->wire('config')->urls->login);//throw new Wire404Exception(); } public function hookAfterPageRender(HookEvent $event) { $page = $event->object; echo $page->template->tags; if (!strpos($page->template->tags, 'crm')) return; echo $this->wire('config')->urls->templates; include_once($this->wire('config')->urls->templates.'functions.inc'); $pagehtml = $event->return; $pagehtml = str_replace( '</head>', '<link id="css_crm" rel="stylesheet" href="'.$this->wire('config')->urls->templates.'css/crm.css"> </head>', $pagehtml ); $event->return = $pagehtml; //$event->replace = true; } } I have tried placing the hooks into the init() function, and more... Neither method is effective. The echoes now output, but no redirection (although I have the access settings for the top-level template for this set to render a 404 for underprivileged users, which it does, overriding this, but nonetheless this should work aside from that.
      Then I wrote this up quick:
      <?php namespace ProcessWire; class MaintenanceMode extends WireData implements Module { public static function getModuleInfo() { return array( 'title' => 'Maintenance Mode', 'version' => 1, 'summary' => 'Disables the website frontend for non-superusers.', 'singular' => true, 'autoload' => true, 'permanent' => false ); } public function init() { $this->addHookBefore('Page::render', $this, 'displayDecide'); } public function displayDecide($event) { $page = $event->object; if ($page->template == 'admin' || $this->wire('user')->hasRole('superuser')) return; // replace the method hooked $event->replace = true; $event->return = "Patience please while we undergo some brief maintenance work."; } } which likewise avails nothing. What the hell is my problem here?