Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This module allows you to create fields that store passwords. It will store the passwords in encrypted format and (by default) will not display them on the website. This is useful, for example, if you are creating a website that integrates with other services and you would like users to be able to store their password more securely than using a text field. Using this module, you could create a password field and attach it to the user entity (just like any other field), knowing that the passwords will be stored in an encrypted format and won't be displayed to other users.
Note, this is completely different from the Password module that backports the pluggable and secure hashing from Drupal 7 to use with Drupal 6. This module is more like the Email Field or Phone modules in that it provides a field type.
A note on security
The most important thing to know about this module is that you should not use this module if you can possibly avoid it.
The reason for this rather strong statement is that, in general, storing passwords in a database is a bad idea. If you can store a salted hash of a password (like Drupal does), or an authorisation token (the way oAuth works), then you should do that instead. Sometimes though, there is a genuine need to store a password in a database, and you want to make sure that the data is at least encrypted. If you are in that situation, then this module is for you.
Please note, even though the passwords are stored in an encrypted format in the database, anyone who has access to your settings.php file and the values from the database should be able to figure out how to decrypt them with very little trouble - especially since this module is publicly available on drupal.org.
Accessing Passwords
If you are writing a module that relies on this one, you can fetch the encrypted value of the password using the standard Drupal Field API functions.
Once you have the encrypted value, you can decrypt it using the password_field_decrypt() function. For example:
global $node, $language;
module_load_include('module', 'password_field', 'password_field');
$langcode = $language['language'];
$lang = (array_key_exists($langcode, $field_data)) ? $langcode : 'und';
$field_data = $node->field_password_field;
$parts = array_values($field_data[$lang][0]);
$password_value = password_field_decrypt($parts[0]);
Development of this module was supported by OPC IT
Supporting organizations:
Development
Development and D8 Port
Project information
- Module categories: Site Structure
476 sites report using this module- Created by jrsinclair on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Releases
2.0.0
released 4 August 2023
released 4 August 2023
Works with Drupal: ^8.8 || ^9 || ^10
✓ Recommended by the project’s maintainer.
Install:
Development version: 2.0.x-dev updated 4 Aug 2023 at 18:58 UTC
8.x-1.1
released 4 August 2023
released 4 August 2023
Works with Drupal: ^9 || ^10
✓ Recommended by the project’s maintainer.
Install:
Development version: 8.x-1.x-dev updated 4 Aug 2023 at 18:56 UTC
7.x-1.0-beta2
released 18 July 2020
Works with Drupal: 7.x
✓ Recommended by the project’s maintainer.
