WordPress.org

Forums

Register Plus Redux
[resolved] stored_user_password not being deleted after verification (3 posts)

  1. Jeff Lambert
    Member
    Posted 1 year ago #

    Hello,

    In working with your plugin I came across a non-fatal issue.

    In the rpr_login_form_verifyemail function in the rpr-login.php file you have this condition:

    if ( empty( $user_password ) ) {

    You should probably add an "else" case with the following:

    delete_user_meta( $user_id, 'stored_user_password' );

    Otherwise the stored_user_password is left in the usermeta table.

    You may want to consider encrypting the value with a 2-way encryption routine just so a password isn't in there as plain text.

    I also noticed, in the same function, that you are outputting text with sprintf with the %s being set to $user_login. However, you haven't set this variable anywhere in the function. Though I know you know this, the following should do the trick:

    $userinfo = get_userdata($user_id);
    $user_login = $userinfo->user_login;

    Or using first + last... if available...

    Thanks for a great plugin. I did end up pulling out the rpr_login_form_verifyemail function as my client wants all login related activity handled from within a custom page template and not through wp-login.php.

    Jeff

    http://wordpress.org/extend/plugins/register-plus-redux/

  2. rafaelleite
    Member
    Posted 1 year ago #

    +1

    Agree, the passwords should never be stored in plain text, even more sent in emails.

    Apart from that, great plugin!

  3. radiok
    Member
    Plugin Author

    Posted 1 year ago #

    Hey Jeff, I appreciate the feedback, fortunately I actually resolved both of those issues since the release of 3.9.8 during some other work. Considering the time lapse since I last worked on Redux... I'm not sure when, but regardless these issues have been resolved for 3.9.9 which is forthcoming.

    Either way I really appreciate this type of information, more often then not I get those, it's broken messages wherein I have to go through 7 levels of hell to recreate the problem! I'm sure you know what I mean!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.