The emailOnApproved plugin needs a facelift

By gkornbluth - January 8, 2015 - edited: January 8, 2015

Hi All,

A few years back, on post http://www.interactivetools.com/forum/forum-posts.php?70926&page=1 Dave created an emalOnApproved plugin which has been really helpful.

When a member is approved ( a check box in the accounts record ) It passes the record's username and password field to an email and sends it to the member.

Unfortunately, since the plugin was written, password encryption has become the norm and the email sends the encrypted password string to the member, which is pretty useless to them.

I've been getting around the password encryption issue by populating a visible password field when the account record is created and passing that value in the plugin generated email.

It's not the most secure approach and I'm wondering if anyone has updated  (or would like to update the plugin ) to accommodate the password encryption.

I've attached the original plugin.

Thanks,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
Attachments:

emailOnApproved.php 2K

Hi Claire,

I totally agree that a decrypted password should not be stored in the database.

That’s why I wanted to amend the plugin so that it decrypts the password and sends that to the member via the emailOnApproved email.

Seems that if CMSB checks the plain text password against the encrypted password each time a user signs in, then there should be a way to include similar code to decrypt the password and insert it into the emailOnApproved email.

Both the membership plugin and the emailOnApproved would send a plain text password through unsecured email once, and mortals being as fallible as they are, they could easily misplace the first email.

Any ideas?

Thanks,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By claire - January 9, 2015

Sorry Jerry, it's not as easy as that. The string you see in the database isn't really something that can be decrypted - it's a one-way-only unique hash value created from the password. Any secure hash can never be realistically turned back into the original plaintext.

On login, the system will take the plaintext password from the login form, generate the hash, and compare that to the stored value in the database. The actual plaintext never gets near the database to begin with.

I understand that they could misplace the email - I think your best option at that point would be to let them reset the password. It's a very common solution and still secure.

Another thing you could do is send them a generated password initially, and then let them log in and reset it when they're approved - and then send them a new email with their username and chosen password. This would be acceptable for security purposes and still let them get an email on approval, like you're doing now.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Ah...

Much clearer now, Claire.

You mentioned the option of allowing a user to sign up, but without entering a password. Then when they're approved, they get a link to a page that allows them to add a password and complete the signup process, and then they receive the usual email.

Any idea how I would go about that? I'm willing to muck about, but could use a concrete starting point.

Thanks,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By claire - January 9, 2015

There's a few ways to do it - here's one of them: you start the signup as normal, and allow a user to be created as normal, but leave the password fields as autogenerated values. In the email template that usually goes out on signup, remove the password placeholder and let the user know that they'll get more info once they're approved.

The user section has an extra checkbox, which is 'Password Changed' or something similar.

Then, in the emailOnApproved plugin, set it to send an email on approval that contains their username and generated password. They can then sign in with that, and they should be immediately prompted to change their password to something new, and the system will not allow them access to anything else until that's done. Once they change it, the Password Changed checkbox is ticked, and now they have full access.

You could also send them a link to a separate form that lets them input a password on approval, provided that you also attached a unique hash to it to prevent abuse on the front end. But this is more work of course.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Thanks Claire,

I'll try to digest all this.

I'm sure I'll have questions.

Best,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php