Set password on registration

pilot830

New Member
YetiShare User
Jan 22, 2014
242
1
0
Let people set password right on the Registration page.. this way a password does not have to be emailed to them

Or you could email them as usual but for password field just put: ******** (censored)

This is for security reasons AND because the thing I'm noticing is that a percentage of users that are registering, their welcome / registration email is going to the SPAM FOLDER..So they sit around waiting for their login credentials not knowing its there in the spam folder

if you made it so that they could set the password right upon registration, then they could immediately begin using the site
 

parham4229

New Member
Sep 3, 2014
46
1
0
You can use services like mandrillapp.com to assure that they emails would go in to inbox and not the spam folder :)
 

pilot830

New Member
YetiShare User
Jan 22, 2014
242
1
0
Having users set a password on registration form (and then doing some sort of confirming their account via email after, but still being able to login) is especially important because im getting at least 5-10 accounts a month where they put in a invalid email and then what? How will I determine how many accounts are invalid email? I cant comb through thousands of accounts looking for invalid emails.

Like the current system is ensuring that we will ALL have a bunch of user accounts piling up with no valid email, as people tend to do this
 

salesmcc134575

New Member
YetiShare User
Dec 23, 2014
34
0
0
I agree with this. We need to have the option to allow our members to create a password. Some of our members do NOT get the email even after waiting, and checking their spam. We have verified the email on file for them, and the email still won't get received. We have also tested our SMTP and it works perfect.

Please provide this option in the next update.
 

yuser

New Member
Jan 1, 1970
17
0
0
this would be an awesome feature because some ppl don't want to Login to Email for activation somebody maybe can do a php script for this ?
 

pilot830

New Member
YetiShare User
Jan 22, 2014
242
1
0
There are many reasons to set password on registration, I agree and I hope it gets done because it is annoying so many people are having trouble logging in with their passwords, or their welcome email goes in the spam folder
 

pilot830

New Member
YetiShare User
Jan 22, 2014
242
1
0
artur said:
this would be an awesome feature because some ppl don't want to Login to Email for activation somebody maybe can do a php script for this ?
Why should we have to do something that is so obvious? Just right now, my emails are not going through.....So now people are not getting my emails

why would they need to worry about getting an email

when they could set the password themselves

And at least be able to log in , edit their email to a different one if theres a problem, and validate it

Why should I have I have to use a mail service, to ensure my mail goes into the inbox ?

Then when I use the mail service, the mail service is slow sometimes, and it takes forever to get the registration email ?

So then let me go run my own mail server, and even though ive setup spf, dkim, everything correct, It still goes to spam folder ?

Then people complain they either didn't get their email, or its taking too long

All could be avoided. It's really demoralizing. So we're suppose to go make the custom changes ourselves, so that when yetishare releases a new version, it ends up undoing the change because they don't want to give people the ability to create pw on registration. So we end up having to re-make the custom change every single release. I get that they're busy, my issue is not that, my issue is being told by yetishare that they don't see setting the password on the registration form as better than currently. If they said, yea you're right, we're gonna do that at some point, that would be fine. But to tell me no, thats not a good idea....
 

ysmods

New Member
Jan 29, 2013
860
1
0
UK
www.ysmods.com
Download it for free: https://forums.ysmods.com/index.php/files/file/38-set-password-when-registering/

ps: only took 5 minutes to implement the code :)
 

pilot830

New Member
YetiShare User
Jan 22, 2014
242
1
0
Dear ysmods,

Thank you for doing the free mod. Will the mod be updated with each release? If so, then I guess I have no reason not to use it. My issue is mostly that every yetishare release, if the ability to choose password is still not there upon registration, then we will have to keep re-implementing a mod or change. But if you're saying you will update, then ok i guess thats cool
 

ysmods

New Member
Jan 29, 2013
860
1
0
UK
www.ysmods.com
Hi,

Yes the mod will be updated with each release, I have it on good authority that there will not be a major update for a couple of months at the earliest.
 

jaredesguerra4757

New Member
YetiShare User
Feb 13, 2015
7
0
0
Ysmods , I think you need to change this
Code:
$newPassword = $password;
with
Code:
$newPassword = Password::createHash($password);
Else when the user tries to login , the password hash does not match since the password was initially saved as plain text.

