Firefox PHP

Learning curve: Creating & using custom profiles

Posted by RosieL 
Learning curve: Creating & using custom profiles
October 13, 2012 12:50AM
Oh dear, I'm in trouble again!

I'd very much like to play around with the module "Enhanced Custom Profiles", but I'm afraid any instructions I've been able to find are just too cryptic for my simple brain. I do wish y'all didn't have such an aversion to step-by-step explanations!

Anyway, trying to guess my way through the first bit, I have created a field called user_password in Phorum Admin --> Custom Profiles. As far as I can see that's a preparatory step I have to take.

Then I go to Phorum Admin --> Modules --> Enhanced Custom Profiles (version 5.2.1.06), turn it ON, and click Settings.

Then what? How does this module help me?

When I click "View My Profile" or "New User Registration" there is a message: "Please note, you must first create custom profile fields on their respective pages before they will appear below." The other six options across the top don't present that message.

So breaking that message into bite-sized chunks:
  • "...you must first create custom profile fields..." seems simple enough, and I did that when I created user_password. Didn't I? But my custom profile field user_password never does "appear below".
  • "...on their respective pages..." -- No idea what that's telling me to do, but if it's telling me to go away and edit pages manually, I was hoping the module would save me from that. Hopefully that's the wrong interpretation on my part.

WHY I'M LOOKING AT THIS MODULE

I'm sure there'll be other reasons why I want to add custom fields to the user profile, but here's what I'm trying to do at the moment:

I want to trap the plaintext password entered by a new member when registering, before it gets hashed, and store that password with the users profile, because the MD5 hash version of the password as stored in the database isn't much use to me. I can take care of that with some custom code in register.tpl and assign the plaintext password to a global variable.

Then I'll find a way to store that plaintext password in the database as user_password, along with the other user profile elements.

And then I can reference it at any time, maybe with something like: {USER->user_password} ???

Or am I so far off-base that I am actually off-planet?

- Rosie
Re: Learning curve: Creating & using custom profiles
October 13, 2012 06:23AM
No idea what that's telling me to do, but if it's telling me to go away and edit pages manually, - you have to create an entry field on the appropriate template page.
Re: Learning curve: Creating & using custom profiles
October 13, 2012 11:07PM
David, creating an entry field, or making any sort of modification, to a page is obviously not a problem -- so long as I know what it is I'm supposed to be creating and on what page.

But I don't see how that helps me understand the use of the "Enhanced Custom Profiles" module. There's no way its going to automatically detect whatever change I've made to a page.

So my immediate concern is how to use the module, and once I know that I'll be able to play around with it and decide if it's of use to me.

Call me THICK if you like, but use of this module is just not obvious to me.

Don't mean to be a pest, but I do want to know and learn.

- Rosie
Re: Learning curve: Creating & using custom profiles
October 14, 2012 05:12AM
so if you got a question about a special module you should ask in the thread of the module. We are not supporting all the possible written modules.
As far as I understand the given module its written for adding input fields in the pages, not some automatic set custom fields with a password.
Again, you will have to write a simple module for that task as you need to write the password into multiple places. The automatic filling of the fields won't work for that case.


Thomas Seifert
Re: Learning curve: Creating & using custom profiles
October 27, 2012 07:37AM
Quote
RosieL
I want to trap the plaintext password entered by a new member when registering, before it gets hashed, and store that password with the users profile...

You should be aware that doing so is a Very Bad Practice®. One little accident, and all your users' passwords will be out in the open. Consider also that you are storing their e-mail addresses and that many people use the same password in several places despite being told to not do that. This means that whoever gets your user db with plaintext passwords will also likely get into the gmail, hotmail etc accounts of several users and from there on the possibilities are endless: password reminders to other sites, paypal accounts, credit card data, you name it.

Are you sure you want to be responsible for this kind of breach in case it happens?

BTW, Thomas, are there any plans to move to SHA soon? The MD5 rainbow lists floating all over the place are getting bigger and bigger by the day.
Re: Learning curve: Creating & using custom profiles
October 29, 2012 05:25PM
Quote

MD5 rainbow lists floating all over the place are getting bigger and bigger by the day.

block an account for 15 minutes after 3 failed logins, notify webmaster some way, including relevant data like time and ip adress and rainbow tables are useless:)

I read somewhere (forgot the address) to use javascript for hashing the filled in password at client side with the same salt as used at serverside (so public salt). The result should be the same at both sides (server and client). So even in case of sniffer software, the used password will never be revealed to the bad outerworld:)

As soon as i have tie, i will study this technique further:)



Edited 1 time(s). Last edit at 10/29/2012 05:30PM by Terradon.
Sorry, only registered users may post in this forum.

Click here to login