Manaus Posted February 25, 2014 Posted February 25, 2014 Hello, I need to send the password to the $user, but $user->password returns blank. Is this a security concern? Should I use the tmp_pass workaround? Thanks
Soma Posted February 25, 2014 Posted February 25, 2014 Password is encrypted for a reason. You can't read/decrypt it.
adrian Posted February 25, 2014 Posted February 25, 2014 If you need to offer a user a forgot password reset, there is this module included in the core: http://modules.processwire.com/modules/process-forgot-password/ If you need to do it for frontend users, then this post from our fearless leader should get you going: http://processwire.com/talk/topic/1716-integrating-a-member-visitor-login-form/?p=15919 2
Frank Vèssia Posted February 25, 2014 Posted February 25, 2014 What I did in few websites is to store the password right after the registration process in a field called clear_pass. It's not the best solution for security reasons but I needed a readable password for my users, of course you can do this if you have your own registration page.
horst Posted February 25, 2014 Posted February 25, 2014 It's not the best solution for security reasons but ... That's correct, it's not the best but the badest solution! http://plaintextoffenders.com/ 1
horst Posted February 25, 2014 Posted February 25, 2014 Password are overrated. Ok, give me a few from your accounts around the web.
netcarver Posted February 25, 2014 Posted February 25, 2014 @Manaus, I need to send the password to the $user... What's the use case driving this necessity? Storage of plaintext passwords or even reversibly encrypted passwords is a definite concern. PW stores a salted hash of the password for a good reason. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now