Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Is there any other way to update the password so admins can see it? I am using ubercart to create a user. When a user purchases a product they create an account and then my team physically creates something with their information. Right now we have to make every user login manually after a purchase so we can see their password with aes. I have tried the automatically log in user after purchase but it doesnt update the aes password.
thank you for your help i really appreciate it!
Comments
Comment #1
gregglesI believe the problem is that aes_user_alter is using $_POST instead of getting the data from $edit.
Comment #2
DevJoshLopez CreditAttribution: DevJoshLopez commentedIm not that smart. What does this mean? Sorry for my ignorance.
Comment #3
greggles$_POST is a variable that the webserver gives to PHP so PHP can respond to forms that are POSTed. In Drupal's hooks it is considered a bad practice to do that because it means that code will break when there is other code that uses the API to create a user (e.g. from Ubercart or Migrate).
Comment #4
DevJoshLopez CreditAttribution: DevJoshLopez commentedSo is this fixable? I appreciate your help. Thank you.
Comment #5
gregglesYes, totally fixable. It will require some effort by the AES maintainers to figure out where those same variables are stored in the arguments to the hook functions instead of relying on the $_POST.
Comment #6
andypostThere's a comment about why module uses POST directly - password already hashed so only POST contains user data
Comment #7
dpovshed CreditAttribution: dpovshed commentedThanks @andypost for your information!
Let us do the following (and correct me if I am wrong here).
1. this particular ticket going to be closed since it works as designed;
2. in case there is a need to mass update all users passwords and store them in the format accessible by AES, I think separate ticket should be created; this definitely should be doable with separate dedicated form; alternatively we may force some/all users to change password by adding a new option like 'reset password' to selector on page 'admin/people'.
3. in case there is a need for per-user password update probably we may introduce a new field on some system form and store unencrypted password here, but this is not a nice from security point of view, so we better don't do this.
Comment #8
andypostOTOH you will need
user_load()
in submit handler