Advertisement:

Author Topic: Memcached issue & passwords sent in plaintext on register issue  (Read 3429 times)

Offline chequers

  • Newbie
  • *
  • Posts: 1
Hi all,
I've just setup my first SMF forum and have one question:

On registration, the user's password is sent in plain text to their nominated email address. How do I disable this? Is the password ever emailed to the user otherwise? Can I disable it then too? Thanks.

Thanks for your help! Apart from these issues, the forum seems to be working well.
« Last Edit: August 28, 2008, 11:55:04 PM by chequers »

Offline jerm

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 7,247
Re: Memcached issue & passwords sent in plaintext on register issue
« Reply #1 on: September 10, 2008, 11:56:50 PM »
Themes/default/languages
Login.english.php
Look for:
Code: [Select]
// For the below three messages, %1$s is the display name, %2$s is the username, %3$s is the password, %4$s is the activation code, and %5$s is the activation link (the last two are only for activation.)
$txt['register_immediate_message'] = 'You are now registered with an account at ' . $context['forum_name'] . ', %1$s!' . "\n\n" . 'Your account\'s username is %2$s and its password is %3$s.' . "\n\n" . 'You may change your password after you login by going to your profile, or by visiting this page after you login:' . "\n\n" . $scripturl . '?action=profile' . "\n\n" . $txt[130];
$txt['register_activate_message'] = 'You are now registered with an account at ' . $context['forum_name'] . ', %1$s!' . "\n\n" . 'Your account\'s username is %2$s and its password is %3$s (which can be changed later.)' . "\n\n" . 'Before you can login, you first need to activate your account. To do so, please follow this link:' . "\n\n" . '%5$s' . "\n\n" . 'Should you have any problems with activation, please use the code "%4$s".' . "\n\n" . $txt[130];
$txt['register_pending_message'] = 'Your registration request at ' . $context['forum_name'] . ' has been received, %1$s.' . "\n\n" . 'The username you registered with was %2$s and the password was %3$s.' . "\n\n" . 'Before you can login and start using the forum, your request will be reviewed and approved.  When this happens, you will receive another email from this address.' . "\n\n" . $txt[130];

Don't worry. The password is not stored in the database in plain text. The user can never request their password because SMF can't figure it out since it is encrypted. The user can only reset their password.