need default password if none created
bobsawey - July 7, 2009 - 00:52
| Project: | userplus |
| Version: | 6.x-2.3 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | fixed |
Description
it is my opinion that user_password() should be called in userplus.module to ensure a default password is created in the case one is not provided.
My userplus module has been modified in ways that don't fit the project, so I haven't attached a patch. I'll try to do so once I've removed unnecessary code from my copy of the module.
#1
+1 for this: still an issue in 2.3 and 2.x-dev, and it's so important that I feel it's actually a bug in the module - I created 3 accounts today and the email was sent with "password: !password" - bad form IMHO. Here's a patch based on 2.3 version.
#2
Use strlen instead in the rare case that the password is cast to a boolean false.
if (strlen($u['pass']) == 0) {$u['pass'] = user_password();
}
#3
Thanks very much for this. I added a minor tweak so a default password gets created when the password field is filled with whitespace.
// If they left the password field empty give them a random one.if (strlen(trim($u['pass'])) == 0) {
$u['pass'] = user_password();
}