You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// Display password field only for existing users or when user is allowed to// assign a password during registration.if (!$register) {
$form['account']['pass'] = array(
'#title' => t('New password'),
'#type' => 'password',
'#password_toggle' => TRUE,
'#password_strength' => TRUE,
);
The comment says that $form['account']['pass'] is shown when either an account is edited (not created) or when users are allowed to set a password during registration. The code only add $form['account']['pass'] when an account is edited (not created).
($register is not set to TRUE when a visitor is registering an account, despite that variable name.)
Either the code is changed to match the comment, or the comment is changed to reflect what the code does.
I think the code should be changed to avoid adding the password field when visitors registering an account will receive an email with a link to set the password, or when administrator users creates an account for somebody else who then will receive that email.
The text was updated successfully, but these errors were encountered:
The code in user_account_form() should be changed to include those checks too.
// Display password field only for existing users or when user is allowed to// assign a password during registration.$user_email_verification = config_get('system.core', 'user_email_verification');
if (($user->uid == 0 && !$user_email_verification) || $admin_users) {
$form['account']['pass'] = array(
'#title' => t('New password'),
'#type' => 'password',
'#password_toggle' => TRUE,
'#password_strength' => TRUE,
);
I used $admin_users which user_account_form() already initialized with $admin_users = user_access('administer users');.
Actually, the password field is not necessary when visitors gets this email.
[user:name],
Your account at [site:name] has been activated.
You may now log in by clicking this link or copying and pasting it into your browser:
[user:one-time-login-url]
This link can only be used once to log in and will lead you to a page where you can set your password.
After setting your password, you will be able to log in at [site:login-url] in the future using:
username: [user:name]
password: Your password
-- [site:name] team
In that case, people set their own password after visiting [user:one-time-login-url].
Asking visitors to provide a password, which they need to set again later, could confuse them.
I still have to check what happens when administrator users create an account for somebody else.
user_account_form()
contains the following code.The comment says that
$form['account']['pass']
is shown when either an account is edited (not created) or when users are allowed to set a password during registration. The code only add$form['account']['pass']
when an account is edited (not created).(
$register
is not set toTRUE
when a visitor is registering an account, despite that variable name.)Either the code is changed to match the comment, or the comment is changed to reflect what the code does.
I think the code should be changed to avoid adding the password field when visitors registering an account will receive an email with a link to set the password, or when administrator users creates an account for somebody else who then will receive that email.
The text was updated successfully, but these errors were encountered: