Inform new panel user via email about login data

Kirby 2 Solved ✅
1

Hi,

is it possible to inform a just created panel user about the defined login informations via email? So i don´t have to write a seperate mail with the login information?

Kind regards
Tobias

2

You could try to automate this with a panel.user.create hook, http://getkirby.com/docs/panel/hooks

3

Yes i tried, but the $user variable doesn´t hold the information i need. Only the username… But i also need the unhashed password…

kirby()->hook('panel.user.create', function($user) {
    var_dump($user);
    var_dump($user->cache); // NULL
    var_dump($user->data); // NULL
    die;
});
4

Oh yes, that is the main problem, you could only send the hash, which doesn’t make sense. It would also be unsafe to send the clear text password via mail.

Maybe you should go for another solution where users register themselves but with no panel access until an admin changes their role.

5

You won’t be able to access the unhashed password, because hooks are fired after the user is already created (and at this point, the password is already hashed).

I also don’t recommend sending plain text passwords in emails, so the solution @texnixe proposed sounds good. You will need to create a page in the frontend that creates the user with a role that isn’t allowed to access the Panel.

6

Good question!

What about taking the data from the registration form itself, and send the email using the same registration controller?

Good idea or terrible idea?

7

If the users register themselves anyway, you don’t need to send them an email with their login data, because they have set their own password.

It is generally an antipattern to send plain-text passwords via email because in contrast to one-time password reset links or login tokens, passwords keep their validity and an attacker that gets access to the unencrypted email can continue to log in to the system without the user able to do anything against it.

1 Like
8

I agree with @lukasbestle here, as I already said in the above. On a side note: In fact, you should only send passwords over SSL, otherwise it is also transferred as plain text in the request body.

1 Like
9

Oh, I’m only interested in sending welcome email and similar.
Pretty convinced about the password part.

I confirm:

  • Succeeded sending test email from registration controller
  • Sent from local host, I guess it should work fine on live server
  • Email was sorted as spam as expected (hate spam filters :unamused: )

Question:

This is where one should think about integrating Mailgun, right?

10

That’s because it has been sent from localhost. Shouldn’t be a problem on the live server.

1 Like