Membership Plugin - Password Request Feature?
5 posts by 3 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: July 11, 2012 (RSS)
By Perchpole - July 8, 2012
Again, apologies if this has been covered before...
The Membership Plugin includes an example file called user-password-request.php. It sounds great but it doesn't quite do what it says on the tin!
On some websites, if you lose your password, you click on a link, enter your email address and the system will send you your password. That's how I thought the file above would work - but it doesn't! All it does is send you a link through which you can reset your password.
Is there some reason why we are unable to implement a proper password request feature? If so, how?
:0)
Perch
Re: [Perchpole] Membership Plugin - Password Request Feature?
By Jason - July 8, 2012
The older versions of website membership had a password reminder feature. However, once we switched to encrypted passwords, this was no longer possible. The encryption we use is one way only, so we have no way of taking an encrypted password from the database and decrypting it back into plain text.
I can certainly see where the confusion comes from. A more descriptive file name may be user-password-reset-request.php (you can always change the names of the files).
Hope this helps to clarify things. Please let me know if you have any other questions.
Thanks
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Re: [Jason] Membership Plugin - Password Request Feature?
By Perchpole - July 9, 2012
OK. Fair enough. I still think we have to make registration easier though.
As things stand, when someone registers they are assigned a random password. It's a meaningless jumble of letters and numbers which no-one in their right mind is going to remember!
So, once they receive email confirmation of their registration the first thing people want to do is change the password to something more recognisable and/or memorable.
I think this is one step too many.
Why can't people just choose their password at the time of registration?
:0/
Perch
Re: [Perchpole] Membership Plugin - Password Request Feature?
By Jason - July 9, 2012
The default process that comes with the plugin is meant for further authentication. If you email them the password, you are proving that they at least have access to that email address, so the address itself isn't fake.
That being said, you can alter the signup form to allow someone to create their own password when signing up.
Hope this helps
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Re: [Perchpole] Membership Plugin - Password Request Feature?
By gkornbluth - July 11, 2012
You can (although not the greatest idea) reduce the number of characters in the password.
Here's the (untested) recipe from my CMSB Cookbook thecmsbcookbook.com that shows you how.
CHANGING PASSWORD LENGTH
When a new user signs up for an account, a randomly generated 17 character temporary password is sent to them. That's pretty secure, but if it's a bit unwieldy for your situation, you can easily change the password length to any amount of characters.
In the user-signup.php file, look for the code:
$_REQUEST['password'] = substr(md5(uniqid(rand(), true)), 15);According to Chris Waddell of Interactive Tools "The 15 in the code skips the first 15 characters of the 32 characters returned by md5(), resulting in a 17 character string."
To set the length to 5 characters, try this:
$_REQUEST['password'] = substr(md5(uniqid(rand(), true)), 0, 5); // example output: c5560You can replace the 5 with any number you'd like up to 32.
Hope that helps,
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php