[D7] Password Encryption

There are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxkarthikkumarbodu23161...

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Hey dude,

You could move some of the functionality from your callback into your form function with an additional check in $form_state. For example;

/**
 * Builds a form with a field to accept the user text.
 *
 * Generates encrypted password.
 */
function password_encryption_form($form, &$form_state) {
  $form = array();

  if ($form_state['something']) {
    $password_hash = user_hash_password($form_state['values']['generate_hash']['original_pass']);
    $form['generate_hash']['encrypted_pass']['#markup'] = $password_hash;
    $form['generate_hash']['encrypted_pass']['#prefix'] = '<div id="password-hash" style="margin-top:1em;"><label for="edit-encrypted-pass">Encrypted Password :</label>';
  }

  $form['generate_hash'] = array(
    '#type' => 'fieldset',
    '#title' => t('Password Encryption'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  );
  $form['generate_hash']['original_pass'] = array(
    '#type' => 'textfield',
    '#required' => TRUE,
    '#title' => t('Enter password to be encrypted'),
    '#requied' => TRUE,
  );
  $form['generate_hash']['get_hash'] = array(
    '#type' => 'button',
    '#value' => t('Generate'),
    '#ajax' => array(
      'callback' => 'password_encryption_generate',
      'wrapper' => 'password-hash',
      'method' => 'replace',
      'effect' => 'fade',
    ),
  );
  $form['generate_hash']['encrypted_pass'] = array(
    '#markup' => '',
    '#prefix' => '<div id="password-hash">',
    '#suffix' => '</div>',
  );

  return $form;
}

By doing this we can also move & update your include_once; currently at the top of the module file. Like such;

/**
 * Builds a form with a field to accept the user text.
 *
 * Generates encrypted password.
 */
function password_encryption_form($form, &$form_state) {
  include_once 'includes/password.inc';

  $form = array();

  if ($form_state['something']) {
    $password_hash = user_hash_password($form_state['values']['generate_hash']['original_pass']);
    $form['generate_hash']['encrypted_pass']['#markup'] = $password_hash;
    $form['generate_hash']['encrypted_pass']['#prefix'] = '<div id="password-hash" style="margin-top:1em;"><label for="edit-encrypted-pass">Encrypted Password :</label>';
  }

It might also be worth updating, include_once to module_load_include. But that's neither here nor there.

Good job =).

Hi,

Automated Review -OK

Manual review

README.txt/README.md
(*) No: Follows the guidelines for in-project documentation and the README Template.

Code long/complex enough for review
No: Follows the guidelines for project length and complexity. Added PAReview: Single project promote tag.

hook_help() is missing in your module.

Great job, but I think still some work needs to be done.

The README contains useful instructions, so following the template is surely not an application blocker. Same for hook_help(). Any other problems you found?

From my point of view everything else seems to be ok.

In order to generate password hash using this module, admin should have access to MySQL Database.

Also, if I forgot password for Uid 1, then I need to install another Drupal instance to generate password and then change it.

I am not able to think of more use cases for this module, may be I am missing something.
Can you please elaborate more on usage of this module?

NOTE: I am not changing status of this issue as these points are more for my own understanding.

Though I was able to successfully generate hash for my password, but I am also getting a notice.

Notice: Undefined index: generate_hash in password_encryption_generate() (line 87 of D:\drupal\sites\all\modules\password_encryption\password_encryption.module).

Please add the configuration path in .info file.

Example: configure = admin/config/content/example

Reviewing.

Automated Review

Passed all pareview.sh tests.

Manual Review

I preface all of this by saying it's my first review so I apologize if I'm off on some of these categories. ;)

Individual user account

Yes.

No duplication

I'm not sure on this one. Part of that is that I'm not entirely sure what this module is used for. A project like https://www.drupal.org/project/encrypt_password encrypts user passwords in addition to hashes so I'm not sure why you'd create an encrypted password and then update the database. Is this just a dev tool to correct problems?

Master Branch

No. This still has a master branch, but I don't believe it should.

Licensing

Yes.

3rd party assets/code

Yes.

README.txt/README.md

Yes.

Code long/complex enough for review

Yes.

Secure code

Yes.

Coding style & Drupal API usage

Yes. (with some notes)

• This is a minor point, but I'm not sure of the use of the empty password-hash container on the form when it re-draws on submit anyways.
• Another element I'm a bit confused about is why the functionality is a configuration and not just a page. The configuration is the page that actually does the action of the module so it seems a bit like an odd use for configuration. I might be wrong though - just my impression. ;)

This review uses the Project Application Review Template.

Closing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.