User registration Pass

  • Resolved giorgosm

    (@giorgosm)


    1 year, 10 months ago

    Hello!

    I can see that you have a lot of requests for support! I want to add a question to those.

    Why the password field in the user registration form can only be populated from a password input? I want to use a normal input for a password.

    The reason for that is that im generating random passwords from each page load. Those passwords are being used to create employees in the “Amelia” booking plugin. If the admin cannot see the password the employee cannot be created.

    https://ibb.co/DbQNc7s

    *i know that this is probably a security feature but other form plugins that i have used provide that function, i just prefer forminator over them thats why im asking.

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @giorgosm

    I hope you’re well today!

    You are right about it being mostly related to security. The user registration form was designed specifically for, well, WordPress user registration and the password should never be stored in open text anywhere. This can compromise not only security of a newly registered user account but of your entire site.

    I’m not really sure why that Amelia plugin doesn’t use built-in WordPress account handling and requires separate settings but even then:

    – if such “employee” doesn’t really need a regular account on site but only in Amelia plugin – I’d rather suggest using just a regular form instead of user registration form, so a user account wouldn’t be created

    – if a real account is needed and yet, Amelia uses separate access control – it would be safer to use a separate field for separate password.

    However, that’s just a general remark. I already asked our developers if it would be possible to allow mapping just normal input field as a password and I’m waiting for their feedback.

    If it’s doable (most likely with additional piece of custom code), we’ll update you here with information on how to do it so please keep an eye on this ticket.

    Best regards,
    Adam

    Thread Starter giorgosm

    (@giorgosm)

    Thanks for the reply! You are right, Amelia’s password handling seems wrong so i contacted them.

    In the meantime i am generating a random password in 2 fields : one password field and one input field so i can use the password field in creating the user and also able too see the input field, so i can use it in Amelia’s creation process.

    So i will probably no need another solution, thanks though!

    I think it will be useful though to give the option to use another field for the password despite the security reasons that we are aware of.

    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @giorgosm

    Thanks for response!

    I hope Amelia developers will be able to improve that in future.

    Meanwhile, our developers came up with a bit of additional custom code that may be helpful for you. It’s not exactly as you asked – it isn’t allowing mapping other field than password but it would store copy of the actual password in open text in submission.

    It is a security risk but if you have no other choice and you’re aware of it – you can use this code at your own responsibility.

    The code is: 

    <?php add_filter( 'forminator_prepared_data', 'wpmudev_handle_registration_data', 10, 2 );
function wpmudev_handle_registration_data( $prepared_data, $module_object ) {
    if ( $module_object->id != 60 ) { //Please change the form ID
        return $prepared_data;
    }
    
    if ( ! empty( $prepared_data['password-1'] ) ) {
        $prepared_data[ 'text-2' ] = $prepared_data['password-1'];
    }

    return $prepared_data;
}

add_filter( 'random_password', function( $password, $length, $special_chars, $extra_special_chars ) {
    $data = Forminator_CForm_Front_Action::$prepared_data;
    if ( ! empty( $data ) ) {
        if ( $data[ 'action' ] == 'forminator_submit_form_custom-forms' ) {
            if ( $data[ 'form_id' ] == 60 ) { //Please change the form ID
                Forminator_CForm_Front_Action::$prepared_data['text-2'] = $password;
            }
        }
    }

    return $password;
},10, 4);

    and to use it you would need:

    1. add a regular input field to the form and in its “Styling” setting add this as custom class name (so the field would not be visible on front-end)

    forminator-hidden

    2. create an empty file with a .php extension (e.g. forminator-password-store.php) and copy and paste code into it

    3. across the entire code (two places actually) replace the number 60 with an ID of your form (form ID is the number that you see in form’s shortcode)

    3. and also replace everywhere the text-2 string with ID of your input field that you added (so text-1, text-2 or whatever ID it has).

    4. save the file and upload it to the “/wp-content/mu-plugins” folder of your site’s WordPress installation

    With password field still mapped as password in registration settings, everything will work the same except – you will also see the raw password in submissions as that additional input field.

    —-

    Which is actually very similar solution to what you use already except you only need to generate one password in password field and it would be “copied” over automatically to the input field.

    But this is as close as far as we can get with this for now, until Amelia developers make it more WordPress-based, so to say.

    Best regards,
    Adam

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘User registration Pass’ is closed to new replies.