Starting with CMSimple XH 1.5.4, the program stores a password hashcode instead of the password itself. However, the settings page now shows the password hash, which might be kind of confusing to most users.
I would suggest to change the input field to type="password" and display a constant number of dots instead of readable text. This could be a constant string like "xxxxxx" which would make it easy to check if the user wants to change the password.
Pasword vs. password hash
Re: Pasword vs. password hash
Hi Uwe,
indeed the current solution is more a quick hack, than a clean solution. It was a result from the desire to implement password hashing as soon as possible, without making too many changes for the revision.
Using a single password input is IMO not a viable solution. If the user wants to change his password and makes a mistake (a typo), then he can't log in to the admin mode anymore. A fix would require changing the password in the config file via FTP.
For XH 1.6 this will change: probably two password inputs (one for the confirmation).
Christoph
indeed the current solution is more a quick hack, than a clean solution. It was a result from the desire to implement password hashing as soon as possible, without making too many changes for the revision.
Using a single password input is IMO not a viable solution. If the user wants to change his password and makes a mistake (a typo), then he can't log in to the admin mode anymore. A fix would require changing the password in the config file via FTP.
For XH 1.6 this will change: probably two password inputs (one for the confirmation).
Christoph
Christoph M. Becker – Plugins for CMSimple_XH
Re: Pasword vs. password hash
I also though we should do this, This also requires a new kind of config view, paving the way for checkboxes and obtion menus.cmb wrote:two password inputs (one for the confirmation).