We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Password reset/sent

October 26, 2007 9:42am

Subscribe [2]

  • #1 / Oct 26, 2007 9:42am

    socaprice

    217 posts

    Hi.

    Is there a way to have the EE send the user the password that is on file for them, rather than it sending them a generic password of which they will have to then log on and change?

    Thanks,
    Socaprice

  • #2 / Oct 26, 2007 10:16am

    Mark Bowen

    12637 posts

    Hi Socaprice,

    I think I am right in saying that currently there isn’t a way of doing this with the way that EE saves passwords as they are either stored using MD5 or SHA1 which are both encrypted formats.

    This would require a hack on the back-end so that passwords would be stored as plain-text instead of encrypted but this is in a lot of countries unacceptable practice due to security issues. I suppose that it all depends on your site and its users though but to get this to work would require some hacking.

    I could be wrong and if anyone wants to suggest other ideas here then I am quite ready to be proven wrong but this is the way I understand the system to work at the moment.

    Best wishes,

    Mark

  • #3 / Oct 26, 2007 10:24am

    socaprice

    217 posts

    I agree, because of the way EE stores the password, but I was hoping that someone knew of a way of having the system decrypt it before sending it to the user.

    Right now the users will have to go into the CP to reset their password, and for novice users that may complicated.

    I wonder if someone can simplify that process? Is there a way we can have the user go straight to the password section and change that part and have access to nothing else?

    Thanks Mark.

    Regards,
    Socaprice

  • #4 / Oct 26, 2007 11:09am

    Mark Bowen

    12637 posts

    I was hoping that someone knew of a way of having the system decrypt it before sending it to the user.

    Thanks Mark.

    Regards,
    Socaprice

    I wish I was the one as I would be able to get every single penny from every single bank account in the world then!! 😊
    Nah only kidding. I really don’t think that this is possible at all due to the details being encrypted and should hopefully take a room full of super computers something like 147 years just to crack into one password!!

    I think the only ways would be to either send out the password via e-mail to the person as they are signing up and before it is added to the database. It would be sent as a reminder and it would be up to them to store the e-mail somewhere safe or to hack the back-end of EE to only store in plain-text but that usually nowadays isn’t really acceptable practice.

    Sorry I couldn’t be of more help on this one but I certainly don’t have 147 years to try this out unfortunately!! 😊

    There may be others on the forums here with better ideas though so I shall bow out gracefully now and see if anyone else replies.

    Best wishes,

    Mark

  • #5 / Oct 26, 2007 11:12am

    socaprice

    217 posts

    That’s cool thanks Mark.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register