Hi, I'd like to know if it's possible to store passwords in plain text with Drupal. I see it's probably md5 hashed. I'd need them in plain text because I have an action which register the user to another service on the server once the user is registered, but since the password is hashed it doesn't work. Any hints?
regards, Sal
On Sat, May 28, 2011 at 5:17 PM, Salvatore De Paolis iwkse@gmx.com wrote:
Hi, I'd like to know if it's possible to store passwords in plain text with Drupal. I see it's probably md5 hashed. I'd need them in plain text because I have an action which register the user to another service on the server once the user is registered, but since the password is hashed it doesn't work.
Alter the registration form, add a custom submit handler where $form_state['values']['pass'] will have plain text password.
-- Sivaji +91 9941 571 690
To add to this, it'd be better to use the custom registration hook to register the user for the new service at this point rather then storing the password in plain text.
Todd
On Saturday, 28 May 2011, sivaji j.g sivaji2009@gmail.com wrote:
On Sat, May 28, 2011 at 5:17 PM, Salvatore De Paolis iwkse@gmx.com wrote:
Hi, I'd like to know if it's possible to store passwords in plain text with Drupal. I see it's probably md5 hashed. I'd need them in plain text because I have an action which register the user to another service on the server once the user is registered, but since the password is hashed it doesn't work.
Alter the registration form, add a custom submit handler where $form_state['values']['pass'] will have plain text password.
-- Sivaji
+91 9941 571 690
[ Drupal support list | http://lists.drupal.org/ ]
Honestly I would go a different route. Store an encrypted password (maybe mcrypt?) in the $user->data array. Once they are registered through the new service, delete out that setting in $user->data.
Jamie Holly http://www.intoxination.net http://www.hollyit.net
On 5/28/2011 1:05 PM, sivaji j.g wrote:
On Sat, May 28, 2011 at 5:17 PM, Salvatore De Paolis iwkse@gmx.com wrote:
Hi, I'd like to know if it's possible to store passwords in plain text with Drupal. I see it's probably md5 hashed. I'd need them in plain text because I have an action which register the user to another service on the server once the user is registered, but since the password is hashed it doesn't work.
Alter the registration form, add a custom submit handler where $form_state['values']['pass'] will have plain text password.
-- Sivaji +91 9941 571 690
On Sun, May 29, 2011 at 11:14 PM, Jamie Holly hovercrafter@earthlink.net wrote:
Honestly I would go a different route. Store an encrypted password (maybe mcrypt?) in the $user->data array. Once they are registered through the new service, delete out that setting in $user->data.
I agree.
I am rephrasing my previous reply. In your custom submit handler capture the plain text password from $form_state['values']['pass'] and just pass it external service, this way you can avoid storing plain text password (or decrypting it). This may not be a best solution but feasible IMO.
This would have been much easier to solve in OpenERP.
The password is encrypted via MD5, to prevent the actual characters from ever being stored anywhere (a real serious security risk). When a user logs on he supplies the correct character, and it gets hashed with MD5 and will produce the same hash value. If this compares to the prior hash value, the correct password was supplied.
Check out the user hook
http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_us er/6
If you look at the form values you may be able to see the raw value as long as javascript isn't used to perform the MD5 hashing, which I'll bet it is, and this means only the MD5 encryption travels between the form and the server (the most secure solution possible).
I'd recommend you try to find a way to get the service to use the MD5 encrypted value.
Warren Vail Vail Systems Technology warren@vailtech.net (510) 444-5380
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Salvatore De Paolis Sent: Saturday, May 28, 2011 4:48 AM To: support@drupal.org Subject: [support] Password stored in DB
Hi, I'd like to know if it's possible to store passwords in plain text with Drupal. I see it's probably md5 hashed. I'd need them in plain text because I have an action which register the user to another service on the server once the user is registered, but since the password is hashed it doesn't work. Any hints?
regards, Sal
-
Jamie Holly -
Salvatore De Paolis -
sivaji j.g -
Todd -
Warren Vail