This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit ezplatform.com

eZ Community » Forums » Developer » registrationinfo.tpl password
expandshrink

registrationinfo.tpl password

registrationinfo.tpl password

Tuesday 31 May 2011 5:55:45 pm - 12 replies

Hello,

When using user/register module, eZ sends an email to confirm login/email to new user, using registrationinfo.tpl. Searching on PHP side, eZ does not display the user password.

Most websites do that to confirm once the login/email/password. I might be wrong, but is it a willing behaviour?

Thanks,

Tuesday 31 May 2011 10:27:31 pm

Can you explain a little more clear what you're trying to accomplish?

You want to display the actual password a user typed within the registration email or in the actual registration confirmation page?

It sounds like you might have looked into the default user/register module already. However, make sure to see if the password is available in plain text to the template (which I doubt) in the default user/register module. If so, then it's just a matter of finding the right variable available to the template. Otherwise, you need to code a separate module/view (or hack the kernel which I do not recommend).

 

Good luck, hope this helps.

Tuesday 31 May 2011 11:52:30 pm

Hi,

I just want to display the password in the email sent to the user after using default user/register module. After searching in the PHP code, I found that there is no $password variable set to the template.

I just need confirmation that the password is not displayed in the last versions of eZ.

Thanks,

Wednesday 01 June 2011 2:09:19 am

In the template for the sent email (User/registrationinfo.tpl) you have two variables defined, $object and $user. The first is the ezcontentobject belonging to the registered user, and the second is the ezuser of the registered user.

I think they can both be used to display the password.

Wednesday 01 June 2011 10:24:43 am

Hi,

I guess the default registrationinfo.tpl needs to be updated, the $user variable does not contain any password, except password_hash, which is standard.

Thanks for your answer.

Wednesday 01 June 2011 10:36:06 am

Hi,

I guess the default registrationinfo.tpl needs to be updated, the $user variable does not contain any password, except password_hash, which is standard.

Does the $object variable maybe contain the password?

Wednesday 01 June 2011 10:48:21 am

Hi,

I guess the default registrationinfo.tpl needs to be updated, the $user variable does not contain any password, except password_hash, which is standard.

Does the $object variable maybe contain the password?

Nop, the password cannot be shown, as it is encrypted in the DB.

Wednesday 01 June 2011 6:42:32 pm

Then you might consider taking the default registration module and hack it. More specifically I mean create a new extension for the new module with proper templates and some PHP code to intercept the password in plain text and as a hash for the DB transaction.

 

Hope this helps.

Wednesday 01 June 2011 7:42:39 pm

If this template is fired from user/register, then you might also have the password available in a POST variable.

Wednesday 01 June 2011 10:15:56 pm

Hi,

Thanks for your answers. Actually, I know how to hack code to get the password or create a custom module based on user/register, but I was thinking that it was strange that default eZ behaviour would not send password at the registration step, using user/register.

Thanks again.

Wednesday 01 June 2011 10:34:38 pm

True that it might be considered strange, but also consider it to be a built-in security feature that the password is not available in a transition type of action on the server (form submit to email notification). One less point if exploitation is better than storing the plain-text password in several locations where it could be exploited (sever memory, database, within the script itself and possible vulnerable to XSS not likely..but still possible).

I could be wrong but give it a shot and good luck. happy.gif Emoticon

Modified on Wednesday 01 June 2011 11:12:16 pm by Brandon Chambers

Thursday 02 June 2011 2:08:27 am

Actually, now that I thing about it... the $password variable is defined in user/registrationinfo.tpl template and it contains the user's password.

I remember using it many times and I just tested it on a 4.4 installation.

Also, this variable is used in design/standard/templates/user/registrationinfo.tpl.

Friday 03 June 2011 11:52:46 pm

Nice...I'll have to remember this.

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from