When salt module is enabled, this error shows up on all hook_user (register, view, delete) events.

Users still gets created, but when looking in the database, the users password-salt is in clear text in the data array.

Using Drupal 6.4.

CommentFileSizeAuthor
#3 salt.patch918 bytespopthestack

Comments

seul’s picture

seul commented

I found that the patch at http://drupal.org/node/256915 helped prevent the error, I don't know if it solves the password-salt being in clear text

metaltoad’s picture

metaltoad commented

You can replace the existing function with this one and it works beautifully:

function salt_login_validate($form, &$form_state) {

if (!empty($form_state['values']['pass'])) {
$form_state['values']['pass'] = $form_state['values']['pass'] . variable_get('salt', '');
}

}

popthestack’s picture

popthestack commented
Status: Active » Needs review
StatusFileSize
new salt.patch918 bytes

Ran into the same problem. See patch.

Zen’s picture

Zen commented

Marking as a dupe of #327220: Autogenerated password not salted. Please note that the "fix" for autogenerated passwords is to not include them in the welcome e-mail and just rely on the one time login link instead. Please see README.txt.

Zen’s picture

Zen commented
Status: Needs review » Closed (duplicate)