Please correct me if i am wrong.
 

ysmods

New Member
Jan 29, 2013
860
1
0
UK
www.ysmods.com
jaredesguerra4757 said:
Ysmods , I think you need to change this
Code:
$newPassword = $password;
with
Code:
$newPassword = Password::createHash($password);
Else when the user tries to login , the password hash does not match since the password was initially saved as plain text.

Please correct me if i am wrong.
You are completely wrong :D ;)

When the user is added to the database, its using:
Code:
$newUser     = UserPeer::create($username, $newPassword, $emailAddress, $title, $firstname, $lastname);
Which is in userpeer.class.php
Code:
static function create($username, $password, $email, $title, $firstname, $lastname, $accType = 'user')
{
	$dbInsert                 = new DBObject("users", array("username", "password", "email",
		"title", "firstname", "lastname", "datecreated",
		"createdip", "status", "level_id", "paymentTracker", "identifier")
	);
	$dbInsert->username       = $username;
	$dbInsert->password       = MD5($password);
	$dbInsert->email          = $email;
	$dbInsert->title          = $title;
	$dbInsert->firstname      = $firstname;
	$dbInsert->lastname       = $lastname;
	$dbInsert->datecreated    = coreFunctions::sqlDateTime();
	$dbInsert->createdip      = coreFunctions::getUsersIPAddress();
	$dbInsert->status         = 'active';
	$dbInsert->level_id       = 1;
	$dbInsert->paymentTracker = MD5(time() . $username);
	$dbInsert->identifier     = MD5(time() . $username . $password);
	if ($dbInsert->insert())
	{
		return $dbInsert;
	}

	return false;
}
As you can see, the password is not stored in plain text because of this line
Code:
$dbInsert->password       = MD5($password);
Then when a user logs in for the first time the password is converted to the new hashing method
Code:
public function login($username, $rawPassword, $fromLoginForm = false)
{
	$rs = $this->convertPassword($username, $rawPassword);
	if ($rs == false)
	{
		return false;
	}
	return $this->attemptLogin($username, $rawPassword, false, $fromLoginForm);
}
This happens
Code:
$rs = $this->convertPassword($username, $rawPassword);
Which matches the md5'd password in the database with the plaintext password
Code:
if ($user['password'] == md5($rawPassword))
Then converts the password to sha256 instead of md5
Code:
$sha256Password = Password::createHash($rawPassword);
If I would have used
Code:
$newPassword = Password::createHash($password);
When the user was added to the database by UserPeer::create, the password is hashed using md5, so the hashed password from Password::createHash would never work

For example, the password was password
The password hashed using Password::createHash would be something like
Code:
sha256:1000:6fbPTSlmuvBZVm200aMhzVAnzNbPvY56:u7i03MfaWISj/Y0RA4BoKWHctyBNuvlo
The password hashed using md5 would be
Code:
5f4dcc3b5aa765d61d8327deb882cf99
So when the user is created using UserPeer::create Your already hashed password from Password::createHash would be hashed again using md5 into
Code:
9c66259fdd4c121d9a2770958eb42aab
and added to the database.

Then the user tries to log in
Code:
public function login($username, $rawPassword, $fromLoginForm = false)
{
   $rs = $this->convertPassword($username, $rawPassword);
   if ($rs == false)
   {
      return false;
   }
   return $this->attemptLogin($username, $rawPassword, false, $fromLoginForm);
}
The Password will always return false from $this->attemptLogin due to the password hashes not matching.

Only reason that $newPassword = $password; is because it was nearly 2am when I made that mod and to save editing a couple of things, I set $newPassword = $password;