Tagged: Member Password
February 24, 2013 at 10:04 pm #8636midifilestoreMember
Hi. I’m building a Membership site and am adding members. When I add a member, I assign them a password which I enter as part of their profile in the wordpress “New Password” area under “About the User”. What I was wondering is if there’s anyway I can see members passwords via a code snippet or something?
Reason being is that the membership offers a Spreadsheet that is password Protected separately for each member (I supply the password which is the same as their log in password). However if the member updates their profile and changes their password, they can obviously still log in and view their spreadsheet, but I can’t control the spreadsheet anymore because I don’t have their new password. Can you help with this issue?
There’s a company who built a website for my boss’company using wordpress and me being the guy who adds new clients to the system, can see their password because their is some code in there that allows the members password to be seen by me. Obviously I’m not going to ask how he did it. Was wondering if you knew?
This is what I see below in the back end.
Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! ” ? $ % ^ & ).
The current password is 0017582
Do you know how this is done?
Thanks. ClaudeFebruary 25, 2013 at 11:08 pm #54045adminKeymaster
No, you can’t view a user’s password. eMember stores the user password in the database using a one way encryption (this is for security reasons). The eMember plugin itself doesn’t even know the true password of the users (it only knows the encrypted password value). Only the member/user knows the password and that is how it is suppose to work for any secure membership management software.
If your users have forgotten their password, you can simply tell me to use the “Forgot Password” feature from the login form. The forgot password feature lets a user reset their password.February 25, 2013 at 11:25 pm #54046midifilestoreMember
It’s more about me not knowing the password versus the client forgetting. The client can always change their password but if I, as the main administrator and owner of the goods supplied to the client, can’t see their password – that’s strange. If clients are buying product off me, I control all aspects of their account from setting them up to payments to giving them access etc – except their password. It doesn’t make sense because I control their whole user account so by me not knowing their password doesn’t give me any advantage over their account – I already control it!
As in my previous email, it’s more about controlling a protected spreadsheet.
I’m not sure what code snippet my boss’ web builder used, but it works.
Thanks.February 26, 2013 at 5:09 am #54047adminKeymaster
The only way you would be able to view the user’s password is if the passwords are stored in the database as plain text password. A lot of software or plugins do this but it is just bad security practice. If a hacker hacked into your site they could steal all the passwords.
I understand what you are saying in terms of *you* owning your clients account but to do what you are asking means we have to go backwords and use plain text password storing in the database. Which means our architecture in the plugin will need to be changed to a less secure one. We obviously won’t do that (we will only try to improve the security in the plugin not go backwards).
I understand that your boss’s coder have done something somewhere with some script but I don’t understand how that relates to the user passwords of eMember users. All I am saying is that the user passwords created and stored using our plugin can’t be viewed like you are saying. We don’t offer this as a feature. We don’t say anywhere on our feature list that eMember lets you (the admin) see the user’s passwords.
- You must be logged in to reply to this topic.