By goose2000 on
Hi,
I am trying to locate and disable the built-in password strength checker in Drupal 6. This will confuse my visitors, they do not understand if it is being enforced or not. Not necessary in my case.
I have no idea where to look, any ideas / directions much appreciated.
Comments
It's in
It's in modules/user/user.js. Try adding a
return();right after line 7.Thanks a million Garrett! I
Thanks a million Garrett!
I added the the return(); and all is quite on the sign-up front. What did that do? Just fire off the function before it had any substance, rest of code was ignored ?
Yes, pretty much. The
Yes, pretty much. The
return()function causes the function to cease execution and move on to whatever code is next, so all the other code in the function never executes.I kind of told you to do something wrong, though… We should never hack core modules. If you do a proper update of your Drupal installation the next time a new version comes out, you'll have to re-do this "fix" as well. But for a quick ten-second hack that gets the desired results, that'll do the job.
Why not open a feature
Why not open a feature request to have an admin option to disable this feature?
- Corey
Oh, I'm well aware of this -
Oh, I'm well aware of this - don't mess with the core. This site will not run for long, six months maybe. For it's short life, I felt it ok and probably won't update it, as long as I think it's secure.
I would agree that a feature request go in. I'm just not clear why this went into core in 6? Now we need a feature to pull it out. When it was a module, you could pick and choose.
agreed.
This is indeed confusing to the end user. I've hacked / disabled it. I wish there were an option to disable it.
re: "Never hack core"
See Programming: Never Hack Core and Site Building: Never Hack Core.
Good. — Fast. — Cheap.
(Pick any two.)
If you want to keep the 'Passwords Match' check
Using Garrett's idea as a base I wanted to see if I could disable password strength messages but not the client-side check to see if they match.
Simplest way I could see was to comment the two lines following this comment
// Show the indicator and tips.(on line 87 in modules/user/user.js)BUT, I already have my custom module adding some js to the user registration page. It'd be more 'Drupally' to add more js/jQuery to that so it would override/modify the existing
Drupal.behaviors.passwordstuff rather than hack the core. Is there a js guru with any ideas??Drupal consultant & senior developer - http://www.i-jk.co.uk/
I'm thinking it might be as
I'm thinking it might be as simple as just replacing Drupal.behaviors.password with your own function. The trick would be making sure it's put into place after Drupal puts its one into place, so that Drupal's isn't actually overwriting your own. Maybe something like this?
…and then
Failing that, you could use jQuery's unbind() to remove Drupal's keyup event watchers from the password fields (which it binds on lines 111 and 112 of user.js) and then bind your own.
Just a couple shots in the dark, though. Is there something insufficient about Drupal's implementation that's making you want to reinvent this wheel?
Thanks Jim.....
Worked for me. I know it's bad taste to modify core, but I was getting so many complaints from people who didn't realize that the password strength suggestions were just that, suggestions. It still checks for password match, but only after you try to submit different passwords, which is fine by me.
subscribing
subscribing
Make it optional.
It's very nice to have a password strength check built into core - but i'm pretty sure this should be optional.
Subscribing.
In the preprocess function maybe?
Hi there, the behavior in the js is set based on the input class of 'password-field'. I just decided to remove it in my preprocess function. What are the drawbacks of doing it this way? Besides having multiple classes and needing to pull out the exact one that causes the behavior to be attached (unsetting the class worked for me as I only had one).
function mytheme_preprocess_user_register(&$vars) {
unset($vars['form']['account']['pass']['pass1']['#attributes']['class']);
unset($vars['form']['account']['pass']['pass2']['#attributes']['class']);
}
It should be noted that the second unset is used to remove the behavior of making sure the passwords match.
Non-core-hacking solution?
Hey, I'm trying to remove this as well, but I really don't like hacking core. Anyone able to find a non-core-hacking solution for this yet? I removed the strength tips using CSS, but the warning box with "It is recommended to choose a password...." that shows in that horrid pink color still comes up and won't take my styles.
I implemented the line 7 hack for now, but would love a better solution if there is one.
Thanks so much!
subscribing!
