sign up with user defined password
4 posts by 3 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: July 6, 2017 (RSS)
By ht1080z - July 2, 2017
Hello again,
I want to change the registration procedure in a specific website and let users to pick/enter their password upon sign up.
Is there any best practice to do this with cmsBuilder & membership addon?
Thank you in advance,
Karls
By Dave - July 5, 2017
Hi Karls,
You can customize any portion of the pages you create with Website Membership and we sometimes do that ourselves. Website Membership just automates the creation of the pages that we most often use.
In this case, you'd need to customize the "user-signup.php" page that you create. There's a link like this:
$passwordText = wsm_generatePassword();
And you'd want to change it to something like this (and add some error checking earlier on to make sure a password was entered:
$passwordText = @$_REQUEST['password'];
A couple things to consider. If you let people specify their own password then you have no way to know if their email address is valid. The reason we send them a generated password is to validate their email address. If they can't receive the password we sent then they don't have access to that email.
If you let people choose a password then they could use bill.gates@microsoft.com and login with the username and password they already know because they chose it. The way most sites get around this is to add an additional step where people need to validate their email before they can use the site. So you add some code to redirect them to a validation page and send them a link they need to click to confirm they are who they say they are (or rather that they have access to the email they provided).
Hope that helps! Let me know any other questions.
interactivetools.com
By gkornbluth - July 5, 2017
Hi Karls,
I totally agree with Dave. Security trumps convenience every time.
I usually give all new users a generic password and force them to change it to one of their own choosing the first time they log in.
The recipe for this is in the CMSB Cookbook as: "IMPLEMENTING THE EMAILONAPPROVED PLUGIN WITH THE WEBSITE MEMBERSHIP PLUGIN (ENCRYPTED PASSWORDS)"
You don't have to use the emailOnApproved plugin, but in my implementations, all members needed to be manually approved.
You can get a free trial subscription to the CMSB Cookbook from the link below and check it out.
Best,
Jerry Kornbluth
Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php
By ht1080z - July 6, 2017
Hello Dave & Jerry,
Thank you for your suggestions. I'll proceed with user selected passwords but sending activation mail & link before first use. I think it is the faster and more user friendly, skipping the forced password change procedure in the middle.
Karls