News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Single password field/remove double password verify

Started by samborabora, August 01, 2014, 05:19:55 PM

Previous topic - Next topic

samborabora

As is fashionable with Twitter, Tumblr and countless other hipster outlets, the single password registration field during registration. Makes enough sense, if you get it wrong, your email is with the forum so you can always send for a newie, and if not you haven't lost much since you never even got through the door in the first place. Obvs, removing:

<dl class="register_form" id="password2_group">
<dt><strong><label for="smf_autov_pwverify">', $txt['verify_pass'], ':</label></strong></dt>
<dd>
<input type="password" name="passwrd2" id="smf_autov_pwverify" size="30" tabindex="', $context['tabindex']++, '" class="input_password" />
<span id="smf_autov_pwverify_div" style="display: none;">
<img id="smf_autov_pwverify_img" src="', $settings['images_url'], '/icons/field_valid.gif" alt="*" />
</span>
</dd>
</dl>


Is not enough, where is the function to verify the difference between the two fields kept, and what is the easiest way to remove it?

JBlaze

Password verification is there for a reason. It's to make sure that you properly typed in your password and that it meets the required password strength. To remove it is generally a bad idea.
Jason Clemons
Former Team Member 2009 - 2012

samborabora

Quote from: JBlaze on August 01, 2014, 06:30:29 PM
Password verification is there for a reason. It's to make sure that you properly typed in your password and that it meets the required password strength. To remove it is generally a bad idea.

I'm interested in why such leading, mainstream, popular websites I have aforementioned only require one password field, but I genuinely am interested in removing what I believe to be a dated and decadent method verification. Where is the password double-check information kept? Which files in SMF need to be modified to allow for simply one field.

butchs

I am confused?  Are we talking about registration here?  Typing the password twice is supposed to make sure you did not type the wrong key the first time when you manually type a password.  Where some other sites disable the copy and paste function, SMF does not (from what I remember).  You can cheat with SMF, just copy and paste the password in two locations.


I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

samborabora

Quote from: butchs on August 02, 2014, 06:56:19 AM
I am confused?  Are we talking about registration here?  Typing the password twice is supposed to make sure you did not type the wrong key the first time when you manually type a password.  Where some other sites disable the copy and paste function, SMF does not (from what I remember).  You can cheat with SMF, just copy and paste the password in two locations.

Precisely. Therefore it serves no particular purpose in the case where you can cut and paste, you'd get it wrong twice. Now, is this check done deep internally, or is it just in one of the sources files?

Hj Ahmad Rasyid Hj Ismail

What about this one? (Or something in that area?) ;)
"password_no_match": "', $txt['registration_password_no_match'], '",

samborabora

Quote from: ahrasis on August 02, 2014, 09:34:35 AM
What about this one? (Or something in that area?) ;)
"password_no_match": "', $txt['registration_password_no_match'], '",

Had a look and there wasn't much there that fixed this. The javascript removal didn't help either. I'll need to have a dig through the sources I think since the server is actually checking if they match I believe.

samborabora

Lol, in Soruces/Register.php:

'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '',

to

'password_check' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '',

A bit weird but it works  ;D

butchs

Why not also edit "Themes/default/Register.template.php" to eliminate the second password request...  Lazily looking at the code (I did not test this) you should be able to delete the following from "Register.template.php":

<dl class="register_form" id="password2_group">
<dt><strong><label for="smf_autov_pwverify">', $txt['verify_pass'], ':</label></strong></dt>
<dd>
<input type="password" name="passwrd2" id="smf_autov_pwverify" size="30" tabindex="', $context['tabindex']++, '" class="input_password" />
<span id="smf_autov_pwverify_div" style="display: none;">
<img id="smf_autov_pwverify_img" src="', $settings['images_url'], '/icons/field_valid.gif" alt="*" />
</span>
</dd>
</dl>

My hero is gonna be mad at me if He sees this...  ???  ;)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

samborabora

Quote from: butchs on August 03, 2014, 04:11:16 PM
Why not also edit "Themes/default/Register.template.php" to eliminate the second password request...  Lazily looking at the code (I did not test this) you should be able to delete the following from "Register.template.php":

<dl class="register_form" id="password2_group">
<dt><strong><label for="smf_autov_pwverify">', $txt['verify_pass'], ':</label></strong></dt>
<dd>
<input type="password" name="passwrd2" id="smf_autov_pwverify" size="30" tabindex="', $context['tabindex']++, '" class="input_password" />
<span id="smf_autov_pwverify_div" style="display: none;">
<img id="smf_autov_pwverify_img" src="', $settings['images_url'], '/icons/field_valid.gif" alt="*" />
</span>
</dd>
</dl>

???  ;)

I seem to recall that just doing that didn't remove the check, but I should get rid of that too to keep everything conformed. Will taking this out reduce server load to some extent?

butchs

No...  Nothing in this thread is going to reduce server load.  I posted how to take it out because the code you posted above made the input useless...  Though some may say that I encouraged a bad decision to me it was just a waste of space.  If you were so dead set on doing it then, why not take you all the way...   O:)

If you are trying to reduce server load and you believe it is because bots are hitting your registration then you should consider editing your robots.txt file.  Then adjust your crawler access at the various Webmaster tools sites provided by the major search engines (google et al).

Try it for a few weeks, and see how that works for you ...

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Hj Ahmad Rasyid Hj Ismail

Yes. It will only make sense if the second box (verification) is removed too. Otherwise, it won't serve your purpose as that box is being shown anyway.

If you are interested in collecting data on how many forum admins need this, you can package this and submit it to the SMF mod site. If this is a useful mod, then the number of downloaders will be high. Otherwise, we know that this is not really needed by many.

samborabora

Sorry, it was late and I just realized that is already taken that code out, ugh, need more sleep! Yes I took out the second box then I adjusted the password check as I posted before and it seems fine although it may have been more sound actually disable the check entirely rather just tricking if to verify against itself as I did do. I may consider submitting it as a mod once I've learned how to write a mod! Can't imagine most people would be interested in the things I could up with, but maybe... :)

Advertisement: