Jump to content

Clear password before encryption

Recommended Posts


can somebody tell me, if it is possible to get the clear password of an InputfieldPassword inside a module, before it is encrypted?

I have made a custom module which sets the password of an Auth0User after the hook publishReady with a random generated password. When I try to get a clear password from a InputfieldPassword in this hook, it is of course already encrypted (which is of course good). But is there a hook before the encryption, so I could get it one time to send it to Auth0?

If there is not such thing, could be another possibility to add a jQuery script to get the value directly from the DOM and save it somewhere temporarily?

I know this might be an unusual question, but I would appreciate any feedback. :)

Regards, Andreas

Share this post

Link to post
Share on other sites

Hook before/after Password::setPass() method instead? Keep in mind that this hook is called before page publish (while setting value for a password field)

 * Set the 'pass' to the given value
 * @param string $value
 * @throws WireException if given invalid $value
protected function ___setPass($value) {

    // if nothing supplied, then don't continue
    if(!strlen($value)) return;
    if(!is_string($value)) throw new WireException("Password must be a string"); 

    // first check to see if it actually changed
    if($this->data['salt'] && $this->data['hash']) {
        $hash = $this->hash($value);
        if($this->isBlowfish($hash)) $hash = substr($hash, 29);
        // if no change then return now
        if($hash === $this->data['hash']) return; 

    // password has changed

    // force reset by clearing out the salt, hash() will gen a new salt
    $this->data['salt'] = ''; 

    // generate the new hash
    $hash = $this->hash($value);

    // if it's a blowfish hash, separate the salt from the hash
    if($this->isBlowfish($hash)) {
        $this->data['salt'] = substr($hash, 0, 29); // previously 28
        $this->data['hash'] = substr($hash, 29);
    } else {
        $this->data['hash'] = $hash;


  • Like 2
  • Thanks 1

Share this post

Link to post
Share on other sites

Thanks @abdus and @adrian,

I was able to grab the clear password with the Password:setPass hook and saved it into a session variable to pass it between my module functions. Of course I clear the session variable afterwards. ;)

Share this post

Link to post
Share on other sites
1 minute ago, AndZyk said:

and saved it into a session variable to pass it between my module functions

Why not use a variable defined in the module class, eg:

protected $clearPassword

and populated via:


in the hook's function. This will be available throughout the module's functions.

This is what I did in my EmailNewUser that I linked to above.

  • Like 2

Share this post

Link to post
Share on other sites

Of course you are right. I should have looked closer at your code. ;)

  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By anttila
      We are developing an App that sends data over the Internet to ProcessWire (POST/JSON). We want password to be protected somehow when sending it, but I should be able to compare it to PW's passwords. We were thinking of using md5 encryption, but PW uses different encryption.
      How can I be sure that user has active account when they use the App?
    • By Robin S
      Password Generator
      Adds a password generator to InputfieldPassword.

      Install the Password Generator module.
      Now any InputfieldPassword has a password generation feature. The settings for the generator are taken automatically from the settings* of the password field.
      *Settings not supported by the generator:
      Complexify: but generated passwords should still satisfy complexify settings in the recommended range. Banned words: but the generated passwords are random strings so actual words are unlikely to occur.  
    • By Slav
      Hey guys... Ok so I have a problem with a registration form password inputfield... The problem is that InputfieldPassword.js and InputfieldPassword.css are not loaded/fired. Or I dont even know exactly what is happening... Im pretty new to processwire and the website was not created by me so Im trying to figure out what has been done and how processwire works. Anyway this is how the form looks right now:

      ...and as you can see the styling is off (password validation check in particular)... this is what I see when page is loaded (without adding any input)... it looks like js and css files from wire/modules/Inputfield/InputfieldPassword are not firing... I dont know how it is supposed to work exactly so I dont even know where to start.
      Maybe someone has had similar problem and know an easy fix or can navigate me to what could cause this situation in PW.
      Oh by the way this problem occured when upgrading the PW version (current version 3.0.65)... everything else is ok... this is the only problem that has been found after upgrade...
      Appreciate all the help!
    • By jen
      Yesterday we somehow lost access to all current admin, superuser/passwords to processwire.  We tried using the reset password form and nothing was sent.  We began noticing some of the menu buttons went missing as well as some photos.  Any suggestions how to resolve the login issue?
  • Create New...