Membership Plugin - Password Request Feature?

5 posts by 3 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: July 11, 2012   (RSS)

By Perchpole - July 8, 2012

Hello, All -

Again, apologies if this has been covered before...

The Membership Plugin includes an example file called user-password-request.php. It sounds great but it doesn't quite do what it says on the tin!

On some websites, if you lose your password, you click on a link, enter your email address and the system will send you your password. That's how I thought the file above would work - but it doesn't! All it does is send you a link through which you can reset your password.

Is there some reason why we are unable to implement a proper password request feature? If so, how?

:0)

Perch

Re: [Perchpole] Membership Plugin - Password Request Feature?

By Jason - July 8, 2012

Hi Perch,

The older versions of website membership had a password reminder feature. However, once we switched to encrypted passwords, this was no longer possible. The encryption we use is one way only, so we have no way of taking an encrypted password from the database and decrypting it back into plain text.

I can certainly see where the confusion comes from. A more descriptive file name may be user-password-reset-request.php (you can always change the names of the files).

Hope this helps to clarify things. Please let me know if you have any other questions.

Thanks
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Perchpole] Membership Plugin - Password Request Feature?

By Jason - July 9, 2012

Hi Perch,

The default process that comes with the plugin is meant for further authentication. If you email them the password, you are proving that they at least have access to that email address, so the address itself isn't fake.

That being said, you can alter the signup form to allow someone to create their own password when signing up.

Hope this helps
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Perchpole] Membership Plugin - Password Request Feature?

By gkornbluth - July 11, 2012

Hi Perch,

You can (although not the greatest idea) reduce the number of characters in the password.

Here's the (untested) recipe from my CMSB Cookbook thecmsbcookbook.com that shows you how.

CHANGING PASSWORD LENGTH

When a new user signs up for an account, a randomly generated 17 character temporary password is sent to them. That's pretty secure, but if it's a bit unwieldy for your situation, you can easily change the password length to any amount of characters.

In the user-signup.php file, look for the code:
$_REQUEST['password'] = substr(md5(uniqid(rand(), true)), 15);

According to Chris Waddell of Interactive Tools "The 15 in the code skips the first 15 characters of the 32 characters returned by md5(), resulting in a 17 character string."

To set the length to 5 characters, try this:
$_REQUEST['password'] = substr(md5(uniqid(rand(), true)), 0, 5); // example output: c5560
You can replace the 5 with any number you'd like up to 32.

Hope that helps,

Jerry Kornbluth
The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php