make sure the mail to user does not include the PW too

joomlabeat · Apr 28, 2018 · 9095819 · 9095819
1 parent bf8bf52
commit 9095819
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/administrator/language/en-GB/en-GB.plg_user_joomla.ini b/administrator/language/en-GB/en-GB.plg_user_joomla.ini
@@ -13,6 +13,7 @@ PLG_USER_JOOMLA_FIELD_MAILTOUSER_LABEL="Notification Mail to User"
 PLG_USER_JOOMLA_FIELD_STRONG_PASSWORDS_DESC="If set to yes, use the bcrypt encryption method if available in this version of PHP."
 PLG_USER_JOOMLA_FIELD_STRONG_PASSWORDS_LABEL="Strong Passwords"
 PLG_USER_JOOMLA_NEW_USER_EMAIL_BODY="Hello %s,\n\n\nYou have been added as a User to %s by an Administrator.\n\nThis email has your username and password to log in to %s\n\nUsername: %s\nPassword: %s\n\n\nPlease do not respond to this message as it is automatically generated and is for information purposes only."
+PLG_USER_JOOMLA_NEW_USER_EMAIL_BODY_NO_PW="Hello %s,\n\n\nYou have been added as a User to %s by an Administrator.\n\nThis email has your username to log in to %s\n\nUsername: %s\n\n\nIf you don't know your password please use the password reset feature provided on the login page.\n\nPlease do not respond to this message as it is automatically generated and is for information purposes only."
 PLG_USER_JOOMLA_NEW_USER_EMAIL_SUBJECT="New User Details"
 PLG_USER_JOOMLA_POSTINSTALL_STRONGPW_BTN="Enable Strong Password Encryption"
 PLG_USER_JOOMLA_POSTINSTALL_STRONGPW_TEXT="As a security feature, Joomla allows you to switch to strong password encryption.<br />To turn strong passwords on select the button below. Alternatively you can edit the User - Joomla plugin and change the strong password setting to On.<br />Before enabling you should verify that all third party registration/login, user management or bridge extensions installed on your site support this strong password encryption."

diff --git a/plugins/user/joomla/joomla.php b/plugins/user/joomla/joomla.php
@@ -100,6 +100,7 @@ public function onUserAfterDelete($user, $success, $msg)
 	public function onUserAfterSave($user, $isnew, $success, $msg)
 	{
 		$mail_to_user = $this->params->get('mail_to_user', 1);
+		$sendpassword = JComponentHelper::getParams('com_users')->get('sendpassword', '0');
 
 		if (!$isnew || !$mail_to_user)
 		{
@@ -156,6 +157,19 @@ public function onUserAfterSave($user, $isnew, $success, $msg)
 			$user['password_clear']
 		);
 
+		if ($sendpassword === '0')
+		{
+			// Compute the mail body without PW.
+			$emailBody = JText::sprintf(
+				'PLG_USER_JOOMLA_NEW_USER_EMAIL_BODY_NO_PW',
+				$user['name'],
+				$this->app->get('sitename'),
+				JUri::root(),
+				$user['username']
+			);
+		}
+
+
 		$res = JFactory::getMailer()->sendMail(
 			$this->app->get('mailfrom'),
 			$this->app->get('fromname'),