Password unencrypted when creating a new account via a view

PHPMaker General Discussion (PHPMaker)
1

not sure what happened here, all was fine..

  1. when creating a new account the password is stored in the table unencrypted..this is through a view for login admins to be able to add a sub-account (this is not the superuser).

checked fields settings

the view:

image
image581×150 2.66 KB

as well on the main accounts table…
table:

image
image569×162 2.91 KB

which are obviously, identical

in advanced settings:

image
image423×208 2.22 KB

not sure if we turned something off by accident..

interestingly enough, I created a user via the “register” page, and the user is created and the password is encrypted.

=========================

  1. after the record is created via the view form, now there is an error

image
image334×149 1.83 KB

the value is:
$returnUrl = “/tblsysmembershiplist” the value is actually at $returnUrl[‘0’])

no console errors, the record is created.
AddHeader(“Return-Url”, GetUrl($returnUrl));

as a test hardcoding as:
$returnUrl = “/tblsysmembershiplist”;
AddHeader(“Return-Url”, GetUrl($returnUrl));

worked, the the page was successfully redirected.

not sure what’s gone astray.. did something break when there was a template update?

thanks,

2

Make sure you have already enabled the following 2 options under Advanced Security → User Login Options → Password:

and also enable the following option under Tools → Advanced Settings:

after that, re-generate ALL the script files, and try again.

3

this is all in place.. issue is only via the view that is used to create a new account. when looking at record inserting, the password is still in plain text.

I tried to use the Encrypt(), but i believe that is the incorrect function for a password, as it ends up being too long for the field.

is there a specific encryption function for the passwords? - i think its HashPassword()…

I’ll just encrypt it in the inserting event.. i suspect this scenerio was not considered by phpM

Tried the HashPassword(), but the result is not the same as one of my test accounts pwd, I would assume it should be the identifcal hash value as the other password??

Update: the HashPassword() appears to be working now…

thanks