stackoom
  简体   繁体   中英

Get new password in cleartext when a user changes it in Drupal?

 原文  2011-01-21 05:37:23       php/ drupal/ drupal-modules/ drupal-7

Question

In my Drupal module I'm attempting to hook in where a user changes their password. I need this in cleartext for something else.

So I did the basic thing and used tcauth_user_presave() . I then changed my password which triggered a logging function. However when I looked at the log the provided &$edit , $account , and $category variables didn't contain the new password in cleartext. The only thing that was available was the old password (in cleartext) and the new password hashed.

Is there anyway to get the cleartext password when someone changes it? This is Drupal 7 if it matters.

4 answers

solution1
 2 ACCPTED  2011-01-21 08:52:39

The password is hashed in user_save() before the presave hook is called.

Looks like there is another option than altering the form, however. Before user_save() is called in user_profile_form_submit() , hook_field_attach_submit() is invoked through the entity_form_submit_build_entity() helper function. Although it's a field hook, it does recieve the full user object as $entity.

Not sure if that is really the better than altering the form because the hook is invoked for all entity changes, not just users.

solution2
 1  2011-01-21 07:52:07

I'm not sure if it's the best place to catch it, but the plain text input is available within hook_form_alter: 

function testing_form_alter(&$form, &$form_state, $form_id) {
  if ($form_id = 'user_profile_form') {
    dpm($form_state['input']['pass']['pass1']);
  }
}

UPDATE : I did some more digging around. I think the way I'd tackle it would be to add another submit handler to user_profile_form, making sure to add it to the array before user_profile_form_submit. You'd then have full access to the password, before it gets encoded by user_profile_form_submit. Post a comment, if you need more details.

solution3
 0  2011-09-29 07:03:26

This is my example. It's helpful in my case to read the new password. 

/**
 * Implement hook_field_attach_submit().
 */
function yourmodulename_field_attach_submit($entity_type, $entity, $form, &$form_state) {
  if ($entity_type == 'user') {
    // deal with $form["#user"]->pass;
  }
}

solution4
 0  2011-12-20 08:59:55

hook_user_update()上尝试一下

$_POST['pass']['pass2']

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question change user password from hash store function to cleartext drupal User profile changes How to get password value in Drupal 7? Different issue with login or request new password in Drupal Adding a new tab to user in Drupal how to decrypt and encrypt the user password in drupal8 Wordpress get old and new user details on password_reset hook How to get the user's password and insert it into a new bank Set password when creating a new Active Directory user account in PHP Getting username and password exposed in POST parameters when created a new user
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM