Getting user entered password in hook function in Drupal 6 - drupal

I want to get user details like username and password which is entered by user in My account page and admin user edit page also. In my custom module, I am using mymodule_user($op, &$edit, &$account, $category = NULL) hook function.
How to get user entered username and password details when user form submits?? If this function is not correct then from which hook function can I get user details?

$account->name has the account name reliably.
The password is encrypted in the user table, and so the only place you'd be able to see it is when the user creates their account or changes their password. In that case, you'll need to pull it from $edit.

Indeed your value lies on the $edit for the $op login and edit .
You could also hook_form_()alter these forms and on your submit handler, the value you are looking for is in the $form_state array

Related

drupal webform - credit card resubmit on admin edit

I have a client who has a drupal website installation. On the site there is a form that allows unauthorized/anonymous users to submit a request for some official data of which there is a charge.
The problem is when the admin goes in to the website and fills in the some additional fields (used for office processing) the credit card charged again.
Is there a way to provide a save button for admins that does NOT charge? or have it only charge once - if it fails on web then admins can run it via other means.
I'm not sure to exactly understand issue but you can change form with an hook_form_alter : https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_form_alter/7.x
So, it will allow you to modify form before rendering and maybe delete credit card service callback with condition on current user logged.
Something like
function MYMODULENAME_form_alter(&$form, &$form_state, $form_id){
global $user;
if($form_id == 'my_credi_card_form_id' && $user->uid == 1){
//superadmin or use user_has_role function for group of user with permissions
// dump form structure to identify callback and after unset it from form
}
}

Altering email sent to users when password is updated

There is an email that is generated when the users' passwords are updated, that is sent from the admin to the user notifying them what the new password is. I've been looking for a way to change that but cannot find any mention of it in the docs.
the closes thing I found was wp_password_change_notification, but that sends email to the admin, not the other way around.
If you mean you want to change the content of the message sent after resetting a lost password then the retrieve_password_message filter would work.
add_filter("retrieve_password_message", function ($message, $key) {
// modify the message with your code here
return $message;
}, 10, 2);

Registering new users via OAuth2 : what to set as user identifier for future log ins?

I have managed to successfully configure this. The problem is, when I change the lines below :
//I have set all requested data with the user's username
//modify here with relevant data
$user->setUsername($username);
$user->setEmail($username);
$user->setPassword($username);
into the information I want to retrive, such as real name, email, my generated password etc, when I click the Login button for Facebook per say, I am asked again if I want to connect with my local testing site.
From what I understand, in the documentation I linked above, this :
$user = $this->userManager->findUserBy(array($this->getProperty($response) => $username));
is the line that checks if the user exists or not, and the initial code by itself, sets either facebook_id or twitter_id (this is how I save them) as a new User *username*. If I change the line
$user->setUsername($username); //same as facebook/twitter _id
into
$user->setUsername(setProperUsername()); //sets a proper unique username
Then everytime I try to login I get the "Register" message. So, I have a general idea of how it works but I am having a hard time understanding some things:
1. When I have registered with Facebook and I login with twitter, I register again, no knew row is created, but missing twitter_id fields are updated/populated, username stays intact. How come HWI/FOSUB knows I am the same person when my previous data were from Facebook not Twitter?
2. If there is a global way of knowing I am the same person, what data from the $response object should I use as a key to identify already registered users?
After testing a lot with this, I have the answer if anyone runs into this type of situation
Check your default_target path, make it so it is /profile, /account etc, don't default to login again. Also, if a user is already logged in, do not make him access your login page. This was why my data was being updated. I was basically logged in with my Facebook account and registering with my Twitter account too.
No, there is no global way of knowing I am the same person. The $response object sent me a unique ID for that specific user according to the provider policy. You might use this to identify already registered users and log them in.

Silently create a user account when another form is submitted

I have a form created from another module. I want to add 2 fields to that form: 1. email, 2. password. I think I can do this with hook_form_alter. Then I would like to create a user account and log the user in when the submit button is clicked, then go ahead and execute the action defined by the form.
The original form doesn't have a #submit property...it just has a #action property.
I add the #submit property like this: $form['#submit'] = array('accesscustom_submit');
but accesscustom_submit doesn't seem to be getting called. I think the form is just getting redirected to the #action url that's already defined. Any ideas?
Are you trying to edit the comment form? $form['#action'] is a pretty rare property ... the comment form is the only one I can think of that uses it.
In any case, you can create an account pretty easily by settings up a user array ($account = array('name' => $username, 'pass' => $pass)) and sending it to user_save. See http://api.drupal.org/api/function/user_save/6 for more details.
Once the account is created, you can call user_external_login to log them in (http://api.drupal.org/api/function/user_external_login/6)

Require new password on first login to Wordpress

I am trying to set up a Wordpress site that requires users to login. The usernames are going to be pre-populated into the db, with 1 default password for all. Once they enter the default password, they need to be taken to another login screen that will act as a registration page for them. They cannot change their username, but are required to change their password. I cannot find any plugins that accomplish this (if someone knows of a pre-existing plugin, that would be great!).
Anyone have any suggestions on how to accomplish this or point me in the right direction on where someone has accomplished this already?
Thanks
J
This is how I would do it. Setup your login form to accept username and password. If password is equal to the default password, set an arbitrary value in the usermeta table. On your login landing page have the logic check for that usermeta value, if exists, display the form for creating a new password. Upon successful password change, remove the usermeta value.
Here's some stuff to get you started...
var $creds = array();
$creds['user_login'] = 'example';
$creds['user_password'] = 'plaintextpw';
$creds['remember'] = true;
if ($creds['user_password']=='default'){
$metakey = 'mustchangepw';
$metavalue = 'true';
update_usermeta( $userid, $metakey, $metavalue );
}
$user = wp_signon( $creds, false );
Once they login just advise them to change their password via their profile page in wp-admin. Once a user is created they can change their display name but not their user name by defualt. You can use the adminimise http://wordpress.org/extend/plugins/adminimize/ to hide certain features. I'm not sure if there is an 'easy' way to achieve it.
Also if someone realizes that there is a default password, they might try to to access another account if the user names are in a predictable format, such as 'FirsnameLastname'. Might be worth using a simple password generator and apply unique default passwords.

Resources