gebeer

Get cleartext password in hook

3 posts in this topic

Hello,

I am trying to get the cleartext password in a hook on saveReady in an autoload module. But I get the already hashed value of the password:

Session: pass: L1/CERxHKqXJCJkogk89O48b4bMnsqW

What I have

        protected $templates = ["user", "server"];

	public function init() {

		$this->pages->addHookAfter('saveReady', $this, 'hookSaveReady');

	}

	public function hookSaveReady(HookEvent $event) {

		$page = $event->arguments[0];
		
		if($page->isNew) return;

		if(!in_array($page->template, $this->templates)) return;

		if($page instanceof User)  $this->collectUserData($page);

	}

	public function collectUserData($page) {

		foreach ($page->fields as $field) {
			/*if( $page->isChanged($field) ) */$this->message($field->name . ": " . $page->$field);
		}

	}

I guess I am hooking too late in the process but have no idea where to place the hook instead.

EDIT: same with addHookBefore

Share this post


Link to post
Share on other sites

The password is never stored as plaintext, the latest hook you can get it Password::setPass, which does the hashing as soon as a password is set as field value.

1 person likes this

Share this post


Link to post
Share on other sites

That helped, thank you!

EDIT: For security reasons I don't post my solution here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By modifiedcontent
      I have a simple front-end password update form like this:
      In the browser the label of the second field shows up as follows:
      WTH?!
      I can't figure out what is changing the label, what is inserting /processwire/ and reformatting the thing. Is this something in PW? A "helpful" thing that browsers do?
      Edit:
      The problem disappears if I simply rename the second field to 'Confirm Password'.
      So my problem is solved, but I'll leave this here in case this is some kind of bug.
    • By didhavn
      Hey all. 
      This might sound a bit strange but I am looking for a solution to hook into page edit and remove or disable the two save buttons including their dropdown options. 
      I managed to partly remove the buttons, but the dropdowns remained. However, I would prefer a solution with disabled buttons but have no idea how to achieve this. 
      I hope somebody of you can tell me how to remove or disable these buttons. 
      Thanks a lot in advance 
    • By modifiedcontent
      How do you get the same 'set password' form/input fields on the front-end as in the admin area?
      I have a working front-end version, but the admin version has some nifty stuff around it. Should be easy to get the same on the front-end, right?
    • By gebeer
      Hello,
      I read about conditional hooks and wanted to utilize them. In the process of trying to implement them I found that they do not get called.
      So I reduced my hook to a minimum
      wire()->addHookAfter('Page::changed', function($event) { die('changed'); }); And nothing happens at all. Also with Page::changed(title) or Page(template=basic-page)::changed(title) no luck.
      In the code comment in Wire.php it says: "Hookable method that is called whenever a property has changed while change tracking is enabled"
      I see that change tracking is enabled as
      wire()->addHookAfter('Pages::saveReady', function($event) { if($event->arguments[0]->isChanged('title')) die('changed'); }); is working.
      The hookable method ___changed() in Wire.php is empty.
      I tried this on 2 different installs PW 3.0.61 and 3.0.62
      Can anyone please confirm or let me know if I'm doing anything wrong here. Thank you.
    • By ---
      So I discovered in this topic (
      ) that I can cancel all hooks after my own hook. Now I want something like that.
       
      I want my hook which is called on page render to cancel all other events, also the after page render and the before page render methods, is this possible?
      This only need to be done when some conditions are met.
       
      /** method replaces original page::render method and is called with hook priority one */ method onPageRender (HookEvent $event) { if (my condition is true) { $this->cancelHooks = true; // to cancel all hooks to page::render // how to cancel after Page::render events // how to cancel before Page::render events } } Is this possible at all?