As a security measure it's best not to e-mail passwords to people. Passwords should be hashed and saved to the DB right after they have been entered and never, ever be viewed as plain text again.
Don't add password to welcome mail
|
|
Hi Xano,
Passwords are handeled by Drupal. So posting this here might not help a lot.
Regards
Mark
Sorry,
Forgot the direct signup.
Drupal is handling passwords correct I believe.
Only problem is, do you really want customers have to login first before they can checkout? This might make your system a little bit less user friendly...
Best regards
Mark
Hi Xano,
Passwords are handeled by Drupal. So posting this here might not help a lot.
Regards
Mark
Yeah, but site administrators decided whether to show passwords as plain text in e-mails or not 
Hmm... it is a Drupal issue, since the passwords are e-mailed in both the normal and administrator user registration forms. Ubercart invoices can optionally include the username/password, but you can take that out of your invoice. Further, Ubercart checkout for anonymous users uses the site-wide registration e-mail... so, if you change it there, you should no longer be sending passwords. 
EDIT: This is the point where I realized you were talking about our site.
I'm not too worried about changing it for Ubercart.org in the short term... you can always change your password after you've registered. It might be a little more necessary for your e-commerce sites, though.
Thanks for the suggestion, and I'll keep it in mind for the future.
I'm more concerned with people looking through other people's email. Yes, those people exist, unfortunately. I'm not fond of changing my password because it's been sent as plain text. I've already got enough passwords to keep track of 
Just my 2 cents.
|
|
Joined: 07/29/2008