-
- 35 Posts
I have a client who is requesting this feature. They would like to be able to view user passwords rather than set new ones if someone forgets theirs. I can't find anything that says that's even possible though, is it?
-
- 24,544 Posts
It's difficult to do and it would create a horrible security hole to have all the passwords stored in plain text anywhere. No secure system works that way. MODX doesn't store the passwords at all. Instead, it installs a one-way hash of the password.
When a user logs in, the password they enter is hashed, and the result is compared with the stored hash for that user. If they match, the user gets to log in. You can can turn the password into the hash, but you can't do the reverse, so there is no way to get a user's password from what MODX stores in the database.
You could capture the password and store it somewhere when the user registers, but it would only make sense if you don't care about security, and in that case, you might as well not have passwords in the first place.