当用户在Drupal中更改密码时,以明文形式获取新密码?
[英]Get new password in cleartext when a user changes it in Drupal?
问题描述
In my Drupal module I'm attempting to hook in where a user changes their password. 
在我的Drupal模块中,我试图钩住用户更改密码的位置。 I need this in cleartext for something else. 我还需要其他明文形式的内容。
So I did the basic thing and used tcauth_user_presave() . 所以我做了基本的事情,并使用了tcauth_user_presave() 。 I then changed my password which triggered a logging function. 然后,我更改了密码,这触发了日志记录功能。 However when I looked at the log the provided &$edit , $account , and $category variables didn't contain the new password in cleartext. 但是,当我查看日志时,提供的&$edit , $account和$category变量不包含明文形式的新密码。 The only thing that was available was the old password (in cleartext) and the new password hashed. 唯一可用的是旧密码(以明文形式)和新密码被散列。
Is there anyway to get the cleartext password when someone changes it? 无论如何,当有人更改明文密码时,是否可以获得它? This is Drupal 7 if it matters. 如果重要的话,这就是Drupal 7。
4 个解决方案
解决方案1
2 已采纳 2011-01-21 08:52:39
The password is hashed in user_save() before the presave hook is called. 在调用 presave挂钩之前,密码会在user_save()中进行哈希处理 。
Looks like there is another option than altering the form, however. 看起来,除了改变表格之外,还有其他选择。 Before user_save() is called in user_profile_form_submit() , hook_field_attach_submit() is invoked through the entity_form_submit_build_entity() helper function. 在user_profile_form_submit( )中调用user_save()之前,将通过entity_form_submit_build_entity()帮助器函数调用hook_field_attach_submit()。 Although it's a field hook, it does recieve the full user object as $entity. 尽管它是一个字段挂钩,但它确实将完整的用户对象接收为$ entity。
Not sure if that is really the better than altering the form because the hook is invoked for all entity changes, not just users. 不知道这是否真的比更改表单更好,因为钩子是为所有实体更改而不仅仅是用户更改而调用的。
解决方案2
1 2011-01-21 07:52:07
I'm not sure if it's the best place to catch it, but the plain text input is available within hook_form_alter: 我不确定这是否是捕获它的最佳位置,但是在hook_form_alter中可以使用纯文本输入:
function testing_form_alter(&$form, &$form_state, $form_id) {
if ($form_id = 'user_profile_form') {
dpm($form_state['input']['pass']['pass1']);
}
}
UPDATE : I did some more digging around. 更新 :我做了一些更多的挖掘。 I think the way I'd tackle it would be to add another submit handler to user_profile_form, making sure to add it to the array before user_profile_form_submit. 我认为我要解决的方法是在user_profile_form中添加另一个提交处理程序,确保在user_profile_form_submit之前将其添加到数组中。 You'd then have full access to the password, before it gets encoded by user_profile_form_submit. 然后,您将拥有对密码的完全访问权限,然后才能由user_profile_form_submit对其进行编码。 Post a comment, if you need more details. 如果您需要更多详细信息,请发表评论。
解决方案3
0 2011-09-29 07:03:26
This is my example. 这是我的例子。 It's helpful in my case to read the new password. 对于我来说,阅读新密码很有帮助。
/**
* Implement hook_field_attach_submit().
*/
function yourmodulename_field_attach_submit($entity_type, $entity, $form, &$form_state) {
if ($entity_type == 'user') {
// deal with $form["#user"]->pass;
}
}
解决方案4
0 2011-12-20 08:59:55
在hook_user_update()上尝试一下
$_POST['pass']['pass2']
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.