Posted by spessex on January 30, 2013 at 11:47am
Hi
Is it possible to pull Users password's into a Drupal View?
I've checked the 'User' fields in the Views but cannot seem to see anywhere that mentions passwords?
I just need it for an overall administration view.
Any help would be greatly appreciated.
Stephen
Comments
Passwords are encrypted, you
Passwords are encrypted, you should never display them anywhere. One-time logins can be created if users want to reset their password, but it's their password, not the website owner's!
Drupal doesn't actually store
Drupal doesn't actually store the password itself only a hash of it. So when a user logs in it will compare the hash of the password the one the user typed.
Thanks guys. I thought it
Thanks guys. I thought it might be the case. Can I just confirm, if we have a user that is frequently forgetting their password are they able to change it themselves on multiple instances or does Drupal only allow a finite number of password changes?
AFAIK It's unlimited, you can
AFAIK It's unlimited, you can restrict it with things like http://drupal.org/project/flood_control
If you suspect you have an
If you suspect you have an automated agent attempting to log in, using Flood Control may be a piece of the puzzle to stop the agent.
If this is the case, I strongly recommend you use the Spamicide module, or a comparable one, and enable it at a minimum for the user registration, password change, and login forms.
FYI, I always use Login Toboggan as well, to fine tune the overall experience -- e.g., to require a confirmation email upon user registration, and before a login is permitted. Plus Password Policy.
If you have a forgetful human user on your hands who forgets their password -- and you are using a solution like Spamicide along with Password Policy (and possibly Flood Control) -- then just allow all users to go through the request-a-new-password dance whenever the need arises.
I hope this helps. Or perhaps you have other concerns on your mind?
Just to clarify: 1) Drupal
Just to clarify:
1) Drupal does have flood control out of the box the flood_control module provides an interface to configure and change the default settings provided by Drupal
2) As far as I know the password reset can be used as many times as a user needs it and I don't think it has anything to do with flood control.
Perhaps with the AES Encryption module
I had a customer request about clearview passwords. Turns out that the AESd Encryption module allows you to capture the passwords as they are entered, so you can actually see them in the user account view (I don't believe there is views integration for it, but a link to the user account did the trick).
Answering your question about password
Passwords are encrypted, and for a reason. You should never display them. Most password are one direction encrypted , that means that you cannot decrypt the password. What happens is that when a user log ins, the password is encrypted and compared to the encrypted password stored in the database (That's a safer approach). There is no way to decrypt the password, so displaying the password is impossible.
Help our children