+1
How about the new Password Strength Disabler module?
See http://drupal.org/project/disablepwstrength
disablepwstrength disables the entire password strength process
Can't use this to disable just the "password description" (...It is recommended to choose a password... ).
Broken checker bug
I discovered that the password strength checker was broken on my site after I took it live. I was able to identify that the cause was enabling "Optimize JavaScript files" at admin/settings/performance. Enabled = broken checker. Disabled = working checker.
Is there somewhere more appropriate that I should report this? I'm running Drupal 6.12 on shared hosting.
Late to this discussion, but...
I think this probably warrants for a setting in the core module, but for a quick fix that doesn't require hacking the core, you can add this to your stylesheet:
Kind of cheating and I wouldn't consider this "optimal", but it works if you're not willing to modify the core module (which I didn't want to do either...).
This works too...
If you set the class to 'module-class-processed' in a hook_form_alter on the user registration form, the javascript will not check the password strength.
$form['account']['pass']['pass1']['#attributes']['class'] = 'module-class-processed';
$form['account']['pass']['pass2']['#attributes']['class'] = 'module-class-processed';
Custom code or Password Strength Disabler module
I Just found another way to disable password checker.
I you look at the code inside user.js (modules/user/user.js), you will notice the events blur and keyup are bind to input.password-field and input.password-confirm.
Rather than hacking the core (which is really a bad habit, since you'll do it everytime you update drupal core), you can create a js file and put the following code inside:
To load the file you can use a theme or a custom module.
We you decide to use a theme, just add the file in the scripts array in you [theme].info file. To know how, check this
But you can also write a small module (if you don't already own some) to load the file with drupal_add_js
But there's a module which handles it easily: Password Strength Disabler.
Hope it helps.
No reason to disable password strength
I don't believe it's a good idea to disable user.js feature.
However, I was able to get around it with css, as I'm not that good in programming:
1. hidding the description box and messages
.password-description {
position: absolute;
left: -9999px;
}
this hides the box. you can also decide not to display it
div.password-description {display:none
}
At this point you still have the "password Stength:low" and the "password match:no match" messages, what I need for my project. I put "div" around this in the user.js file, and used css positioning to position it were I want.
2. but if you want to hide this too, do this:
span.password-strength, span.password-confirm {display:none}
at this point everything is hidden.
Hope this may help
I have installed Login
I have installed Login Toboggan Module and I wish to modify tips to say
>required 8 Characters in Password Tips
I wrote my own jQuery code in a single line
and it works a treat without hacking core or installing more modules:
$('#edit-pass-pass1, #edit-pass-pass2').unbind('keyup').unbind('blur');
(assuming #edit-pass-pass1 + #edit-pass-pass2 are the ID values for both the password fields...)
I tried adding both of these
I tried adding both of these to my theme's template.tpl.php file and cleared the cache. Neither seem to have any effect. (theme name is sky. using D6) Help?
In the function
In the function mytheme_theme(), create or add a function register for 'user_register' to the array, like this
And add this function
(be sure to clear your cache afterwards)
bump
bump
My CSS solution in D7
drupal_add_css('div.password-strength, div.password-suggestions {
display:none !important;
}', 'inline');
Cameron Wong
http://www.eguidedog.net
Solution in D7
Simply remove the process callback which attaches the javascript;
Disabling the password
I know this is old, but I feel that some of the responses here are not following any sort of best practice. Modifying core js files is a recipe for a disaster - if you update core you'll lose your change.
The better way at least in Drupal 7 to achieve this is to do something like this. Create a module (I'll assume you know how to do that), in this instance we'll call it mymodule.
Create a /js directory below within that module. So I know have /sites/all/modules/custom/mymodule/js
Create a mymodule.js file in that directory with the following content:
Then in your mymodule.module file add the following:
This will then stop the password strength indicator from displaying on the register form.
No hacking of core, using the Drupal JS API as it was intended to be used, flexible enough for you to disable on specific forms as you wish (rather than on all forms), it will handle core upgrades and the module can be enabled and disabled as you wish without any file modifications.