Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Do not display module passwords (replace with black circles or asterisks)?


REALGOODEAL

Recommended Posts

Hello~

 

This may seem like a bit of an odd question/request, but is it possible to change the way passwords are displayed in the modules?

 

You see, many people will be working on our site and we do not want the module passwords (including PayPal, or our shipping accounts) to be displayed as they are. So I wonder if it's not possible to view them as something else after the settings have been saved? Something like a string of asterisks (***) or black circles, as is the case in normal logins (●●●), or even some other character, if that's easier to manage.

 

Any information would be appreciated. Thanks. c:

Link to comment
Share on other sites

The stock osC Admin code uses the text input field unless a function is called to use something else. For example, tep_mod_select_option() can be used to provide radio buttons to select from multiple choices. You would need to write a similar function to use the password input field where you want to hide the input, then call that function on the password fields in your module.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

<input type="password" />

 

Instead of

 

<input type="text" />

 

Your browser will auotmatically use the dots on the type="password" inputs. If the person working on the site knows anything about programming they could still figure it out.

Matt

Link to comment
Share on other sites

@@mattjt83 While that is entirely correct, osCommerce generates those fields with a set of custom PHP functions stored in the database, so you need to write a new function to generate the password field instead of the stock text field.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

@@kymation Hi Jim. While I'm well aware of the html_output functions I was just trying to supplement your original answer with something a little more basic because it seemed the OP wasn't aware of it. I could be wrong though, which has happened a few times lol :)

 

I'll see if I can come up with something for this as it seems interesting.

Matt

Link to comment
Share on other sites

I wasn't trying to be critical, just tying the information together. My original response was a bit too brief and lacking in that detail.

 

It would probably be useful to come up with a complete set of functions for every data entry type, just to have available when needed. I'll see if I can dig up some I've already created.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

OK so I messed around a bit with this today and a quick solution is to use jquery to handle this by masking and replacing inputs. I also made it so it masks the password if you are just viewing the module (not editing it). The issue is still that the person could still obtain the password if they check the source or turn javascript off. A php solution would be more secure and take a little more time to implement so that will come later.

 

You can try the code out by adding this directly above the closing </head> tag in catalog/admin/includes/template_top.php:

 

<?php if ( basename($PHP_SELF) == 'modules.php' ) { ?>
<script type="text/javascript">
$(function(){
   <?php if ( isset($_GET['action']) ) { ?>
$('strong:contains("Password")').each(function(counter){
 var next = $(this).nextAll("input[type=text]:first");
 var this_val = $(this).nextAll("input[type=text]:first").val();
 var this_name = $(this).nextAll("input[type=text]:first").attr("name");
 next.wrap("<span class=\"swap"+counter+"\"></span>").remove();
 $(".swap"+counter+"").append("<input type=\"password\" value=\""+this_val+"\" name=\""+this_name+"\" />");
});
<?php
}
if ( !isset($_GET['action']) ) { ?>
$('strong:contains("Password")').each( function(){
		   var $this = $(this);
		   var textEl = this.nextSibling;
  var textE2 = textEl.nextSibling;
		   var spanEl = $('<span class="replace" style="display:block;" />').text(textE2.data);
		   $this.after( spanEl );
		   $(textE2).remove();
   });

$(".replace").each(function(){
 var this_text = $(this).text();
 var replace_text = this_text.replace(/[a-z0-9A-Z@#%&]/g, "*");
 $(this).text(replace_text);
});
<?php } ?>

});
</script>
<?php } ?>

 

It could be cleaned up a bit but as a quick solution it would work I think. Something interesting to note is that changing

$(".your_selector").attr("type", "password");

to make the input a password type does not work. From what I can tell jquery/your browser will not allow that change to be made. Learned something new today :)

Matt

Link to comment
Share on other sites

  • 1 month later...

OK so I messed around a bit with this today and a quick solution is to use jquery to handle this by masking and replacing inputs. I also made it so it masks the password if you are just viewing the module (not editing it). The issue is still that the person could still obtain the password if they check the source or turn javascript off. A php solution would be more secure and take a little more time to implement so that will come later.

 

You can try the code out by adding this directly above the closing </head> tag in catalog/admin/includes/template_top.php:

 

<?php if ( basename($PHP_SELF) == 'modules.php' ) { ?>
<script type="text/javascript">
$(function(){
<?php if ( isset($_GET['action']) ) { ?>
$('strong:contains("Password")').each(function(counter){
 var next = $(this).nextAll("input[type=text]:first");
var this_val = $(this).nextAll("input[type=text]:first").val();
var this_name = $(this).nextAll("input[type=text]:first").attr("name");
next.wrap("<span class=\"swap"+counter+"\"></span>").remove();
$(".swap"+counter+"").append("<input type=\"password\" value=\""+this_val+"\" name=\""+this_name+"\" />");
});
<?php
}
if ( !isset($_GET['action']) ) { ?>
$('strong:contains("Password")').each( function(){
		 var $this = $(this);
		 var textEl = this.nextSibling;
 var textE2 = textEl.nextSibling;
		 var spanEl = $('<span class="replace" style="display:block;" />').text(textE2.data);
		 $this.after( spanEl );
		 $(textE2).remove();
});

$(".replace").each(function(){
var this_text = $(this).text();
var replace_text = this_text.replace(/[a-z0-9A-Z@#%&]/g, "*");
$(this).text(replace_text);
});
<?php } ?>

});
</script>
<?php } ?>

 

It could be cleaned up a bit but as a quick solution it would work I think. Something interesting to note is that changing

$(".your_selector").attr("type", "password");

to make the input a password type does not work. From what I can tell jquery/your browser will not allow that change to be made. Learned something new today :)

 

Worked like a charm, thanks! c:

 

Of course, we're aware that they will still be able to go in and perhaps read the code to undo this change, but at least now it will be a bit cumbersome to manage and, with our security, a little harder to physically pull off.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...