Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Password access for Admin?

edited August 2006 in Vanilla 1.0 Help
Hi! I need to have access to the password of a newly registered user. This is because of special security reasons of a closed forum. The admin shall check, if new members mail adress is part of a member list. Then the admin shall set a new password, before accepting the registration, sending it in a different mail to the new forum member. Maybe this is solved by someone here or it´s simple. But I am quite new to Vanilla and not experienced in php - so, please, be clement... .
«1

Comments

  • Options
    Setting a new password is possible, but reading an existing one is not.
  • Options
    Setting a new password is possible, but reading an existing one is not.

    That´s quite enough! I played around but I could not find a convenient way to do so. Could you be so kind telling me, how?

    Thanks for quick feedback!
  • Options
    I'm confused why you actually need to achieve this? I know you said but I dont quite understand.
  • Options
    MarkMark Vanilla Staff
    In vanilla you can give the person a plain-text password as a temporary solution. When they use the password form on the account page to change it, it will become an encrypted password.

    So, if you don't know how to program a new control, you can just set the password manually in mysql.

    Alternately, you can make a new extension to change their password. You can model it after the library/Vanilla/Vanilla.Control.PasswordForm.php control.
  • Options
    edited August 2006
    I dont quite understand.

    The reason: I want to use Vanilla for a german society with - let me say - «enhanced security requirements». There is a - theoretical - option, to get into the forum, by starting the registration process, and enter the forum after a while, using the user name/password, given as registration. This requires the circumstance, that the "real" member, does not register, that someone does this. [This is not my problem, I swear!]

    You can model it after the library/Vanilla/Vanilla.Control.PasswordForm.php control.

    I will have a look on that. But - as I mentioned above - I am not experienced in PHP. So, any support is welcome.

  • Options
    I think I understand: You want to mail a password to the person registering to ensure that that person is the one with the email address.

    You may want to try Applicant email verification and combine it with manual administration approval. I'm not sure how well this would meet your needs.
  • Options
    that person is the one with the email address

    Thank you! It´s quite easier to read, than to write (not only my experience in PHP is a little bit outdated,...).
    Applicant email verification

    I will test this first (before thinking about a modification of passwordform.php...), and let you know, if it works, or if I can "abuse" it for the wanted effect. Thanks!

  • Options
    ToivoToivo New
    edited August 2006
    "In vanilla you can give the person a plain-text password as a temporary solution. When they use the password form on the account page to change it, it will become an encrypted password. So, if you don't know how to program a new control, you can just set the password manually in mysql. ..."

    some questions (& answers) are definitely starting to cycle. should there be an extended wiki for help
  • Options
    edited August 2006
    with Applicant email verification, the user need to activate his account with a link he receive in an email. After activating it, he receive the default role that you selected in the registration setting page.
  • Options
    edited August 2006
    I tested "Applicant email verification". It sends an email for verification to the aspirant, but it is directly listed as enrollment, without waiting for the confirmation mail. When I confirm the Mailadress as aspirant, nothing else happens. No message to admin.

    I did not find something to configure (maybe my fault) - is there a despcription available, how to get it like this:
    Register - confirm e-mail adress - show as enrollment for admin - affirm registration ?
  • Options
    No, after registration, the user is shown as applicant. It doesn' have any permissions. After, activation via email, he get the role you selected (New member role) in the "Registration Settings" page. If you select "applicant", after activation, the user get again the applicant role. I need to add a message on the account page to let the admin know the count has been activated.
  • Options
    edited August 2006
    Show activation info on the account page (was realying on the role history extension, but that doesn't work for that) and Mailing the admin to let him know a user has activated his account was on the todo list. I can do that today.
  • Options
    edited August 2006
    I just uploaded a new version of Applicant email verification. Added:
    *Show on the account page of the applicant if he has validated his email or not.
    *Send an email notification when new users validate his email - need more test on this one.
  • Options
    edited August 2006
    Sorry for silence (sometimes I have to work on something different). I tried the update. One Question: Where can I find the checkbox "approve by e-mail". I can not find it. Is it possible, that the german interface disturbs the correct operation?
  • Options
    edited August 2006
    For the email notification, i just used the code for the email notification to admins when someone register. Except that the admin don't receive email when the user register, but after when the user active his account.

    However I couldn't test it because I can't get this email notification working, with or without the extension. I still have to check why.
  • Options
    Thanks for this information. I was quite astonished on testing, because the update doesn´t work anyway. So this helps, realy.
  • Options
    What have you tested? what have you done? and what is error message if there's one.

    I tested it in vanilla 1.0.1 and it is working (the only thing I couldn't test is the email notification to admin).
  • Options
    edited August 2006
    just tested it on vanilla 1.0, and it is should work now.

    One of the bug come from that:
    version_compare(APPLICATION_VERSION, '1.0.1', '<=')
    That was returning true for APPLICATION_VERSION = '1.0'
  • Options
    I downloaded last version (Aug 18th 2006, V0.3.4) and installed it.
    First, I had to fix two errors:
    • Line 40, surplus bracket: (APPLICATION_VERSION != '1.0'))
    • Line 79, missing compare: version_compare(APPLICATION_VERSION != '1.0','<'</b>)
    Otherwise, I couldn´t enter my test forum. Now I get an e-mail for new enrollments again, but no verification mail to given e-mail adress ist sent. I still do not find a check box, as shown in download area, to activate anything.

    The surprising thing: Checking the new enrollments, the profile of the new candidates has an "e-mail validated" entry.

    Version check returns "You have the latest version of Vanilla."

    Currently its hard for me, to get into PHP (lack of time), let me know, which information you need, to go ahead. I will be back regularly and will help, as fast and good as I can.
  • Options
    edited August 2006
    Try the version 0.3.5 ps: I tried version_compare(APPLICATION_VERSION, '1.0', '<') but it wasn't working anymore with the development version of vanilla... I messed everything up were quickly change it back APPLICATION_VERSION =! 1.0.
This discussion has been closed.