bhavinksoni Posted March 14, 2014 Share Posted March 14, 2014 Hi, I am using Presta 1.5.6, currently if new user signs-up he/she gets an email with their login credentials. (attached screenshot), Is there anyway to hide or decrypt the password? as it is not right/secure way to show password. Usually system itself should not be able to read the encrypted passwords and display it anywhere, When user asks for reset password, system should generate random code link, sent to user's mail ID, for user to reset their password. Can anyone please let me know if it is possible to encrypt password while sending emails. Thanks in advance. Best Regards, Bhavin Kumar Link to comment Share on other sites More sharing options...
vekia Posted March 14, 2014 Share Posted March 14, 2014 you can modify email template file open: /mails/LANG_CODE/account.html and remove: <td align="left"><strong>Thank you for creating a customer account at {shop_name}.</strong><br /><br /> Here are your login details:<br /><br /> E-mail address: <strong><span style="color: {color};">{email}</span></strong> <br />Password: <strong>{passwd}</strong></td> + /mails/LANG_CODE/account.txt and remove: E-mail address: {email} Password: {passwd} You can now place orders on our shop: {shop_url} 1 Link to comment Share on other sites More sharing options...
bhavinksoni Posted March 14, 2014 Author Share Posted March 14, 2014 Thanks Vekia, Now the password is hidden for new user registration. But I am concerned about the system able to read the password. There should be some security measure for encrypting the passwords and not sending it by email. Hope Presta provides that in future versions. Link to comment Share on other sites More sharing options...
vekia Posted March 14, 2014 Share Posted March 14, 2014 let's clarify password are stored in prestashop in encrypted version (md5 algorithm with salt) the only one situation, when presta uses plain pass is this email, while register. everything after this is based on encrypted pass in DB and no one has got possiblity to read original plain password... because it just doesnt exist Link to comment Share on other sites More sharing options...
steinchef Posted May 19, 2014 Share Posted May 19, 2014 let's clarify password are stored in prestashop in encrypted version (md5 algorithm with salt) the only one situation, when presta uses plain pass is this email, while register. everything after this is based on encrypted pass in DB and no one has got possiblity to read original plain password... because it just doesnt exist Is there a possibility to switch off this plaintext password sending? for me this is an absolute blocker to use prestashop. best regards Christian Link to comment Share on other sites More sharing options...
vekia Posted May 19, 2014 Share Posted May 19, 2014 sure you can modify email template, go to localization > translations select "email translations" and modify contents of "account" email to fit your needs Link to comment Share on other sites More sharing options...
steinchef Posted May 19, 2014 Share Posted May 19, 2014 sure you can modify email template, go to localization > translations select "email translations" and modify contents of "account" email to fit your needs thank you for the fast response, i will try this. regards christian Link to comment Share on other sites More sharing options...
Recommended Posts