By kovali - December 7, 2011

Hi, I am working on the Membership Plugin for my website right now, and I noticed that the password sent out with the Membership confirmation e-mail is not correct...

In fact I get this e-mail after regestering:

Hi kovali2,

Thanks for signing up to www.????.be.

Your username is: kovali2
Your password is: eb3bbc37936e78988

Please click here to login:
[url "http://www.????.be/user-login.php"]http://www.????.be/user-login.php[/#810081][/url]

Thanks!



And this e-mail after approval:

Welcome!

Your subscription has been processed successfully and you now have access to the Members Only area of our web site.

Your user name is: kovali2
and your temporary password is: $sha1$a1306d74208bddce433ed8c948dd20cee1074916

Once you have successfully logged in, you can change your password and update your profile information.

[url "http://www.your_website_url.com/user-login.php"]Click here to login[/#0000ff][/url]

Best,

The Subscription Committee



So the passwords in these 2 e-mail messages are different ?? I can only login with the first password, so the second one must be wrong ... Anyone ??

Thx,

Koen

Re: [kovali] emailOnApproved plugin problem

By Jason - December 7, 2011

Hi Koen,

The second password is actually an encrypted version of the first password. Once a password is encrypted and put in an account record, it can't be unencrypted, so there isn't a way to send the password in the second email (unless you kept a plain text copy of the password, but this would ruin the point of encrypting).

In the second email, you can tell them that their account has been approved and that they can now login using the password they originally got when registering. If they can't remember their password, you can direct them to the page where they can reset it.

Hope this helps
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] emailOnApproved plugin problem

By kovali - December 7, 2011

Hi Jason,

Thx for the reply, the idea is not to show the password in the first e-mail (only word of thanks for registering and some payment instructions) and send the 2nd e-mail with the password after membership payment has been received... There´s no way around this encrypted password in the 2nd mail ?

Koen

Re: [kovali] emailOnApproved plugin problem

By Jason - December 7, 2011

Hi Koen,

Okay, what you can do is first remove the password from your first email. Then, in your "emailOnApproved" funciton, you can create a new password, using the same code that creates the password when registering. You can then update their account record with the encrypted password and send the plain text version of their password to them in the email.

Hope this helps
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [kovali] emailOnApproved plugin problem

By kovali - December 8, 2011

Hi Jason,

You said: Then, in your "emailOnApproved" funciton, you can create a new password, using the same code that creates the password when registering

Where can I find the "same code that creates the password" please ? Is it in user-new-signup.php please ?

Thx for your support.

Koen

Re: [kovali] emailOnApproved plugin problem

By Jason - December 8, 2011

Hi Koen,

There is a "disabled" checkbox in the accounts table that you can set to 1 when an account is created. For example:

mysql_query("INSERT INTO `{$TABLE_PREFIX}accounts` SET
fullname = '".mysql_escape( $_REQUEST['fullname'] )."',
email = '".mysql_escape( $_REQUEST['email'] )."',
username = '".mysql_escape( $_REQUEST['username'] )."',
password = '".mysql_escape( $passwordHash )."',

disabled = '0',
isAdmin = '0',
expiresDate = '0000-00-00 00:00:00',
neverExpires = '1',
createdDate = NOW(),
updatedDate = NOW(),
createdByUserNum = '0',
updatedByUserNum = '0'")
or die("MySQL Error Creating Record:<br/>\n". htmlspecialchars(mysql_error()) . "\n");


This code is found in the user-signup page that came with the Website Membership plugin.

So when you go in to approve a user, you can uncheck the disabled check box so they are able to login.

The code that is used to create a password is also found on this page and looks like this:

// generate password
$password = substr(md5(uniqid(mt_rand(), true)), 15); // example output: c5560251ef0b3eef9
if (@$SETTINGS['advanced']['encryptPasswords']) { $passwordHash = getPasswordDigest($password); }
else { $passwordHash = $password; }


At the end of this code $password will be the plain text version of the password and $passwordHash will be the encrypted version that you will save to the accounts record.

Hope this helps
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/