latest stable versions: v150827 (changelog)
top⇑

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Home Forums Dan Hayes

About: Dan Hayes

Sorry, I've not written a description yet. I'll get to it soon!

My Latest Replies (From Various Topics)

Viewing 1 replies (of 1 total)
Author Replies
Author Replies
Posted: Friday Mar 8th, 2013 at 2:17 am #44028
Dan Hayes
Username: danhayes51

I’m a newcomer to WordPress, but I see that the passwords seem to be generated in a WP function call from S2 code (in registrations.inc.php) in the wp-content\plugins\s2member\includes\classes folder.

That call can be modified, I believe, by changing
wp_generate_password() to wp_generate_password(8, false)
(for example) to limit the password to eight characters and not include special characters. This is around line 329 in my version, though this bit seems to apply only to multi-site installations.

There are problems with this, assuming it works and I’ve got the right place in the code:

  • First, this is in S2Member code, and I’d very much like to avoid mucking around in their tested work.
  • Second, this code would be replaced any time that an update is performed, meaning it has to be replaced.
  • Third, it’s a more complex task than S2’s excellent administrative interface usually provides for. An option for these parameters in the S2 configuration system would be much better!
  • And fourth, there’s another subtlety: It doesn’t solve character confusion.

The WP-generated passwords contain (even without special characters) confusing combinations such as “i” and “l” and “1” as well as “O” and “0”, making it hard for many people to successfully type in the password.

Now that many themes (and S2 itself) support mobile devices, this often means that the mouse-based cut-and-paste are not so accessible to users, and they write down the emailed password and re-enter it.

As I’ve observed in testing, this is often unsuccessful. A fix could use one of two approaches:

  1. Write a custom S2 password generator that avoids confusing characters altogether.
  2. Use the wp_generate_password, but loop it until a password is generated that does not contain the confusing characters. Eventually, this will succeed even if it takes a couple of attempts.

I’d hate for my own very first attempt at WP code modification disturb the doings of S2, so I am reluctant to code this. But it seems a straightforward implementation.

What do you think?

DH
Viewing 1 replies (of 1 total)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.