gebeer

Get cleartext password in hook

Recommended Posts

Hello,

I am trying to get the cleartext password in a hook on saveReady in an autoload module. But I get the already hashed value of the password:

Session: pass: L1/CERxHKqXJCJkogk89O48b4bMnsqW

What I have

        protected $templates = ["user", "server"];

	public function init() {

		$this->pages->addHookAfter('saveReady', $this, 'hookSaveReady');

	}

	public function hookSaveReady(HookEvent $event) {

		$page = $event->arguments[0];
		
		if($page->isNew) return;

		if(!in_array($page->template, $this->templates)) return;

		if($page instanceof User)  $this->collectUserData($page);

	}

	public function collectUserData($page) {

		foreach ($page->fields as $field) {
			/*if( $page->isChanged($field) ) */$this->message($field->name . ": " . $page->$field);
		}

	}

I guess I am hooking too late in the process but have no idea where to place the hook instead.

EDIT: same with addHookBefore

Share this post


Link to post
Share on other sites

The password is never stored as plaintext, the latest hook you can get it Password::setPass, which does the hashing as soon as a password is set as field value.

  • Like 1

Share this post


Link to post
Share on other sites

That helped, thank you!

EDIT: For security reasons I don't post my solution here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By hellomoto
      I was working on this:
      class PWCRM extends WireData implements Module { public static function getModuleInfo() { return array( 'title' => 'Client Relationship Management', 'version' => .001, 'singular' => true, 'autoload' => true ); } public function init() {} public function ready() { $this->pages->addHookBefore('render', $this, 'accessHook'); $this->pages->addHookAfter('render', $this, 'hookAfterPageRender'); } public function accessHook(HookEvent $event) { $page = $this->wire('page'); if (!strpos($page->template->tags, 'crm')) return; if (!$this->wire('user')->hasRole('crm')) $this->wire('session')->redirect($this->wire('config')->urls->login);//throw new Wire404Exception(); } public function hookAfterPageRender(HookEvent $event) { $page = $event->object; echo $page->template->tags; if (!strpos($page->template->tags, 'crm')) return; echo $this->wire('config')->urls->templates; include_once($this->wire('config')->urls->templates.'functions.inc'); $pagehtml = $event->return; $pagehtml = str_replace( '</head>', '<link id="css_crm" rel="stylesheet" href="'.$this->wire('config')->urls->templates.'css/crm.css"> </head>', $pagehtml ); $event->return = $pagehtml; //$event->replace = true; } } I have tried placing the hooks into the init() function, and more... Neither method is effective. The echoes now output, but no redirection (although I have the access settings for the top-level template for this set to render a 404 for underprivileged users, which it does, overriding this, but nonetheless this should work aside from that.
      Then I wrote this up quick:
      <?php namespace ProcessWire; class MaintenanceMode extends WireData implements Module { public static function getModuleInfo() { return array( 'title' => 'Maintenance Mode', 'version' => 1, 'summary' => 'Disables the website frontend for non-superusers.', 'singular' => true, 'autoload' => true, 'permanent' => false ); } public function init() { $this->addHookBefore('Page::render', $this, 'displayDecide'); } public function displayDecide($event) { $page = $event->object; if ($page->template == 'admin' || $this->wire('user')->hasRole('superuser')) return; // replace the method hooked $event->replace = true; $event->return = "Patience please while we undergo some brief maintenance work."; } } which likewise avails nothing. What the hell is my problem here? 
    • By Robin S
      Password Generator
      Adds a password generator to InputfieldPassword.

       
      Usage
      Install the Password Generator module.
      Now any InputfieldPassword has a password generation feature. The settings for the generator are taken automatically from the settings* of the password field.
      *Settings not supported by the generator:
      Complexify: but generated passwords should still satisfy complexify settings in the recommended range. Banned words: but the generated passwords are random strings so actual words are unlikely to occur.  
      https://modules.processwire.com/modules/password-generator/
      https://github.com/Toutouwai/PasswordGenerator
    • By Vinnie
      Hi all, Im trying to fill an options field in all the children of the parent page, after I save it. 
      the options field is configured as multiple select checkboxes. here's the code i have so far:
      $this->addHookAfter('Pages::saved', function($event) { $page = $event->arguments[0]; //set the page if($page->template == 'sport-verenigingen-overzicht') { //get the subcategories from the parent textarea, split on newline $subcats = preg_split('/[\n\r]+/', $page->subcats); //(also tried without imploding and adding the array, also doesnt work) $subcats = implode("|",$subcats); //get the children $children = $page->children(); foreach ($children as $child) { //set the options(sport_categorie is the options field) $child->sport_categorie = $subcats; $child->save('sport_categorie'); } //if i use a normal textfield instead of an optionsfield, //all the children have the correct data e.g: test1|test2|test3 //how to get the values into the options field?? } }); Hope you guys can help! Keep up the good work, I'm loving what you're doing with PW!!
    • By joe_g
      Hi there,
      I'm trying to limit a specific user can only add pages as a child (under) a page created by themselves.  
      The discussion in this thread gets close, it's a working solution on how to only allow editing on pages you created yourself. I'm using this and it works well. But I'm not sure how to modify this for my purposes. 
       
      I'm suspecting I need to do to something like
      $this->addHookBefore("Page::added", $this, 'added');
      then in "added" check if parent is created by the current user. But I'm a bit lost on how exactly to do this.
      thank you! /J
       
    • By AndZyk
      Hello,
      can somebody tell me, if it is possible to get the clear password of an InputfieldPassword inside a module, before it is encrypted?
      I have made a custom module which sets the password of an Auth0User after the hook publishReady with a random generated password. When I try to get a clear password from a InputfieldPassword in this hook, it is of course already encrypted (which is of course good). But is there a hook before the encryption, so I could get it one time to send it to Auth0?
      If there is not such thing, could be another possibility to add a jQuery script to get the value directly from the DOM and save it somewhere temporarily?
      I know this might be an unusual question, but I would appreciate any feedback. 
      Regards, Andreas